Package org.opensaml.saml.metadata.resolver.impl

Class HTTPMetadataResolver

  • All Implemented Interfaces:
    Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor>, net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.saml.saml2.metadata.EntityDescriptor,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>, org.opensaml.saml.metadata.IterableMetadataSource, org.opensaml.saml.metadata.resolver.BatchMetadataResolver, org.opensaml.saml.metadata.resolver.MetadataResolver, org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver
    Direct Known Subclasses:
    FileBackedHTTPMetadataResolver
    public class HTTPMetadataResolver
extends AbstractReloadingMetadataResolver
    A metadata provider that pulls metadata using an HTTP GET. Metadata is cached until one of these criteria is met:
    • The smallest cacheDuration within the metadata is exceeded
    • The earliest validUntil time within the metadata is exceeded
    • The maximum cache duration is exceeded
    Metadata is filtered prior to determining the cache expiration data. This allows a filter to remove XMLObjects that may effect the cache duration but for which the user of this provider does not care about. It is the responsibility of the caller to re-initialize, via AbstractInitializableComponent.initialize(), if any properties of this provider are changed.

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • httpClient

        private org.apache.http.client.HttpClient httpClient
        HTTP Client used to pull the metadata.

      • metadataURI

        private URI metadataURI
        URL to the Metadata.

      • cachedMetadataETag

        private String cachedMetadataETag
        The ETag provided when the currently cached metadata was fetched.

      • cachedMetadataLastModified

        private String cachedMetadataLastModified
        The Last-Modified information provided when the currently cached metadata was fetched.

      • httpClientSecurityParameters

        @Nullable
private org.opensaml.security.httpclient.HttpClientSecurityParameters httpClientSecurityParameters
        Optional HttpClient security parameters.

    • Constructor Detail

      • HTTPMetadataResolver

        public HTTPMetadataResolver​(org.apache.http.client.HttpClient client,
                            String metadataURL)
                     throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Constructor.
        Parameters:
        client - HTTP client used to pull in remote metadata
        metadataURL - URL to the remove remote metadata
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - thrown if the HTTP client is null or the metadata URL provided is invalid

      • HTTPMetadataResolver

        public HTTPMetadataResolver​(Timer backgroundTaskTimer,
                            org.apache.http.client.HttpClient client,
                            String metadataURL)
                     throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Constructor.
        Parameters:
        backgroundTaskTimer - timer used to schedule background metadata refresh tasks
        client - HTTP client used to pull in remote metadata
        metadataURL - URL to the remove remote metadata
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - thrown if the HTTP client is null or the metadata URL provided is invalid

    • Method Detail

      • getMetadataURI

        public String getMetadataURI()
        Gets the URL to fetch the metadata.
        Returns:
        the URL to fetch the metadata

      • getHttpClientSecurityParameters

        @Nullable
protected org.opensaml.security.httpclient.HttpClientSecurityParameters getHttpClientSecurityParameters()
        Get the instance of HttpClientSecurityParameters which provides various parameters to influence the security behavior of the HttpClient instance.
        Returns:
        the parameters instance, or null

      • setHttpClientSecurityParameters

        public void setHttpClientSecurityParameters​(@Nullable
                                            org.opensaml.security.httpclient.HttpClientSecurityParameters params)
        Set an instance of HttpClientSecurityParameters which provides various parameters to influence the security behavior of the HttpClient instance.

        For all TLS-related parameters, must be used in conjunction with an HttpClient instance which is configured with either a:

        • a TLSSocketFactory
        • SecurityEnhancedTLSSocketFactory which wraps an instance of TLSSocketFactory, with the latter likely configured in a "no trust" configuration. This variant is required if either a trust engine or a client TLS credential is to be used.

        For convenience methods for building a TLSSocketFactory, see HttpClientSupport.

        If the appropriate TLS socket factory is not configured and a trust engine is specified, then this will result in no TLS trust evaluation being performed and a ResolverException will ultimately be thrown.

        Parameters:
        params - the security parameters

      • getMetadataIdentifier

        protected String getMetadataIdentifier()
        Gets an identifier which may be used to distinguish this metadata in logging statements.
        Specified by:
        getMetadataIdentifier in class AbstractReloadingMetadataResolver
        Returns:
        identifier which may be used to distinguish this metadata in logging statements

      • fetchMetadata

        protected byte[] fetchMetadata()
                        throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Gets the metadata document from the remote server.
        Specified by:
        fetchMetadata in class AbstractReloadingMetadataResolver
        Returns:
        the metadata from remote server, or null if the metadata document has not changed since the last retrieval
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - thrown if there is a problem retrieving the metadata from the remote server

      • buildHttpGet

        protected org.apache.http.client.methods.HttpGet buildHttpGet()
        Builds the HttpGet instance used to fetch the metadata. The returned method advertises support for GZIP and deflate compression, enables conditional GETs if the cached metadata came with either an ETag or Last-Modified information, and sets up basic authentication if such is configured.
        Returns:
        the constructed HttpGet instance

      • buildHttpClientContext

        protected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext​(@Nonnull
                                                                                   org.apache.http.client.methods.HttpUriRequest request)
        Build the HttpClientContext instance which will be used to invoke the HttpClient request.
        Parameters:
        request - the current HTTP request
        Returns:
        a new instance of HttpClientContext

      • processConditionalRetrievalHeaders

        protected void processConditionalRetrievalHeaders​(org.apache.http.HttpResponse response)
        Records the ETag and Last-Modified headers, from the response, if they are present.
        Parameters:
        response - GetMethod containing a valid HTTP response

      • getMetadataBytesFromResponse

        protected byte[] getMetadataBytesFromResponse​(org.apache.http.HttpResponse response)
                                       throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Extracts the raw metadata bytes from the response taking in to account possible deflate and GZip compression.
        Parameters:
        response - GetMethod containing a valid HTTP response
        Returns:
        the raw metadata bytes
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - thrown if there is a problem getting the raw metadata bytes from the response