com.floragunn.dlic.auth.http.saml.SamlHTTPMetadataResolver Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of dlic-search-guard-enterprise-modules Show documentation
Show all versions of dlic-search-guard-enterprise-modules Show documentation
Enterprise Modules for Search Guard
/*
* Copyright 2016-2018 by floragunn GmbH - All rights reserved
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed here is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*
* This software is free of charge for non-commercial and academic use.
* For commercial use in a production environment you have to obtain a license
* from https://floragunn.com
*
*/
package com.floragunn.dlic.auth.http.saml;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.settings.Settings;
import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver;
import com.floragunn.dlic.util.SettingsBasedSSLConfigurator;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
public class SamlHTTPMetadataResolver extends HTTPMetadataResolver {
private static int componentIdCounter = 0;
SamlHTTPMetadataResolver(Settings esSettings, Path configPath) throws Exception {
super(createHttpClient(esSettings, configPath), esSettings.get("idp.metadata_url"));
setId(HTTPSamlAuthenticator.class.getName() + "_" + (++componentIdCounter));
setRequireValidMetadata(true);
setFailFastInitialization(false);
setMinRefreshDelay(esSettings.getAsLong("idp.min_refresh_delay", 60L * 1000L));
setMaxRefreshDelay(esSettings.getAsLong("idp.max_refresh_delay", 14400000L));
setRefreshDelayFactor(esSettings.getAsFloat("idp.refresh_delay_factor", 0.75f));
BasicParserPool basicParserPool = new BasicParserPool();
basicParserPool.initialize();
setParserPool(basicParserPool);
}
@Override
protected byte[] fetchMetadata() throws ResolverException {
try {
return AccessController.doPrivileged(new PrivilegedExceptionAction() {
@Override
public byte[] run() throws ResolverException {
return SamlHTTPMetadataResolver.super.fetchMetadata();
}
});
} catch (PrivilegedActionException e) {
if (e.getCause() instanceof ResolverException) {
throw (ResolverException) e.getCause();
} else {
throw new RuntimeException(e);
}
}
}
private static SettingsBasedSSLConfigurator.SSLConfig getSSLConfig(Settings settings, Path configPath)
throws Exception {
return new SettingsBasedSSLConfigurator(settings, configPath, "idp").buildSSLConfig();
}
private static HttpClient createHttpClient(Settings settings, Path configPath) throws Exception {
try {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedExceptionAction() {
@Override
public HttpClient run() throws Exception {
return createHttpClient0(settings, configPath);
}
});
} catch (PrivilegedActionException e) {
if (e.getCause() instanceof Exception) {
throw (Exception) e.getCause();
} else {
throw new RuntimeException(e);
}
}
}
private static HttpClient createHttpClient0(Settings settings, Path configPath) throws Exception {
HttpClientBuilder builder = HttpClients.custom();
builder.useSystemProperties();
SettingsBasedSSLConfigurator.SSLConfig sslConfig = getSSLConfig(settings, configPath);
if (sslConfig != null) {
builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory());
}
return builder.build();
}
}