Merge remote-tracking branch 'i2/feature/shibui-2268' into feature/sh…

…ibui-2268 Former-commit-id: e44ddc23867bd9c0ec9ad81c4a36acbbb8f48d16
TIER · Aug 10, 2022 · 0c2d285 · 0c2d285
2 parents eabe9dc + c3d99fa
commit 0c2d285
Show file tree

Hide file tree

Showing 39 changed files with 2,024 additions and 112 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -331,6 +331,12 @@ task generateSources {
                 processLine(it['@className'].toString(), 'src/main/templates/AlgorithmBuilderTemplate.java')
             }
         }
+
+        new XmlSlurper().parse(file('src/main/resources/jpa-signature-config.xml')).with { builders ->
+            builders.ObjectProviders.ObjectProvider.BuilderClass.each {
+                processLine(it['@className'].toString(), 'src/main/templates/SignatureBuilderTemplate.java')
+            }
+        }
     }
 }
 

diff --git a/...nternet2/tier/shibboleth/admin/ui/controller/AlgorithmFilterUiDefinitionController.groovy b/...nternet2/tier/shibboleth/admin/ui/controller/AlgorithmFilterUiDefinitionController.groovy
@@ -0,0 +1,57 @@
+package edu.internet2.tier.shibboleth.admin.ui.controller
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation
+import edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocationRegistry
+import edu.internet2.tier.shibboleth.admin.ui.service.JsonSchemaBuilderService
+import groovy.util.logging.Slf4j
+import io.swagger.v3.oas.annotations.tags.Tag
+import io.swagger.v3.oas.annotations.tags.Tags
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+import javax.annotation.PostConstruct
+
+import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaLocationLookup.algorithmFilterSchema
+import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR
+
+/**
+ * Controller implementing REST resource responsible for exposing structure definition for algorithm format filter user
+ * interface in terms of JSON schema.
+ */
+@RestController
+@RequestMapping('/api/ui/AlgorithmFilter')
+@Slf4j
+@Tags(value = [@Tag(name = "ui")])
+class AlgorithmFilterUiDefinitionController {
+
+    @Autowired
+    JsonSchemaResourceLocationRegistry jsonSchemaResourceLocationRegistry
+
+    JsonSchemaResourceLocation jsonSchemaLocation
+
+    @Autowired
+    ObjectMapper jacksonObjectMapper
+
+    @Autowired
+    JsonSchemaBuilderService jsonSchemaBuilderService
+
+    @GetMapping
+    ResponseEntity<?> getUiDefinitionJsonSchema() {
+        try {
+            def parsedJson = jacksonObjectMapper.readValue(this.jsonSchemaLocation.url, Map)
+            return ResponseEntity.ok(parsedJson)
+        } catch (Exception e) {
+            log.error(e.getMessage(), e)
+            return ResponseEntity.status(INTERNAL_SERVER_ERROR).body([jsonParseError : e.getMessage(), sourceUiSchemaDefinitionFile: this.jsonSchemaLocation.url])
+        }
+    }
+
+    @PostConstruct
+    void init() {
+        this.jsonSchemaLocation = algorithmFilterSchema(this.jsonSchemaResourceLocationRegistry)
+    }
+}
diff --git a/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -2,13 +2,17 @@ package edu.internet2.tier.shibboleth.admin.ui.service
 
