Merge remote-tracking branch 'origin/feature/shibui-2510' into featur…

…e/SHIBUI-2609-bootstrap-upgrade
TIER · Sep 21, 2023 · 12a95d9 · 12a95d9
2 parents b1ed017 + f65b36e
commit 12a95d9
Show file tree

Hide file tree

Showing 81 changed files with 5,612 additions and 32,388 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -19,7 +19,6 @@ test {
 }
 
 repositories {
-    jcenter()
     maven {
         url 'https://build.shibboleth.net/nexus/content/groups/public'
         artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots']
@@ -143,10 +142,12 @@ dependencies {
     //Spring Configuration Annotation Processor - makes IntelliJ happy about @SpringBootConfigurationProperties
     compileOnly "org.springframework.boot:spring-boot-configuration-processor:${project.'springbootVersion'}"
 
-    runtimeOnly "org.bouncycastle:bcprov-jdk15on:1.70"
-    runtimeOnly "org.bouncycastle:bcprov-ext-jdk15on:1.70"
-    runtimeOnly "org.bouncycastle:bcutil-jdk15on:1.70"
-    runtimeOnly "org.bouncycastle:bcpkix-jdk15on:1.70"
+    // signature and encryption
+    runtimeOnly "org.bouncycastle:bcprov-jdk18on:1.72"
+    runtimeOnly "org.bouncycastle:bcprov-ext-jdk18on:1.72"
+    runtimeOnly "org.bouncycastle:bcutil-jdk18on:1.72"
+    runtimeOnly "org.bouncycastle:bcpkix-jdk18on:1.72"
+
     // DB drivers
     runtimeOnly "org.postgresql:postgresql:${project.'postgresVersion'}"
     runtimeOnly "org.mariadb.jdbc:mariadb-java-client:${project.'mariadbVersion'}"
@@ -165,12 +166,14 @@ dependencies {
     }
 
     // shibboleth idp deps
-    ['idp-profile-spring', 'idp-profile-api'].each {
+    ['idp-profile-impl', 'idp-profile-api'].each {
         implementation "net.shibboleth.idp:${it}:${project.'shibbolethVersion'}"
         integrationTestImplementation "net.shibboleth.idp:${it}:${project.'shibbolethVersion'}"
     }
 
+    implementation "net.shibboleth.ext:spring-extensions:${project.'shibExtSpringExtensionsVersion'}"
     implementation "net.shibboleth.oidc:oidc-common-saml-api:${project.'shibOIDCVersion'}"
+    implementation "net.shibboleth.utilities:java-support:${project.'shibUtilitiesJavaSupportVersion'}"
 
     // hibernate deps
     ['hibernate-core'].each {
@@ -186,9 +189,9 @@ dependencies {
     implementation "net.shibboleth.ext:spring-extensions:6.2.0"
 
     // Spring Web classes requires Apache HttpComponents 5.1 or higher, as of Spring 6.0.
-    implementation "org.apache.httpcomponents.client5:httpclient5:5.1.4"
-    implementation "org.apache.httpcomponents.core5:httpcore5:5.1.5"
-    implementation "org.apache.httpcomponents.core5:httpcore5-h2:5.1.5"
+    implementation "org.apache.httpcomponents.client5:httpclient5:5.2.1"
+    implementation "org.apache.httpcomponents.core5:httpcore5:5.2.2"
+    implementation "org.apache.httpcomponents.core5:httpcore5-h2:5.2.2"
 
