From d772007a55a0950826cfe4fc84f5d462c2171cb1 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Thu, 9 Jun 2022 13:46:08 -0700 Subject: [PATCH 01/40] SHIBUI-2262 Merge develop to branch with test fix --- .../envers/MetadataResolverEnversVersioningTests.groovy | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy index 85e854d3d..6d976a033 100644 --- a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy +++ b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy @@ -268,7 +268,7 @@ class MetadataResolverEnversVersioningTests extends Specification { when: ResourceBackedMetadataResolver resolver = new ResourceBackedMetadataResolver(name: 'rbmr').with { it.reloadableMetadataResolverAttributes = new ReloadableMetadataResolverAttributes(taskTimerRef: 'taskTimerRef') - it.classpathMetadataResource = new ClasspathMetadataResource(setFileResource: 'metadata.xml') + it.classpathMetadataResource = new ClasspathMetadataResource(fileResource: 'metadata.xml') it } @@ -282,7 +282,7 @@ class MetadataResolverEnversVersioningTests extends Specification { resolverHistory.size() == 1 getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr' getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef' - getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml' + getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml' getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser' getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L getModifiedEntityNames(resolverHistory, 0).sort() == expectedModifiedPersistentEntities.sort() @@ -302,7 +302,7 @@ class MetadataResolverEnversVersioningTests extends Specification { resolverHistory.size() == 2 getTargetEntityForRevisionIndex(resolverHistory, 1).name == 'rbmrUPDATED' getTargetEntityForRevisionIndex(resolverHistory, 1).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRefUPDATED' - getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.file == 'metadataUPDATED.xml' + getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.fileResource == 'metadataUPDATED.xml' getRevisionEntityForRevisionIndex(resolverHistory, 1).principalUserName == 'anonymousUser' getRevisionEntityForRevisionIndex(resolverHistory, 1).timestamp > 0L getModifiedEntityNames(resolverHistory, 1).sort() == expectedModifiedPersistentEntities.sort() @@ -310,7 +310,7 @@ class MetadataResolverEnversVersioningTests extends Specification { //Check the original revision is intact getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr' getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef' - getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml' + getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml' getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser' getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L } From f87e1bc1027e7edcb1fe0d2119046e4ba6b4b8a1 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 14 Jun 2022 10:16:02 -0700 Subject: [PATCH 02/40] SHIBUI-2273 merging shibui-2262 --- backend/build.gradle | 8 ++++---- gradle.properties | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/backend/build.gradle b/backend/build.gradle index 90cc83503..e2c4936e0 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -171,10 +171,10 @@ dependencies { runtimeOnly 'org.glassfish.jaxb:jaxb-runtime:2.3.0' compile "com.h2database:h2" - runtimeOnly 'org.postgresql:postgresql:42.3.4' - runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:3.0.4' - runtimeOnly 'mysql:mysql-connector-java:8.0.29' - runtimeOnly 'com.microsoft.sqlserver:mssql-jdbc:9.4.1.jre11' + runtimeOnly "org.postgresql:postgresql:${project.'postgresVersion'}" + runtimeOnly "org.mariadb.jdbc:mariadb-java-client:${project.'mariadbVersion'}" + runtimeOnly "mysql:mysql-connector-java:${project.'mysqlVersion'}" + runtimeOnly "com.microsoft.sqlserver:mssql-jdbc:${project.'sqlserverVersion'}" //Swagger compile 'io.springfox:springfox-swagger2:2.9.2' diff --git a/gradle.properties b/gradle.properties index f645de2d4..9fb07eccf 100644 --- a/gradle.properties +++ b/gradle.properties @@ -19,6 +19,12 @@ springbootVersion=2.5.12 springSecurityVersion=5.6.3 # springSecurityVersion=5.7.1 +### DB Driver Versions ### +mariadbVersion=3.0.4 +mysqlVersion=8.0.29 +postgresVersion=42.3.4 +sqlserverVersion=9.4.1.jre11 + org.gradle.jvmargs=-Xmx1g -XX:-UseGCOverheadLimit # set token in personal global From 47bc15390879cae076c1ac2dc1cce2e36f89d1ee Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 14 Jun 2022 15:41:48 -0700 Subject: [PATCH 03/40] SHIBUI-2273 Setup liquidbase to run for SQL SERVER --- .../CustomEntityAttributeDefinition.java | 4 +-- .../admin/ui/domain/LocalizedName.java | 4 ++- .../admin/ui/domain/OrganizationURL.java | 2 +- .../src/main/resources/application.properties | 3 +- .../main/resources/db/changelog/changelog.sql | 29 +++++++++++++++++++ 5 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 backend/src/main/resources/db/changelog/changelog.sql diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomEntityAttributeDefinition.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomEntityAttributeDefinition.java index f1d14911a..6e7ced3e2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomEntityAttributeDefinition.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomEntityAttributeDefinition.java @@ -35,7 +35,7 @@ public class CustomEntityAttributeDefinition implements IRelyingPartyOverridePro @ElementCollection @CollectionTable(name = "custom_entity_attr_list_items", joinColumns = @JoinColumn(name = "name")) @Fetch(FetchMode.JOIN) - @Column(name = "value", nullable = false) + @Column(name = "item_value", nullable = false) Set customAttrListDefinitions = new HashSet<>(); @Column(name = "default_value", nullable = true) @@ -114,4 +114,4 @@ public void setName(String name) { public void updateExamplesList() { examples = customAttrListDefinitions; } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/LocalizedName.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/LocalizedName.java index e0a54d494..3f7dcb48e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/LocalizedName.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/LocalizedName.java @@ -3,6 +3,7 @@ import org.hibernate.envers.Audited; import javax.annotation.Nullable; +import javax.persistence.Column; import javax.persistence.MappedSuperclass; @MappedSuperclass @@ -11,6 +12,7 @@ public class LocalizedName extends AbstractXMLObject implements org.opensaml.sam private String xMLLang; + @Column(name = "name_value") private String value; @Nullable @@ -34,4 +36,4 @@ public String getValue() { public void setValue(@Nullable String value) { this.value = value; } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OrganizationURL.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OrganizationURL.java index c8e556695..625e96379 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OrganizationURL.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OrganizationURL.java @@ -14,7 +14,7 @@ public class OrganizationURL extends AbstractXMLObject implements org.opensaml.s private String xMLLang; - @Column(name="value") + @Column(name="uri_value") private String uri; @Nullable diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 0556e5b45..a0d50725f 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -37,7 +37,8 @@ spring.jackson.mapper.accept-case-insensitive-enums=true #spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDBDialect # Liquibase properties -spring.liquibase.enabled=false +spring.liquibase.enabled=true +spring.liquibase.change-log=db/changelog/changelog.sql # Hibernate properties # for production never ever use create, create-drop. It's BEST to use validate diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql new file mode 100644 index 000000000..cfdf5bc02 --- /dev/null +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -0,0 +1,29 @@ +-- liquibase formatted sql + +-- changeset liquibase:1.11.0 dbms:mariadb,mysql,postgresql +-- preconditions onFail:MARK_RAN +-- precondition-sql-check expectedResult:1 SELECT 1 FROM users +-- comment: /* we don't need to run this if the system is new */ +ALTER TABLE resource_backed_metadata_resolver + RENAME file TO file_resource; +GO +ALTER TABLE organizationurl + RENAME 'value' TO 'uri_value'; +GO + +-- changeset liquibase:1.11.0 dbms:mssql +-- preconditions onFail:MARK_RAN +-- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' +-- comment: /* we don't need to run this if the system is new */ +EXEC sp_rename 'organizationurl.value', uri_value, 'COLUMN' +GO +EXEC sp_rename 'custom_entity_attr_list_items.value', item_value, 'COLUMN' +GO +EXEC sp_rename 'organization_name.value', name_value, 'COLUMN' +GO +EXEC sp_rename 'organization_display_name.value', name_value, 'COLUMN' +GO +EXEC sp_rename 'service_description.value', name_value, 'COLUMN' +GO +EXEC sp_rename 'service_name.value', name_value, 'COLUMN' +GO \ No newline at end of file From 7809cfed0aec68dadd3ecc728d740404f9a903ab Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 14 Jun 2022 16:45:04 -0700 Subject: [PATCH 04/40] SHIBUI-2273 Setup liquidbase to run for POSTGRES --- .../main/resources/db/changelog/changelog.sql | 18 +++++++++++++++--- testbed/postgres/docker-compose.yml | 2 +- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql index cfdf5bc02..3b3c84fb3 100644 --- a/backend/src/main/resources/db/changelog/changelog.sql +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -2,13 +2,25 @@ -- changeset liquibase:1.11.0 dbms:mariadb,mysql,postgresql -- preconditions onFail:MARK_RAN --- precondition-sql-check expectedResult:1 SELECT 1 FROM users +-- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ ALTER TABLE resource_backed_metadata_resolver - RENAME file TO file_resource; + RENAME "file" TO "file_resource"; GO ALTER TABLE organizationurl - RENAME 'value' TO 'uri_value'; + RENAME "value" TO "uri_value"; +GO +ALTER TABLE organization_name + RENAME "value" TO "name_value"; +GO +ALTER TABLE organization_display_name + RENAME "value" TO "name_value"; +GO +ALTER TABLE service_description + RENAME "value" TO "name_value"; +GO +ALTER TABLE service_name + RENAME "value" TO "name_value"; GO -- changeset liquibase:1.11.0 dbms:mssql diff --git a/testbed/postgres/docker-compose.yml b/testbed/postgres/docker-compose.yml index 593ceb1fc..c66b591a8 100644 --- a/testbed/postgres/docker-compose.yml +++ b/testbed/postgres/docker-compose.yml @@ -11,7 +11,7 @@ services: networks: - front ports: - - 3306:3306 + - 5432:5432 shibui: image: unicon/shibui ports: From 2e8233dbc59b13eba67ce0b9c6cd29317fe83f80 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 14 Jun 2022 17:11:32 -0700 Subject: [PATCH 05/40] SHIBUI-2273 Readme for liquibase --- .../src/main/resources/db/changelog/README.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 backend/src/main/resources/db/changelog/README.txt diff --git a/backend/src/main/resources/db/changelog/README.txt b/backend/src/main/resources/db/changelog/README.txt new file mode 100644 index 000000000..2ebb5d59f --- /dev/null +++ b/backend/src/main/resources/db/changelog/README.txt @@ -0,0 +1,18 @@ +Understanding the liquidbase changelog.sql file + +" -- liquibase formatted sql" - this is required at the top of this file " + +" -- changeset liquibase:1.11.0 dbms:mariadb,mysql,postgresql " +This indicates a change set and the version - please use the release version that the change matches so that looking at the DB should +give a good indication of what has been run. + +The dbms section indicates which DBs the changeset that follows is valid to be run on. If this is not present, Liquidbase will try +to run the changeset always. + +" -- preconditions onFail:MARK_RAN " +" -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' " + +@see - https://docs.liquibase.com/concepts/changelogs/preconditions.html +The check here is looking to see if the schema has been built out yet. If it has not, then the db is new and will be created +correctly without needing to be updated, so MARK_RAN ensures that the given changeset will not be run, but will be added to the +liquibase changesetlog table indicating that it was checked. \ No newline at end of file From ef900fc628311365b7d5cae9e31b5cb45a1fab6f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 15 Jun 2022 10:05:10 -0700 Subject: [PATCH 06/40] SHIBUI-2273 Updates: added missing tables and aud tables to the sql updates, updated the springboot and hibernate versions to newer versions, updated the settings to work with the newer version of springboot which uses a different library for path pattern matching. --- .../filters/EntityAttributesFilterTarget.java | 2 +- .../filters/NameIdFormatFilterTarget.java | 2 + .../src/main/resources/application.properties | 4 ++ .../main/resources/db/changelog/changelog.sql | 67 +++++++++++++++++-- gradle.properties | 8 +-- 5 files changed, 73 insertions(+), 10 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java index a7959dbbf..e2ed028a0 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java @@ -26,7 +26,7 @@ public class EntityAttributesFilterTarget extends AbstractAuditable implements I @ElementCollection (fetch = FetchType.EAGER) @OrderColumn - @Column(length = 760) + @Column(length = 760, name="target_value") private List value; public EntityAttributesFilterTargetType getEntityAttributesFilterTargetType() { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java index 90445ff75..3a5bfe9da 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java @@ -8,6 +8,7 @@ import org.hibernate.envers.AuditOverride; import org.hibernate.envers.Audited; +import javax.persistence.Column; import javax.persistence.ElementCollection; import javax.persistence.Entity; import javax.persistence.OrderColumn; @@ -27,6 +28,7 @@ public class NameIdFormatFilterTarget extends AbstractAuditable implements IFilt @ElementCollection @OrderColumn + @Column(name="target_value") private List value; public NameIdFormatFilterTargetType getNameIdFormatFilterTargetType() { diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index b126439d5..dd02864b0 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -9,6 +9,9 @@ logging.level.org.springframework=INFO logging.level.edu.internet2.tier.shibboleth.admin.ui=INFO spring.main.allow-bean-definition-overriding=true +# "In Spring MVC, the path was previously analyzed by AntPathMatcher, but it was changed to use PathPatternParser introduced in WebFlux from Spring 5.3.0." +# we still have the option to use ant path matcher thus keeping existing configuration from having to change +spring.mvc.pathmatch.matching-strategy=ant_path_matcher # Database Credentials spring.datasource.username=shibui @@ -109,6 +112,7 @@ shibui.roles.authenticated=ADMIN,ENABLE,USER #docker container shibui.beacon-enabled=true +### Swagger/Springdoc patterns springdoc.use-management-port=true springdoc.swagger-ui.tagsSorter: alpha springdoc.writer-with-order-by-keys: true diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql index 3b3c84fb3..911f36cb9 100644 --- a/backend/src/main/resources/db/changelog/changelog.sql +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -4,38 +4,95 @@ -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ -ALTER TABLE resource_backed_metadata_resolver - RENAME "file" TO "file_resource"; +ALTER TABLE custom_entity_attr_list_items + RENAME "value" TO "item_value"; +GO +ALTER TABLE custom_entity_attr_list_items_aud + RENAME "value" TO "item_value"; +GO +ALTER TABLE entity_attributes_filter_target_value + RENAME "value" TO "target_value"; +GO +ALTER TABLE entity_attributes_filter_target_value_aud + RENAME "value" TO "target_value"; +GO +ALTER TABLE name_id_format_filter_target_value + RENAME "value" TO "target_value"; +GO +ALTER TABLE name_id_format_filter_target_value_aud + RENAME "value" TO "target_value"; GO ALTER TABLE organizationurl RENAME "value" TO "uri_value"; GO +ALTER TABLE organizationurl_aud + RENAME "value" TO "uri_value"; +GO +ALTER TABLE organization_display_name + RENAME "value" TO "name_value"; +GO +ALTER TABLE organization_display_name_aud + RENAME "value" TO "name_value"; +GO ALTER TABLE organization_name RENAME "value" TO "name_value"; GO -ALTER TABLE organization_display_name +ALTER TABLE organization_name_aud RENAME "value" TO "name_value"; GO +ALTER TABLE resource_backed_metadata_resolver + RENAME "file" TO "file_resource"; +GO +ALTER TABLE resource_backed_metadata_resolver_aud + RENAME "file" TO "file_resource"; +GO ALTER TABLE service_description RENAME "value" TO "name_value"; GO +ALTER TABLE service_description_aud + RENAME "value" TO "name_value"; +GO ALTER TABLE service_name RENAME "value" TO "name_value"; GO +ALTER TABLE service_name_aud + RENAME "value" TO "name_value"; +GO + -- changeset liquibase:1.11.0 dbms:mssql -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ +EXEC sp_rename 'custom_entity_attr_list_items.value', item_value, 'COLUMN' +GO +EXEC sp_rename 'custom_entity_attr_list_items_aud.value', item_value, 'COLUMN' +GO +EXEC sp_rename 'entity_attributes_filter_target_value.value', target_value, 'COLUMN' +GO +EXEC sp_rename 'entity_attributes_filter_target_value_aud.value', target_value, 'COLUMN' +GO +EXEC sp_rename 'name_id_format_filter_target_value', target_value, 'COLUMN' +GO +EXEC sp_rename 'name_id_format_filter_target_value_aud', target_value, 'COLUMN' +GO EXEC sp_rename 'organizationurl.value', uri_value, 'COLUMN' GO -EXEC sp_rename 'custom_entity_attr_list_items.value', item_value, 'COLUMN' +EXEC sp_rename 'organizationurl_aud.value', uri_value, 'COLUMN' +GO +EXEC sp_rename 'organization_display_name.value', name_value, 'COLUMN' +GO +EXEC sp_rename 'organization_display_name_aud.value', name_value, 'COLUMN' GO EXEC sp_rename 'organization_name.value', name_value, 'COLUMN' GO -EXEC sp_rename 'organization_display_name.value', name_value, 'COLUMN' +EXEC sp_rename 'organization_name_aud.value', name_value, 'COLUMN' GO EXEC sp_rename 'service_description.value', name_value, 'COLUMN' GO +EXEC sp_rename 'service_description_aud.value', name_value, 'COLUMN' +GO EXEC sp_rename 'service_name.value', name_value, 'COLUMN' +GO +EXEC sp_rename 'service_name_aud.value', name_value, 'COLUMN' GO \ No newline at end of file diff --git a/gradle.properties b/gradle.properties index 9fb07eccf..fdbf3f56a 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,8 +5,8 @@ version=1.11.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4 cryptacularVersion=1.2.4 -hibernateVersion=5.5.0.Final -#hibernateVersion=5.6.9.Final +#hibernateVersion=5.5.0.Final +hibernateVersion=5.6.9.Final luceneVersion=8.1.1 log4JVersion=2.17.2 lombokVersion=5.3.3.3 @@ -14,8 +14,8 @@ opensamlVersion=4.2.0 pac4JVersion=5.4.3 pac4jSpringSecurityVersion=7.0.3 shibbolethVersion=4.2.1 -springbootVersion=2.5.12 -#springbootVersion=2.7.0 +#springbootVersion=2.5.12 +springbootVersion=2.7.0 springSecurityVersion=5.6.3 # springSecurityVersion=5.7.1 From 3b5a6efe25fa0028f99063800dc5c47931ee832d Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 15 Jun 2022 10:55:04 -0700 Subject: [PATCH 07/40] SHIBUI-2273 update version of spring security properties file cleanup --- backend/src/main/resources/application.properties | 2 +- gradle.properties | 13 ++----------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index dd02864b0..ba1b8f20f 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -19,7 +19,7 @@ spring.datasource.password=shibui # Database Configuration H2 spring.datasource.url=jdbc:h2:mem:shibui;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE -spring.datasource.platform=h2 +spring.sql.init.platform=h2 spring.datasource.driverClassName=org.h2.Driver spring.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.h2.console.enabled=true diff --git a/gradle.properties b/gradle.properties index fdbf3f56a..f891afd02 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,7 +5,6 @@ version=1.11.