From 7c74fe803b584921af4050c0b1150d26b7916fb5 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Fri, 5 Jul 2019 13:53:32 -0500
Subject: [PATCH 1/2] [SHIBUI-1263] remove Filter versioning since it is
 rolling up into the resolver

---
 backend/build.gradle                          |   6 +
 .../AbstractAttributeExtensibleXMLObject.java |  25 +++-
 .../admin/ui/domain/DigestMethod.java         |  29 ++++
 .../admin/ui/domain/RequestInitiator.java     |  26 ++++
 .../admin/ui/domain/SigningMethod.java        |  55 +++++++
 .../JPAXMLObjectProviderInitializer.java      |   2 +-
 .../jpa-saml2-metadata-algorithm-config.xml   |  34 +++++
 .../templates/AlgorithmBuilderTemplate.java   |  22 +++
 .../EntityDescriptorRepositoryTest.groovy     |  43 +++++-
 .../test/resources/metadata/SHIBUI-950.xml    | 141 ++++++++++++++++++
 10 files changed, 372 insertions(+), 11 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SigningMethod.java
 create mode 100644 backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml
 create mode 100644 backend/src/main/templates/AlgorithmBuilderTemplate.java
 create mode 100644 backend/src/test/resources/metadata/SHIBUI-950.xml

diff --git a/backend/build.gradle b/backend/build.gradle
index 4e5822e2e..970b23f4c 100644
--- a/backend/build.gradle
+++ b/backend/build.gradle
@@ -266,6 +266,12 @@ task generateSources {
         xmlSecBuilders.ObjectProviders.ObjectProvider.BuilderClass.each {
             processLine(it['@className'].toString(), 'src/main/templates/XMLSecBuilderTemplate.java')
         }
+
+        new XmlSlurper().parse(file('src/main/resources/jpa-saml2-metadata-algorithm-config.xml')).with { builders ->
+            builders.ObjectProviders.ObjectProvider.BuilderClass.each {
+                processLine(it['@className'].toString(), 'src/main/templates/AlgorithmBuilderTemplate.java')
+            }
+        }
     }
 }
 
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java
index 075280330..3e029e17e 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java
@@ -5,17 +5,21 @@
 import org.opensaml.core.xml.util.AttributeMap;
 
 import javax.annotation.Nonnull;
+import javax.persistence.ElementCollection;
 import javax.persistence.MappedSuperclass;
+import javax.persistence.PostLoad;
+import javax.persistence.PrePersist;
 import javax.persistence.Transient;
+import javax.xml.namespace.QName;
+import java.util.HashMap;
+import java.util.Map;
 
 @MappedSuperclass
-@EqualsAndHashCode(callSuper = true, exclude={"unknownAttributes"})
+@EqualsAndHashCode(callSuper = true, exclude={"storageAttributeMap"})
 public abstract class AbstractAttributeExtensibleXMLObject extends AbstractXMLObject implements AttributeExtensibleXMLObject {
-
-    private transient final AttributeMap unknownAttributes;
+    private transient final AttributeMap unknownAttributes = new AttributeMap(this);
 
     AbstractAttributeExtensibleXMLObject() {
-        unknownAttributes = new AttributeMap(this);
     }
 
     @Nonnull
@@ -24,4 +28,17 @@ public abstract class AbstractAttributeExtensibleXMLObject extends AbstractXMLOb
     public AttributeMap getUnknownAttributes() {
         return this.unknownAttributes;
     }
+
+    @ElementCollection
+    private Map<QName,String> storageAttributeMap = new HashMap<>();
+
+    @PrePersist
+    void prePersist() {
+        this.storageAttributeMap = this.unknownAttributes;
+    }
+
+    @PostLoad
+    void postLoad() {
+        this.unknownAttributes.putAll(this.storageAttributeMap);
+    }
 }
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java
new file mode 100644
index 000000000..bb0fe5359
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/DigestMethod.java
@@ -0,0 +1,29 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.EqualsAndHashCode;
+
+import javax.annotation.Nullable;
+import javax.persistence.Entity;
+
+@Entity
+@EqualsAndHashCode(callSuper = true)
+public class DigestMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.DigestMethod {
+    private String algorithm;
+
+    public DigestMethod() {}
+
+    public DigestMethod(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    @Nullable
+    @Override
+    public String getAlgorithm() {
+        return null;
+    }
+
+    @Override
+    public void setAlgorithm(@Nullable String value) {
+
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java
index 78fd0028e..dbd667ff9 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java
@@ -1,9 +1,20 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
+import lombok.EqualsAndHashCode;
 import org.opensaml.core.xml.util.AttributeMap;
 
