private void validateMetadata(EntityDescriptor root) { if (root.getCacheDuration() == null && root.getValidUntil() == null) { LOGGER.trace( "IDP metadata must either have cache duration or valid-until date." + " Defaulting IDP metadata cache duration to {}", SamlProtocol.getCacheDuration()); root.setCacheDuration(SamlProtocol.getCacheDuration().toMillis()); } } }
@SneakyThrows private static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredService registeredService, final String entityID, final CriteriaSet criterions) { LOGGER.debug("Adapting SAML metadata for CAS service [{}] issued by [{}]", registeredService.getName(), entityID); criterions.add(new EntityIdCriterion(entityID), true); LOGGER.debug("Locating metadata for entityID [{}] by attempting to run through the metadata chain...", entityID); val chainingMetadataResolver = resolver.resolve(registeredService); LOGGER.info("Resolved metadata chain for service [{}]. Filtering the chain by entity ID [{}]", registeredService.getServiceId(), entityID); val entityDescriptor = chainingMetadataResolver.resolveSingle(criterions); if (entityDescriptor == null) { LOGGER.warn("Cannot find entity [{}] in metadata provider Ensure the metadata is valid and has not expired.", entityID); return Optional.empty(); } LOGGER.trace("Located entity descriptor in metadata for [{}]", entityID); if (entityDescriptor.getValidUntil() != null && entityDescriptor.getValidUntil().isBeforeNow()) { LOGGER.warn("Entity descriptor in the metadata has expired at [{}]", entityDescriptor.getValidUntil()); return Optional.empty(); } return getServiceProviderSsoDescriptor(entityID, chainingMetadataResolver, entityDescriptor); }
/** * Gets the validUntil time of the metadata, if present. * * @param metadata metadata from which to get the validUntil instant * * @return the valid until instant or null if it is not present * * @throws FilterException thrown if the given XML object is not an {@link EntitiesDescriptor} or * {@link EntityDescriptor} */ @Nullable protected DateTime getValidUntil(@Nonnull final XMLObject metadata) throws FilterException { if (metadata instanceof EntitiesDescriptor) { return ((EntitiesDescriptor) metadata).getValidUntil(); } else if (metadata instanceof EntityDescriptor) { return ((EntityDescriptor) metadata).getValidUntil(); } else { log.error("Metadata root element was not an EntitiesDescriptor or EntityDescriptor it was a {}", metadata .getElementQName()); throw new FilterException("Metadata root element was not an EntitiesDescriptor or EntityDescriptor"); } }
if (entityDescriptor.getValidUntil() != null) { log.debug("Writting validUntil attribute to EntityDescriptor DOM element"); String validUntilStr = SAMLConfigurationSupport.getSAMLDateFormatter().print(entityDescriptor.getValidUntil()); domElement.setAttributeNS(null, TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME, validUntilStr);
protected Metadata resolveMetadata(EntityDescriptor parsed) { EntityDescriptor descriptor = parsed; List<? extends Provider> ssoProviders = getSsoProviders(descriptor); Metadata desc = getMetadata(ssoProviders); long duration = descriptor.getCacheDuration() != null ? descriptor.getCacheDuration() : -1; desc.setCacheDuration(toDuration(duration)); desc.setEntityId(descriptor.getEntityID()); desc.setEntityAlias(descriptor.getEntityID()); desc.setId(descriptor.getID()); desc.setValidUntil(descriptor.getValidUntil()); return desc; }