     // To override older version with security issue - https://www.lunasec.io/docs/blog/log4j-zero-day/
     implementation "org.apache.logging.log4j:log4j-to-slf4j:${project.'log4JVersion'}"
@@ -277,12 +280,14 @@ dependencies {
 
     integrationTestImplementation sourceSets.main.output
     integrationTestImplementation configurations.compile
+    integrationTestImplementation "net.shibboleth.ext:spring-extensions:${project.'shibExtSpringExtensionsVersion'}"
     integrationTestImplementation "net.shibboleth.oidc:oidc-common-saml-api:${project.'shibOIDCVersion'}"
+    integrationTestImplementation "net.shibboleth.utilities:java-support:${project.'shibUtilitiesJavaSupportVersion'}"
     integrationTestImplementation "org.hibernate:hibernate-envers:${project.'hibernateVersion'}"
     integrationTestImplementation "com.opencsv:opencsv:${project.'opencsvVersion'}", {
         exclude group: 'commons-collections'
     }
-    integrationTestImplementation 'com.saucelabs:sebuilder-interpreter:1.0.6'
+    integrationTestImplementation "com.saucelabs:sebuilder-interpreter:1.0.6"
     integrationTestImplementation "jp.vmi:selenese-runner-java:${project.'seleneseRunnerVersion'}"
     integrationTestImplementation "org.seleniumhq.selenium:selenium-http-jdk-client:4.8.3"
 

diff --git a/...2/tier/shibboleth/admin/ui/repository/envers/EntityDescriptorEnversVersioningTests.groovy b/...2/tier/shibboleth/admin/ui/repository/envers/EntityDescriptorEnversVersioningTests.groovy
@@ -104,9 +104,9 @@ class EntityDescriptorEnversVersioningTests extends Specification {
 
         then:
         entityDescriptorHistory.size() == 1
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).contactPersons[0].givenName.name == 'name'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).contactPersons[0].givenName.value == 'name'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).contactPersons[0].type == org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration.ADMINISTRATIVE
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).contactPersons[0].emailAddresses[0].address == 'test@test'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).contactPersons[0].emailAddresses[0].uri == 'test@test'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).timestamp > 0L
         getModifiedEntityNames(entityDescriptorHistory, 0).sort() == expectedModifiedPersistentEntities.sort()
@@ -122,9 +122,9 @@ class EntityDescriptorEnversVersioningTests extends Specification {
                 entityManager)
         then:
         entityDescriptorHistory.size() == 2
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].givenName.name == 'nameUPDATED'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].givenName.value == 'nameUPDATED'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].type == org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration.ADMINISTRATIVE
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].emailAddresses[0].address == 'test@test'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].emailAddresses[0].uri == 'test@test'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).timestamp > 0L
         getModifiedEntityNames(entityDescriptorHistory, 1).sort() == expectedModifiedPersistentEntities.sort()
@@ -142,17 +142,17 @@ class EntityDescriptorEnversVersioningTests extends Specification {
 
         then:
         entityDescriptorHistory.size() == 3
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 2).contactPersons[0].givenName.name == 'nameUPDATED2'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 2).contactPersons[0].givenName.value == 'nameUPDATED2'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 2).contactPersons[0].type == org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration.OTHER
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 2).contactPersons[0].emailAddresses[0].address == 'test@test.com'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 2).contactPersons[0].emailAddresses[0].uri == 'test@test.com'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 2).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 2).timestamp > 0L
         getModifiedEntityNames(entityDescriptorHistory, 2).sort() == expectedModifiedPersistentEntities.sort()
 
         //Also make sure we have our original revision
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].givenName.name == 'nameUPDATED'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].givenName.value == 'nameUPDATED'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].type == org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration.ADMINISTRATIVE
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].emailAddresses[0].address == 'test@test'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).contactPersons[0].emailAddresses[0].uri == 'test@test'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).timestamp > 0L
 
@@ -180,7 +180,7 @@ class EntityDescriptorEnversVersioningTests extends Specification {
         entityDescriptorHistory.size() == 1
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.organizationNames[0].value == 'org'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.displayNames[0].value == 'display org'
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.URLs[0].value == 'http://org.edu'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.URLs[0].uri == 'http://org.edu'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).timestamp > 0L
         getModifiedEntityNames(entityDescriptorHistory, 0).sort() == expectedModifiedPersistentEntities.sort()
@@ -202,15 +202,15 @@ class EntityDescriptorEnversVersioningTests extends Specification {
         entityDescriptorHistory.size() == 2
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).organization.organizationNames[0].value == 'orgUpdated'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).organization.displayNames[0].value == 'display org Updated'
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).organization.URLs[0].value == 'http://org2.edu'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).organization.URLs[0].uri == 'http://org2.edu'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).timestamp > 0L
         getModifiedEntityNames(entityDescriptorHistory, 1).sort() == expectedModifiedPersistentEntities.sort()
 
