public class HTTPMetadataResolver extends AbstractReloadingMetadataResolver
AbstractInitializableComponent.initialize()
, if any properties of this
provider are changed.AbstractBatchMetadataResolver.BatchEntityBackingStore
AbstractMetadataResolver.EntityBackingStore
Modifier and Type | Field and Description |
---|---|
private String |
cachedMetadataETag
The ETag provided when the currently cached metadata was fetched.
|
private String |
cachedMetadataLastModified
The Last-Modified information provided when the currently cached metadata was fetched.
|
private org.apache.http.impl.client.BasicCredentialsProvider |
credentialsProvider
Deprecated.
|
private org.apache.http.client.HttpClient |
httpClient
HTTP Client used to pull the metadata.
|
private org.opensaml.security.httpclient.HttpClientSecurityParameters |
httpClientSecurityParameters
Optional HttpClient security parameters.
|
private org.slf4j.Logger |
log
Class logger.
|
private URI |
metadataURI
URL to the Metadata.
|
private org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> |
tlsTrustEngine
Deprecated.
|
Constructor and Description |
---|
HTTPMetadataResolver(org.apache.http.client.HttpClient client,
String metadataURL)
Constructor.
|
HTTPMetadataResolver(Timer backgroundTaskTimer,
org.apache.http.client.HttpClient client,
String metadataURL)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected org.apache.http.client.protocol.HttpClientContext |
buildHttpClientContext()
Deprecated.
|
protected org.apache.http.client.protocol.HttpClientContext |
buildHttpClientContext(org.apache.http.client.methods.HttpUriRequest request)
Build the
HttpClientContext instance which will be used to invoke the HttpClient request. |
protected org.apache.http.client.methods.HttpGet |
buildHttpGet()
Builds the
HttpGet instance used to fetch the metadata. |
protected void |
checkTLSCredentialTrusted(org.apache.http.client.protocol.HttpClientContext context)
Deprecated.
use
HttpClientSecuritySupport.checkTLSCredentialEvaluated(HttpClientContext, String) |
protected void |
doDestroy() |
protected byte[] |
fetchMetadata()
Gets the metadata document from the remote server.
|
protected org.opensaml.security.httpclient.HttpClientSecurityParameters |
getHttpClientSecurityParameters()
Get the instance of
HttpClientSecurityParameters which provides various parameters to influence
the security behavior of the HttpClient instance. |
protected byte[] |
getMetadataBytesFromResponse(org.apache.http.HttpResponse response)
Extracts the raw metadata bytes from the response taking in to account possible deflate and GZip compression.
|
protected String |
getMetadataIdentifier()
Gets an identifier which may be used to distinguish this metadata in logging statements.
|
String |
getMetadataURI()
Gets the URL to fetch the metadata.
|
protected void |
processConditionalRetrievalHeaders(org.apache.http.HttpResponse response)
Records the ETag and Last-Modified headers, from the response, if they are present.
|
void |
setBasicCredentials(org.apache.http.auth.UsernamePasswordCredentials credentials)
Deprecated.
|
void |
setBasicCredentialsWithScope(org.apache.http.auth.UsernamePasswordCredentials credentials,
org.apache.http.auth.AuthScope scope)
Deprecated.
|
void |
setHttpClientSecurityParameters(org.opensaml.security.httpclient.HttpClientSecurityParameters params)
Set an instance of
HttpClientSecurityParameters which provides various parameters to influence
the security behavior of the HttpClient instance. |
void |
setTLSTrustEngine(org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> engine)
Deprecated.
|
computeNextRefreshDelay, getExpirationTime, getLastRefresh, getLastUpdate, getMaxRefreshDelay, getMinRefreshDelay, getNextRefresh, getRefreshDelayFactor, initMetadataResolver, inputstreamToByteArray, postProcessMetadata, processCachedMetadata, processNewMetadata, processNonExpiredMetadata, processPreExpiredMetadata, refresh, setCacheSourceMetadata, setMaxRefreshDelay, setMinRefreshDelay, setRefreshDelayFactor, unmarshallMetadata
createNewBackingStore, getBackingStore, getCachedFilteredMetadata, getCachedOriginalMetadata, getIndexes, indexEntityDescriptor, isCacheSourceMetadata, isResolveViaPredicatesOnly, iterator, lookupByIndexes, preProcessNewMetadata, resolve, setIndexes, setResolveViaPredicatesOnly
doInitialize, filterMetadata, getCriterionPredicateRegistry, getLogPrefix, getMetadataFilter, getParserPool, getUnmarshallerFactory, isFailFastInitialization, isRequireValidMetadata, isSatisfyAnyPredicates, isUseDefaultPredicateRegistry, isValid, lookupEntityID, lookupIndexedEntityID, predicateFilterCandidates, preProcessEntitiesDescriptor, preProcessEntityDescriptor, releaseMetadataDOM, removeByEntityID, resolveSingle, setBackingStore, setCriterionPredicateRegistry, setFailFastInitialization, setMetadataFilter, setParserPool, setRequireValidMetadata, setSatisfyAnyPredicates, setUseDefaultPredicateRegistry, unmarshallMetadata
setId
getId
destroy, initialize, isDestroyed, isInitialized
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getMetadataFilter, isRequireValidMetadata, setMetadataFilter, setRequireValidMetadata
resolve, resolveSingle
getId
forEach, spliterator
private final org.slf4j.Logger log
private org.apache.http.client.HttpClient httpClient
private URI metadataURI
private String cachedMetadataETag
private String cachedMetadataLastModified
@Nullable private org.apache.http.impl.client.BasicCredentialsProvider credentialsProvider
httpClientSecurityParameters
.@Nullable private org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> tlsTrustEngine