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4 cryptacularVersion=1.2.4 -#hibernateVersion=5.5.0.Final hibernateVersion=5.6.9.Final luceneVersion=8.1.1 log4JVersion=2.17.2 @@ -14,10 +13,8 @@ opensamlVersion=4.2.0 pac4JVersion=5.4.3 pac4jSpringSecurityVersion=7.0.3 shibbolethVersion=4.2.1 -#springbootVersion=2.5.12 springbootVersion=2.7.0 -springSecurityVersion=5.6.3 -# springSecurityVersion=5.7.1 +springSecurityVersion=5.7.1 ### DB Driver Versions ### mariadbVersion=3.0.4 @@ -35,10 +32,4 @@ i2.github.apiEndpoint=https://github.internet2.edu/api/v3 ## NOTES # pac4j spring security 7.0.3 here uses the pac4j 5.4.3 core, thus differences in versions (they used use the same versions, now -# keeping them in sync takes paying attention -# -# Springboot 2.7.0 and Hibernate 5.6.9 are current, but don't like all the columns named "value" in the db (along with H2), so don't -# update to these versions until ready to migrate the database columns. (the tests fail under these versions because the test database -# doesn't work). -# -# Additionally, springbootsecurity for tests doesn't like 5.7.1 \ No newline at end of file +# keeping them in sync takes paying attention \ No newline at end of file From 9827498670843cac2d0b3d86626afaca028bb49e Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 21 Jun 2022 11:03:53 -0700 Subject: [PATCH 08/40] SHIBUI-2268 initial commit, no working state --- .../JPAMetadataResolverServiceImpl.groovy | 11 + .../filters/algorithm/AlgorithmFilter.java | 59 +++ .../ui/domain/filters/algorithm/Entity.java | 24 ++ .../admin/ui/opensaml/OpenSamlObjects.java | 26 +- ...XMLObjectProviderInitializerForTest.groovy | 12 + ...JPAMetadataResolverServiceImplTests.groovy | 26 +- .../admin/ui/util/TestObjectGenerator.groovy | 9 + .../org.opensaml.core.config.Initializer | 1 + .../src/test/resources/conf/2268-simple.xml | 7 + .../resources/jpa-saml2-metadata-config.xml | 372 ++++++++++++++++++ 10 files changed, 533 insertions(+), 14 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy create mode 100644 backend/src/test/resources/META-INF/services/org.opensaml.core.config.Initializer create mode 100644 backend/src/test/resources/conf/2268-simple.xml create mode 100644 backend/src/test/resources/jpa-saml2-metadata-config.xml diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index ed3f794c0..691828526 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -9,6 +9,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteList import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver @@ -88,6 +89,16 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } } + void constructXmlNodeForFilter(AlgorithmFilter filter, def markupBuilderDelegate) { + if (!filter.isFilterEnabled()) { return } + markupBuilderDelegate.MetadataFilter('xsi:type': 'Algorithm') { + // TODO: enhance. currently this does weird things with namespaces + filter.unknownXMLObjects.each { xmlObject -> + mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false)) + } + } + } + void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) { if (!filter.isFilterEnabled()) { return } markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java new file mode 100644 index 000000000..85a4d9129 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java @@ -0,0 +1,59 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; +import org.opensaml.core.xml.ElementExtensibleXMLObject; +import org.opensaml.core.xml.XMLObject; + +import javax.annotation.Nonnull; +import javax.persistence.CascadeType; +import javax.persistence.ElementCollection; +import javax.persistence.Entity; +import javax.persistence.OneToMany; +import javax.persistence.OrderColumn; +import javax.xml.namespace.QName; +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; + +/** + * Following the pattern of AbstractElementExtensibleXMLObject - this XML type can hold a couple of different types of XML objects + */ +@Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +public class AlgorithmFilter extends MetadataFilter { + @OneToMany(cascade = CascadeType.ALL) + @OrderColumn + private List unknownXMLObjects = new ArrayList<>(); + + public void addUnknownXMLObject(AbstractXMLObject xmlObject) { + this.unknownXMLObjects.add(xmlObject); + } + + @Nonnull + public List getUnknownXMLObjects() { + return (List) (List) this.unknownXMLObjects; + } + + private AlgorithmFilter updateConcreteFilterTypeData(AlgorithmFilter filterToBeUpdated) { + for (XMLObject o : getUnknownXMLObjects()) { + filterToBeUpdated.addUnknownXMLObject((AbstractXMLObject) o); + } + return filterToBeUpdated; + } + + @Override + public MetadataFilter updateConcreteFilterTypeData(MetadataFilter filterToBeUpdated) { + return updateConcreteFilterTypeData((AlgorithmFilter) filterToBeUpdated); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java new file mode 100644 index 000000000..9a741f6e8 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java @@ -0,0 +1,24 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; + +import javax.annotation.Nullable; + +public class Entity extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { + private String uri; + + private Entity(){ + setElementLocalName("Entity"); + } + + @Nullable + @Override + public String getValue() { + return this.uri; + } + + @Override + public void setValue(@Nullable String newValue) { + this.uri = newValue; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/OpenSamlObjects.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/OpenSamlObjects.java index 8a25b0855..bd149c9ff 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/OpenSamlObjects.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/OpenSamlObjects.java @@ -88,11 +88,11 @@ public void init() throws ComponentInitializationException { this.unmarshallerFactory = registry.getUnmarshallerFactory(); } - public String marshalToXmlString(XMLObject ed, boolean includeXMLDeclaration) throws MarshallingException { - Marshaller marshaller = this.marshallerFactory.getMarshaller(ed); - ed.releaseDOM(); - ed.releaseChildrenDOM(true); - String entityDescriptorXmlString = null; + public String marshalToXmlString(XMLObject xmlObject, boolean includeXMLDeclaration) throws MarshallingException { + Marshaller marshaller = this.marshallerFactory.getMarshaller(xmlObject); + xmlObject.releaseDOM(); + xmlObject.releaseChildrenDOM(true); + String resultString = null; if (marshaller != null) { try (StringWriter writer = new StringWriter()) { Transformer transformer = TransformerFactory.newInstance().newTransformer(); @@ -101,22 +101,22 @@ public String marshalToXmlString(XMLObject ed, boolean includeXMLDeclaration) th if (!includeXMLDeclaration) { transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); } - transformer.transform(new DOMSource(marshaller.marshall(ed)), new StreamResult(writer)); - entityDescriptorXmlString = writer.toString(); + transformer.transform(new DOMSource(marshaller.marshall(xmlObject)), new StreamResult(writer)); + resultString = writer.toString(); } catch (TransformerException | IOException e) { logger.error(e.getMessage(), e); } } - if (entityDescriptorXmlString == null) { + if (resultString == null) { //Figure out the best way to deal with this case - throw new RuntimeException("Unable to marshal EntityDescriptor"); + throw new RuntimeException("Unable to marshal xmlObject"); } - return entityDescriptorXmlString; + return resultString; } - public String marshalToXmlString(XMLObject ed) throws MarshallingException { - return this.marshalToXmlString(ed, true); + public String marshalToXmlString(XMLObject xmlObject) throws MarshallingException { + return this.marshalToXmlString(xmlObject, true); } public EntityDescriptor unmarshalFromXml(byte[] entityDescriptorXml) throws Exception { @@ -152,4 +152,4 @@ public T buildDefaultInstanceOfType(Class type) { throw new RuntimeException("there was a problem building an instance", e); } } -} +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy new file mode 100644 index 000000000..0a56abe54 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy @@ -0,0 +1,12 @@ +package edu.internet2.tier.shibboleth.admin.ui.opensaml.config + +import org.opensaml.core.xml.config.AbstractXMLObjectProviderInitializer + +class JPAXMLObjectProviderInitializerForTest extends AbstractXMLObjectProviderInitializer { + @Override + protected String[] getConfigResources() { + return new String[]{ + "/jpa-saml2-metadata-config.xml", + } + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 594ee6750..010ee9310 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -3,10 +3,12 @@ package edu.internet2.tier.shibboleth.admin.ui.service import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration +import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver @@ -16,6 +18,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.SvnMetadataResour import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects +import edu.internet2.tier.shibboleth.admin.ui.opensaml.config.JPAXMLObjectProviderInitializerForTest import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository import edu.internet2.tier.shibboleth.admin.ui.util.TestObjectGenerator import groovy.xml.DOMBuilder @@ -40,7 +43,7 @@ import java.time.Instant import static edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers.generatedXmlIsTheSameAsExpectedXml -@ContextConfiguration(classes=[ JPAMRSIConfig, PlaceholderResolverComponentsConfiguration ]) +@ContextConfiguration(classes=[ JPAMRSIConfig, PlaceholderResolverComponentsConfiguration, JPAXMLObjectProviderInitializerForTest ]) class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { @Autowired @@ -137,6 +140,27 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { !diff.hasDifferences() } + def 'test generating AlgorithmFilter xml snippet'() { + given: + def filter = TestObjectGenerator.algorithmFilter() + EncryptionMethod encryptionMethod = new EncryptionMethod() + encryptionMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc") + encryptionMethod.setElementLocalName("EncryptionMethod") + filter.addUnknownXMLObject(encryptionMethod) + Entity entity = new Entity() + entity.setValue("https://broken.example.org/sp") + filter.addUnknownXMLObject(entity) + Entity entity2 = new Entity() + entity2.setValue("https://also-broken.example.org/sp") + filter.addUnknownXMLObject(entity2) + + when: + genXmlSnippet(markupBuilder) { JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) } + + then: + generatedXmlIsTheSameAsExpectedXml('/conf/2268-simple.xml', domBuilder.parseText(writer.toString())) + } + def 'test generating EntityAttributesFilter xml snippet with condition script'() { given: def filter = testObjectGenerator.entityAttributesFilterWithConditionScript() diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy index bf17b107e..276bbc17f 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy @@ -17,6 +17,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilter import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterTargetRepresentation import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource @@ -183,6 +184,14 @@ class TestObjectGenerator { randomFilter } + static AlgorithmFilter algorithmFilter() { + return new AlgorithmFilter().with { + it.name = "Algorithm" + it.enabled = true; + it + } + } + SignatureValidationFilter signatureValidationFilter() { new SignatureValidationFilter().with { it.name = 'SignatureValidation' diff --git a/backend/src/test/resources/META-INF/services/org.opensaml.core.config.Initializer b/backend/src/test/resources/META-INF/services/org.opensaml.core.config.Initializer new file mode 100644 index 000000000..c7c2e7cb3 --- /dev/null +++ b/backend/src/test/resources/META-INF/services/org.opensaml.core.config.Initializer @@ -0,0 +1 @@ +edu.internet2.tier.shibboleth.admin.ui.opensaml.config.JPAXMLObjectProviderInitializerForTest \ No newline at end of file diff --git a/backend/src/test/resources/conf/2268-simple.xml b/backend/src/test/resources/conf/2268-simple.xml new file mode 100644 index 000000000..2ffe731f1 --- /dev/null +++ b/backend/src/test/resources/conf/2268-simple.xml @@ -0,0 +1,7 @@ + + + + https://broken.example.org/sp + https://also-broken.example.org/sp + + \ No newline at end of file diff --git a/backend/src/test/resources/jpa-saml2-metadata-config.xml b/backend/src/test/resources/jpa-saml2-metadata-config.xml new file mode 100644 index 000000000..b008809ce --- /dev/null +++ b/backend/src/test/resources/jpa-saml2-metadata-config.xml @@ -0,0 +1,372 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 478e20900b9b0f6aeacb531afed522136b845c6a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Thu, 23 Jun 2022 09:22:57 -0700 Subject: [PATCH 09/40] SHIBUI-2273 Corrections for MySQL --- .../main/resources/db/changelog/changelog.sql | 62 ++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql index 911f36cb9..561280f58 100644 --- a/backend/src/main/resources/db/changelog/changelog.sql +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -1,6 +1,66 @@ -- liquibase formatted sql --- changeset liquibase:1.11.0 dbms:mariadb,mysql,postgresql +-- changeset liquibase:1.11.0 dbms:mysql +-- preconditions onFail:MARK_RAN +-- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' +-- comment: /* we don't need to run this if the system is new */ +ALTER TABLE custom_entity_attr_list_items + CHANGE value item_value varchar(255); +GO +ALTER TABLE custom_entity_attr_list_items_aud + CHANGE value item_value varchar(255); +GO +ALTER TABLE entity_attributes_filter_target_value + CHANGE value target_value varchar(255); +GO +ALTER TABLE entity_attributes_filter_target_value_aud + CHANGE value target_value varchar(255); +GO +ALTER TABLE name_id_format_filter_target_value + CHANGE value target_value varchar(255); +GO +ALTER TABLE name_id_format_filter_target_value_aud + CHANGE value target_value varchar(255); +GO +ALTER TABLE organizationurl + CHANGE value uri_value varchar(255); +GO +ALTER TABLE organizationurl_aud + CHANGE value uri_value varchar(255); +GO +ALTER TABLE organization_display_name + CHANGE value name_value varchar(255); +GO +ALTER TABLE organization_display_name_aud + CHANGE value name_value varchar(255); +GO +ALTER TABLE organization_name + CHANGE value name_value varchar(255); +GO +ALTER TABLE organization_name_aud + CHANGE value name_value varchar(255); +GO +ALTER TABLE resource_backed_metadata_resolver + CHANGE file file_resource varchar(255); +GO +ALTER TABLE resource_backed_metadata_resolver_aud + CHANGE file file_resource varchar(255); +GO +ALTER TABLE service_description + CHANGE value name_value varchar(255); +GO +ALTER TABLE service_description_aud + CHANGE value name_value varchar(255); +GO +ALTER TABLE service_name + CHANGE value name_value varchar(255); +GO +ALTER TABLE service_name_aud + CHANGE value name_value varchar(255); +GO + + +-- changeset liquibase:1.11.0 dbms:mariadb,postgresql -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ From 7d808b46fd31626a8d852f21245806331ad18c10 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 23 Jun 2022 09:57:02 -0700 Subject: [PATCH 10/40] Updated min/max refresh for providers --- .../file-system-metadata-provider.schema.json | 16 +++++++-------- .../main/resources/i18n/messages.properties | 2 +- .../resources/i18n/messages_en.properties | 2 +- .../schema/provider/file-system.schema.json | 20 +++++++++---------- .../provider/filebacked-http.schema.json | 10 ++++++++-- ui/src/app/metadata/domain/data.js | 14 +++++++++++++ ...ileBackedHttpMetadataProviderDefinition.js | 6 +++--- .../FileSystemMetadataProviderDefinition.js | 6 +++--- .../metadata/wizard/MetadataProviderWizard.js | 2 +- 9 files changed, 47 insertions(+), 31 deletions(-) diff --git a/backend/src/main/resources/file-system-metadata-provider.schema.json b/backend/src/main/resources/file-system-metadata-provider.schema.json index 7969495f2..a4db5a52d 100644 --- a/backend/src/main/resources/file-system-metadata-provider.schema.json +++ b/backend/src/main/resources/file-system-metadata-provider.schema.json @@ -1,11 +1,6 @@ { "type": "object", - "required": [ - "name", - "@type", - "xmlId", - "metadataFile" - ], + "required": ["name", "@type", "xmlId", "metadataFile"], "properties": { "name": { "title": "label.metadata-provider-name-dashboard-display-only", @@ -47,18 +42,21 @@ }, "reloadableMetadataResolverAttributes": { "type": "object", + "required": ["minRefreshDelay", "maxRefreshDelay"], "properties": { "minRefreshDelay": { "title": "label.min-refresh-delay", "description": "tooltip.min-refresh-delay", "type": "string", - "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$" + "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$", + "default": "PT5M" }, "maxRefreshDelay": { "title": "label.max-refresh-delay", "description": "tooltip.max-refresh-delay", "type": "string", - "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$" + "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$", + "default": "PT4H" }, "refreshDelayFactor": { "title": "label.refresh-delay-factor", @@ -71,4 +69,4 @@ } } } -} \ No newline at end of file +} diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 0a7880b36..2513a7c87 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -684,7 +684,7 @@ tooltip.retained-roles=Note that property replacement cannot be used on this ele tooltip.remove-roleless-entity-descriptors=Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one role descriptor. tooltip.remove-empty-entities-descriptors=Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one child element, either an element or an element. -tooltip.min-refresh-delay=Lower bound on the next refresh from the time calculated based on the metadata\u0027s expiration. +tooltip.min-refresh-delay=Lower bound on the next refresh from the time calculated based on the metadata\u0027s expiration. Setting this to 0 will result in the default value being used. tooltip.max-refresh-delay=Upper bound on the next refresh from the time calculated based on the metadata\u0027s expiration. tooltip.refresh-delay-factor=A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata\u0027s expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay. tooltip.resolve-via-predicates-only=Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection, when an entityID input criterion is not supplied. diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties index f9f64d4d2..40d17ae7e 100644 --- a/backend/src/main/resources/i18n/messages_en.properties +++ b/backend/src/main/resources/i18n/messages_en.properties @@ -531,7 +531,7 @@ tooltip.retained-roles=Note that property replacement cannot be used on this ele tooltip.remove-roleless-entity-descriptors=Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one role descriptor. tooltip.remove-empty-entities-descriptors=Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one child element, either an element or an element. -tooltip.min-refresh-delay=Lower bound on the next refresh from the time calculated based on the metadata\u0027s expiration. +tooltip.min-refresh-delay=Lower bound on the next refresh from the time calculated based on the metadata\u0027s expiration. Setting this to 0 will result in the default value being used. tooltip.max-refresh-delay=Upper bound on the next refresh from the time calculated based on the metadata\u0027s expiration. tooltip.refresh-delay-factor=A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata\u0027s expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay. tooltip.resolve-via-predicates-only=Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection, when an entityID input criterion is not supplied. diff --git a/ui/public/assets/schema/provider/file-system.schema.json b/ui/public/assets/schema/provider/file-system.schema.json index 38d0d90e3..a4db5a52d 100644 --- a/ui/public/assets/schema/provider/file-system.schema.json +++ b/ui/public/assets/schema/provider/file-system.schema.json @@ -1,15 +1,10 @@ { "type": "object", - "required": [ - "name", - "@type", - "xmlId", - "metadataFile" - ], + "required": ["name", "@type", "xmlId", "metadataFile"], "properties": { "name": { "title": "label.metadata-provider-name-dashboard-display-only", - "description": "tooltip.metadata-provider-name-dashboard-display-only", + "description": "tooltip.metadata-provider-name", "type": "string", "widget": { "id": "string", @@ -20,7 +15,7 @@ "title": "label.metadata-provider-type", "description": "tooltip.metadata-provider-type", "type": "string", - "const": "FilesystemMetadataResolver" + "default": "FilesystemMetadataResolver" }, "xmlId": { "title": "label.xml-id", @@ -47,18 +42,21 @@ }, "reloadableMetadataResolverAttributes": { "type": "object", + "required": ["minRefreshDelay", "maxRefreshDelay"], "properties": { "minRefreshDelay": { "title": "label.min-refresh-delay", "description": "tooltip.min-refresh-delay", "type": "string", - "pattern": "^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$" + "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$", + "default": "PT5M" }, "maxRefreshDelay": { "title": "label.max-refresh-delay", "description": "tooltip.max-refresh-delay", "type": "string", - "pattern": "^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$" + "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$", + "default": "PT4H" }, "refreshDelayFactor": { "title": "label.refresh-delay-factor", @@ -71,4 +69,4 @@ } } } -} \ No newline at end of file +} diff --git a/ui/public/assets/schema/provider/filebacked-http.schema.json b/ui/public/assets/schema/provider/filebacked-http.schema.json index 860733486..77f415b43 100644 --- a/ui/public/assets/schema/provider/filebacked-http.schema.json +++ b/ui/public/assets/schema/provider/filebacked-http.schema.json @@ -252,18 +252,24 @@ "reloadableMetadataResolverAttributes": { "$id": "reloadableMetadataResolverAttributes", "type": "object", + "required": [ + "minRefreshDelay", + "maxRefreshDelay" + ], "properties": { "minRefreshDelay": { "title": "label.min-refresh-delay", "description": "tooltip.min-refresh-delay", "type": "string", - "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$" + "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$", + "default": "PT5M" }, "maxRefreshDelay": { "title": "label.max-refresh-delay", "description": "tooltip.max-refresh-delay", "type": "string", - "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$" + "pattern": "^$|^(R\\d*\\/)?P(?:\\d+(?:\\.