Class HTTPMetadataProvider
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.metadata.provider.AbstractMetadataProvider
se.swedenconnect.opensaml.saml2.metadata.provider.HTTPMetadataProvider
- All Implemented Interfaces:
net.shibboleth.shared.component.Component
,net.shibboleth.shared.component.DestructableComponent
,net.shibboleth.shared.component.InitializableComponent
,MetadataProvider
A provider that downloads metadata from an HTTP resource.
- Author:
- Martin Lindström (martin@idsec.se)
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class se.swedenconnect.opensaml.saml2.metadata.provider.AbstractMetadataProvider
AbstractMetadataProvider.EntityDescriptorIterator
-
Constructor Summary
ConstructorDescriptionHTTPMetadataProvider
(String metadataUrl, String backupFile) Creates a provider that periodically downloads data from the URL given bymetadataUrl
.HTTPMetadataProvider
(String metadataUrl, String backupFile, org.apache.hc.client5.http.classic.HttpClient httpClient) Creates a provider that periodically downloads data from the URL given bymetadataUrl
. -
Method Summary
Modifier and TypeMethodDescriptionstatic org.apache.hc.client5.http.classic.HttpClient
Creates a defaultHttpClient
instance that uses system properties and sets a SSLSocketFactory that is configured in a "no trust" mode, meaning that all peer certificates are accepted and no hostname check is made.static org.apache.hc.client5.http.classic.HttpClient
createDefaultHttpClient
(KeyStore trustKeyStore, HostnameVerifier hostnameVerifier) Creates aHttpClient
instance that sets up a trust manager that accepts all certificates supplied in thetrustKeyStore
parameter.protected void
createMetadataResolver
(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter) Creates the specificMetadataResolver
instance for the provider implementation.protected void
Destroys the metadata resolver.getID()
Returns the identifier for the provider.org.opensaml.saml.metadata.resolver.MetadataResolver
Returns the underlying OpenSAML metadata resolver.protected void
Initializes the metadata resolver.Methods inherited from class se.swedenconnect.opensaml.saml2.metadata.provider.AbstractMetadataProvider
createFilter, doDestroy, doInitialize, getEntityDescriptor, getEntityDescriptor, getIdentityProviders, getLastUpdate, getMetadata, getMetadataDOM, getServiceProviders, getSignatureVerificationCertificates, iterator, iterator, refresh, setExclusionPredicates, setFailFastInitialization, setInclusionPredicates, setKeepOnlySpAndIdps, setMetadata, setPerformSchemaValidation, setRequireValidMetadata, setSignatureVerificationCertificate, setSignatureVerificationCertificates
Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface net.shibboleth.shared.component.DestructableComponent
destroy, isDestroyed
Methods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Constructor Details
-
HTTPMetadataProvider
public HTTPMetadataProvider(String metadataUrl, String backupFile) throws net.shibboleth.shared.resolver.ResolverException Creates a provider that periodically downloads data from the URL given bymetadataUrl
. If thebackupFile
parameter is given the provider also stores the downloaded metadata on disk as backup.This constructor will initialize the underlying
MetadataResolver
with a defaultHttpClient
instance that is initialized according tocreateDefaultHttpClient()
.- Parameters:
metadataUrl
- the URL to use when downloading metadatabackupFile
- optional path to the file to where the provider should store downloaded metadata- Throws:
net.shibboleth.shared.resolver.ResolverException
- if the supplied metadata URL is invalid
-
HTTPMetadataProvider
public HTTPMetadataProvider(String metadataUrl, String backupFile, org.apache.hc.client5.http.classic.HttpClient httpClient) throws net.shibboleth.shared.resolver.ResolverException Creates a provider that periodically downloads data from the URL given bymetadataUrl
. If thebackupFile
parameter is given the provider also stores the downloaded metadata on disk as backup.- Parameters:
metadataUrl
- the URL to use when downloading metadatabackupFile
- optional path to the file to where the provider should store downloaded metadatahttpClient
- theHttpClient
that should be used to download the metadata- Throws:
net.shibboleth.shared.resolver.ResolverException
- if the supplied metadata URL is invalid
-
-
Method Details
-
createDefaultHttpClient
public static org.apache.hc.client5.http.classic.HttpClient createDefaultHttpClient() throws net.shibboleth.shared.resolver.ResolverExceptionCreates a defaultHttpClient
instance that uses system properties and sets a SSLSocketFactory that is configured in a "no trust" mode, meaning that all peer certificates are accepted and no hostname check is made.TLS security parameters, such as a trust engine, may later be added by assigning a configured
HttpClientSecurityParameters
instance in the constructor.- Returns:
- a default
HttpClient
instance - Throws:
net.shibboleth.shared.resolver.ResolverException
- for errors creating the client
-
createDefaultHttpClient
public static org.apache.hc.client5.http.classic.HttpClient createDefaultHttpClient(KeyStore trustKeyStore, HostnameVerifier hostnameVerifier) throws net.shibboleth.shared.resolver.ResolverException Creates aHttpClient
instance that sets up a trust manager that accepts all certificates supplied in thetrustKeyStore
parameter. ThehostnameVerifier
parameter tells which hostname verifier that should be used. If not supplied, aDefaultHostnameVerifier
will be used.- Parameters:
trustKeyStore
- a KeyStore holding the certificates that should be accepted (if null, all certificates are accepted)hostnameVerifier
- the HostnameVerifier to use (if null a DefaultHostnameVerifier is used)- Returns:
- a HttpClient instance
- Throws:
net.shibboleth.shared.resolver.ResolverException
- for errors creating the client
-
getID
Returns the identifier for the provider.- Returns:
- the identifier
-
getMetadataResolver
public org.opensaml.saml.metadata.resolver.MetadataResolver getMetadataResolver()Returns the underlying OpenSAML metadata resolver.- Returns:
- OpenSAML metadata resolver
-
createMetadataResolver
protected void createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter) throws net.shibboleth.shared.resolver.ResolverException Creates the specificMetadataResolver
instance for the provider implementation.The
filter
parameter is aMetadataFilter
that must be installed for the resolver. Any other filters that should be installed by the specific instance should be placed last in a filter chain.- Specified by:
createMetadataResolver
in classAbstractMetadataProvider
- Parameters:
requireValidMetadata
- should be passed intoMetadataResolver.setRequireValidMetadata(boolean)
failFastInitialization
- should be passed intoAbstractMetadataResolver.setFailFastInitialization(boolean)
(if applicable)filter
- filter that must be installed for the resolver- Throws:
net.shibboleth.shared.resolver.ResolverException
- for errors creating the resolver
-
initializeMetadataResolver
protected void initializeMetadataResolver() throws net.shibboleth.shared.component.ComponentInitializationExceptionInitializes the metadata resolver.- Specified by:
initializeMetadataResolver
in classAbstractMetadataProvider
- Throws:
net.shibboleth.shared.component.ComponentInitializationException
- for initialization errors
-
destroyMetadataResolver
protected void destroyMetadataResolver()Destroys the metadata resolver.- Specified by:
destroyMetadataResolver
in classAbstractMetadataProvider
-