 import javax.annotation.Nonnull;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.PostLoad;
+import javax.persistence.PrePersist;
+import javax.persistence.Transient;
+import javax.xml.namespace.QName;
+import java.util.HashMap;
+import java.util.Map;
 
+@Entity
+@EqualsAndHashCode(callSuper = true, exclude = {"storageAttributeMap"})
 public class RequestInitiator extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2mdreqinit.RequestInitiator {
     private String binding;
     @Override
@@ -40,10 +51,25 @@ public void setResponseLocation(String location) {
         this.responseLocation = location;
     }
 
+    @ElementCollection
+    private Map<QName,String> storageAttributeMap = new HashMap<>();
+
+    @Transient
     private AttributeMap attributeMap = new AttributeMap(this);
 
+    @PrePersist
+    void prePersist() {
+        this.storageAttributeMap = this.attributeMap;
+    }
+
+    @PostLoad
+    void postLoad() {
+        this.attributeMap.putAll(this.storageAttributeMap);
+    }
+
     @Nonnull
     @Override
+    @Transient
     public AttributeMap getUnknownAttributes() {
         return this.attributeMap;
     }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SigningMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SigningMethod.java
new file mode 100644
index 000000000..c66996c9b
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SigningMethod.java
@@ -0,0 +1,55 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.EqualsAndHashCode;
+
+import javax.annotation.Nullable;
+import javax.persistence.Entity;
+
+@Entity
+@EqualsAndHashCode(callSuper = true)
+public class SigningMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.SigningMethod {
+    private String algorithm;
+    private Integer minKeySize;
+    private Integer maxKeySize;
+
+    public SigningMethod() {}
+
+    public SigningMethod(String algorithm, Integer minKeySize, Integer maxKeySize) {
+        this.algorithm = algorithm;
+        this.minKeySize = minKeySize;
+        this.maxKeySize = maxKeySize;
+    }
+
+    @Nullable
+    @Override
+    public String getAlgorithm() {
+        return this.algorithm;
+    }
+
+    @Override
+    public void setAlgorithm(@Nullable String value) {
+        this.algorithm = value;
+    }
+
+    @Nullable
+    @Override
+    public Integer getMinKeySize() {
+        return this.minKeySize;
+    }
+
+    @Override
+    public void setMinKeySize(@Nullable Integer value) {
+        this.minKeySize = value;
+    }
+
+    @Nullable
+    @Override
+    public Integer getMaxKeySize() {
+        return this.maxKeySize;
+    }
+
+    @Override
+    public void setMaxKeySize(@Nullable Integer value) {
+        this.maxKeySize = value;
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java
index 2b6718dd1..25000ae67 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java
@@ -14,8 +14,8 @@ protected String[] getConfigResources() {
                 "/jpa-schema-config.xml",
                 "/jpa-saml2-metadata-ui-config.xml",
                 "/jpa-signature-config.xml",
+                "/jpa-saml2-metadata-algorithm-config.xml",
                 "/encryption-config.xml",
-                "/saml2-metadata-algorithm-config.xml",
                 "/jpa-saml2-metadata-reqinit-config.xml",
                 "/saml2-protocol-config.xml",
                 "/modified-saml2-assertion-config.xml"
diff --git a/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml b/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml
new file mode 100644
index 000000000..f6432a71a
--- /dev/null
+++ b/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XMLTooling xmlns="http://www.opensaml.org/xmltooling-config" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.opensaml.org/xmltooling-config ../../src/schema/xmltooling-config.xsd">
+
+    <!-- SAML v2.0 Metadata Profile for Algorithm Support Version 1.0 XMLObject providers -->