\\d+)?Y)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?W)?(?:\\d+(?:\\.\\d+)?D)?(?:T(?:\\d+(?:\\.\\d+)?H)?(?:\\d+(?:\\.\\d+)?M)?(?:\\d+(?:\\.\\d+)?S)?)?$", + "default": "PT4H" }, "refreshDelayFactor": { "title": "label.refresh-delay-factor", diff --git a/ui/src/app/metadata/domain/data.js b/ui/src/app/metadata/domain/data.js index 45412d300..b97afbddb 100644 --- a/ui/src/app/metadata/domain/data.js +++ b/ui/src/app/metadata/domain/data.js @@ -9,4 +9,18 @@ export const DurationOptions = [ "PT8H", "PT12H", "PT24H" +]; + +export const RefreshOptions = [ + "PT1S", + "PT30S", + "PT1M", + "PT5M", + "PT10M", + "PT30M", + "PT1H", + "PT4H", + "PT8H", + "PT12H", + "PT24H", ]; \ No newline at end of file diff --git a/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js b/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js index 106edfa55..e4e4be5b6 100644 --- a/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js +++ b/ui/src/app/metadata/domain/provider/definition/FileBackedHttpMetadataProviderDefinition.js @@ -1,7 +1,7 @@ import defaultsDeep from 'lodash/defaultsDeep'; import { BaseProviderDefinition, HttpMetadataResolverAttributesSchema, MetadataFilterPluginsSchema } from './BaseProviderDefinition'; -import { DurationOptions } from '../../data'; +import { DurationOptions, RefreshOptions } from '../../data'; import { BASE_PATH } from '../../../../App.constant'; export const FileBackedHttpMetadataProviderWizard = { @@ -155,12 +155,12 @@ export const FileBackedHttpMetadataProviderWizard = { reloadableMetadataResolverAttributes: { minRefreshDelay: { 'ui:widget': 'OptionWidget', - options: DurationOptions, + options: RefreshOptions, 'ui:placeholder': 'label.duration' }, maxRefreshDelay: { 'ui:widget': 'OptionWidget', - options: DurationOptions, + options: RefreshOptions, 'ui:placeholder': 'label.duration' }, refreshDelayFactor: { diff --git a/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js b/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js index d97b8e041..5e9d617fe 100644 --- a/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js +++ b/ui/src/app/metadata/domain/provider/definition/FileSystemMetadataProviderDefinition.js @@ -1,7 +1,7 @@ import defaultsDeep from 'lodash/defaultsDeep'; import API_BASE_PATH from "../../../../App.constant"; import { BaseProviderDefinition } from "./BaseProviderDefinition"; -import { DurationOptions } from '../../data'; +import { RefreshOptions } from '../../data'; export const FileSystemMetadataProviderWizard = { ...BaseProviderDefinition, @@ -74,12 +74,12 @@ export const FileSystemMetadataProviderWizard = { reloadableMetadataResolverAttributes: { minRefreshDelay: { 'ui:widget': 'OptionWidget', - options: DurationOptions, + options: RefreshOptions, 'ui:placeholder': 'label.duration' }, maxRefreshDelay: { 'ui:widget': 'OptionWidget', - options: DurationOptions, + options: RefreshOptions, 'ui:placeholder': 'label.duration' }, refreshDelayFactor: { diff --git a/ui/src/app/metadata/wizard/MetadataProviderWizard.js b/ui/src/app/metadata/wizard/MetadataProviderWizard.js index d2cbc0864..8dcbf73cd 100644 --- a/ui/src/app/metadata/wizard/MetadataProviderWizard.js +++ b/ui/src/app/metadata/wizard/MetadataProviderWizard.js @@ -49,7 +49,6 @@ export function MetadataProviderWizard({onSave, loading, block}) { return ( <> -
} + 
{JSON.stringify(errors, null, 4)}
); } From 383002d3fc4f48f360a2742a5bb2dbe325ce742e Mon Sep 17 00:00:00 2001 From: chasegawa Date: Thu, 23 Jun 2022 12:07:34 -0700 Subject: [PATCH 11/40] SHIBUI-2273 "Resetting" the min and max refresh values to match the open saml code --- .../main/resources/db/changelog/changelog.sql | 28 ++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql index 561280f58..2653cdd64 100644 --- a/backend/src/main/resources/db/changelog/changelog.sql +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -1,6 +1,6 @@ -- liquibase formatted sql --- changeset liquibase:1.11.0 dbms:mysql +-- changeset liquibase:1.11.0.1 dbms:mysql -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ @@ -60,7 +60,7 @@ ALTER TABLE service_name_aud GO --- changeset liquibase:1.11.0 dbms:mariadb,postgresql +-- changeset liquibase:1.11.0.1 dbms:mariadb,postgresql -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ @@ -120,7 +120,7 @@ ALTER TABLE service_name_aud GO --- changeset liquibase:1.11.0 dbms:mssql +-- changeset liquibase:1.11.0.1 dbms:mssql -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ @@ -155,4 +155,24 @@ GO EXEC sp_rename 'service_name.value', name_value, 'COLUMN' GO EXEC sp_rename 'service_name_aud.value', name_value, 'COLUMN' -GO \ No newline at end of file +GO + +-- changeset liquibase:1.11.0.2 dbms:mariadb,postgresql,mssql,mysql +-- preconditions onFail:MARK_RAN +-- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' +-- comment: /* we don't need to run this if the system is new */ + +update filesystem_metadata_resolver set min_refresh_delay ='PT5M'; +update filesystem_metadata_resolver_aud set min_refresh_delay ='PT5M'; +update filesystem_metadata_resolver set max_refresh_delay ='PT4H'; +update filesystem_metadata_resolver_aud set max_refresh_delay ='PT4H'; + +update file_backed_http_metadata_resolver set min_refresh_delay ='PT5M'; +update file_backed_http_metadata_resolver_aud set min_refresh_delay ='PT5M'; +update file_backed_http_metadata_resolver set max_refresh_delay ='PT4H'; +update file_backed_http_metadata_resolver_aud set max_refresh_delay ='PT4H'; + +update resource_backed_metadata_resolver set min_refresh_delay ='PT5M'; +update resource_backed_metadata_resolver_aud set min_refresh_delay ='PT5M'; +update resource_backed_metadata_resolver set max_refresh_delay ='PT4H'; +update resource_backed_metadata_resolver_aud set max_refresh_delay ='PT4H'; \ No newline at end of file From 987208a97691beabb478f696226ba085bbdeab29 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Thu, 23 Jun 2022 15:23:31 -0700 Subject: [PATCH 12/40] SHIBUI-2273 Overriding calls that were getting made that break things. Those methods don't need to be used by the shibui functionality --- .../OpenSamlFileBackedHTTPMetadataResolver.java | 13 +++++++++++++ .../OpenSamlFilesystemMetadataResolver.java | 12 ++++++++++++ 2 files changed, 25 insertions(+) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFileBackedHTTPMetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFileBackedHTTPMetadataResolver.java index c5d64dc5b..4b642e52a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFileBackedHTTPMetadataResolver.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFileBackedHTTPMetadataResolver.java @@ -15,6 +15,7 @@ import javax.annotation.Nonnull; import javax.annotation.Nullable; +import java.io.File; import java.time.Duration; import java.time.Instant; @@ -135,4 +136,16 @@ public synchronized void refresh() throws ResolverException { } } } + + @Override + public void validateBackupFile(final File backupFile) throws ResolverException { + // NOPE, not going to validate this because the file reference is likely not to exist on the shibui server nor even be a + // valid path on the running server. The file is needed for the XML, but we shouldn't be validating it. + } + + @Override + protected byte[] fetchMetadata() throws ResolverException { + // NOPE, we don't need to try and fetch the metadata from either the URI nor the file + return null; + } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFilesystemMetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFilesystemMetadataResolver.java index c247e7b53..f8b9a856f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFilesystemMetadataResolver.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFilesystemMetadataResolver.java @@ -88,4 +88,16 @@ public void refilter() { logger.error("An error occurred while attempting to filter metadata!", e); } } + + @Override + public void validateMetadataFile(@Nonnull final File file) throws ResolverException { + // NOPE, not going to validate this because the file reference is likely not to exist on the shibui server nor even be a + // valid path on the running server. The file is needed for the XML, but we shouldn't be validating it. + } + + @Override + protected byte[] fetchMetadata() throws ResolverException { + // NOPE, we don't need to try and fetch the metadata + return null; + } } \ No newline at end of file From b2b3ad9ae902259ec4d31e30758846f505834ebc Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 29 Jun 2022 14:24:04 -0700 Subject: [PATCH 13/40] SHIBUI-2273 slight change for mariadb --- backend/src/main/resources/db/changelog/changelog.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql index 2653cdd64..5bece9633 100644 --- a/backend/src/main/resources/db/changelog/changelog.sql +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -1,6 +1,6 @@ -- liquibase formatted sql --- changeset liquibase:1.11.0.1 dbms:mysql +-- changeset liquibase:1.11.0.1 dbms:mysql,mariadb -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ @@ -60,7 +60,7 @@ ALTER TABLE service_name_aud GO --- changeset liquibase:1.11.0.1 dbms:mariadb,postgresql +-- changeset liquibase:1.11.0.1 dbms:postgresql -- preconditions onFail:MARK_RAN -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' -- comment: /* we don't need to run this if the system is new */ From 71cbdc52c7888141e84e8b137b2ae44aea47030a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 1 Jul 2022 10:50:47 -0700 Subject: [PATCH 14/40] NOJIRA Fixing the footer version information --- backend/src/main/resources/application.properties | 8 +++++--- ui/src/app/App.constant.js | 10 ++++++++++ ui/src/app/core/components/VersionInfo.js | 14 +++++++++----- 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index ba1b8f20f..f6af0610e 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -48,7 +48,7 @@ spring.liquibase.change-log=db/changelog/changelog.sql spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl spring.jpa.show-sql=false -spring.jpa.properties.hibernate.format_sql=false +spring.jpa.properties.hibernate.format_sql=true spring.jpa.properties.hibernate.check_nullability=true spring.jpa.hibernate.use-new-id-generator-mappings=true @@ -118,5 +118,7 @@ springdoc.swagger-ui.tagsSorter: alpha springdoc.writer-with-order-by-keys: true springdoc.pathsToMatch=/entities, /api/** # This property enables the openapi and swagger-ui endpoints to be exposed beneath the actuator base path. -management.endpoints.web.exposure.include=openapi, swagger-ui -management.server.port=9090 \ No newline at end of file +management.endpoints.web.exposure.include=openapi, swagger-ui, info +management.server.port=9090 +management.endpoints.web.cors.allowed-origins=* +management.endpoints.web.cors.allowed-headers=* \ No newline at end of file diff --git a/ui/src/app/App.constant.js b/ui/src/app/App.constant.js index 3b6af7f89..afa7a688c 100644 --- a/ui/src/app/App.constant.js +++ b/ui/src/app/App.constant.js @@ -5,8 +5,18 @@ export const getBasePath = () => { //replace(/^\/|\/$/g, '') }; +export const getActuatorPath = () => { + const url = new URL(document.getElementsByTagName('base')[0].href); + + var foo = document.createElement("a"); + foo.href = url.pathname?.replace(/^\/+/g, ''); + foo.port = "9090" + return foo.href; +} + export const BASE_PATH = getBasePath(); export const API_BASE_PATH = `${BASE_PATH}api`; +export const ACTUATOR_PATH = getActuatorPath(); export const FILTER_PLUGIN_TYPES = ['RequiredValidUntil', 'SignatureValidation', 'EntityRoleWhiteList']; diff --git a/ui/src/app/core/components/VersionInfo.js b/ui/src/app/core/components/VersionInfo.js index 1c6badfc1..1c88ad271 100644 --- a/ui/src/app/core/components/VersionInfo.js +++ b/ui/src/app/core/components/VersionInfo.js @@ -1,7 +1,7 @@ import React from 'react'; import useFetch from 'use-http'; -import { BASE_PATH } from '../../App.constant'; +import { ACTUATOR_PATH } from '../../App.constant'; import Translate from '../../i18n/components/translate'; @@ -11,11 +11,15 @@ const year = new Date().getFullYear(); const params = { year }; export function VersionInfo () { - - const { data = {} } = useFetch(`${BASE_PATH}actuator/info`, {}, []); + var opts = { + headers: { + 'mode':'no-cors' + } + } + const { data = {} } = useFetch(`${ACTUATOR_PATH}actuator/info`, opts, []); const [ versionData, setVersionData ] = React.useState(''); - + React.useEffect(() => { setVersionData(formatter(data)); }, [data]); @@ -29,4 +33,4 @@ export function VersionInfo () { ); } -export default VersionInfo; \ No newline at end of file +export default VersionInfo; From 7ee47095d75c433e1642f416927823f0da3314ba Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 5 Jul 2022 15:05:36 -0700 Subject: [PATCH 15/40] NOJIRA --- testbed/postgres/conf/application.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/testbed/postgres/conf/application.yml b/testbed/postgres/conf/application.yml index 2173107e1..56fd5e709 100644 --- a/testbed/postgres/conf/application.yml +++ b/testbed/postgres/conf/application.yml @@ -8,9 +8,11 @@ spring: username: shibui password: shibui jpa: + show-sql: false properties: hibernate: - dialect: org.hibernate.dialect.PostgreSQLDialect + dialect: org.hibernate.dialect.PostgreSQL95Dialect + format_sql: true server: port: 8443 ssl: @@ -135,4 +137,4 @@ custom: logging: level: org.pac4j: "TRACE" - org.opensaml: "INFO" + org.opensaml: "INFO" \ No newline at end of file From 48b93d31dd1c469a1bd2d3e4cb0ce2ee2d01fd9b Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 5 Jul 2022 16:45:21 -0700 Subject: [PATCH 16/40] SHIBUI-2273 Updating dialects --- backend/src/main/resources/application.yml | 9 +++++++++ testbed/mariadb/conf/application.yml | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 671000aa6..ffeab970c 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,3 +1,12 @@ +#spring: +# jpa: +# show-sql: false +# properties: +# hibernate: +# format_sql: true +# dialect: org.hibernate.dialect.PostgreSQL95Dialect +# OR SEE: https://access.redhat.com/webassets/avalon/d/red-hat-jboss-enterprise-application-platform/7.2/javadocs/org/hibernate/dialect/package-summary.html + #shibui: ## Default password must be set for the default user to be configured and setup # default-rootuser:root diff --git a/testbed/mariadb/conf/application.yml b/testbed/mariadb/conf/application.yml index 68018a4b9..82fe6fec7 100644 --- a/testbed/mariadb/conf/application.yml +++ b/testbed/mariadb/conf/application.yml @@ -10,7 +10,7 @@ spring: jpa: properties: hibernate: - dialect: org.hibernate.dialect.MariaDBDialect + dialect: org.hibernate.dialect.MariaDB103Dialect server: port: 8443 ssl: @@ -135,4 +135,4 @@ custom: logging: level: org.pac4j: "TRACE" - org.opensaml: "INFO" + org.opensaml: "INFO" \ No newline at end of file From b50795880f3657b2ed72d6165cc0fc488e9f59c8 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Thu, 7 Jul 2022 12:40:23 -0700 Subject: [PATCH 17/40] SHIBUI-2273 Fixing postgres lob issue --- .../tier/shibboleth/admin/ui/domain/X509Certificate.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Certificate.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Certificate.java index b1db21b72..cff1a3c9d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Certificate.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Certificate.java @@ -1,6 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; import lombok.EqualsAndHashCode; +import org.hibernate.annotations.Type; import org.hibernate.envers.Audited; import javax.annotation.Nullable; @@ -14,6 +15,7 @@ public class X509Certificate extends AbstractXMLObject implements org.opensaml.xmlsec.signature.X509Certificate { @Column(name = "x509CertificateValue") @Lob + @Type(type = "org.hibernate.type.TextType") private String value; @Nullable @@ -26,4 +28,4 @@ public String getValue() { public void setValue(@Nullable String value) { this.value = value; } -} +} \ No newline at end of file From c7cd06fa66dd829cf396d438f8ac12fcc0c0c7d4 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 12 Jul 2022 09:56:11 -0700 Subject: [PATCH 18/40] SHIBUI-2268 intermediate checkin - tests not correct --- .../JPAMetadataResolverServiceImpl.groovy | 24 +++++++++++++++---- .../admin/ui/domain/EncryptionMethod.java | 4 +++- ...XMLObjectProviderInitializerForTest.groovy | 2 +- ...JPAMetadataResolverServiceImplTests.groovy | 10 ++++++-- .../src/test/resources/conf/2268-simple.xml | 8 ++++++- 5 files changed, 39 insertions(+), 9 deletions(-) diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index 691828526..ffe491eec 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -10,6 +10,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilter +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver @@ -90,11 +91,26 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } void constructXmlNodeForFilter(AlgorithmFilter filter, def markupBuilderDelegate) { - if (!filter.isFilterEnabled()) { return } - markupBuilderDelegate.MetadataFilter('xsi:type': 'Algorithm') { - // TODO: enhance. currently this does weird things with namespaces + if (!filter.isFilterEnabled()) { + return + } + markupBuilderDelegate.MetadataFilter( + 'xsi:type': 'Algorithm', + 'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance', + 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd', + 'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata', + 'xmlns': 'urn:mace:shibboleth:2.0:metadata', + 'xmlns:security': 'urn:mace:shibboleth:2.0:security', + 'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion' + ) { filter.unknownXMLObjects.each { xmlObject -> - mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false)) + { + if (xmlObject instanceof Entity) { + Entity(xmlObject.getValue()) + } else { + mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false)) + } + } } } } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java index 06a47da63..be8da1f0c 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java @@ -55,4 +55,6 @@ public org.opensaml.xmlsec.encryption.OAEPparams getOAEPparams() { public void setOAEPparams(@Nullable org.opensaml.xmlsec.encryption.OAEPparams oaePparams) { this.oaePparams = oaePparams; } -} + + +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy index 0a56abe54..b4df893ab 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy @@ -6,7 +6,7 @@ class JPAXMLObjectProviderInitializerForTest extends AbstractXMLObjectProviderIn @Override protected String[] getConfigResources() { return new String[]{ - "/jpa-saml2-metadata-config.xml", + "/jpa-saml2-metadata-config.xml" } } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 