Skip to content

Commit

Permalink
Merge branch 'SHIBUI-517' into SHIBUI-519
Browse files Browse the repository at this point in the history
  • Loading branch information
Bill Smith committed Jun 11, 2018
2 parents c5ad998 + 61a524a commit 3822d8b
Show file tree
Hide file tree
Showing 11 changed files with 292 additions and 440 deletions.
136 changes: 88 additions & 48 deletions ...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,30 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFil
import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver
import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver
import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;

import com.google.common.base.Predicate
import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver
import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects

import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
import groovy.util.logging.Slf4j
import groovy.xml.DOMBuilder
import groovy.xml.MarkupBuilder;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.saml.common.profile.logic.EntityIdPredicate;
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.w3c.dom.Document;

public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
private static final Logger logger = LoggerFactory.getLogger(JPAMetadataResolverServiceImpl.class);
import groovy.xml.MarkupBuilder
import net.shibboleth.utilities.java.support.resolver.ResolverException
import org.opensaml.saml.common.profile.logic.EntityIdPredicate
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver
import org.opensaml.saml.metadata.resolver.MetadataResolver
import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain
import org.opensaml.saml.saml2.core.Attribute
import org.opensaml.saml.saml2.metadata.EntityDescriptor

import org.springframework.beans.factory.annotation.Autowired
import org.w3c.dom.Document

@Slf4j
class JPAMetadataResolverServiceImpl implements MetadataResolverService {

@Autowired
private MetadataResolver metadataResolver
Expand All @@ -37,52 +42,52 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {

// TODO: enhance
@Override
public void reloadFilters(String metadataResolverName) {
ChainingMetadataResolver chainingMetadataResolver = (ChainingMetadataResolver)metadataResolver;

// MetadataResolver targetMetadataResolver = chainingMetadataResolver.getResolvers().stream().filter(r -> r.getId().equals(metadataResolverName)).findFirst().get();
void reloadFilters(String metadataResolverName) {
ChainingMetadataResolver chainingMetadataResolver = (ChainingMetadataResolver)metadataResolver
MetadataResolver targetMetadataResolver = chainingMetadataResolver.getResolvers().find { it.id == metadataResolverName }
edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver jpaMetadataResolver = metadataResolverRepository.findByName(metadataResolverName);
edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver jpaMetadataResolver = metadataResolverRepository.findByName(metadataResolverName)

if (targetMetadataResolver && targetMetadataResolver.getMetadataFilter() instanceof MetadataFilterChain) {
MetadataFilterChain metadataFilterChain = (MetadataFilterChain)targetMetadataResolver.getMetadataFilter();
MetadataFilterChain metadataFilterChain = (MetadataFilterChain)targetMetadataResolver.getMetadataFilter()

List<MetadataFilter> metadataFilters = new ArrayList<>();
List<MetadataFilter> metadataFilters = new ArrayList<>()

for (edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter metadataFilter : jpaMetadataResolver.getMetadataFilters()) {
if (metadataFilter instanceof EntityAttributesFilter) {
EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter;
EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter

org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter();
Map<Predicate<EntityDescriptor>, Collection<Attribute>> rules = new HashMap<>();
org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
Map<Predicate<EntityDescriptor>, Collection<Attribute>> rules = new HashMap<>()
if (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType() == EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY) {
rules.put(
new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
(List<Attribute>)(List<? extends Attribute>)entityAttributesFilter.getAttributes()
);
)
}
target.setRules(rules);
metadataFilters.add(target);
target.setRules(rules)
metadataFilters.add(target)
}
}
metadataFilterChain.setFilters(metadataFilters);
metadataFilterChain.setFilters(metadataFilters)
}

if (metadataResolver instanceof RefreshableMetadataResolver) {
try {
((RefreshableMetadataResolver)metadataResolver).refresh();
((RefreshableMetadataResolver)metadataResolver).refresh()
} catch (ResolverException e) {
logger.warn("error refreshing metadataResolver " + metadataResolverName, e);
log.warn("error refreshing metadataResolver " + metadataResolverName, e)
}
}
}