+    <ObjectProviders>
+
+        <!-- DigestMethod provider -->
+        <ObjectProvider qualifiedName="alg:DigestMethod">
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.DigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="alg:DigestMethodType">
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.DigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+        
+        <!-- SigningMethod provider -->
+        <ObjectProvider qualifiedName="alg:SigningMethod">
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.SigningMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.SigningMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.SigningMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="alg:SigningMethodType">
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.SigningMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.SigningMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.SigningMethodUnmarshaller"/>
+        </ObjectProvider>
+
+    </ObjectProviders>
+</XMLTooling>
diff --git a/backend/src/main/templates/AlgorithmBuilderTemplate.java b/backend/src/main/templates/AlgorithmBuilderTemplate.java
new file mode 100644
index 000000000..26d1e3077
--- /dev/null
+++ b/backend/src/main/templates/AlgorithmBuilderTemplate.java
@@ -0,0 +1,22 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import edu.internet2.tier.shibboleth.admin.ui.opensaml.xml.AbstractSAMLObjectBuilder;
+import org.opensaml.saml.common.xml.SAMLConstants;
+
+public class {{TOKEN}}Builder extends AbstractSAMLObjectBuilder<{{TOKEN}}> {
+    public {{TOKEN}}Builder() {
+    }
+
+    public {{TOKEN}} buildObject() {
+        return buildObject(SAMLConstants.SAML20ALG_NS, {{TOKEN}}.DEFAULT_ELEMENT_LOCAL_NAME,
+                SAMLConstants.SAML20ALG_PREFIX);
+    }
+
+    public {{TOKEN}} buildObject(final String namespaceURI, final String localName, final String namespacePrefix) {
+        {{TOKEN}} o = new {{TOKEN}}();
+        o.setNamespaceURI(namespaceURI);
+        o.setElementLocalName(localName);
+        o.setNamespacePrefix(namespacePrefix);
+        return o;
+    }
+}
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy
index 4ecb6e758..741df5ac5 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy
@@ -1,21 +1,25 @@
 package edu.internet2.tier.shibboleth.admin.ui.repository
 
-import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfiguration
-import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor
+import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl
+import org.apache.lucene.analysis.Analyzer
+import org.apache.lucene.analysis.en.EnglishAnalyzer
+import org.opensaml.saml.metadata.resolver.MetadataResolver
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
+import org.springframework.boot.test.context.TestConfiguration
+import org.springframework.context.annotation.Bean
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
-
+import org.springframework.test.annotation.DirtiesContext
 import org.springframework.test.context.ContextConfiguration
 import spock.lang.Specification
 
@@ -25,9 +29,10 @@ import javax.persistence.EntityManager
  * A highly unnecessary test so that I can check to make sure that persistence is correct for the model
  */
 @DataJpaTest
-@ContextConfiguration(classes=[CoreShibUiConfiguration, SearchConfiguration, TestConfiguration, InternationalizationConfiguration])
+@ContextConfiguration(classes=[CoreShibUiConfiguration, InternationalizationConfiguration])
 @EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
 @EntityScan("edu.internet2.tier.shibboleth.admin.ui")
+@DirtiesContext(methodMode = DirtiesContext.MethodMode.AFTER_METHOD)
 class EntityDescriptorRepositoryTest extends Specification {
     @Autowired
     EntityDescriptorRepository entityDescriptorRepository
@@ -42,7 +47,7 @@ class EntityDescriptorRepositoryTest extends Specification {
     UserRepository userRepository
 