 import com.google.common.base.Predicate
 import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod
+import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethodBuilder
 import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.AlgorithmFilter
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.AlgorithmFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver
@@ -89,6 +93,69 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+    void constructXmlNodeForFilter(AlgorithmFilter filter, def markupBuilderDelegate) {
+        if (!filter.isFilterEnabled()) {
+            return
+        }
+        markupBuilderDelegate.MetadataFilter(
+                'xsi:type': 'Algorithm',
+                'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
+                'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd',
+                'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
+                'xmlns': 'urn:mace:shibboleth:2.0:metadata',
+                'xmlns:security': 'urn:mace:shibboleth:2.0:security',
+                'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion',
+                'xmlns:xenc11': 'http://www.w3.org/2009/xmlenc11#',
+                'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport',
+                'xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#'
+        ) {
+            for (String algValue : filter.getAlgorithms()) {
+                EncryptionMethod method = new EncryptionMethodBuilder().buildObject();
+                method.setAlgorithm(algValue)
+                mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(method, false))
+            }
+            switch (filter.algorithmFilterTarget.targetType) {
+                case AlgorithmFilterTarget.AlgorithmFilterTargetType.ENTITY:
+                    filter.algorithmFilterTarget.value.each {
+                        Entity(it)
+                    }
+                    break
+                case AlgorithmFilterTarget.AlgorithmFilterTargetType.CONDITION_REF:
+                    ConditionRef(xmlObject.getValue())
+                    break
+                case AlgorithmFilterTarget.AlgorithmFilterTargetType.CONDITION_SCRIPT:
+                    ConditionScript() {
+                        Script() {
+                            def script = filter.getAlgorithmFilterTarget().value[0]
+                            mkp.yieldUnescaped("\n<![CDATA[\n${script}\n]]>\n")
+                        }
+                    }
+                    break
+                default:
+                    // do nothing, we'd have exploded elsewhere previously.
+                    break
+            }
+//            filter.unknownXMLObjects.each { xmlObject ->
+//                {
+//                    if (xmlObject instanceof Entity) {
+//                        Entity(xmlObject.getValue())
+//                    } else if (xmlObject instanceof ConditionRef) {
+//                        ConditionRef(xmlObject.getValue())
+//                    } else if (xmlObject instanceof ConditionScript) {
+//                        ConditionScript() {
+//                            Script() {
+//                                def script = xmlObject.getValue()
+//                                mkp.yieldUnescaped("\n<![CDATA[\n${script}\n]]>\n")
+//                            }
+//                        }
+//                    } else {
+//                        mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false))
+//                    }
+//                }
+//            }
+        }
+    }
+
     void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) {
         if (!filter.isFilterEnabled()) { return }
         markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') {
@@ -103,10 +170,8 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                         Entity(it)
                     }
                     break
-                case EntityAttributesFilterTarget
-                        .EntityAttributesFilterTargetType.CONDITION_SCRIPT:
-                case EntityAttributesFilterTarget
-                        .EntityAttributesFilterTargetType.REGEX:
+                case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT:
+                case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX:
                     ConditionScript() {
                         Script() {
                             def script

diff --git a/...u/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaComponentsConfiguration.java b/...u/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaComponentsConfiguration.java
@@ -2,23 +2,22 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocationRegistry;
-import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.JsonSchemaBuilderService;
 import lombok.Setter;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ResourceLoader;
 
-import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.*;
+import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.JsonSchemaLocationBuilder;
+import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.ALGORITHM_FILTER;
+import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.DYNAMIC_HTTP_METADATA_RESOLVER;
 import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.ENTITY_ATTRIBUTES_FILTERS;
 import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.EXTERNAL_METADATA_RESOLVER;
-import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.METADATA_SOURCES;
 import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.FILESYSTEM_METADATA_RESOLVER;
 import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.LOCAL_DYNAMIC_METADATA_RESOLVER;
-import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.DYNAMIC_HTTP_METADATA_RESOLVER;
+import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.METADATA_SOURCES;
 import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation.SchemaType.NAME_ID_FORMAT_FILTER;
 
 /**
@@ -58,8 +57,16 @@ public class JsonSchemaComponentsConfiguration {
     @Setter
     private String nameIdFormatFilterUiSchemaLocation = "classpath:nameid-filter.schema.json";
 
+    //Configured via @ConfigurationProperties (using setter method) with 'shibui.external-metadata-resolver-ui-schema-location' property and
+    // default value set here if that property is not explicitly set in application.properties
+    @Setter
     private String externalMetadataResolverUiSchemaLocation = "classpath:external.schema.json";
 