// TODO: enhance
@Override
public Document generateConfiguration() {
Document generateConfiguration() {
// TODO: this can probably be a better writer
new StringWriter().withCloseable { writer ->
def xml = new MarkupBuilder(writer)
xml.omitEmptyAttributes = true
xml.omitNullAttributes = true

xml.MetadataProvider(id: 'ShibbolethMetadata',
xmlns: 'urn:mace:shibboleth:2.0:metadata',
Expand All @@ -91,14 +96,7 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd'
) {
metadataResolverRepository.findAll().each { edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr ->
MetadataProvider(id: 'HTTPMetadata',
'xsi:type': 'FileBackedHTTPMetadataProvider',
backingFile: '%{idp.home}/metadata/incommonmd.xml',
metadataURL: 'http://md.incommon.org/InCommon/InCommon-metadata.xml',
minRefreshDelay: 'PT5M',
maxRefreshDelay: 'PT1H',
refreshDelayFactor: '0.75'
) {
constructXmlNodeForResolver(mr, delegate) {
MetadataFilter(
'xsi:type': 'SignatureValidation',
'requireSignedRoot': 'true',
Expand All @@ -116,7 +114,7 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
//TODO: enhance
mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter ->
if (filter instanceof EntityAttributesFilter) {
EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter)filter
EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) filter
MetadataFilter('xsi:type': 'EntityAttributes') {
// TODO: enhance. currently this does weird things with namespaces
entityAttributesFilter.attributes.each { attribute ->
Expand All @@ -133,12 +131,11 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
}
}
}

return DOMBuilder.newInstance().parseText(writer.toString())
}
}

void constructXmlNodeFor(DynamicHttpMetadataResolver resolver, def markupBuilderDelegate) {
void constructXmlNodeForResolver(DynamicHttpMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
markupBuilderDelegate.MetadataProvider(id: resolver.name,
'xsi:type': 'DynamicHttpMetadataProvider',
requireValidMetadata: !resolver.requireValidMetadata ?: null,
Expand All @@ -147,7 +144,6 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
criterionPredicateRegistryRef: resolver.criterionPredicateRegistryRef,
useDefaultPredicateRegistry: !resolver.useDefaultPredicateRegistry ?: null,
satisfyAnyPredicates: resolver.satisfyAnyPredicates ?: null,

parserPoolRef: resolver.dynamicMetadataResolverAttributes?.parserPoolRef,
taskTimerRef: resolver.dynamicMetadataResolverAttributes?.taskTimerRef,
refreshDelayFactor: resolver.dynamicMetadataResolverAttributes?.refreshDelayFactor,
Expand All @@ -166,7 +162,48 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
maxConnectionsTotal: resolver.maxConnectionsTotal,
maxConnectionsPerRoute: resolver.maxConnectionsPerRoute,
supportedContentTypes: resolver.supportedContentTypes?.value, //not sure this is right. maybe take off the ?.value


httpClientRef: resolver.httpMetadataResolverAttributes?.httpClientRef,
connectionRequestTimeout: resolver.httpMetadataResolverAttributes?.connectionRequestTimeout,
connectionTimeout: resolver.httpMetadataResolverAttributes?.connectionTimeout,
socketTimeout: resolver.httpMetadataResolverAttributes?.socketTimeout,
disregardTLSCertificate: resolver.httpMetadataResolverAttributes?.disregardTLSCertificate ?: null,
httpClientSecurityParametersRef: resolver.httpMetadataResolverAttributes?.httpClientSecurityParametersRef,
proxyHost: resolver.httpMetadataResolverAttributes?.proxyHost,
proxyPort: resolver.httpMetadataResolverAttributes?.proxyHost,
proxyUser: resolver.httpMetadataResolverAttributes?.proxyUser,
proxyPassword: resolver.httpMetadataResolverAttributes?.proxyPassword,
httpCaching: resolver.httpMetadataResolverAttributes?.httpCaching,
httpCacheDirectory: resolver.httpMetadataResolverAttributes?.httpCacheDirectory,
httpMaxCacheEntries: resolver.httpMetadataResolverAttributes?.httpMaxCacheEntries,
httpMaxCacheEntrySize: resolver.httpMetadataResolverAttributes?.httpMaxCacheEntrySize) {

