Package org.opensaml.saml.metadata.resolver.impl

Class HTTPMetadataResolver

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent
net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent
org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver
org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver
org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver
All Implemented Interfaces:
Iterable<EntityDescriptor>, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent, Resolver<EntityDescriptor,CriteriaSet>, IterableMetadataSource, BatchMetadataResolver, MetadataResolver, RefreshableMetadataResolver, RemoteMetadataResolver
Direct Known Subclasses:
FileBackedHTTPMetadataResolver
public class HTTPMetadataResolver extends AbstractReloadingMetadataResolver implements RemoteMetadataResolver
A metadata provider that pulls metadata using an HTTP GET. Metadata is cached until one of these criteria is met:
  • The smallest cacheDuration within the metadata is exceeded
  • The earliest validUntil time within the metadata is exceeded
  • The maximum cache duration is exceeded
Metadata is filtered prior to determining the cache expiration data. This allows a filter to remove XMLObjects that may effect the cache duration but for which the user of this provider does not care about. It is the responsibility of the caller to re-initialize, via AbstractInitializableComponent.initialize(), if any properties of this provider are changed.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • httpClient

      @NonnullAfterInit private org.apache.hc.client5.http.classic.HttpClient httpClient
      HTTP Client used to pull the metadata.

    • metadataURI

      @NonnullAfterInit private URI metadataURI
      URL to the Metadata.

    • cachedMetadataETag

      @Nullable private String cachedMetadataETag
      The ETag provided when the currently cached metadata was fetched.

    • cachedMetadataLastModified

      @Nullable private String cachedMetadataLastModified
      The Last-Modified information provided when the currently cached metadata was fetched.

    • httpClientSecurityParameters

      @Nullable private HttpClientSecurityParameters httpClientSecurityParameters
      Optional HttpClient security parameters.

  • Constructor Details

    • HTTPMetadataResolver

      public HTTPMetadataResolver(@Nonnull org.apache.hc.client5.http.classic.HttpClient client, String metadataURL) throws ResolverException
      Constructor.
      Parameters:
      client - HTTP client used to pull in remote metadata
      metadataURL - URL to the remove remote metadata
      Throws:
      ResolverException - thrown if the HTTP client is null or the metadata URL provided is invalid

    • HTTPMetadataResolver

      public HTTPMetadataResolver(Timer backgroundTaskTimer, @Nonnull org.apache.hc.client5.http.classic.HttpClient client, String metadataURL) throws ResolverException
      Constructor.
      Parameters:
      backgroundTaskTimer - timer used to schedule background metadata refresh tasks
      client - HTTP client used to pull in remote metadata
      metadataURL - URL to the remove remote metadata
      Throws:
      ResolverException - thrown if the HTTP client is null or the metadata URL provided is invalid

  • Method Details

    • getMetadataURI

      @Nonnull public String getMetadataURI()
      Gets the URI from which this resolver is obtaining metadata.
      Specified by:
      getMetadataURI in interface RemoteMetadataResolver
      Returns:
      URL source of metadata

    • getHttpClientSecurityParameters

      @Nullable protected HttpClientSecurityParameters getHttpClientSecurityParameters()
      Get the instance of HttpClientSecurityParameters which provides various parameters to influence the security behavior of the HttpClient instance.
      Returns:
      the parameters instance, or null

    • setHttpClientSecurityParameters

      public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters params)
      Set an instance of HttpClientSecurityParameters which provides various parameters to influence the security behavior of the HttpClient instance.

      For all TLS-related parameters, must be used in conjunction with an HttpClient instance which is configured with either a:

      For convenience methods for building a TLSSocketFactory, see HttpClientSupport.

      If the appropriate TLS socket factory is not configured and a trust engine is specified, then this will result in no TLS trust evaluation being performed and a ResolverException will ultimately be thrown.

      Parameters:
      params - the security parameters

    • doDestroy

      protected void doDestroy()
      Overrides:
      doDestroy in class AbstractReloadingMetadataResolver

    • getMetadataIdentifier

      protected String getMetadataIdentifier()
      Gets an identifier which may be used to distinguish this metadata in logging statements.
      Specified by:
      getMetadataIdentifier in class AbstractReloadingMetadataResolver
      Returns:
      identifier which may be used to distinguish this metadata in logging statements

    • fetchMetadata

      @Nullable protected byte[] fetchMetadata() throws ResolverException
      Gets the metadata document from the remote server.
      Specified by:
      fetchMetadata in class AbstractReloadingMetadataResolver
      Returns:
      the metadata from remote server, or null if the metadata document has not changed since the last retrieval
      Throws:
      ResolverException - thrown if there is a problem retrieving the metadata from the remote server

    • buildHttpGet

      @Nonnull protected org.apache.hc.client5.http.classic.methods.HttpGet buildHttpGet()
      Builds the HttpGet instance used to fetch the metadata. The returned method advertises support for GZIP and deflate compression, enables conditional GETs if the cached metadata came with either an ETag or Last-Modified information, and sets up basic authentication if such is configured.
      Returns:
      the constructed HttpGet instance

    • buildHttpClientContext

      @Nonnull protected org.apache.hc.client5.http.protocol.HttpClientContext buildHttpClientContext(@Nonnull org.apache.hc.core5.http.ClassicHttpRequest request)
      Build the HttpClientContext instance which will be used to invoke the HttpClient request.
      Parameters:
      request - the current HTTP request
      Returns:
      a new instance of HttpClientContext

    • processConditionalRetrievalHeaders

      protected void processConditionalRetrievalHeaders(@Nonnull org.apache.hc.core5.http.ClassicHttpResponse response)
      Records the ETag and Last-Modified headers, from the response, if they are present.
      Parameters:
      response - GetMethod containing a valid HTTP response

    • getMetadataBytesFromResponse

      @Nonnull protected byte[] getMetadataBytesFromResponse(@Nonnull org.apache.hc.core5.http.ClassicHttpResponse response) throws ResolverException
      Extracts the raw metadata bytes from the response taking in to account possible deflate and GZip compression.
      Parameters:
      response - GetMethod containing a valid HTTP response
      Returns:
      the raw metadata bytes
      Throws:
      ResolverException - thrown if there is a problem getting the raw metadata bytes from the response