     OpenSamlObjects openSamlObjects = new OpenSamlObjects().with {
-        init()
+        it.init()
         it
     }
 
@@ -61,4 +66,30 @@ class EntityDescriptorRepositoryTest extends Specification {
         then:
         item1.hashCode() == item2.hashCode()
     }
+
+    def "SHIBUI-950"() {
+        when:
+        def input = openSamlObjects.unmarshalFromXml(this.class.getResource('/metadata/SHIBUI-950.xml').bytes) as EntityDescriptor
+        entityDescriptorRepository.save(input)
+
+        then:
+        noExceptionThrown()
+    }
+
+    @TestConfiguration
+    static class Config {
+        @Bean
+        MetadataResolver metadataResolver() {
+            new OpenSamlChainingMetadataResolver().with {
+                it.id = 'tester'
+                it.initialize()
+                return it
+            }
+        }
+
+        @Bean
+        Analyzer analyzer() {
+            return new EnglishAnalyzer()
+        }
+    }
 }
diff --git a/backend/src/test/resources/metadata/SHIBUI-950.xml b/backend/src/test/resources/metadata/SHIBUI-950.xml
new file mode 100644
index 000000000..1d534cf44
--- /dev/null
+++ b/backend/src/test/resources/metadata/SHIBUI-950.xml
@@ -0,0 +1,141 @@
+<!--
+This is example metadata only. Do *NOT* supply it as is without review,
+and do *NOT* provide it in real time to your partners.
+ -->
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_c289c066dc8697b993692910ebdacc2c0d58664c" entityID="https://wiki.shibboleth.net/shibboleth" validUntil="2019-06-29T06:06:45Z">
+
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="#_c289c066dc8697b993692910ebdacc2c0d58664c">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>0uoDhgpIppfgBW09Xl/CzKh+FtwMpQnyrKUFp4Z4xzM=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>mR7mTtB6hQYGchYSvOp9xt5emHVT3/vq7ikVkARf3OF3mLkILMX60m5h73T3ZrBK
+siVglL2USnsaecbqxZ/zn0Kd+PHcrUyMBBUnZdsmX+C8DfSKvV6fdDRWjcsjG4pt
+DvnX+6UwqESev7wIm0rBfYJMMMEimxsWssQQg7v/yAuoeMCoz8sUPIpMm6sB6qXl
+6ldXLt2dmDSXtrtd2Er+e8lp4QvpohI9DyzDqtHKAKD0y3TMqniZ8LA59cnjTcQg
+MCD9DszcBuexniOMTqrgDG4VFAexSn6k2le/eXJIOsRouVizHOZSei1VxZoFl3IR
+PPs+eFOTsligBCEVBPWEUg==</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDQjCCAiqgAwIBAgIJAMI1r/DZzTEJMA0GCSqGSIb3DQEBBQUAME8xEzARBgoJ
+kiaJk/IsZAEZFgNuZXQxGjAYBgoJkiaJk/IsZAEZFgpzaGliYm9sZXRoMRwwGgYD
+VQQDExN3aWtpLnNoaWJib2xldGgubmV0MB4XDTEzMTEyNTE0NTcyOFoXDTM3MDMw
+NDE0NTcyOFowTzETMBEGCgmSJomT8ixkARkWA25ldDEaMBgGCgmSJomT8ixkARkW
+CnNoaWJib2xldGgxHDAaBgNVBAMTE3dpa2kuc2hpYmJvbGV0aC5uZXQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1viMiWhYa8cmxJ6rQ8yORYMD6Gx5n
+r/r9wQko+Tbjl/qGS0LaTfPQCokvwrD06506MPHainaMqbjlO4gDjq2LpU9/iy0s
+iLuY7UHgDqNNZOELBTQOMwLAFcuEA10FCWjJRglT+6w3xEFeU+dZkBXV1VvKBvsZ
+SiuQw437CcV3ueEF4+ZB0l9uyq8o3wzKRZ9DnpyFL7SUJiHJPuqqXZuyQnjLrbVZ
+KjjumGnY3LJTUo1xoUEuhqj5RMfspn2oc5YnIYka5YrCBmYKJV3QtCFbLA/cz8nF
+m+lOvYGz8nl3wHNkZIVRoetVw/Mhf7lzex0rh3XBdS6vVcT75uH0X1OPAgMBAAGj
+ITAfMB0GA1UdDgQWBBQe1XwZavrgAhRXrfhv1gGUwSkc7DANBgkqhkiG9w0BAQUF
+AAOCAQEADCGhWJ+oZ8ltcjJ7D66rMg1HOZT6GFCVeZ7MfhY/KFrvsnITNbTA+SgZ