childNodes()
}
}

void constructXmlNodeForResolver(FileBackedHttpMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
markupBuilderDelegate.MetadataProvider(id: resolver.name,
'xsi:type': 'FileBackedHTTPMetadataProvider',
backingFile: resolver.backingFile,
metadataURL: resolver.metadataURL,
initializeFromBackupFile: !resolver.initializeFromBackupFile ?: null,
backupFileInitNextRefreshDelay: resolver.backupFileInitNextRefreshDelay,
requireValidMetadata: !resolver.requireValidMetadata ?: null,
failFastInitialization: !resolver.failFastInitialization ?: null,
sortKey: resolver.sortKey,
criterionPredicateRegistryRef: resolver.criterionPredicateRegistryRef,
useDefaultPredicateRegistry: !resolver.useDefaultPredicateRegistry ?: null,
satisfyAnyPredicates: resolver.satisfyAnyPredicates ?: null,

parserPoolRef: resolver.reloadableMetadataResolverAttributes?.parserPoolRef,
minRefreshDelay: resolver.reloadableMetadataResolverAttributes?.minRefreshDelay,
maxRefreshDelay: resolver.reloadableMetadataResolverAttributes?.maxRefreshDelay,
refreshDelayFactor: resolver.reloadableMetadataResolverAttributes?.refreshDelayFactor,
indexesRef: resolver.reloadableMetadataResolverAttributes?.indexesRef,
resolveViaPredicatesOnly: resolver.reloadableMetadataResolverAttributes?.resolveViaPredicatesOnly ?: null,
expirationWarningThreshold: resolver.reloadableMetadataResolverAttributes?.expirationWarningThreshold,

httpClientRef: resolver.httpMetadataResolverAttributes?.httpClientRef,
connectionRequestTimeout: resolver.httpMetadataResolverAttributes?.connectionRequestTimeout,
connectionTimeout: resolver.httpMetadataResolverAttributes?.connectionTimeout,
Expand All @@ -180,6 +217,9 @@ public class JPAMetadataResolverServiceImpl implements MetadataResolverService {
httpCaching: resolver.httpMetadataResolverAttributes?.httpCaching,
httpCacheDirectory: resolver.httpMetadataResolverAttributes?.httpCacheDirectory,
httpMaxCacheEntries: resolver.httpMetadataResolverAttributes?.httpMaxCacheEntries,
httpMaxCacheEntrySize: resolver.httpMetadataResolverAttributes?.httpMaxCacheEntrySize)
httpMaxCacheEntrySize: resolver.httpMetadataResolverAttributes?.httpMaxCacheEntrySize) {

childNodes()
}
}
}
9 changes: 9 additions & 0 deletions ...u/internet2/tier/shibboleth/admin/ui/domain/resolvers/FileBackedHttpMetadataResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,15 @@
@ToString
public class FileBackedHttpMetadataResolver extends MetadataResolver {

private String metadataURL;

private String backingFile;

private Boolean initializeFromBackupFile = true;

private String backupFileInitNextRefreshDelay;


@Embedded
private ReloadableMetadataResolverAttributes reloadableMetadataResolverAttributes;

Expand Down
2 changes: 1 addition & 1 deletion ...u/internet2/tier/shibboleth/admin/ui/domain/resolvers/HttpMetadataResolverAttributes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public class HttpMetadataResolverAttributes {

private String connectionRequestTimeout;

private String requestTimeout;
private String connectionTimeout;

private String socketTimeout;

Expand Down
6 changes: 3 additions & 3 deletions ...c/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,15 @@ public class MetadataResolver extends AbstractAuditable {
@Column(unique=true)
private String resourceId = UUID.randomUUID().toString();

private Boolean requireValidMetadata;
private Boolean requireValidMetadata = true;

private Boolean failFastInitialization;
private Boolean failFastInitialization = true;

private Integer sortKey;

private String criterionPredicateRegistryRef;

private Boolean useDefaultPredicateRegistry;
private Boolean useDefaultPredicateRegistry = true;

private Boolean satisfyAnyPredicates;

Expand Down
Loading

0 comments on commit 3822d8b

Please sign in to comment.