         //Check the original revision is intact
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.organizationNames[0].value == 'org'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.displayNames[0].value == 'display org'
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.URLs[0].value == 'http://org.edu'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).organization.URLs[0].uri == 'http://org.edu'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).timestamp > 0L
     }
@@ -237,7 +237,7 @@ class EntityDescriptorEnversVersioningTests extends Specification {
 
         then:
         entityDescriptorHistory.size() == 1
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].nameIDFormats[0].format == 'format'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].nameIDFormats[0].uri == 'format'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].supportedProtocols[0] == 'urn:oasis:names:tc:SAML:1.1:protocol'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].supportedProtocols[1] == null
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).principalUserName == 'anonymousUser'
@@ -261,15 +261,15 @@ class EntityDescriptorEnversVersioningTests extends Specification {
 
         then:
         entityDescriptorHistory.size() == 2
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).roleDescriptors[0].nameIDFormats[0].format == 'formatUPDATED'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).roleDescriptors[0].nameIDFormats[0].uri == 'formatUPDATED'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).roleDescriptors[0].supportedProtocols[0] == 'urn:oasis:names:tc:SAML:1.1:protocol'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 1).roleDescriptors[0].supportedProtocols[1] == 'urn:oasis:names:tc:SAML:2.0:protocol'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 1).timestamp > 0L
         getModifiedEntityNames(entityDescriptorHistory, 1).sort() == expectedModifiedPersistentEntities.sort()
 
         //Check the original revision is intact
-        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].nameIDFormats[0].format == 'format'
+        getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].nameIDFormats[0].uri == 'format'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].supportedProtocols[0] == 'urn:oasis:names:tc:SAML:1.1:protocol'
         getTargetEntityForRevisionIndex(entityDescriptorHistory, 0).roleDescriptors[0].supportedProtocols[1] == null
         getRevisionEntityForRevisionIndex(entityDescriptorHistory, 0).principalUserName == 'anonymousUser'
@@ -314,10 +314,10 @@ class EntityDescriptorEnversVersioningTests extends Specification {
         then:
         entityDescriptorHistory.size() == 1
         uiinfo.displayNames[0].value == 'Initial display name'
-        uiinfo.informationURLs[0].value == 'http://info'
-        uiinfo.privacyStatementURLs[0].value == 'http://privacy'
+        uiinfo.informationURLs[0].URI == 'http://info'
+        uiinfo.privacyStatementURLs[0].URI == 'http://privacy'
         uiinfo.descriptions[0].value == 'Initial desc'
-        uiinfo.logos[0].URL == 'http://logo'
+        uiinfo.logos[0].URI == 'http://logo'
         uiinfo.logos[0].height == 20
         uiinfo.logos[0].width == 30
         getModifiedEntityNames(entityDescriptorHistory, 0).sort() == expectedModifiedPersistentEntities.sort()
@@ -349,20 +349,20 @@ class EntityDescriptorEnversVersioningTests extends Specification {
         then:
         entityDescriptorHistory.size() == 2
         uiinfo.displayNames[0].value == 'Display name UPDATED'
-        uiinfo.informationURLs[0].value == 'http://info.updated'
-        uiinfo.privacyStatementURLs[0].value == 'http://privacy.updated'
+        uiinfo.informationURLs[0].URI == 'http://info.updated'
+        uiinfo.privacyStatementURLs[0].URI == 'http://privacy.updated'
         uiinfo.descriptions[0].value == 'Desc UPDATED'
-        uiinfo.logos[0].URL == 'http://logo.updated'
+        uiinfo.logos[0].URI == 'http://logo.updated'
         uiinfo.logos[0].height == 30
         uiinfo.logos[0].width == 40
         getModifiedEntityNames(entityDescriptorHistory, 1).sort() == expectedModifiedPersistentEntities.sort()
 