+    //Configured via @ConfigurationProperties (using setter method) with 'shibui.algorithm-filter-ui-schema-location' property and
+    // default value set here if that property is not explicitly set in application.properties
+    @Setter
+    private String algorithmFilterUiSchemaLocation = "classpath:algorithm-filter.schema.json";
+
     @Bean
     public JsonSchemaResourceLocationRegistry jsonSchemaResourceLocationRegistry(ResourceLoader resourceLoader, ObjectMapper jacksonMapper) {
         return JsonSchemaResourceLocationRegistry.inMemory()
@@ -104,6 +111,12 @@ public JsonSchemaResourceLocationRegistry jsonSchemaResourceLocationRegistry(Res
                         .resourceLoader(resourceLoader)
                         .jacksonMapper(jacksonMapper)
                         .detectMalformedJson(true)
+                        .build())
+                .register(ALGORITHM_FILTER, JsonSchemaLocationBuilder.with()
+                        .jsonSchemaLocation(algorithmFilterUiSchemaLocation)
+                        .resourceLoader(resourceLoader)
+                        .jacksonMapper(jacksonMapper)
+                        .detectMalformedJson(true)
                         .build());
     }
 

diff --git a/...n/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAlgorithmIdentifierType.java b/...n/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAlgorithmIdentifierType.java
@@ -0,0 +1,36 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.xmlsec.encryption.AlgorithmIdentifierType;
+
+import javax.annotation.Nullable;
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject implements AlgorithmIdentifierType {
+    private String algorithm;
+
+    @Nullable
+    @Override
+    public XMLObject getParameters() {
+        // implement?
+        return null;
+    }
+
+    @Override
+    public void setParameters(@Nullable final XMLObject newParameters) {
+        // do nothing?
+    }
+
+}
diff --git a/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java b/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java
@@ -0,0 +1,29 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.EqualsAndHashCode;
+
+import javax.annotation.Nullable;
+import javax.persistence.Entity;
+
+@Entity(name = "DigestMethod") // for backwards compatibility instead of dealing with renaming the table
+@EqualsAndHashCode(callSuper = true)
+public class AlgorithmDigestMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.DigestMethod {
+    private String algorithm;
+
+    public AlgorithmDigestMethod() {}
+
+    public AlgorithmDigestMethod(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    @Nullable
+    @Override
+    public String getAlgorithm() {
+        return this.algorithm;
+    }
+
+    @Override
+    public void setAlgorithm(@Nullable String value) {
+        this.algorithm = value;
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java
@@ -2,12 +2,14 @@
 
 import lombok.EqualsAndHashCode;
 import org.hibernate.envers.Audited;
+import org.opensaml.core.xml.XMLObject;
 import org.opensaml.xmlsec.encryption.KeySize;
 import org.opensaml.xmlsec.encryption.OAEPparams;
 
 import javax.annotation.Nullable;
 import javax.persistence.Embedded;
 import javax.persistence.Entity;
+import java.util.List;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
@@ -16,12 +18,9 @@ public class EncryptionMethod extends AbstractElementExtensibleXMLObject impleme
 
     private String algorithm;
 
-    @Embedded
-    private KeySize keySize;
-
-    @Embedded
-    private OAEPparams oaePparams;
+    @Embedded private KeySize keySize;
 
+    @Embedded private OAEPparams oaePparams;
 
     @Nullable
     @Override
@@ -55,4 +54,9 @@ public org.opensaml.xmlsec.encryption.OAEPparams getOAEPparams() {
     public void setOAEPparams(@Nullable org.opensaml.xmlsec.encryption.OAEPparams oaePparams) {
         this.oaePparams = oaePparams;
     }
-}
+
+    @Override
+    public List<XMLObject> getOrderedChildren() {
+        return this.getUnknownXMLObjects();
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/MGF.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/MGF.java
@@ -0,0 +1,24 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
+
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public class MGF extends AbstractAlgorithmIdentifierType {
+    public MGF() {
+        setElementLocalName("MGF");
+        setNamespaceURI(EncryptionConstants.XMLENC11_NS);
+        setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX);
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OtherSource.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OtherSource.java
@@ -0,0 +1,26 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
+
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public class OtherSource extends AbstractAlgorithmIdentifierType {
+    public OtherSource() {
+        {
+            setElementLocalName("OtherSource");
+            setNamespaceURI(EncryptionConstants.XMLENC11_NS);
+            setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX);
+        }
+    }
+}