010ee9310..80acbdad3 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethodBuilder import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter @@ -26,6 +27,7 @@ import groovy.xml.MarkupBuilder import net.shibboleth.ext.spring.resource.ResourceHelper import net.shibboleth.utilities.java.support.resolver.CriteriaSet import org.opensaml.core.criterion.EntityIdCriterion +import org.opensaml.saml.common.xml.SAMLConstants import org.opensaml.saml.metadata.resolver.MetadataResolver import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver @@ -143,10 +145,14 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { def 'test generating AlgorithmFilter xml snippet'() { given: def filter = TestObjectGenerator.algorithmFilter() - EncryptionMethod encryptionMethod = new EncryptionMethod() + EncryptionMethod encryptionMethod = new EncryptionMethod() + encryptionMethod.setElementLocalName(EncryptionMethod.DEFAULT_ELEMENT_LOCAL_NAME) + encryptionMethod.setNamespacePrefix(SAMLConstants.SAML20MD_PREFIX) + encryptionMethod.setNamespaceURI(SAMLConstants.SAML20MD_NS) + encryptionMethod.setSchemaLocation(SAMLConstants.SAML20MD_SCHEMA_LOCATION) encryptionMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc") - encryptionMethod.setElementLocalName("EncryptionMethod") filter.addUnknownXMLObject(encryptionMethod) + Entity entity = new Entity() entity.setValue("https://broken.example.org/sp") filter.addUnknownXMLObject(entity) diff --git a/backend/src/test/resources/conf/2268-simple.xml b/backend/src/test/resources/conf/2268-simple.xml index 2ffe731f1..f9b0ea14a 100644 --- a/backend/src/test/resources/conf/2268-simple.xml +++ b/backend/src/test/resources/conf/2268-simple.xml @@ -1,4 +1,10 @@ - + https://broken.example.org/sp From 362a51d7a9fb7a63826a351f0667cbf06bd36234 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 12 Jul 2022 11:28:05 -0700 Subject: [PATCH 19/40] SHIBUI-2273 fixes for sqlserver docker --- testbed/sqlServer/conf/application.yml | 16 ++++++++-------- testbed/sqlServer/docker-compose.yml | 9 ++++++++- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/testbed/sqlServer/conf/application.yml b/testbed/sqlServer/conf/application.yml index 1e48abf4d..f69ccb318 100644 --- a/testbed/sqlServer/conf/application.yml +++ b/testbed/sqlServer/conf/application.yml @@ -1,6 +1,6 @@ spring: profiles: - include: + include: dev datasource: platform: sqlserver driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver @@ -11,13 +11,13 @@ spring: properties: hibernate: dialect: org.hibernate.dialect.SQLServerDialect -#server: -# port: 8443 -# ssl: -# key-store: "/conf/keystore.p12" -# key-store-password: "changeit" -# keyStoreType: "PKCS12" -# keyAlias: "tomcat" +server: + port: 8443 + ssl: + key-store: "/conf/keystore.p12" + key-store-password: "changeit" + keyStoreType: "PKCS12" + keyAlias: "tomcat" shibui: user-bootstrap-resource: file:/conf/users.csv roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY diff --git a/testbed/sqlServer/docker-compose.yml b/testbed/sqlServer/docker-compose.yml index a7509fe37..68276f256 100644 --- a/testbed/sqlServer/docker-compose.yml +++ b/testbed/sqlServer/docker-compose.yml @@ -23,7 +23,14 @@ services: - db networks: - front - + mailhog: + image: mailhog/mailhog:latest + ports: + - 1025:1025 + - 8025:8025 + container_name: mailhog + networks: + - front networks: front: driver: bridge \ No newline at end of file From dfc098bcb2b1611ddd01afe7195de7f2b8e6d0cc Mon Sep 17 00:00:00 2001 From: Sean Porth Date: Fri, 15 Jul 2022 13:11:18 -0400 Subject: [PATCH 20/40] SHIBUI-2316 fixed sqlserver upgrade migration --- backend/src/main/resources/db/changelog/changelog.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/db/changelog/changelog.sql b/backend/src/main/resources/db/changelog/changelog.sql index 5bece9633..0a63846a3 100644 --- a/backend/src/main/resources/db/changelog/changelog.sql +++ b/backend/src/main/resources/db/changelog/changelog.sql @@ -132,9 +132,9 @@ EXEC sp_rename 'entity_attributes_filter_target_value.value', target_value, 'COL GO EXEC sp_rename 'entity_attributes_filter_target_value_aud.value', target_value, 'COLUMN' GO -EXEC sp_rename 'name_id_format_filter_target_value', target_value, 'COLUMN' +EXEC sp_rename 'name_id_format_filter_target_value.value', target_value, 'COLUMN' GO -EXEC sp_rename 'name_id_format_filter_target_value_aud', target_value, 'COLUMN' +EXEC sp_rename 'name_id_format_filter_target_value_aud.value', target_value, 'COLUMN' GO EXEC sp_rename 'organizationurl.value', uri_value, 'COLUMN' GO From dc368e697d9db6c3ce70ab97f4bab845b17b0f3c Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 20 Jul 2022 08:10:36 -0700 Subject: [PATCH 21/40] Added filter scroll link to comparison view --- .../app/metadata/view/MetadataComparison.js | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/ui/src/app/metadata/view/MetadataComparison.js b/ui/src/app/metadata/view/MetadataComparison.js index de0022ce0..2e9307acf 100644 --- a/ui/src/app/metadata/view/MetadataComparison.js +++ b/ui/src/app/metadata/view/MetadataComparison.js @@ -4,13 +4,14 @@ import { ArrayParam, withDefault } from 'use-query-params'; +import { scroller } from 'react-scroll'; import { MetadataDefinitionContext, MetadataSchemaContext } from '../hoc/MetadataSchema'; import { MetadataVersionsLoader } from '../hoc/MetadataVersionsLoader'; import { Configuration } from '../hoc/Configuration'; import { MetadataConfiguration } from '../component/MetadataConfiguration'; import { Link, useParams } from 'react-router-dom'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faHistory } from '@fortawesome/free-solid-svg-icons'; +import { faArrowDown, faHistory } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import Form from 'react-bootstrap/Form'; import { useTranslation } from '../../i18n/hooks'; @@ -18,6 +19,14 @@ import { MetadataFilterVersionList } from '../domain/filter/component/MetadataFi import { MetadataFilterVersionContext } from '../domain/filter/component/MetadataFilterVersionContext'; import { useMetadataSchema } from '../hooks/schema'; import { FilterableProviders } from '../domain/provider'; +import Button from 'react-bootstrap/Button'; +const onScrollTo = (element, offset = 0) => { + scroller.scrollTo(element, { + duration: 500, + smooth: true, + offset + }); + }; export function MetadataComparison () { @@ -54,6 +63,12 @@ export function MetadataComparison () {   Version History + {type === 'provider' && canFilter && + + }
{type === 'provider' && canFilter && v && - +

Metadata Filter @@ -74,7 +89,7 @@ export function MetadataComparison () { {(c) => } - +

}
} From 186e617ef2c571e5763e0446d3b153c02dd30be7 Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Fri, 22 Jul 2022 10:04:40 -0400 Subject: [PATCH 22/40] SHIBUI-2269 Added automated test that checks XML endpoint for filters. --- .../admin/ui/SeleniumSIDETest.groovy | 2 +- .../integration/resources/SHIBUI-2269.side | 545 ++++++++++++++++++ 2 files changed, 546 insertions(+), 1 deletion(-) create mode 100644 backend/src/integration/resources/SHIBUI-2269.side diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy index 3c73bfbbf..14a65b52b 100644 --- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy +++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy @@ -153,6 +153,6 @@ class SeleniumSIDETest extends Specification { 'SHIBUI-1744: Verify attribute bundles in entity attribute filters' | '/SHIBUI-1744-3.side' 'SHIBUI-2052: Logged in user & role appear on dashboard' | '/SHIBUI-2052.side' 'SHIBUI-2116: Verify entity attribute bundle highlights' | '/SHIBUI-2116.side' // Note that this script WILL NOT PASS in the Selenium IDE due to ${driver} not being set (it is provided by this groovy script). - + 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' } } diff --git a/backend/src/integration/resources/SHIBUI-2269.side b/backend/src/integration/resources/SHIBUI-2269.side new file mode 100644 index 000000000..f2848dddb --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-2269.side @@ -0,0 +1,545 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-2269", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-2269", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "3bb52950-667c-4852-a98f-6a6fb5632ba5", + "comment": "", + "command": "waitForElementEditable", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "6af18279-b5ed-47d0-932b-cba97881b9bb", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b07230f3-c268-4680-943f-5f8f81414002", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-provider", + "targets": [ + ["id=metadata-nav-dropdown-provider", "id"], + ["linkText=Add a new metadata provider", "linkText"], + ["css=#metadata-nav-dropdown-provider", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata provider')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-provider']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/new')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata provider')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "004dbab9-263e-4f90-9c5f-9d2948d80ab5", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "d77381c8-2164-499d-91fa-e762792644ec", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=ExternalMetadataResolver" + }, { + "id": "8edf9e5e-188e-435d-acbd-a0ee770df39d", + "comment": "", + "command": "type", + "target": "name=name", + "targets": [ + ["name=name", "name"], + ["css=.form-control", "css:finder"], + ["xpath=//input[@name='name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/form/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "ExternalTest" + }, { + "id": "d652c1d5-44d2-448a-8dae-85d266b51638", + "comment": "", + "command": "click", + "target": "css=.direction", + "targets": [ + ["css=.direction", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button/span[2]", "xpath:idRelative"], + ["xpath=//span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Next')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d1294ac3-d91c-495a-ab0b-cc3183cc08d5", + "comment": "", + "command": "pause", + "target": "5000", + "targets": [], + "value": "" + }, { + "id": "b15dcd2a-9360-4831-a95c-8797eb235972", + "comment": "", + "command": "type", + "target": "id=root_xmlId", + "targets": [ + ["id=root_xmlId", "id"], + ["css=#root_xmlId", "css:finder"], + ["xpath=//input[@id='root_xmlId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "1" + }, { + "id": "657ee88c-4777-485b-b3de-a467657e6fe4", + "comment": "", + "command": "type", + "target": "id=root_description", + "targets": [ + ["id=root_description", "id"], + ["css=#root_description", "css:finder"], + ["xpath=//textarea[@id='root_description']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div[2]/div/div/textarea", "xpath:idRelative"], + ["xpath=//textarea", "xpath:position"] + ], + "value": "External Test" + }, { + "id": "5548997c-2f3a-4376-89a9-606b5b948ef1", + "comment": "", + "command": "click", + "target": "css=.label:nth-child(1)", + "targets": [ + ["css=.label:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button/span", "xpath:idRelative"], + ["xpath=//li[3]/button/span", "xpath:position"], + ["xpath=//span[contains(.,'2. Finished!')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "826e7804-88f0-436e-9951-11e8065671ed", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.save", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "ab15e915-02b9-4616-9f92-ffcb0386918c", + "comment": "", + "command": "click", + "target": "linkText=ExternalTest", + "targets": [ + ["linkText=ExternalTest", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'ExternalTest')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/0e237f9c-3ffe-49da-a60d-289733126d92/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'ExternalTest')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3ece6089-c462-437e-9384-62cede8afc7d", + "comment": "", + "command": "click", + "target": "linkText=Add Filter", + "targets": [ + ["linkText=Add Filter", "linkText"], + ["css=#filters .btn", "css:finder"], + ["xpath=//div[@id='filters']/div/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/0e237f9c-3ffe-49da-a60d-289733126d92/filter/new')]", "xpath:href"], + ["xpath=//div[3]/div/div/a", "xpath:position"], + ["xpath=//a[contains(.,' Add Filter')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b409c3ea-3066-4d06-a660-4702cdace6ec", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "84111b1d-6927-4536-b883-0b057f13d898", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=EntityAttributes" + }, { + "id": "ec27be24-7951-4d76-9457-4a5dbe5866ef", + "comment": "", + "command": "waitForElementEditable", + "target": "id=root_name", + "targets": [], + "value": "30000" + }, { + "id": "bea341ae-4cdf-432e-8032-c827e9c8a7b8", + "comment": "", + "command": "type", + "target": "id=root_name", + "targets": [ + ["id=root_name", "id"], + ["css=#root_name", "css:finder"], + ["xpath=//input[@id='root_name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "1" + }, { + "id": "79f5b0a9-57e9-4f6b-8980-4af6258a5aa4", + "comment": "", + "command": "click", + "target": "id=dropdown-label.filter-target-type", + "targets": [ + ["id=dropdown-label.filter-target-type", "id"], + ["css=#dropdown-label\\.filter-target-type", "css:finder"], + ["xpath=//button[@id='dropdown-label.filter-target-type']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[6]/div/div/div/fieldset/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//fieldset/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Entity ID ')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d01e44ab-802b-4d85-ac2e-e2e03a00c1c0", + "comment": "", + "command": "click", + "target": "css=.dropdown-item:nth-child(3)", + "targets": [ + ["css=.dropdown-item:nth-child(3)", "css:finder"], + ["xpath=(//button[@type='button'])[17]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[6]/div/div/div/fieldset/div/div/div/div/div/button[3]", "xpath:idRelative"], + ["xpath=//div/button[3]", "xpath:position"], + ["xpath=//button[contains(.,'Script')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f401438a-0154-4610-be40-580829ba76a9", + "comment": "", + "command": "type", + "target": "css=.npm__react-simple-code-editor__textarea", + "targets": [ + ["css=.npm__react-simple-code-editor__textarea", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[6]/div/div/div/fieldset/div/div/div[2]/div/div/div/div/textarea", "xpath:idRelative"], + ["xpath=//textarea", "xpath:position"] + ], + "value": "true;" + }, { + "id": "75563d4f-487d-4c08-81d9-26a8ef989711", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div/div[2]/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "21f5c73b-0aa2-41cd-a97c-35c05a892275", + "comment": "", + "command": "click", + "target": "linkText=Add Filter", + "targets": [ + ["linkText=Add Filter", "linkText"], + ["css=#filters > .numbered-header .btn", "css:finder"], + ["xpath=//div[@id='filters']/div/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/0e237f9c-3ffe-49da-a60d-289733126d92/filter/new')]", "xpath:href"], + ["xpath=//div[3]/div/div/a", "xpath:position"], + ["xpath=//a[contains(.,' Add Filter')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6eb76a2f-370a-4547-b05e-f0dc8bdb60ba", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=NameIDFormat" + }, { + "id": "fcacadd8-7b9e-4878-b1cc-3d5da56e6660", + "comment": "", + "command": "click", + "target": "css=.col-12 > .mb-3 > div > div", + "targets": [ + ["css=.col-12 > .mb-3 > div > div", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div/div/div/div/div", "xpath:idRelative"], + ["xpath=//div/div/div/div/div/div/div/div", "xpath:position"] + ], + "value": "" + }, { + "id": "4d206821-ace7-483e-876e-99c7a0490144", + "comment": "", + "command": "waitForElementEditable", + "target": "id=root_name", + "targets": [], + "value": "30000" + }, { + "id": "62afd5f1-e565-4bb8-a142-9eda83e98a1c", + "comment": "", + "command": "type", + "target": "id=root_name", + "targets": [ + ["id=root_name", "id"], + ["css=#root_name", "css:finder"], + ["xpath=//input[@id='root_name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "2" + }, { + "id": "da90db0c-c7e6-4dc5-b643-13a3c2029f05", + "comment": "", + "command": "click", + "target": "id=dropdown-label.filter-target-type", + "targets": [ + ["id=dropdown-label.filter-target-type", "id"], + ["css=#dropdown-label\\.filter-target-type", "css:finder"], + ["xpath=//button[@id='dropdown-label.filter-target-type']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//fieldset/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Entity ID ')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "bce0cd29-246e-4f6e-a860-0eade5c73850", + "comment": "", + "command": "click", + "target": "css=.dropdown-item:nth-child(3)", + "targets": [ + ["css=.dropdown-item:nth-child(3)", "css:finder"], + ["xpath=(//button[@type='button'])[16]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div/div/div/button[3]", "xpath:idRelative"], + ["xpath=//button[3]", "xpath:position"], + ["xpath=//button[contains(.,'Script')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2923ab38-d8ff-4d3f-b247-1d977d06a0dd", + "comment": "", + "command": "click", + "target": "id=dropdown-label.filter-target-type", + "targets": [ + ["id=dropdown-label.filter-target-type", "id"], + ["css=#dropdown-label\\.filter-target-type", "css:finder"], + ["xpath=//button[@id='dropdown-label.filter-target-type']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//fieldset/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Script ')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7141ca97-429a-4d1f-9efb-68a23fc92748", + "comment": "", + "command": "click", + "target": "css=.show > .dropdown-item:nth-child(2)", + "targets": [ + ["css=.show > .dropdown-item:nth-child(2)", "css:finder"], + ["xpath=(//button[@type='button'])[15]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div/div/div/button[2]", "xpath:idRelative"], + ["xpath=//fieldset/div/div/div/div/div/button[2]", "xpath:position"], + ["xpath=//button[contains(.,'Regex')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e15eab26-07bd-45e9-ba8e-ee2a400baee9", + "comment": "", + "command": "type", + "target": "id=targetInput", + "targets": [ + ["id=targetInput", "id"], + ["name=script", "name"], + ["css=#targetInput", "css:finder"], + ["xpath=//input[@id='targetInput']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div[2]/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/input", "xpath:position"] + ], + "value": ".*unicon.