@Override protected void initializeProviderFilters(ExtendedMetadataDelegate provider) throws MetadataProviderException { boolean requireSignature = provider.isMetadataRequireSignature(); SignatureTrustEngine trustEngine = getTrustEngine(provider); SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine); filter.setRequireSignature(requireSignature); log.debug("Created new trust manager for metadata provider {}", provider); // Combine any existing filters with the signature verification MetadataFilter currentFilter = provider.getMetadataFilter(); if (currentFilter != null) { if (currentFilter instanceof MetadataFilterChain) { log.debug("Adding signature filter into existing chain"); MetadataFilterChain chain = (MetadataFilterChain) currentFilter; chain.getFilters().add(filter); } else { log.debug("Combining signature filter with the existing in a new chain"); MetadataFilterChain chain = new MetadataFilterChain(); chain.getFilters().add(currentFilter); chain.getFilters().add(filter); } } else { log.debug("Adding signature filter"); provider.setMetadataFilter(filter); } }
@SneakyThrows private ExtendedMetadataDelegate getExtendedProvider(MetadataProvider provider, ExtendedMetadata extendedMetadata, DelegateProps props, ExtendedMetadataDelegateProperties extendedDelegateConfig) { if (provider instanceof ExtendedMetadataDelegate) { return (ExtendedMetadataDelegate) provider; } ExtendedMetadataDelegate delegate = createDefaultExtendedMetadataDelegate(provider, extendedMetadata); delegate.setForceMetadataRevocationCheck(Optional.ofNullable(props.forceMetadataRevocationCheck) .orElseGet(extendedDelegateConfig::isForceMetadataRevocationCheck)); delegate.setMetadataRequireSignature(Optional.ofNullable(props.metadataRequireSignature) .orElseGet(extendedDelegateConfig::isMetadataRequireSignature)); delegate.setMetadataTrustCheck(Optional.ofNullable(props.metadataTrustCheck) .orElseGet(extendedDelegateConfig::isMetadataTrustCheck)); delegate.setMetadataTrustedKeys(Optional.ofNullable(props.metadataTrustedKeys) .orElseGet(extendedDelegateConfig::getMetadataTrustedKeys)); delegate.setRequireValidMetadata(Optional.ofNullable(props.requireValidMetadata) .orElseGet(extendedDelegateConfig::isRequireValidMetadata)); delegate.setMetadataFilter(Optional.ofNullable(props.metadataFilter) .map(this::postProcess) .orElse(null)); return postProcess(delegate); }