org.opensaml.saml.metadata.resolver.MetadataResolver Java Examples

/**
 * Load metadata from resource.
 *
 * @param metadataFilter the metadata filter
 * @param resource the resource
 * @param entityId the entity id
 */
private void loadMetadataFromResource(final MetadataFilter metadataFilter,
                                      final Resource resource, final String entityId) {

    try (final InputStream in = getResourceInputStream(resource, entityId)) {
        logger.debug("Parsing [{}]", resource.getFilename());
        final Document document = this.configBean.getParserPool().parse(in);

        final List<MetadataResolver> resolvers = buildSingleMetadataResolver(metadataFilter, resource, document);
        this.metadataResolver = new ChainingMetadataResolver();
        synchronized (this.lock) {
            this.metadataResolver.setId(ChainingMetadataResolver.class.getCanonicalName());
            this.metadataResolver.setResolvers(resolvers);
            logger.info("Collected metadata from [{}] resource(s). Initializing aggregate resolver...",
                    resolvers.size());
            this.metadataResolver.initialize();
            logger.info("Metadata aggregate initialized successfully.", resolvers.size());
        }
    } catch (final Exception e) {
        logger.warn("Could not retrieve input stream from resource. Moving on...", e);
    }
}
 

/**
 * Build single metadata resolver.
 *
 * @param metadataFilterChain the metadata filters chained together
 * @param resource the resource
 * @param document the xml document to parse
 * @return list of resolved metadata from resources.
 * @throws IOException the iO exception
 */
private List<MetadataResolver> buildSingleMetadataResolver(final MetadataFilter metadataFilterChain,
                                         final Resource resource, final Document document) throws IOException {
    final List<MetadataResolver> resolvers = new ArrayList<>();
    final Element metadataRoot = document.getDocumentElement();
    final DOMMetadataResolver metadataProvider = new DOMMetadataResolver(metadataRoot);

    metadataProvider.setParserPool(this.configBean.getParserPool());
    metadataProvider.setFailFastInitialization(true);
    metadataProvider.setRequireValidMetadata(this.requireValidMetadata);
    metadataProvider.setId(metadataProvider.getClass().getCanonicalName());
    if (metadataFilterChain != null) {
        metadataProvider.setMetadataFilter(metadataFilterChain);
    }
    logger.debug("Initializing metadata resolver for [{}]", resource.getURL());

    try {
        metadataProvider.initialize();
    } catch (final ComponentInitializationException ex) {
        logger.warn("Could not initialize metadata resolver. Resource will be ignored", ex);
    }
    resolvers.add(metadataProvider);
    return resolvers;
}
 

public MetadataHealthCheck(
    MetadataResolver metadataProvider,
    String expectedEntityId
) {
    this.metadataResolver = metadataProvider;
    this.expectedEntityId = expectedEntityId;
}
 

Saml2SettingsProvider(Settings esSettings, MetadataResolver metadataResolver) {
    this.esSettings = esSettings;
    this.metadataResolver = metadataResolver;
    this.idpEntityId = esSettings.get("idp.entity_id");
}
 

@Before
public void setUp() throws ComponentInitializationException, KeyException {
    // Note: the private key and the encrypting credential need to be from the same keypair
    PrivateKey privateKey = new PrivateKeyStoreFactory().create(TestEntityIds.TEST_RP).getEncryptionPrivateKeys().get(0);
    KeyPair keyPair = new KeyPair(KeySupport.derivePublicKey(privateKey), privateKey);
    List<KeyPair>  keyPairs = asList(keyPair, keyPair);
    encryptionCredentialFactory = new TestCredentialFactory(TEST_RP_PUBLIC_ENCRYPTION_CERT, TEST_RP_PRIVATE_ENCRYPTION_KEY);
    testRpSigningCredential = new TestCredentialFactory(TEST_RP_PUBLIC_SIGNING_CERT, TEST_RP_PRIVATE_SIGNING_KEY).getSigningCredential();

    hubMetadataResolver = mock(MetadataResolver.class);

    ResponseFactory responseFactory = new ResponseFactory(keyPairs);
    DateTimeComparator dateTimeComparator = new DateTimeComparator(Duration.standardSeconds(5));
    TimeRestrictionValidator timeRestrictionValidator = new TimeRestrictionValidator(dateTimeComparator);

    SamlAssertionsSignatureValidator samlAssertionsSignatureValidator = mock(SamlAssertionsSignatureValidator.class);
    InstantValidator instantValidator = new InstantValidator(dateTimeComparator);
    SubjectValidator subjectValidator = new SubjectValidator(timeRestrictionValidator);
    ConditionsValidator conditionsValidator = new ConditionsValidator(timeRestrictionValidator, new AudienceRestrictionValidator());
    AssertionValidator assertionValidator = new AssertionValidator(instantValidator, subjectValidator, conditionsValidator);
    LevelOfAssuranceValidator levelOfAssuranceValidator = new LevelOfAssuranceValidator();
    MatchingAssertionTranslator msaAssertionService = new MatchingAssertionTranslator(assertionValidator, levelOfAssuranceValidator, samlAssertionsSignatureValidator);

    ExplicitKeySignatureTrustEngine signatureTrustEngine = new MetadataSignatureTrustEngineFactory().createSignatureTrustEngine(hubMetadataResolver);

    matchingResponseService = responseFactory.createMatchingResponseService(
        signatureTrustEngine,
        msaAssertionService,
        dateTimeComparator
    );

    eidasNonMatchingResponseService = responseFactory.createNonMatchingResponseService(
            signatureTrustEngine,
            mockAssertionTranslator,
            dateTimeComparator,
            mockUnsignedAssertionsResponseHandler
    );

    badlyConfiguredEidasNonMatchingResponseService = responseFactory.createNonMatchingResponseService(
            signatureTrustEngine,
            mockAssertionTranslator,
            dateTimeComparator,
            null
    );
}