*" + }, { + "id": "55cc5ef6-1b05-48a9-bc9d-58551b751feb", + "comment": "", + "command": "click", + "target": "css=.fa-floppy-disk > path", + "targets": [ + ["css=.fa-floppy-disk > path", "css:finder"] + ], + "value": "" + }, { + "id": "802be014-0d04-4bda-93d1-ca7a5d7f802d", + "comment": "", + "command": "waitForElementVisible", + "target": "css=.text:nth-child(2)", + "targets": [ + ["css=.text:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section/div/div/h2/span[2]", "xpath:idRelative"], + ["xpath=//h2/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Common Attributes')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "7e3e7d65-e0ff-4a2d-a0e9-5080bfefd4df", + "comment": "", + "command": "click", + "target": "css=.btn-outline-secondary", + "targets": [ + ["css=.btn-outline-secondary", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Enable')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "42929ec9-7860-467a-a52b-946df9965de5", + "comment": "", + "command": "click", + "target": "xpath=//div[@id='filters']/ul/li/div/span[3]/div/input", + "targets": [ + ["id=customSwitch-df84f9b7-6cbe-4727-b71e-733eb9b46ca0", "id"], + ["css=#customSwitch-df84f9b7-6cbe-4727-b71e-733eb9b46ca0", "css:finder"], + ["xpath=//input[@id='customSwitch-df84f9b7-6cbe-4727-b71e-733eb9b46ca0']", "xpath:attributes"], + ["xpath=//div[@id='filters']/ul/li/div/span[3]/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "" + }, { + "id": "3bb95cdd-23aa-425d-af75-e4d69b819235", + "comment": "", + "command": "click", + "target": "xpath=//div[@id='filters']/ul/li[2]/div/span[3]/div/input", + "targets": [ + ["id=customSwitch-be9ce5a5-1242-4884-882a-7a977cd7bbd5", "id"], + ["css=#customSwitch-be9ce5a5-1242-4884-882a-7a977cd7bbd5", "css:finder"], + ["xpath=//input[@id='customSwitch-be9ce5a5-1242-4884-882a-7a977cd7bbd5']", "xpath:attributes"], + ["xpath=//div[@id='filters']/ul/li[2]/div/span[3]/div/input", "xpath:idRelative"], + ["xpath=//li[2]/div/span[3]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "038ab74e-cab9-486e-bbfc-25a7c1cfad82", + "comment": "", + "command": "open", + "target": "/api/MetadataResolvers/External", + "targets": [], + "value": "" + }, { + "id": "9e6390c9-3122-4038-8dce-61ae0c157e4a", + "comment": "", + "command": "assertText", + "target": "css=#folder4 > .opened > .line > span", + "targets": [ + ["css=#folder4 > .opened > .line > span", "css:finder"] + ], + "value": "" + }, { + "id": "8c32b412-dc63-4be5-98fb-8c3cd67895af", + "comment": "", + "command": "assertText", + "target": "css=#folder7 > .opened > .line > span", + "targets": [ + ["css=#folder7 > .opened > .line > span", "css:finder"] + ], + "value": "" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file From 5abc51a4815c3e3afc2617cc21b1126511b8324d Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 22 Jul 2022 10:39:01 -0700 Subject: [PATCH 23/40] SHIBUI-2268 intermediate update (non-passing tests / working code) --- backend/build.gradle | 6 ++ .../JPAMetadataResolverServiceImpl.groovy | 6 +- .../ui/domain/AlgorithmDigestMethod.java | 29 ++++++++ .../admin/ui/domain/EncryptionMethod.java | 14 ++-- ...Method.java => SignatureDigestMethod.java} | 9 +-- .../AbstractAlgorithmIdentifierType.java | 20 ++++++ .../ui/domain/filters/algorithm/Entity.java | 13 +++- .../ui/domain/filters/algorithm/MGF.java | 24 +++++++ .../domain/filters/algorithm/OtherSource.java | 26 +++++++ .../ui/domain/filters/algorithm/PRF.java | 24 +++++++ .../JPAXMLObjectProviderInitializer.java | 3 +- .../jpa-saml2-metadata-algorithm-config.xml | 6 +- .../jpa-saml2-metadata-ds-config.xml | 23 +++++++ .../templates/SignatureBuilderTemplate.java | 22 ++++++ ...XMLObjectProviderInitializerForTest.groovy | 2 +- ...JPAMetadataResolverServiceImplTests.groovy | 69 ++++++++++++++++++- .../admin/ui/util/TestHelpers.groovy | 17 ++++- .../src/test/resources/conf/2268-complex.xml | 36 ++++++++++ .../src/test/resources/conf/2268-simple.xml | 30 +++++--- .../jpa-saml2-metadata-algorithm-config.xml | 34 +++++++++ .../jpa-saml2-metadata-ds-config.xml | 23 +++++++ 21 files changed, 407 insertions(+), 29 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{DigestMethod.java => SignatureDigestMethod.java} (66%) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java create mode 100644 backend/src/main/resources/jpa-saml2-metadata-ds-config.xml create mode 100644 backend/src/main/templates/SignatureBuilderTemplate.java create mode 100644 backend/src/test/resources/conf/2268-complex.xml create mode 100644 backend/src/test/resources/jpa-saml2-metadata-algorithm-config.xml create mode 100644 backend/src/test/resources/jpa-saml2-metadata-ds-config.xml diff --git a/backend/build.gradle b/backend/build.gradle index 71ab2c763..cfd16a65a 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -331,6 +331,12 @@ task generateSources { processLine(it['@className'].toString(), 'src/main/templates/AlgorithmBuilderTemplate.java') } } + + new XmlSlurper().parse(file('src/main/resources/jpa-saml2-metadata-ds-config.xml')).with { builders -> + builders.ObjectProviders.ObjectProvider.BuilderClass.each { + processLine(it['@className'].toString(), 'src/main/templates/SignatureBuilderTemplate.java') + } + } } } diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index a8108cbc1..7efc18e47 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -97,11 +97,13 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { markupBuilderDelegate.MetadataFilter( 'xsi:type': 'Algorithm', 'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance', - 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd', + 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd', 'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata', 'xmlns': 'urn:mace:shibboleth:2.0:metadata', 'xmlns:security': 'urn:mace:shibboleth:2.0:security', - 'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion' + 'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion', + 'xmlns:xenc11': 'http://www.w3.org/2009/xmlenc11#', + 'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport' ) { filter.unknownXMLObjects.each { xmlObject -> { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java new file mode 100644 index 000000000..509f9613d --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java @@ -0,0 +1,29 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import lombok.EqualsAndHashCode; + +import javax.annotation.Nullable; +import javax.persistence.Entity; + +@Entity(name = "DigestMethod") // for backwards compatibility instead of dealing with renaming the table +@EqualsAndHashCode(callSuper = true) +public class AlgorithmDigestMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.DigestMethod { + private String algorithm; + + public AlgorithmDigestMethod() {} + + public AlgorithmDigestMethod(String algorithm) { + this.algorithm = algorithm; + } + + @Nullable + @Override + public String getAlgorithm() { + return this.algorithm; + } + + @Override + public void setAlgorithm(@Nullable String value) { + this.algorithm = value; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java index be8da1f0c..16a122883 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java @@ -2,12 +2,14 @@ import lombok.EqualsAndHashCode; import org.hibernate.envers.Audited; +import org.opensaml.core.xml.XMLObject; import org.opensaml.xmlsec.encryption.KeySize; import org.opensaml.xmlsec.encryption.OAEPparams; import javax.annotation.Nullable; import javax.persistence.Embedded; import javax.persistence.Entity; +import java.util.List; @Entity @EqualsAndHashCode(callSuper = true) @@ -16,12 +18,9 @@ public class EncryptionMethod extends AbstractElementExtensibleXMLObject impleme private String algorithm; - @Embedded - private KeySize keySize; - - @Embedded - private OAEPparams oaePparams; + @Embedded private KeySize keySize; + @Embedded private OAEPparams oaePparams; @Nullable @Override @@ -56,5 +55,8 @@ public void setOAEPparams(@Nullable org.opensaml.xmlsec.encryption.OAEPparams oa this.oaePparams = oaePparams; } - + @Override + public List getOrderedChildren() { + return this.getUnknownXMLObjects(); + } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SignatureDigestMethod.java similarity index 66% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SignatureDigestMethod.java index 199947f88..519df1faf 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SignatureDigestMethod.java @@ -1,18 +1,19 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; import lombok.EqualsAndHashCode; +import org.opensaml.xmlsec.signature.DigestMethod; import javax.annotation.Nullable; import javax.persistence.Entity; @Entity @EqualsAndHashCode(callSuper = true) -public class DigestMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.DigestMethod { +public class SignatureDigestMethod extends AbstractElementExtensibleXMLObject implements DigestMethod { private String algorithm; - public DigestMethod() {} + public SignatureDigestMethod() {} - public DigestMethod(String algorithm) { + public SignatureDigestMethod(String algorithm) { this.algorithm = algorithm; } @@ -26,4 +27,4 @@ public String getAlgorithm() { public void setAlgorithm(@Nullable String value) { this.algorithm = value; } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java new file mode 100644 index 000000000..fcca2dd08 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java @@ -0,0 +1,20 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.persistence.Entity; + +@Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject { + private String algorithm; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java index 9a741f6e8..b15ec2ca1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java @@ -1,13 +1,24 @@ package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; import javax.annotation.Nullable; +@javax.persistence.Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) public class Entity extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { private String uri; - private Entity(){ + public Entity(){ setElementLocalName("Entity"); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java new file mode 100644 index 000000000..f78eaaf00 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java @@ -0,0 +1,24 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; +import org.opensaml.xmlsec.encryption.support.EncryptionConstants; + +import javax.persistence.Entity; + +@Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +public class MGF extends AbstractAlgorithmIdentifierType { + public MGF() { + setElementLocalName("MGF"); + setNamespaceURI(EncryptionConstants.XMLENC11_NS); + setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java new file mode 100644 index 000000000..b57e0c82c --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java @@ -0,0 +1,26 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; +import org.opensaml.xmlsec.encryption.support.EncryptionConstants; + +import javax.persistence.Entity; + +@Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +public class OtherSource extends AbstractAlgorithmIdentifierType { + public OtherSource() { + { + setElementLocalName("OtherSource"); + setNamespaceURI(EncryptionConstants.XMLENC11_NS); + setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX); + } + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java new file mode 100644 index 000000000..3ee2dabec --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java @@ -0,0 +1,24 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; +import org.opensaml.xmlsec.encryption.support.EncryptionConstants; + +import javax.persistence.Entity; + +@Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +public class PRF extends AbstractAlgorithmIdentifierType { + public PRF() { + setElementLocalName("PRF"); + setNamespaceURI(EncryptionConstants.XMLENC11_NS); + setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java index 25000ae67..d1413b87f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java @@ -15,10 +15,11 @@ protected String[] getConfigResources() { "/jpa-saml2-metadata-ui-config.xml", "/jpa-signature-config.xml", "/jpa-saml2-metadata-algorithm-config.xml", + "/jpa-saml2-metadata-ds-config.xml", "/encryption-config.xml", "/jpa-saml2-metadata-reqinit-config.xml", "/saml2-protocol-config.xml", "/modified-saml2-assertion-config.xml" }; } -} +} \ No newline at end of file diff --git a/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml b/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml index f6432a71a..c37c788c1 100644 --- a/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml +++ b/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml @@ -6,13 +6,13 @@ - + - + @@ -31,4 +31,4 @@ - + \ No newline at end of file diff --git a/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml b/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml new file mode 100644 index 000000000..3a0eed8f0 --- /dev/null +++ b/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/backend/src/main/templates/SignatureBuilderTemplate.java b/backend/src/main/templates/SignatureBuilderTemplate.java new file mode 100644 index 000000000..d8ba87cb1 --- /dev/null +++ b/backend/src/main/templates/SignatureBuilderTemplate.java @@ -0,0 +1,22 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import edu.internet2.tier.shibboleth.admin.ui.opensaml.xml.AbstractXMLObjectBuilder; +import org.opensaml.xmlsec.signature.support.SignatureConstants; + +public class {{TOKEN}}Builder extends AbstractXMLObjectBuilder<{{TOKEN}}> { + public {{TOKEN}}Builder() { + } + + public {{TOKEN}} buildObject() { + return buildObject(SignatureConstants.XMLSIG_NS, {{TOKEN}}.DEFAULT_ELEMENT_LOCAL_NAME, + SignatureConstants.XMLSIG_PREFIX); + } + + public {{TOKEN}} buildObject(final String namespaceURI, final String localName, final String namespacePrefix) { + {{TOKEN}} o = new {{TOKEN}}(); + o.setNamespaceURI(namespaceURI); + o.setElementLocalName(localName); + o.setNamespacePrefix(namespacePrefix); + return o; + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy index b4df893ab..4ac1ba2b1 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy @@ -6,7 +6,7 @@ class JPAXMLObjectProviderInitializerForTest extends AbstractXMLObjectProviderIn @Override protected String[] getConfigResources() { return new String[]{ - "/jpa-saml2-metadata-config.xml" + "/jpa-saml2-metadata-config.xml", "jpa-saml2-metadata-algorithm-config.xml", "jpa-saml2-metadata-ds-config.xml" } } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index d5d8c5a23..524a03f78 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -3,13 +3,16 @@ package edu.internet2.tier.shibboleth.admin.ui.service import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration +import edu.internet2.tier.shibboleth.admin.ui.domain.AlgorithmDigestMethod import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod -import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethodBuilder +import edu.internet2.tier.shibboleth.admin.ui.domain.SignatureDigestMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.SigningMethod import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.MGF import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver @@ -31,6 +34,7 @@ import org.opensaml.saml.common.xml.SAMLConstants import org.opensaml.saml.metadata.resolver.MetadataResolver import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver +import org.opensaml.xmlsec.signature.support.SignatureConstants import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.test.context.TestConfiguration import org.springframework.context.annotation.Bean @@ -167,6 +171,41 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { generatedXmlIsTheSameAsExpectedXml('/conf/2268-simple.xml', domBuilder.parseText(writer.toString())) } + def 'test generating complex AlgorithmFilter xml snippet'() { + given: + def filter = TestObjectGenerator.algorithmFilter() + EncryptionMethod encryptionMethod = getEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc") + filter.addUnknownXMLObject(encryptionMethod) + + EncryptionMethod encryptionMethod2 = getEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep") +// MGF mgf = new MGF() +// mgf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256") +// encryptionMethod2.addUnknownXMLObject(mgf) + SignatureDigestMethod dm = getSignatureDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256") + encryptionMethod2.addUnknownXMLObject(dm) + filter.addUnknownXMLObject(encryptionMethod2) + + AlgorithmDigestMethod dm2 = getDigestMethod("http://www.w3.org/2001/04/xmlenc#sha51") + filter.addUnknownXMLObject(dm2) + + SigningMethod sm = new SigningMethod() + sm.setNamespaceURI(SAMLConstants.SAML20ALG_NS) + sm.setElementLocalName(SigningMethod.DEFAULT_ELEMENT_LOCAL_NAME) + sm.setNamespacePrefix(SAMLConstants.SAML20ALG_PREFIX) + sm.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512") + filter.addUnknownXMLObject(sm) + + Entity entity = new Entity() + entity.setValue("https://broken.example.org/sp") + filter.addUnknownXMLObject(entity) + + when: + genXmlSnippet(markupBuilder) { JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) } + + then: + generatedXmlIsTheSameAsExpectedXml('/conf/2268-complex.xml', domBuilder.parseText(writer.toString())) + } + def 'test generating EntityAttributesFilter xml snippet with condition script'() { given: def filter = testObjectGenerator.entityAttributesFilterWithConditionScript() @@ -489,6 +528,34 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { !DiffBuilder.compare(Input.fromStream(this.class.getResourceAsStream('/metadata/984-3-expected.xml'))).withTest(Input.fromString(openSamlObjects.marshalToXmlString(ed))).ignoreComments().ignoreWhitespace().build().hasDifferences() } + private EncryptionMethod getEncryptionMethod(String algorithm){ + EncryptionMethod encryptionMethod = new EncryptionMethod() + encryptionMethod.setElementLocalName(EncryptionMethod.DEFAULT_ELEMENT_LOCAL_NAME) + encryptionMethod.setNamespacePrefix(SAMLConstants.SAML20MD_PREFIX) + encryptionMethod.setNamespaceURI(SAMLConstants.SAML20MD_NS) + encryptionMethod.setSchemaLocation(SAMLConstants.SAML20MD_SCHEMA_LOCATION) + encryptionMethod.setAlgorithm(algorithm) + return encryptionMethod + } + + private AlgorithmDigestMethod getDigestMethod(String algorithm) { + AlgorithmDigestMethod dm = new AlgorithmDigestMethod() + dm.setNamespaceURI(SAMLConstants.SAML20ALG_NS) + dm.setElementLocalName(AlgorithmDigestMethod.DEFAULT_ELEMENT_LOCAL_NAME) + dm.setNamespacePrefix(SAMLConstants.SAML20ALG_PREFIX) + dm.setAlgorithm(algorithm) + return dm + } + + private SignatureDigestMethod getSignatureDigestMethod(String algorithm) { + SignatureDigestMethod dm = new SignatureDigestMethod() + dm.setNamespaceURI(SignatureConstants.XMLSIG_NS) + dm.setElementLocalName(SignatureDigestMethod.DEFAULT_ELEMENT_LOCAL_NAME) + dm.setNamespacePrefix(SignatureConstants.XMLSIG_PREFIX) + dm.setAlgorithm(algorithm) + return dm + } + static genXmlSnippet(MarkupBuilder xml, Closure xmlNodeGenerator) { xml.MetadataProvider('id': 'ShibbolethMetadata', 'xmlns': 'urn:mace:shibboleth:2.0:metadata', diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy index f50263663..3a21080bb 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy @@ -3,6 +3,8 @@ package edu.internet2.tier.shibboleth.admin.ui.util import edu.internet2.tier.shibboleth.admin.ui.security.model.User import groovy.xml.XmlUtil import junit.framework.Assert +import org.w3c.dom.Node + import javax.xml.transform.Source; import javax.xml.transform.Transformer import javax.xml.transform.TransformerException @@ -50,6 +52,19 @@ class TestHelpers { Assert.assertFalse(myDiff.toString(), myDiff.hasDifferences()); } + static void generatedXmlIsTheSameAsExpectedXml(String expectedXmlResource, Node generatedXml) { + def Builder builder = Input.fromDocument(generatedXml) + def Source source = builder.build() + def myDiff = DiffBuilder.compare(Input.fromStream(TestHelpers.getResourceAsStream(expectedXmlResource))) + .withTest(builder) + .withAttributeFilter({attribute -> !attribute.name.equals("sourceDirectory")}) + .ignoreComments() + .ignoreWhitespace() + .build() + System.out.println("@@@ \n" + getString(source) + "\n") + Assert.assertFalse(myDiff.toString(), myDiff.hasDifferences()); + } + public static String getString(DOMSource domSource) throws TransformerException { StringWriter writer = new StringWriter(); StreamResult result = new StreamResult(writer); @@ -67,4 +82,4 @@ class TestHelpers { def user = new User(username: username, role: rolename) Optional.of(user) } -} +} \ No newline at end of file diff --git a/backend/src/test/resources/conf/2268-complex.xml b/backend/src/test/resources/conf/2268-complex.xml new file mode 100644 index 000000000..cb4615a40 --- /dev/null +++ b/backend/src/test/resources/conf/2268-complex.xml @@ -0,0 +1,36 @@ + + + + + + + + + + + + + https://sp2.example.org + + \ No newline at end of file diff --git a/backend/src/test/resources/conf/2268-simple.xml b/backend/src/test/resources/conf/2268-simple.xml index f9b0ea14a..e4365da17 100644 --- a/backend/src/test/resources/conf/2268-simple.xml +++ b/backend/src/test/resources/conf/2268-simple.xml @@ -1,12 +1,24 @@ - - - + + + + + https://broken.example.org/sp https://also-broken.example.org/sp diff --git a/backend/src/test/resources/jpa-saml2-metadata-algorithm-config.xml b/backend/src/test/resources/jpa-saml2-metadata-algorithm-config.xml new file mode 100644 index 000000000..c37c788c1 --- /dev/null +++ b/backend/src/test/resources/jpa-saml2-metadata-algorithm-config.xml @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/backend/src/test/resources/jpa-saml2-metadata-ds-config.xml b/backend/src/test/resources/jpa-saml2-metadata-ds-config.xml new file mode 100644 index 000000000..3a0eed8f0 --- /dev/null +++ b/backend/src/test/resources/jpa-saml2-metadata-ds-config.