+tCJt/BLlZXxpzmix19bD9bNwqEMo7WSqBy77X7SS97ZXti6y6vwAz8h78vzQopOd
+rnn8XXyWxtrtRRCK4RMpZGrVm3sfBPW68j9hiPHZqewE4nLavjCki/I9rCMe5dJE
+3+ZRf4Ip/9hYqM+a5Chcvbo2zJEOtw+EUQqNTZ51j33H/2qF9UoSpt74UFh+Jd5y
+L2GoFSt/gCld78j/7cU3ObGQEme+hVVZ8/uGa/cCYvFt75vNBdnlj4icZ6fgFe9R
+9h5hlBTGD3PULSFmCdkgxtwIyd855Q==
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
+
+  <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+  </md:Extensions>
+
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
+    <md:Extensions>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/Login"/>
+      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/Login" index="1"/>
+    </md:Extensions>
+    <md:KeyDescriptor>
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDQjCCAiqgAwIBAgIJAMI1r/DZzTEJMA0GCSqGSIb3DQEBBQUAME8xEzARBgoJ
+kiaJk/IsZAEZFgNuZXQxGjAYBgoJkiaJk/IsZAEZFgpzaGliYm9sZXRoMRwwGgYD
+VQQDExN3aWtpLnNoaWJib2xldGgubmV0MB4XDTEzMTEyNTE0NTcyOFoXDTM3MDMw
+NDE0NTcyOFowTzETMBEGCgmSJomT8ixkARkWA25ldDEaMBgGCgmSJomT8ixkARkW
+CnNoaWJib2xldGgxHDAaBgNVBAMTE3dpa2kuc2hpYmJvbGV0aC5uZXQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1viMiWhYa8cmxJ6rQ8yORYMD6Gx5n
+r/r9wQko+Tbjl/qGS0LaTfPQCokvwrD06506MPHainaMqbjlO4gDjq2LpU9/iy0s
+iLuY7UHgDqNNZOELBTQOMwLAFcuEA10FCWjJRglT+6w3xEFeU+dZkBXV1VvKBvsZ
+SiuQw437CcV3ueEF4+ZB0l9uyq8o3wzKRZ9DnpyFL7SUJiHJPuqqXZuyQnjLrbVZ
+KjjumGnY3LJTUo1xoUEuhqj5RMfspn2oc5YnIYka5YrCBmYKJV3QtCFbLA/cz8nF
+m+lOvYGz8nl3wHNkZIVRoetVw/Mhf7lzex0rh3XBdS6vVcT75uH0X1OPAgMBAAGj
+ITAfMB0GA1UdDgQWBBQe1XwZavrgAhRXrfhv1gGUwSkc7DANBgkqhkiG9w0BAQUF
+AAOCAQEADCGhWJ+oZ8ltcjJ7D66rMg1HOZT6GFCVeZ7MfhY/KFrvsnITNbTA+SgZ
+tCJt/BLlZXxpzmix19bD9bNwqEMo7WSqBy77X7SS97ZXti6y6vwAz8h78vzQopOd
+rnn8XXyWxtrtRRCK4RMpZGrVm3sfBPW68j9hiPHZqewE4nLavjCki/I9rCMe5dJE
+3+ZRf4Ip/9hYqM+a5Chcvbo2zJEOtw+EUQqNTZ51j33H/2qF9UoSpt74UFh+Jd5y
+L2GoFSt/gCld78j/7cU3ObGQEme+hVVZ8/uGa/cCYvFt75vNBdnlj4icZ6fgFe9R
+9h5hlBTGD3PULSFmCdkgxtwIyd855Q==
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+    </md:KeyDescriptor>
+    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/Artifact/SOAP" index="1"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SLO/SOAP"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SLO/Redirect"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SLO/POST"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SLO/Artifact"/>
+    <NameIDFormat xmlns="urn:oasis:names:tc:SAML:2.0:metadata">urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
+    <NameIDFormat xmlns="urn:oasis:names:tc:SAML:2.0:metadata">urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SAML2/POST" index="1"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SAML2/Artifact" index="3"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SAML2/ECP" index="4"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SAML/POST" index="5"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://wiki.shibboleth.net/confluence/Shibboleth.sso/SAML/Artifact" index="6"/>
+    <AttributeConsumingService xmlns="urn:oasis:names:tc:SAML:2.0:metadata" index="1">
+                  <ServiceName xml:lang="en">Shibboleth Federated Wiki</ServiceName>