httpClientSecurityParameters
.@Nullable private org.opensaml.security.httpclient.HttpClientSecurityParameters httpClientSecurityParameters
public HTTPMetadataResolver(org.apache.http.client.HttpClient client, String metadataURL) throws net.shibboleth.utilities.java.support.resolver.ResolverException
client
- HTTP client used to pull in remote metadatametadataURL
- URL to the remove remote metadatanet.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if the HTTP client is null or the metadata URL provided is invalidpublic HTTPMetadataResolver(Timer backgroundTaskTimer, org.apache.http.client.HttpClient client, String metadataURL) throws net.shibboleth.utilities.java.support.resolver.ResolverException
backgroundTaskTimer
- timer used to schedule background metadata refresh tasksclient
- HTTP client used to pull in remote metadatametadataURL
- URL to the remove remote metadatanet.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if the HTTP client is null or the metadata URL provided is invalidpublic String getMetadataURI()
public void setTLSTrustEngine(@Nullable org.opensaml.security.trust.TrustEngine<? super org.opensaml.security.x509.X509Credential> engine)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
See TLS socket factory requirements documented for
setHttpClientSecurityParameters(HttpClientSecurityParameters)
.
engine
- the trust engine instance to usepublic void setBasicCredentials(@Nullable org.apache.http.auth.UsernamePasswordCredentials credentials)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
AuthScope
will be generated based off the metadata URI's hostname and port.credentials
- the username and password credentialspublic void setBasicCredentialsWithScope(@Nullable org.apache.http.auth.UsernamePasswordCredentials credentials, @Nullable org.apache.http.auth.AuthScope scope)
setHttpClientSecurityParameters(HttpClientSecurityParameters)
If the authScope
is null, an AuthScope
will be generated based off the metadata URI's
hostname and port.
credentials
- the username and password credentialsscope
- the HTTP client auth scope with which to scope the credentials, may be null@Nullable protected org.opensaml.security.httpclient.HttpClientSecurityParameters getHttpClientSecurityParameters()
HttpClientSecurityParameters
which provides various parameters to influence
the security behavior of the HttpClient instance.public void setHttpClientSecurityParameters(@Nullable org.opensaml.security.httpclient.HttpClientSecurityParameters params)
HttpClientSecurityParameters
which provides various parameters to influence
the security behavior of the HttpClient instance.
For all TLS-related parameters, must be used in conjunction with an HttpClient instance which is configured with either a:
net.shibboleth.utilities.java.support.httpclient.TLSSocketFactory
SecurityEnhancedTLSSocketFactory
which wraps
an instance of net.shibboleth.utilities.java.support.httpclient.TLSSocketFactory
, with
the latter likely configured in a "no trust" configuration. This variant is required if either a
trust engine or a client TLS credential is to be used.
net.shibboleth.utilities.java.support.httpclient.TLSSocketFactory
,
see net.shibboleth.utilities.java.support.httpclient.HttpClientSupport
.
ResolverException
will ultimately be thrown.
params
- the security parametersprotected void doDestroy()
doDestroy
in class AbstractReloadingMetadataResolver
protected String getMetadataIdentifier()
getMetadataIdentifier
in class AbstractReloadingMetadataResolver
protected byte[] fetchMetadata() throws net.shibboleth.utilities.java.support.resolver.ResolverException
fetchMetadata
in class AbstractReloadingMetadataResolver
net.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if there is a problem retrieving the metadata from the remote server@Deprecated protected void checkTLSCredentialTrusted(org.apache.http.client.protocol.HttpClientContext context) throws SSLPeerUnverifiedException
HttpClientSecuritySupport.checkTLSCredentialEvaluated(HttpClientContext, String)
context
- the current HTTP context instance in useSSLPeerUnverifiedException
- thrown if the TLS credential was not actually evaluated by the trust engineprotected org.apache.http.client.methods.HttpGet buildHttpGet()
HttpGet
instance used to fetch the metadata. The returned method advertises support for GZIP
and deflate compression, enables conditional GETs if the cached metadata came with either an ETag or
Last-Modified information, and sets up basic authentication if such is configured.protected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext()
buildHttpClientContext(HttpUriRequest)
HttpClientContext
instance which will be used to invoke the HttpClient
request.HttpClientContext
protected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext(@Nullable org.apache.http.client.methods.HttpUriRequest request)
HttpClientContext
instance which will be used to invoke the HttpClient
request.request
- the current HTTP requestHttpClientContext
protected void processConditionalRetrievalHeaders(org.apache.http.HttpResponse response)
response
- GetMethod containing a valid HTTP responseprotected byte[] getMetadataBytesFromResponse(org.apache.http.HttpResponse response) throws net.shibboleth.utilities.java.support.resolver.ResolverException
response
- GetMethod containing a valid HTTP responsenet.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if there is a problem getting the raw metadata bytes from the responseCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.