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 9269aca76729e5cb8482403cd78e86dd030d474f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 25 Jul 2022 13:29:48 -0700 Subject: [PATCH 24/40] RELEASE 1.11.0 Merging master to branch to fix conflicts --- build.gradle | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/build.gradle b/build.gradle index 505350c6f..518a7baa6 100644 --- a/build.gradle +++ b/build.gradle @@ -28,15 +28,4 @@ release { } afterReleaseBuild.dependsOn project.getTasksByName('githubRelease', false) -afterReleaseBuild.dependsOn project.getTasksByName('dockerTagsPush', true) - -// force log4j version -allprojects { - configurations.all { - resolutionStrategy.eachDependency { d -> - if (d.requested.group == 'org.apache.logging.log4j') { - d.useVersion project.'log4j.version' - } - } - } -} \ No newline at end of file +afterReleaseBuild.dependsOn project.getTasksByName('dockerTagsPush', true) \ No newline at end of file From 0680b9b2f640ac9ad1a119886f651e2fdfce12bb Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 25 Jul 2022 13:51:45 -0700 Subject: [PATCH 25/40] RELEASE 1.11.0 gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 0848cc3ed..b298de799 100644 --- a/.gitignore +++ b/.gitignore @@ -412,3 +412,6 @@ beacon/spring/out # macOS jenv .java-version +/a.xml +/application.yml +/backend/src/test/resources/conf/deletem.xml From 2db56a6b6275a7fb0d1827a3ad68c6684234d290 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 25 Jul 2022 14:01:23 -0700 Subject: [PATCH 26/40] [Gradle Release Plugin] - pre tag commit: 'y'. --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index f891afd02..82d6905dc 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.11.0-SNAPSHOT +version=y ### library versions ### commonsCollections4Version=4.4 From c36c60ae6cd8f371bd5ac31deb62652f8e33074b Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 25 Jul 2022 14:15:35 -0700 Subject: [PATCH 27/40] NOJIRA removing docker tasks related to master from Jenkinsfile --- .gitignore | 3 +++ Jenkinsfile | 28 +--------------------------- 2 files changed, 4 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index 0848cc3ed..b298de799 100644 --- a/.gitignore +++ b/.gitignore @@ -412,3 +412,6 @@ beacon/spring/out # macOS jenv .java-version +/a.xml +/application.yml +/backend/src/test/resources/conf/deletem.xml diff --git a/Jenkinsfile b/Jenkinsfile index 3ae5f4595..60f82aca1 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,32 +16,6 @@ pipeline { } } } - - stage('Build Docker images') { - when { - expression { - return GIT_BRANCH in ['master'] - } - } - steps { - sh '''./gradlew docker -x test - ''' - } - } - - stage('Deploy') { - when { - expression { - return GIT_BRANCH in ['master'] - } - } - steps { - sh ''' - docker stop shibui || true && docker rm shibui || true - docker run -d --restart always --name shibui -p 8080:8080 -v /etc/shibui:/conf -v /etc/shibui/application.yml:/application.yml -m 2GB --memory-swap=4GB --entrypoint /usr/bin/java unicon/shibui:latest -Xmx1G -jar app.war - ''' - } - } } post { failure { @@ -54,4 +28,4 @@ pipeline { cleanWs() } } -} +} \ No newline at end of file From 996cdc8f1596c20b5794f3ab8e9152faed6f5ae5 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 25 Jul 2022 14:40:15 -0700 Subject: [PATCH 28/40] NOJIRA correcting version from faulty release --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 82d6905dc..f891afd02 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=y +version=1.11.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4 From a9b7c193c7a083ef4934d220a481e8e346ca5563 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 25 Jul 2022 15:42:26 -0700 Subject: [PATCH 29/40] NOJIRA gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 0848cc3ed..b298de799 100644 --- a/.gitignore +++ b/.gitignore @@ -412,3 +412,6 @@ beacon/spring/out # macOS jenv .java-version +/a.xml +/application.yml +/backend/src/test/resources/conf/deletem.xml From 54b021319fa0096fc832b149f11da27f126ba96a Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Tue, 26 Jul 2022 10:24:01 -0400 Subject: [PATCH 30/40] SHIBUI-2188 Couple quick stability fixes. --- .../integration/resources/SHIBUI-1364-1.side | 31 +++++++++------ .../integration/resources/SHIBUI-1364-4.side | 21 +++------- .../integration/resources/SHIBUI-1732-3.side | 38 +++++++++---------- 3 files changed, 43 insertions(+), 47 deletions(-) diff --git a/backend/src/integration/resources/SHIBUI-1364-1.side b/backend/src/integration/resources/SHIBUI-1364-1.side index b1cb09526..8fe9da05e 100644 --- a/backend/src/integration/resources/SHIBUI-1364-1.side +++ b/backend/src/integration/resources/SHIBUI-1364-1.side @@ -2330,13 +2330,22 @@ ["xpath=//button[contains(.,'Compare Selected(2)')]", "xpath:innerText"] ], "value": "" + }, { + "id": "9ddfc4d9-0fbd-44f2-8584-4d7fcb6d0c6b", + "comment": "", + "command": "waitForElementEditable", + "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button", + "targets": [ + ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"] + ], + "value": "30000" }, { "id": "2ff5a597-9fe0-46b4-9ca5-63123ddb3cef", "comment": "", "command": "click", - "target": "xpath=//section/div/div/div[4]/div[2]/div/button", + "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button", "targets": [ - ["css=.border-primary:nth-child(2) .fa-square", "css:finder"] + ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"] ], "value": "" }, { @@ -2356,23 +2365,23 @@ "id": "d7b5550d-1db8-4fa5-800f-fde753413c13", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(2)", + "target": "css=.bg-diff > .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[5]/div/div[2]/div[2]/div/div/span[2]", "xpath:idRelative"], - ["xpath=//section[5]/div/div[2]/div[2]/div/div/span[2]", "xpath:position"], - ["xpath=//span[contains(.,'Entity Attributes Filter')]", "xpath:innerText"] + ["css=.bg-diff > .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='filters']/section/div/div[2]/div[2]/div/div/span[2]", "xpath:idRelative"], + ["xpath=//div[2]/section/div/div[2]/div[2]/div/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Entity Attributes Filter Version 2')]", "xpath:innerText"] ], "value": "Entity Attributes Filter Version 2" }, { "id": "ad797f09-746e-4778-954e-6f92ac5934ea", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(3)", + "target": "css=.bg-diff > .d-block:nth-child(3)", "targets": [ - ["css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(3)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[5]/div/div[2]/div[2]/div/div/span[3]", "xpath:idRelative"], - ["xpath=//section[5]/div/div[2]/div[2]/div/div/span[3]", "xpath:position"] + ["css=.bg-diff > .d-block:nth-child(3)", "css:finder"], + ["xpath=//div[@id='filters']/section/div/div[2]/div[2]/div/div/span[3]", "xpath:idRelative"], + ["xpath=//div[2]/section/div/div[2]/div[2]/div/div/span[3]", "xpath:position"] ], "value": "Entity Attributes Filter" }, { diff --git a/backend/src/integration/resources/SHIBUI-1364-4.side b/backend/src/integration/resources/SHIBUI-1364-4.side index 8f5192665..3384d27ea 100644 --- a/backend/src/integration/resources/SHIBUI-1364-4.side +++ b/backend/src/integration/resources/SHIBUI-1364-4.side @@ -1417,23 +1417,14 @@ ["xpath=//input", "xpath:position"] ], "value": "" - }, { - "id": "e83dc2da-ad95-4e50-b969-57721eb8f1dc", - "comment": "", - "command": "click", - "target": "css=.d-flex:nth-child(5) > .border-primary:nth-child(2) .svg-inline--fa", - "targets": [ - ["css=.d-flex:nth-child(5) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"] - ], - "value": "" }, { "id": "c2102a31-6e18-4d6c-8146-e23459403b65", "comment": "", "command": "assertText", - "target": "css=.border-primary:nth-child(2) > .bg-primary-light .mb-0:nth-child(1)", + "target": "css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)", "targets": [ - ["css=.border-primary:nth-child(2) > .bg-primary-light .mb-0:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[2]/div/div/p", "xpath:idRelative"], + ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/div[3]/div[2]/div/div/p", "xpath:idRelative"], ["xpath=//p", "xpath:position"], ["xpath=//p[contains(.,'Entity Attributes Filter V2')]", "xpath:innerText"] ], @@ -1442,10 +1433,10 @@ "id": "cac6c125-c81b-40af-ae21-2b717df9511e", "comment": "", "command": "assertText", - "target": "css=.border-primary:nth-child(3) > .bg-primary-light .mb-0:nth-child(1)", + "target": "css=.d-flex:nth-child(3) .bg-lighter .mb-0:nth-child(1)", "targets": [ - ["css=.border-primary:nth-child(3) > .bg-primary-light .mb-0:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[3]/div/div/p", "xpath:idRelative"], + ["css=.d-flex:nth-child(3) .bg-lighter .mb-0:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/div[3]/div[3]/div/div/p", "xpath:idRelative"], ["xpath=//div[3]/div/div/p", "xpath:position"] ], "value": "Entity Attributes Filter" diff --git a/backend/src/integration/resources/SHIBUI-1732-3.side b/backend/src/integration/resources/SHIBUI-1732-3.side index c7d0f9fd4..54573d88b 100644 --- a/backend/src/integration/resources/SHIBUI-1732-3.side +++ b/backend/src/integration/resources/SHIBUI-1732-3.side @@ -1325,13 +1325,9 @@ "id": "2dd7992f-ee99-45a3-ad85-20488c4bd4b1", "comment": "", "command": "click", - "target": "xpath=//section/div/div/div[4]/div[2]/div/button", + "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button", "targets": [ - ["css=.border-primary:nth-child(2) .mx-auto", "css:finder"], - ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[2]/div/button", "xpath:idRelative"], - ["xpath=//div[2]/div/button", "xpath:position"], - ["xpath=//button[contains(.,'Compare')]", "xpath:innerText"] + ["css=.border-primary:nth-child(2) .svg-inline--fa", "css:finder"] ], "value": "" }, { @@ -1553,21 +1549,21 @@ ["xpath=//ul[2]/li[2]/span", "xpath:position"] ], "value": "bar" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "575d414c-556d-45f7-b2f2-c9971ad51348", From 246d295758145a1c4a5aedfe038f0eaa77c850ef Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 27 Jul 2022 13:31:27 -0700 Subject: [PATCH 31/40] SHIBUI-2327 Adding missing libraries and needed marshalling configuration for using pac4j --- .../resources/modified-saml2-assertion-config.xml | 14 +++++++++++++- pac4j-module/build.gradle | 3 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml index 2f09fa77b..3349e4558 100644 --- a/backend/src/main/resources/modified-saml2-assertion-config.xml +++ b/backend/src/main/resources/modified-saml2-assertion-config.xml @@ -230,7 +230,19 @@ - + + + + + + + + + + + + + diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 6a1295758..4080df12a 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -46,8 +46,11 @@ dependencies { exclude group: 'org.opensaml' exclude group: 'commons-collections' } + // But we do need this opensaml lib that wasn't provided + implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}" compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}" + testCompile project(':backend') testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}" From 603357bcd7a522cc751d989c0e8c91253e4e7d93 Mon Sep 17 00:00:00 2001 From: Jj! Date: Fri, 29 Jul 2022 16:21:52 -0500 Subject: [PATCH 32/40] [SHIBUI-2327] add provider configuration for signatures implement method for X509 --- .../shibboleth/admin/ui/domain/X509Data.java | 4 +- .../main/resources/jpa-signature-config.xml | 268 ++++++++++++++++++ 2 files changed, 271 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java index e875932cd..7afd88814 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java @@ -19,6 +19,7 @@ import javax.xml.namespace.QName; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50 this.xmlObjects.add(x509Certificate); } + // TODO: might need to really implement this @Nonnull @Override public List getX509CRLs() { - return null; + return Collections.EMPTY_LIST; } @Nonnull diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml index 0a6696db5..22f00e04b 100644 --- a/backend/src/main/resources/jpa-signature-config.xml +++ b/backend/src/main/resources/jpa-signature-config.xml @@ -39,6 +39,274 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 89d548510608c04a6f208774956244fc68959e8f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 29 Jul 2022 15:56:56 -0700 Subject: [PATCH 33/40] SHIBUI-2327 Commented out block of builder-marshaller-unmarshaller that was causing conflict with testing --- backend/src/main/resources/jpa-signature-config.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml index 22f00e04b..9a8da32e8 100644 --- a/backend/src/main/resources/jpa-signature-config.xml +++ b/backend/src/main/resources/jpa-signature-config.xml @@ -250,12 +250,12 @@ - + @@ -310,4 +310,4 @@ - + \ No newline at end of file From 4e9cc6683cd9c2a9189512af12cf6fa5f3b204d3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 12:27:39 -0700 Subject: [PATCH 34/40] SHIBUI-2327 Correcting security filter to work properly using the pac4j settup --- .../src/main/java/net/unicon/shibui/pac4j/WebSecurity.java | 7 +++++-- testbed/authentication/docker-compose.yml | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index a67bf4a96..884569ac7 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService; import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService; import edu.internet2.tier.shibboleth.admin.ui.service.EmailService; -import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME; +import org.pac4j.core.authorization.authorizer.DefaultAuthorizers; import org.pac4j.core.config.Config; import org.pac4j.core.matching.matcher.Matcher; import org.pac4j.springframework.security.web.CallbackFilter; @@ -26,6 +26,8 @@ import javax.servlet.Filter; import java.util.Optional; +import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME; + @Configuration @AutoConfigureOrder(-1) @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") @@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll(); - final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME); + // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker + final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED); // add filter based on auth type http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class); diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml index 884042c4a..42b12cb6a 100644 --- a/testbed/authentication/docker-compose.yml +++ b/testbed/authentication/docker-compose.yml @@ -20,7 +20,7 @@ services: - "8080:8080" - "443:443" - "8443:8443" -# - "8000:8000" + - "9090:9090" volumes: - /var/run/docker.sock:/var/run/docker.sock - ../reverse-proxy/:/configuration/ @@ -72,6 +72,7 @@ services: - ./shibui/application.yml:/application.yml ports: - "8000:8000" +# - "9090:9090" entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000", "-jar", "app.war"] networks: reverse-proxy: From 1111d68bae1367627eafdecd366c3a3ffcba7a91 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 5 Aug 2022 14:21:31 -0700 Subject: [PATCH 35/40] SHIBUI-2268 Adding xml config for marshalling/unmarshalling xml pieces --- .../main/resources/jpa-encryption-config.xml | 284 ++++++++++++++++ .../test/resources/jpa-encryption-config.xml | 284 ++++++++++++++++ .../test/resources/jpa-signature-config.xml | 313 ++++++++++++++++++ 3 files changed, 881 insertions(+) create mode 100644 backend/src/main/resources/jpa-encryption-config.xml create mode 100644 backend/src/test/resources/jpa-encryption-config.xml create mode 100644 backend/src/test/resources/jpa-signature-config.xml diff --git a/backend/src/main/resources/jpa-encryption-config.xml b/backend/src/main/resources/jpa-encryption-config.xml new file mode 100644 index 000000000..05adde279 --- /dev/null +++ b/backend/src/main/resources/jpa-encryption-config.xml @@ -0,0 +1,284 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/backend/src/test/resources/jpa-encryption-config.xml b/backend/src/test/resources/jpa-encryption-config.xml new file mode 100644 index 000000000..05adde279 --- /dev/null +++ b/backend/src/test/resources/jpa-encryption-config.xml @@ -0,0 +1,284 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/backend/src/test/resources/jpa-signature-config.xml b/backend/src/test/resources/jpa-signature-config.xml new file mode 100644 index 000000000..9a8da32e8 --- /dev/null +++ b/backend/src/test/resources/jpa-signature-config.xml @@ -0,0 +1,313 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 50bd2c7d074081f06cd13b3f94c06f1f38c043c1 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 5 Aug 2022 14:22:09 -0700 Subject: [PATCH 36/40] SHIBUI-2268 Fixing broken enhancements --- .../JPAMetadataResolverServiceImpl.groovy | 3 +- .../AbstractAlgorithmIdentifierType.java | 18 +++++++++- .../jpa-saml2-metadata-ds-config.xml | 23 ------------- ...XMLObjectProviderInitializerForTest.groovy | 2 +- ...JPAMetadataResolverServiceImplTests.groovy | 18 +++++++--- .../src/test/resources/conf/2268-complex.xml | 33 ++++++++----------- .../src/test/resources/conf/2268-simple.xml | 29 ++++++++-------- 7 files changed, 60 insertions(+), 66 deletions(-) delete mode 100644 backend/src/main/resources/jpa-saml2-metadata-ds-config.xml diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index 66bfb65ca..6497608a0 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -104,7 +104,8 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { 'xmlns:security': 'urn:mace:shibboleth:2.0:security', 'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion', 'xmlns:xenc11': 'http://www.w3.org/2009/xmlenc11#', - 'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport' + 'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport', + 'xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#' ) { filter.unknownXMLObjects.each { xmlObject -> { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java index fcca2dd08..99fdc3bfa 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java @@ -6,7 +6,10 @@ import lombok.Setter; import lombok.ToString; import org.hibernate.envers.Audited; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.xmlsec.encryption.AlgorithmIdentifierType; +import javax.annotation.Nullable; import javax.persistence.Entity; @Entity @@ -15,6 +18,19 @@ @Setter @ToString @EqualsAndHashCode(callSuper = true) -public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject { +public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject implements AlgorithmIdentifierType { private String algorithm; + + @Nullable + @Override + public XMLObject getParameters() { + // implement? + return null; + } + + @Override + public void setParameters(@Nullable final XMLObject newParameters) { + // do nothing? + } + } \ No newline at end of file diff --git a/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml b/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml deleted file mode 100644 index 3a0eed8f0..000000000 --- a/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy index 4ac1ba2b1..f84afdcc5 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy @@ -6,7 +6,7 @@ class JPAXMLObjectProviderInitializerForTest extends AbstractXMLObjectProviderIn @Override protected String[] getConfigResources() { return new String[]{ - "/jpa-saml2-metadata-config.xml", "jpa-saml2-metadata-algorithm-config.xml", "jpa-saml2-metadata-ds-config.xml" + "/jpa-saml2-metadata-config.xml", "jpa-saml2-metadata-algorithm-config.xml", "jpa-encryption-config.xml", "jpa-signature-config.xml" } } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 0ca8ca3a3..1bdf0f791 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -4,11 +4,18 @@ package edu.internet2.tier.shibboleth.admin.ui.service import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration +import edu.internet2.tier.shibboleth.admin.ui.domain.AlgorithmDigestMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.SignatureDigestMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.SigningMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.XSString import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.MGF +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.PRF import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver @@ -19,6 +26,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.SvnMetadataResour import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects +import edu.internet2.tier.shibboleth.admin.ui.opensaml.config.JPAXMLObjectProviderInitializerForTest