         //Check the initial revision is still intact
         uiinfoInitialRevision.displayNames[0].value == 'Initial display name'
-        uiinfoInitialRevision.informationURLs[0].value == 'http://info'
-        uiinfoInitialRevision.privacyStatementURLs[0].value == 'http://privacy'
+        uiinfoInitialRevision.informationURLs[0].URI == 'http://info'
+        uiinfoInitialRevision.privacyStatementURLs[0].URI == 'http://privacy'
         uiinfoInitialRevision.descriptions[0].value == 'Initial desc'
-        uiinfoInitialRevision.logos[0].URL == 'http://logo'
+        uiinfoInitialRevision.logos[0].URI == 'http://logo'
         uiinfoInitialRevision.logos[0].height == 20
         uiinfoInitialRevision.logos[0].width == 30
     }

diff --git a/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -700,6 +700,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                             break
                     }
                     target.setRules(rules)
+                    target.initialize()
                     metadataFilters.add(target)
                 }
                 if (metadataFilter instanceof NameIdFormatFilter) {

diff --git a/...main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/...main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy
@@ -23,15 +23,15 @@ class ShibPropertiesBootstrap {
 
     @Transactional
     @EventListener
-    void bootstrapUsersAndRoles(ApplicationStartedEvent e) {
+    void bootstrapShibPropertiesList(ApplicationStartedEvent e) {
         log.info("Ensuring base Shibboleth properties configuration has loaded")
 
         Resource resource = new ClassPathResource('shib_configuration_prop.csv')
         final HashMap<String, ShibConfigurationProperty> propertiesMap = new HashMap<>()
 
         // Read in the defaults in the configuration file
         new CSVReader(new InputStreamReader(resource.inputStream)).each { fields ->
-            def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items,property_value) = fields
+            def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items) = fields
             ShibConfigurationProperty prop = new ShibConfigurationProperty().with {
                 it.resourceId = resource_id
                 it.category = category

diff --git a/...a/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConfiguration.java b/...a/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConfiguration.java
@@ -7,8 +7,8 @@
 import edu.internet2.tier.shibboleth.admin.ui.service.IndexWriterService;
 import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverConverterService;
 import edu.internet2.tier.shibboleth.admin.util.TokenPlaceholderResolvers;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.resolver.ResolverException;
 import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
 import org.opensaml.saml.metadata.resolver.MetadataResolver;
 import org.slf4j.Logger;

diff --git a/.../main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java b/.../main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/SpringSecurityConfig.java
@@ -110,7 +110,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf((csrf) -> csrf.csrfTokenRequestHandler(requestHandler));
         http
             .authorizeHttpRequests()
-            .requestMatchers("/unsecured/**/*","/entities/**/*","/actuator/**", "/api/beacon/send").permitAll()
+            .requestMatchers(new AntPathRequestMatcher("/unsecured/**/*"),
+                             new AntPathRequestMatcher("/entities/**/*"),
+                             new AntPathRequestMatcher("/actuator/**"),
+                             new AntPathRequestMatcher("/api/beacon/send")).permitAll()
             .anyRequest().hasAnyRole(acceptedAuthenticationRoles)
             .and().exceptionHandling().accessDeniedHandler((request, response, accessDeniedException) -> response.sendRedirect("/unsecured/error.html"))
             .and().authenticationProvider(new SimpleAuthenticationProvider(adminUserService())).formLogin()

diff --git a/...end/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/BeaconController.java b/...end/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/BeaconController.java
@@ -7,7 +7,6 @@
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 

diff --git a/...d/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java b/...d/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
@@ -9,7 +9,7 @@
 import io.swagger.v3.oas.annotations.tags.Tags;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.shared.resolver.ResolverException;
 import org.apache.http.client.utils.DateUtils;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;