+                  <ServiceDescription xml:lang="en">
+                    A shared Wiki service with automatic registration for users who can supply a supported
+                    identifier, such as eduPersonPrincipalName or eduPersonTargetedID.
+                  </ServiceDescription>
+                  <RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+                  <RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+                  <RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+                  <RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+                  <RequestedAttribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+                  <RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+                  <RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+                  <RequestedAttribute FriendlyName="mail" Name="urn:mace:dir:attribute-def:mail" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+                  <RequestedAttribute FriendlyName="displayName" Name="urn:mace:dir:attribute-def:displayName" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/> 
+                  <RequestedAttribute FriendlyName="cn" Name="urn:mace:dir:attribute-def:cn" NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+               </AttributeConsumingService></md:SPSSODescriptor><Organization xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+                  <OrganizationName xml:lang="en">Shibboleth Consortium</OrganizationName>
+                  <OrganizationDisplayName xml:lang="en">Shibboleth Consortium</OrganizationDisplayName>
+                  <OrganizationURL xml:lang="en">http://www.shibboleth.net/</OrganizationURL>
+               </Organization>
+<ContactPerson xmlns="urn:oasis:names:tc:SAML:2.0:metadata" contactType="support">
+                 <GivenName>Shibboleth.Net Technical Support</GivenName>
+                 <EmailAddress>contact@shibboleth.net</EmailAddress>
+               </ContactPerson></md:EntityDescriptor>
\ No newline at end of file

From d3e14210c1b4904f593580ca5d8743560a470f47 Mon Sep 17 00:00:00 2001
From: Dmitriy Kopylenko <dima767@gmail.com>
Date: Mon, 15 Jul 2019 13:38:46 -0400
Subject: [PATCH 2/2] Fixing tests OOM

---
 build.gradle      | 6 ++++++
 gradle.properties | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index ff3c80edc..5b78682dc 100644
--- a/build.gradle
+++ b/build.gradle
@@ -4,6 +4,12 @@ plugins {
     id 'com.github.breadmoirai.github-release' version '2.2.9'
 }
 
+subprojects {
+    tasks.withType(Test) {
+        maxHeapSize = "3g"        
+    }
+}
+
 tasks.findByName('release').dependsOn project.getTasksByName('test', true)
 
 githubRelease {
diff --git a/gradle.properties b/gradle.properties
index 335e4cb7b..4fdf282d7 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -11,7 +11,7 @@ hibernate.version=5.2.11.Final
 
 lucene.version=7.2.1
 
-org.gradle.jvmargs=-Xmx4g -XX:-UseGCOverheadLimit
+org.gradle.jvmargs=-Xmx1g -XX:-UseGCOverheadLimit
 
 # set token in personal global
 i2.github.token=