import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository import edu.internet2.tier.shibboleth.admin.ui.util.TestObjectGenerator import edu.internet2.tier.shibboleth.admin.util.AttributeUtility @@ -48,7 +56,6 @@ import java.time.Instant import static edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers.generatedXmlIsTheSameAsExpectedXml -@ContextConfiguration(classes=[ JPAMRSIConfig, PlaceholderResolverComponentsConfiguration ]) @ContextConfiguration(classes=[ JPAMRSIConfig, PlaceholderResolverComponentsConfiguration, JPAXMLObjectProviderInitializerForTest ]) class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { @@ -217,9 +224,12 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { filter.addUnknownXMLObject(encryptionMethod) EncryptionMethod encryptionMethod2 = getEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep") -// MGF mgf = new MGF() -// mgf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256") -// encryptionMethod2.addUnknownXMLObject(mgf) + MGF mgf = new MGF() + mgf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256") + encryptionMethod2.addUnknownXMLObject(mgf) + PRF prf = new PRF() + prf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha384") + encryptionMethod2.addUnknownXMLObject(prf) SignatureDigestMethod dm = getSignatureDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256") encryptionMethod2.addUnknownXMLObject(dm) filter.addUnknownXMLObject(encryptionMethod2) diff --git a/backend/src/test/resources/conf/2268-complex.xml b/backend/src/test/resources/conf/2268-complex.xml index cb4615a40..ee76b2f84 100644 --- a/backend/src/test/resources/conf/2268-complex.xml +++ b/backend/src/test/resources/conf/2268-complex.xml @@ -1,36 +1,29 @@ - - + + - + - https://sp2.example.org + https://broken.example.org/sp + \ No newline at end of file diff --git a/backend/src/test/resources/conf/2268-simple.xml b/backend/src/test/resources/conf/2268-simple.xml index e4365da17..daf8c5fac 100644 --- a/backend/src/test/resources/conf/2268-simple.xml +++ b/backend/src/test/resources/conf/2268-simple.xml @@ -1,25 +1,22 @@ - - + https://broken.example.org/sp https://also-broken.example.org/sp + \ No newline at end of file From ccc61fff1e667ee0b0ec0a8826677111cbdac67a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 8 Aug 2022 13:23:58 -0700 Subject: [PATCH 37/40] SHIBUI-2268 Adding remaining needed pieces for Algorithm filter --- backend/build.gradle | 2 +- .../JPAMetadataResolverServiceImpl.groovy | 17 +++++++-- .../filters/algorithm/ConditionRef.java | 38 +++++++++++++++++++ .../filters/algorithm/ConditionScript.java | 38 +++++++++++++++++++ .../ui/domain/filters/algorithm/Entity.java | 3 ++ .../JPAXMLObjectProviderInitializer.java | 13 +++---- ...JPAMetadataResolverServiceImplTests.groovy | 36 ++++++++++++++++++ .../src/test/resources/conf/2268-actual.xml | 29 ++++++++++++++ 8 files changed, 164 insertions(+), 12 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java create mode 100644 backend/src/test/resources/conf/2268-actual.xml diff --git a/backend/build.gradle b/backend/build.gradle index cfd16a65a..83d2c8dd8 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -332,7 +332,7 @@ task generateSources { } } - new XmlSlurper().parse(file('src/main/resources/jpa-saml2-metadata-ds-config.xml')).with { builders -> + new XmlSlurper().parse(file('src/main/resources/jpa-signature-config.xml')).with { builders -> builders.ObjectProviders.ObjectProvider.BuilderClass.each { processLine(it['@className'].toString(), 'src/main/templates/SignatureBuilderTemplate.java') } diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index 6497608a0..78ca12254 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -10,6 +10,8 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilter +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionRef +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionScript import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver @@ -111,6 +113,15 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { { if (xmlObject instanceof Entity) { Entity(xmlObject.getValue()) + } else if (xmlObject instanceof ConditionRef) { + ConditionRef(xmlObject.getValue()) + } else if (xmlObject instanceof ConditionScript) { + ConditionScript() { + Script() { + def script = xmlObject.getValue() + mkp.yieldUnescaped("\n\n") + } + } } else { mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false)) } @@ -133,10 +144,8 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { Entity(it) } break - case EntityAttributesFilterTarget - .EntityAttributesFilterTargetType.CONDITION_SCRIPT: - case EntityAttributesFilterTarget - .EntityAttributesFilterTargetType.REGEX: + case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT: + case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX: ConditionScript() { Script() { def script diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java new file mode 100644 index 000000000..b35cd0762 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java @@ -0,0 +1,38 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.annotation.Nullable; + +@javax.persistence.Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +/** + * The textual content (the value/uri) is the Bean ID of type Predicate + */ +public class ConditionRef extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { + private String uri; + + public ConditionRef() { + setElementLocalName("ConditionRef"); + } + + @Nullable + @Override + public String getValue() { + return this.uri; + } + + @Override + public void setValue(@Nullable String newValue) { + this.uri = newValue; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java new file mode 100644 index 000000000..a2d58382a --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java @@ -0,0 +1,38 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.annotation.Nullable; + +@javax.persistence.Entity +@Audited +@Getter +@Setter +@ToString +@EqualsAndHashCode(callSuper = true) +/** + * The textual content is the JS script (the export of the XML will wrap it appropriately) + */ +public class ConditionScript extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { + private String uri; + + public ConditionScript() { + setElementLocalName("ConditionScript"); + } + + @Nullable + @Override + public String getValue() { + return this.uri; + } + + @Override + public void setValue(@Nullable String newValue) { + this.uri = newValue; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java index b15ec2ca1..18dfcbe8e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java @@ -15,6 +15,9 @@ @Setter @ToString @EqualsAndHashCode(callSuper = true) +/** + * The textual content (value/uri) is an entityID. + */ public class Entity extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { private String uri; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java index d1413b87f..24757d560 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java @@ -8,16 +8,15 @@ public class JPAXMLObjectProviderInitializer extends AbstractXMLObjectProviderIn protected String[] getConfigResources() { return new String[]{ "/jpa-default-config.xml", - "/jpa-saml2-metadata-config.xml", - "/jpa-saml2-metadata-attr-config.xml", + "/encryption-config.xml", "/jpa-saml2-assertion-config.xml", - "/jpa-schema-config.xml", - "/jpa-saml2-metadata-ui-config.xml", - "/jpa-signature-config.xml", "/jpa-saml2-metadata-algorithm-config.xml", - "/jpa-saml2-metadata-ds-config.xml", - "/encryption-config.xml", + "/jpa-saml2-metadata-attr-config.xml", + "/jpa-saml2-metadata-config.xml", "/jpa-saml2-metadata-reqinit-config.xml", + "/jpa-saml2-metadata-ui-config.xml", + "/jpa-schema-config.xml", + "/jpa-signature-config.xml", "/saml2-protocol-config.xml", "/modified-saml2-assertion-config.xml" }; diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 1bdf0f791..505d1507a 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -13,6 +13,8 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFil import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionRef +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionScript import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.MGF import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.PRF @@ -217,6 +219,40 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { generatedXmlIsTheSameAsExpectedXml('/conf/2268-simple.xml', domBuilder.parseText(writer.toString())) } + def 'test generating AlgorithmFilter shibui-2268 actual'() { + given: + def filter = TestObjectGenerator.algorithmFilter() + EncryptionMethod encryptionMethod = new EncryptionMethod() + encryptionMethod.setElementLocalName(EncryptionMethod.DEFAULT_ELEMENT_LOCAL_NAME) + encryptionMethod.setNamespacePrefix(SAMLConstants.SAML20MD_PREFIX) + encryptionMethod.setNamespaceURI(SAMLConstants.SAML20MD_NS) + encryptionMethod.setSchemaLocation(SAMLConstants.SAML20MD_SCHEMA_LOCATION) + encryptionMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc") + filter.addUnknownXMLObject(encryptionMethod) + + Entity entity = new Entity() + entity.setValue("https://broken.example.org/sp") + filter.addUnknownXMLObject(entity) + + ConditionRef cr = new ConditionRef() + cr.setValue("shibboleth.Conditions.TRUE") + filter.addUnknownXMLObject(cr) + + ConditionScript cs = new ConditionScript() + cs.setValue("\"use strict\";\nfalse;") + filter.addUnknownXMLObject(cs) + + when: + genXmlSnippet(markupBuilder) { JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) } + + then: + generatedXmlIsTheSameAsExpectedXml('/conf/2268-actual.xml', domBuilder.parseText(writer.toString())) + } + + /** + * This test was written before we simplified the concept of what we'd allow the users to build in the UI. Because the test was + * already done and working, it was left here for completeness. + */ def 'test generating complex AlgorithmFilter xml snippet'() { given: def filter = TestObjectGenerator.algorithmFilter() diff --git a/backend/src/test/resources/conf/2268-actual.xml b/backend/src/test/resources/conf/2268-actual.xml new file mode 100644 index 000000000..961079197 --- /dev/null +++ b/backend/src/test/resources/conf/2268-actual.xml @@ -0,0 +1,29 @@ + + + + + + https://broken.example.org/sp + shibboleth.Conditions.TRUE + + + + + + \ No newline at end of file From ae97066d48525ec71392ca9b8df0e2b1a4f881ca Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 9 Aug 2022 13:55:06 -0700 Subject: [PATCH 38/40] SHIBUI-2268 Refactoring and simplifying code for AlgorithmFilter --- ...gorithmFilterUiDefinitionController.groovy | 56 +++++++++ .../JPAMetadataResolverServiceImpl.groovy | 62 +++++++--- .../domain/{filters/algorithm => }/MGF.java | 3 +- .../{filters/algorithm => }/OtherSource.java | 3 +- .../domain/{filters/algorithm => }/PRF.java | 3 +- .../domain/filters/AbstractFilterTarget.java | 39 +++++++ .../filters/EntityAttributesFilterTarget.java | 39 +------ .../ui/domain/filters/MetadataFilter.java | 2 +- .../filters/NameIdFormatFilterTarget.java | 29 +---- .../filters/algorithm/AlgorithmFilter.java | 38 +++--- .../algorithm/AlgorithmFilterTarget.java | 34 ++++++ .../filters/algorithm/ConditionRef.java | 38 ------ .../filters/algorithm/ConditionScript.java | 38 ------ .../ui/domain/filters/algorithm/Entity.java | 38 ------ .../jsonschema/JsonSchemaLocationLookup.java | 12 ++ .../resources/algorithm-filter.schema.json | 33 ++++++ ...JPAMetadataResolverServiceImplTests.groovy | 108 ++++-------------- .../src/test/resources/conf/2268-complex.xml | 29 ----- .../conf/{2268-simple.xml => 2268-entity.xml} | 0 .../conf/{2268-actual.xml => 2268-script.xml} | 2 - 20 files changed, 268 insertions(+), 338 deletions(-) create mode 100644 backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AlgorithmFilterUiDefinitionController.groovy rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{filters/algorithm => }/MGF.java (78%) rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{filters/algorithm => }/OtherSource.java (79%) rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{filters/algorithm => }/PRF.java (78%) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/AbstractFilterTarget.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilterTarget.java delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java create mode 100644 backend/src/main/resources/algorithm-filter.schema.json delete mode 100644 backend/src/test/resources/conf/2268-complex.xml rename backend/src/test/resources/conf/{2268-simple.xml => 2268-entity.xml} (100%) rename backend/src/test/resources/conf/{2268-actual.xml => 2268-script.xml} (95%) diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AlgorithmFilterUiDefinitionController.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AlgorithmFilterUiDefinitionController.groovy new file mode 100644 index 000000000..9c7698235 --- /dev/null +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AlgorithmFilterUiDefinitionController.groovy @@ -0,0 +1,56 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocation +import edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocationRegistry +import edu.internet2.tier.shibboleth.admin.ui.service.JsonSchemaBuilderService +import groovy.util.logging.Slf4j +import io.swagger.v3.oas.annotations.tags.Tag +import io.swagger.v3.oas.annotations.tags.Tags +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.http.ResponseEntity +import org.springframework.web.bind.annotation.GetMapping +import org.springframework.web.bind.annotation.RequestMapping +import org.springframework.web.bind.annotation.RestController + +import javax.annotation.PostConstruct + +import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR + +/** + * Controller implementing REST resource responsible for exposing structure definition for algorithm format filter user + * interface in terms of JSON schema. + */ +@RestController +@RequestMapping('/api/ui/AlgorithmFilter') +@Slf4j +@Tags(value = [@Tag(name = "ui")]) +class AlgorithmFilterUiDefinitionController { + + @Autowired + JsonSchemaResourceLocationRegistry jsonSchemaResourceLocationRegistry + + JsonSchemaResourceLocation jsonSchemaLocation + + @Autowired + ObjectMapper jacksonObjectMapper + + @Autowired + JsonSchemaBuilderService jsonSchemaBuilderService + + @GetMapping + ResponseEntity getUiDefinitionJsonSchema() { + try { + def parsedJson = jacksonObjectMapper.readValue(this.jsonSchemaLocation.url, Map) + return ResponseEntity.ok(parsedJson) + } catch (Exception e) { + log.error(e.getMessage(), e) + return ResponseEntity.status(INTERNAL_SERVER_ERROR).body([jsonParseError : e.getMessage(), sourceUiSchemaDefinitionFile: this.jsonSchemaLocation.url]) + } + } + + @PostConstruct + void init() { +// this.jsonSchemaLocation = algorithmFilterSchema(this.jsonSchemaResourceLocationRegistry) + } +} \ No newline at end of file diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index 78ca12254..f3f0b0eb3 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -2,6 +2,8 @@ package edu.internet2.tier.shibboleth.admin.ui.service import com.google.common.base.Predicate import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration +import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod +import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethodBuilder import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget @@ -10,9 +12,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.NameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilter -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionRef -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionScript -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver @@ -109,24 +109,50 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { 'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport', 'xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#' ) { - filter.unknownXMLObjects.each { xmlObject -> - { - if (xmlObject instanceof Entity) { - Entity(xmlObject.getValue()) - } else if (xmlObject instanceof ConditionRef) { - ConditionRef(xmlObject.getValue()) - } else if (xmlObject instanceof ConditionScript) { - ConditionScript() { - Script() { - def script = xmlObject.getValue() - mkp.yieldUnescaped("\n\n") - } + for (String algValue : filter.getAlgorithms()) { + EncryptionMethod method = new EncryptionMethodBuilder().buildObject(); + method.setAlgorithm(algValue) + mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(method, false)) + } + switch (filter.algorithmFilterTarget.targetType) { + case AlgorithmFilterTarget.AlgorithmFilterTargetType.ENTITY: + filter.algorithmFilterTarget.value.each { + Entity(it) + } + break + case AlgorithmFilterTarget.AlgorithmFilterTargetType.CONDITION_REF: + ConditionRef(xmlObject.getValue()) + break + case AlgorithmFilterTarget.AlgorithmFilterTargetType.CONDITION_SCRIPT: + ConditionScript() { + Script() { + def script = filter.getAlgorithmFilterTarget().value[0] + mkp.yieldUnescaped("\n\n") } - } else { - mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false)) } - } + break + default: + // do nothing, we'd have exploded elsewhere previously. + break } +// filter.unknownXMLObjects.each { xmlObject -> +// { +// if (xmlObject instanceof Entity) { +// Entity(xmlObject.getValue()) +// } else if (xmlObject instanceof ConditionRef) { +// ConditionRef(xmlObject.getValue()) +// } else if (xmlObject instanceof ConditionScript) { +// ConditionScript() { +// Script() { +// def script = xmlObject.getValue() +// mkp.yieldUnescaped("\n\n") +// } +// } +// } else { +// mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(xmlObject, false)) +// } +// } +// } } } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/MGF.java similarity index 78% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/MGF.java index f78eaaf00..0278b3af8 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/MGF.java @@ -1,5 +1,6 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; +package edu.internet2.tier.shibboleth.admin.ui.domain; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AbstractAlgorithmIdentifierType; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OtherSource.java similarity index 79% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OtherSource.java index b57e0c82c..afc50b3f4 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OtherSource.java @@ -1,5 +1,6 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; +package edu.internet2.tier.shibboleth.admin.ui.domain; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AbstractAlgorithmIdentifierType; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/PRF.java similarity index 78% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/PRF.java index 3ee2dabec..b621a0278 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/PRF.java @@ -1,5 +1,6 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; +package edu.internet2.tier.shibboleth.admin.ui.domain; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AbstractAlgorithmIdentifierType; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/AbstractFilterTarget.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/AbstractFilterTarget.java new file mode 100644 index 000000000..a26c06e88 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/AbstractFilterTarget.java @@ -0,0 +1,39 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters; + +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable; +import lombok.EqualsAndHashCode; + +import javax.persistence.Column; +import javax.persistence.ElementCollection; +import javax.persistence.FetchType; +import javax.persistence.MappedSuperclass; +import javax.persistence.OrderColumn; +import java.util.ArrayList; +import java.util.List; + +@MappedSuperclass +@EqualsAndHashCode(callSuper = true) +public abstract class AbstractFilterTarget extends AbstractAuditable implements IFilterTarget { + @ElementCollection(fetch = FetchType.EAGER) + @OrderColumn + @Column(length = 760, name="target_value") + protected List value; + + @Override + public List getValue() { + return value == null ? new ArrayList<>() : value; + } + + @Override + public void setSingleValue(String value) { + List values = new ArrayList<>(); + values.add(value); + this.value = values; + } + + @Override + public void setValue(List value) { + this.value = value; + } + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java index e2ed028a0..b2ffb6b0d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java @@ -4,31 +4,21 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable; import lombok.EqualsAndHashCode; +import lombok.ToString; import org.hibernate.envers.AuditOverride; import org.hibernate.envers.Audited; -import javax.persistence.Column; -import javax.persistence.ElementCollection; import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.OrderColumn; -import java.util.ArrayList; -import java.util.List; @Entity @EqualsAndHashCode(callSuper = true) +@ToString @Audited @AuditOverride(forClass = AbstractAuditable.class) @JsonIgnoreProperties({"handler", "hibernateLazyInitializer"}) -public class EntityAttributesFilterTarget extends AbstractAuditable implements IFilterTarget { - +public class EntityAttributesFilterTarget extends AbstractFilterTarget { private EntityAttributesFilterTargetType entityAttributesFilterTargetType; - @ElementCollection (fetch = FetchType.EAGER) - @OrderColumn - @Column(length = 760, name="target_value") - private List value; - public EntityAttributesFilterTargetType getEntityAttributesFilterTargetType() { return entityAttributesFilterTargetType; } @@ -39,33 +29,10 @@ public String getTargetTypeValue() { return entityAttributesFilterTargetType == null ? "NONE" : entityAttributesFilterTargetType.name(); } - @Override - public List getValue() { - return value == null ? new ArrayList<>() : value; - } - public void setEntityAttributesFilterTargetType(EntityAttributesFilterTargetType entityAttributesFilterTarget) { this.entityAttributesFilterTargetType = entityAttributesFilterTarget; } - public void setSingleValue(String value) { - List values = new ArrayList<>(); - values.add(value); - this.value = values; - } - - public void setValue(List value) { - this.value = value; - } - - @Override - public String toString() { - return "EntityAttributesFilterTarget{" + - "entityAttributesFilterTargetType=" + entityAttributesFilterTargetType + - ", value=" + value + - '}'; - } - public enum EntityAttributesFilterTargetType { ENTITY, CONDITION_SCRIPT, CONDITION_REF, REGEX } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java index 548c97356..c566576df 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java @@ -50,7 +50,7 @@ public abstract class MetadataFilter extends AbstractAuditable implements IConcr @JsonProperty("@type") @Transient - String type; + protected String type; @Transient private transient Integer version; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java index 3a5bfe9da..c5441a053 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java @@ -8,29 +8,18 @@ import org.hibernate.envers.AuditOverride; import org.hibernate.envers.Audited; -import javax.persistence.Column; -import javax.persistence.ElementCollection; import javax.persistence.Entity; -import javax.persistence.OrderColumn; -import javax.persistence.Transient; -import java.util.ArrayList; -import java.util.List; @Entity @EqualsAndHashCode(callSuper = true) @ToString @Audited @AuditOverride(forClass = AbstractAuditable.class) -@JsonIgnoreProperties({"handler", "hibernateLazyInitializer"}) -public class NameIdFormatFilterTarget extends AbstractAuditable implements IFilterTarget { +@JsonIgnoreProperties({ "handler", "hibernateLazyInitializer" }) +public class NameIdFormatFilterTarget extends AbstractFilterTarget { private NameIdFormatFilterTargetType nameIdFormatFilterTargetType; - @ElementCollection - @OrderColumn - @Column(name="target_value") - private List value; - public NameIdFormatFilterTargetType getNameIdFormatFilterTargetType() { return nameIdFormatFilterTargetType; } @@ -41,24 +30,10 @@ public String getTargetTypeValue() { return nameIdFormatFilterTargetType.name(); } - public List getValue() { - return value; - } - public void setNameIdFormatFilterTargetType(NameIdFormatFilterTargetType nameIdFormatFilterTargetType) { this.nameIdFormatFilterTargetType = nameIdFormatFilterTargetType; } - public void setSingleValue(String value) { - List values = new ArrayList<>(); - values.add(value); - this.value = values; - } - - public void setValue(List value) { - this.value = value; - } - public enum NameIdFormatFilterTargetType { ENTITY, CONDITION_SCRIPT, REGEX } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java index 85a4d9129..52e08b436 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilter.java @@ -1,54 +1,46 @@ package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; -import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.IFilterTarget; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.ITargetable; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; import lombok.ToString; import org.hibernate.envers.Audited; -import org.opensaml.core.xml.ElementExtensibleXMLObject; -import org.opensaml.core.xml.XMLObject; -import javax.annotation.Nonnull; import javax.persistence.CascadeType; import javax.persistence.ElementCollection; import javax.persistence.Entity; -import javax.persistence.OneToMany; +import javax.persistence.OneToOne; import javax.persistence.OrderColumn; -import javax.xml.namespace.QName; -import java.util.ArrayList; import java.util.List; -import java.util.stream.Collectors; -/** - * Following the pattern of AbstractElementExtensibleXMLObject - this XML type can hold a couple of different types of XML objects - */ @Entity @Audited @Getter @Setter @ToString @EqualsAndHashCode(callSuper = true) -public class AlgorithmFilter extends MetadataFilter { - @OneToMany(cascade = CascadeType.ALL) +public class AlgorithmFilter extends MetadataFilter implements ITargetable { + @OneToOne(cascade = CascadeType.ALL) private AlgorithmFilterTarget algorithmFilterTarget; + + @ElementCollection @OrderColumn - private List unknownXMLObjects = new ArrayList<>(); + private List algorithms; - public void addUnknownXMLObject(AbstractXMLObject xmlObject) { - this.unknownXMLObjects.add(xmlObject); + public AlgorithmFilter() { + type = "Algorithm"; } - @Nonnull - public List getUnknownXMLObjects() { - return (List) (List) this.unknownXMLObjects; + @Override + public IFilterTarget getTarget() { + return algorithmFilterTarget; } private AlgorithmFilter updateConcreteFilterTypeData(AlgorithmFilter filterToBeUpdated) { - for (XMLObject o : getUnknownXMLObjects()) { - filterToBeUpdated.addUnknownXMLObject((AbstractXMLObject) o); - } + filterToBeUpdated.setAlgorithms(getAlgorithms()); + filterToBeUpdated.setAlgorithmFilterTarget(getAlgorithmFilterTarget()); return filterToBeUpdated; } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilterTarget.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilterTarget.java new file mode 100644 index 000000000..558231038 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AlgorithmFilterTarget.java @@ -0,0 +1,34 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractAuditable; +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.AbstractFilterTarget; +import lombok.EqualsAndHashCode; +import lombok.ToString; +import org.hibernate.envers.AuditOverride; +import org.hibernate.envers.Audited; + +import javax.persistence.Entity; + +@Entity +@EqualsAndHashCode(callSuper = true) +@ToString +@Audited +@AuditOverride(forClass = AbstractAuditable.class) +@JsonIgnoreProperties({"handler", "hibernateLazyInitializer"}) +public class AlgorithmFilterTarget extends AbstractFilterTarget { + private AlgorithmFilterTargetType targetType; + + @Override + public String getTargetTypeValue() { + return targetType == null ? "NONE" : targetType.name(); + } + + public void setAlgorithmFilterTargetType(AlgorithmFilterTargetType type) { + this.targetType = type; + } + + public enum AlgorithmFilterTargetType { + ENTITY, CONDITION_SCRIPT, CONDITION_REF + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java deleted file mode 100644 index b35cd0762..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionRef.java +++ /dev/null @@ -1,38 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; - -import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; -import lombok.EqualsAndHashCode; -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; -import org.hibernate.envers.Audited; - -import javax.annotation.Nullable; - -@javax.persistence.Entity -@Audited -@Getter -@Setter -@ToString -@EqualsAndHashCode(callSuper = true) -/** - * The textual content (the value/uri) is the Bean ID of type Predicate - */ -public class ConditionRef extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { - private String uri; - - public ConditionRef() { - setElementLocalName("ConditionRef"); - } - - @Nullable - @Override - public String getValue() { - return this.uri; - } - - @Override - public void setValue(@Nullable String newValue) { - this.uri = newValue; - } -} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java deleted file mode 100644 index a2d58382a..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/ConditionScript.java +++ /dev/null @@ -1,38 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; - -import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; -import lombok.EqualsAndHashCode; -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; -import org.hibernate.envers.Audited; - -import javax.annotation.Nullable; - -@javax.persistence.Entity -@Audited -@Getter -@Setter -@ToString -@EqualsAndHashCode(callSuper = true) -/** - * The textual content is the JS script (the export of the XML will wrap it appropriately) - */ -public class ConditionScript extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { - private String uri; - - public ConditionScript() { - setElementLocalName("ConditionScript"); - } - - @Nullable - @Override - public String getValue() { - return this.uri; - } - - @Override - public void setValue(@Nullable String newValue) { - this.uri = newValue; - } -} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java deleted file mode 100644 index 18dfcbe8e..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java +++ /dev/null @@ -1,38 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm; - -import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject; -import lombok.EqualsAndHashCode; -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; -import org.hibernate.envers.Audited; - -import javax.annotation.Nullable; - -@javax.persistence.Entity -@Audited -@Getter -@Setter -@ToString -@EqualsAndHashCode(callSuper = true) -/** - * The textual content (value/uri) is an entityID. - */ -public class Entity extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString { - private String uri; - - public Entity(){ - setElementLocalName("Entity"); - } - - @Nullable - @Override - public String getValue() { - return this.uri; - } - - @Override - public void setValue(@Nullable String newValue) { - this.uri = newValue; - } -} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaLocationLookup.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaLocationLookup.java index b44e4e7ce..4e7da170f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaLocationLookup.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaLocationLookup.java @@ -105,4 +105,16 @@ public static JsonSchemaResourceLocation nameIdFormatFilterSchema(JsonSchemaReso .lookup(NAME_ID_FORMAT_FILTER) .orElseThrow(() -> new IllegalStateException("JSON schema resource location for name id format filter is not registered.")); } + +// /** +// * Searches algorithm filter JSON schema resource location object in the given location registry. +// * +// * @param resourceLocationRegistry +// * @return algorithm filter JSON schema resource location object +// * @throws IllegalStateException if schema is not found in the given registry +// */ +// public static JsonSchemaResourceLocation algorithmFilterSchema(JsonSchemaResourceLocationRegistry resourceLocationRegistry) { +// return resourceLocationRegistry.lookup(ALGORITHM_FILTER) +// .orElseThrow(() -> new IllegalStateException("JSON schema resource location for algorithm filter is not registered.")); +// } } \ No newline at end of file diff --git a/backend/src/main/resources/algorithm-filter.schema.json b/backend/src/main/resources/algorithm-filter.schema.json new file mode 100644 index 000000000..642acbb4b --- /dev/null +++ b/backend/src/main/resources/algorithm-filter.schema.json @@ -0,0 +1,33 @@ +{ + "type": "object", + "required": [ + "name" + ], + "properties": { + "@type": { + "type": "string", + "default": "Algorithm" + }, + "name": { + "title": "label.filter-algorithm", + "description": "tooltip.filter-algorithm", + "type": "string" + }, + "filterEnabled": { + "title": "label.enable-filter", + "description": "tooltip.enable-filter", + "type": "boolean", + "default": false + }, + "version": { + "type": "integer" + }, + "resourceId": { + "type": "string" + }, + "unknownXMLObjects": { + + } + }, + "definitions": {} +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 505d1507a..4fe54e9cc 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -1,23 +1,17 @@ package edu.internet2.tier.shibboleth.admin.ui.service - import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration import edu.internet2.tier.shibboleth.admin.ui.domain.AlgorithmDigestMethod import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod import edu.internet2.tier.shibboleth.admin.ui.domain.SignatureDigestMethod -import edu.internet2.tier.shibboleth.admin.ui.domain.SigningMethod import edu.internet2.tier.shibboleth.admin.ui.domain.XSString import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionRef -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.ConditionScript -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.MGF -import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.PRF +import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.AlgorithmFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver @@ -194,101 +188,45 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { !diff.hasDifferences() } - def 'test generating AlgorithmFilter xml snippet'() { + def 'test generating AlgorithmFilter shibui-2268 entities'() { given: def filter = TestObjectGenerator.algorithmFilter() - EncryptionMethod encryptionMethod = new EncryptionMethod() - encryptionMethod.setElementLocalName(EncryptionMethod.DEFAULT_ELEMENT_LOCAL_NAME) - encryptionMethod.setNamespacePrefix(SAMLConstants.SAML20MD_PREFIX) - encryptionMethod.setNamespaceURI(SAMLConstants.SAML20MD_NS) - encryptionMethod.setSchemaLocation(SAMLConstants.SAML20MD_SCHEMA_LOCATION) - encryptionMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc") - filter.addUnknownXMLObject(encryptionMethod) - - Entity entity = new Entity() - entity.setValue("https://broken.example.org/sp") - filter.addUnknownXMLObject(entity) - Entity entity2 = new Entity() - entity2.setValue("https://also-broken.example.org/sp") - filter.addUnknownXMLObject(entity2) + ArrayList algs = new ArrayList<>() + algs.add("http://www.w3.org/2001/04/xmlenc#aes128-cbc") + filter.setAlgorithms(algs) + + AlgorithmFilterTarget target = new AlgorithmFilterTarget() + target.setAlgorithmFilterTargetType(AlgorithmFilterTarget.AlgorithmFilterTargetType.ENTITY) + ArrayList entities = new ArrayList<>() + entities.add("https://broken.example.org/sp") + entities.add("https://also-broken.example.org/sp") + target.setValue(entities) + filter.setAlgorithmFilterTarget(target) when: genXmlSnippet(markupBuilder) { JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) } then: - generatedXmlIsTheSameAsExpectedXml('/conf/2268-simple.xml', domBuilder.parseText(writer.toString())) + generatedXmlIsTheSameAsExpectedXml('/conf/2268-entity.xml', domBuilder.parseText(writer.toString())) } - def 'test generating AlgorithmFilter shibui-2268 actual'() { + def 'test generating AlgorithmFilter shibui-2268 script'() { given: def filter = TestObjectGenerator.algorithmFilter() - EncryptionMethod encryptionMethod = new EncryptionMethod() - encryptionMethod.setElementLocalName(EncryptionMethod.DEFAULT_ELEMENT_LOCAL_NAME) - encryptionMethod.setNamespacePrefix(SAMLConstants.SAML20MD_PREFIX) - encryptionMethod.setNamespaceURI(SAMLConstants.SAML20MD_NS) - encryptionMethod.setSchemaLocation(SAMLConstants.SAML20MD_SCHEMA_LOCATION) - encryptionMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc") - filter.addUnknownXMLObject(encryptionMethod) + ArrayList algs = new ArrayList<>() + algs.add("http://www.w3.org/2001/04/xmlenc#aes128-cbc") + filter.setAlgorithms(algs) - Entity entity = new Entity() - entity.setValue("https://broken.example.org/sp") - filter.addUnknownXMLObject(entity) - - ConditionRef cr = new ConditionRef() - cr.setValue("shibboleth.Conditions.TRUE") - filter.addUnknownXMLObject(cr) - - ConditionScript cs = new ConditionScript() - cs.setValue("\"use strict\";\nfalse;") - filter.addUnknownXMLObject(cs) - - when: - genXmlSnippet(markupBuilder) { JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) } - - then: - generatedXmlIsTheSameAsExpectedXml('/conf/2268-actual.xml', domBuilder.parseText(writer.toString())) - } - - /** - * This test was written before we simplified the concept of what we'd allow the users to build in the UI. Because the test was - * already done and working, it was left here for completeness. - */ - def 'test generating complex AlgorithmFilter xml snippet'() { - given: - def filter = TestObjectGenerator.algorithmFilter() - EncryptionMethod encryptionMethod = getEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc") - filter.addUnknownXMLObject(encryptionMethod) - - EncryptionMethod encryptionMethod2 = getEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep") - MGF mgf = new MGF() - mgf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256") - encryptionMethod2.addUnknownXMLObject(mgf) - PRF prf = new PRF() - prf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha384") - encryptionMethod2.addUnknownXMLObject(prf) - SignatureDigestMethod dm = getSignatureDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256") - encryptionMethod2.addUnknownXMLObject(dm) - filter.addUnknownXMLObject(encryptionMethod2) - - AlgorithmDigestMethod dm2 = getDigestMethod("http://www.w3.org/2001/04/xmlenc#sha51") - filter.addUnknownXMLObject(dm2) - - SigningMethod sm = new SigningMethod() - sm.setNamespaceURI(SAMLConstants.SAML20ALG_NS) - sm.setElementLocalName(SigningMethod.DEFAULT_ELEMENT_LOCAL_NAME) - sm.setNamespacePrefix(SAMLConstants.SAML20ALG_PREFIX) - sm.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512") - filter.addUnknownXMLObject(sm) - - Entity entity = new Entity() - entity.setValue("https://broken.example.org/sp") - filter.addUnknownXMLObject(entity) + AlgorithmFilterTarget target = new AlgorithmFilterTarget() + target.setAlgorithmFilterTargetType(AlgorithmFilterTarget.AlgorithmFilterTargetType.CONDITION_SCRIPT) + target.setSingleValue("\"use strict\";\nfalse;") + filter.setAlgorithmFilterTarget(target) when: genXmlSnippet(markupBuilder) { JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) } then: - generatedXmlIsTheSameAsExpectedXml('/conf/2268-complex.xml', domBuilder.parseText(writer.toString())) + generatedXmlIsTheSameAsExpectedXml('/conf/2268-script.xml', domBuilder.parseText(writer.toString())) } def 'test generating EntityAttributesFilter xml snippet with condition script'() { diff --git a/backend/src/test/resources/conf/2268-complex.xml b/backend/src/test/resources/conf/2268-complex.xml deleted file mode 100644 index ee76b2f84..000000000 --- a/backend/src/test/resources/conf/2268-complex.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - https://broken.example.org/sp - - - \ No newline at end of file diff --git a/backend/src/test/resources/conf/2268-simple.xml b/backend/src/test/resources/conf/2268-entity.xml similarity index 100% rename from backend/src/test/resources/conf/2268-simple.xml rename to backend/src/test/resources/conf/2268-entity.xml diff --git a/backend/src/test/resources/conf/2268-actual.xml b/backend/src/test/resources/conf/2268-script.xml similarity index 95% rename from backend/src/test/resources/conf/2268-actual.xml rename to backend/src/test/resources/conf/2268-script.xml index 961079197..3283e883c 100644 --- a/backend/src/test/resources/conf/2268-actual.xml +++ b/backend/src/test/resources/conf/2268-script.xml @@ -14,8 +14,6 @@ xsi:type="Algorithm"> - https://broken.example.org/sp - shibboleth.Conditions.TRUE