SHIBUI-2510

First pass using the SNAPSHOIT Shibv5 and OpenSAMLv5 libs - able to get backend unit tests to pass

backend/build.gradle

@@ -24,6 +24,10 @@ repositories {
         url 'https://build.shibboleth.net/nexus/content/groups/public'
         artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots']
     }
+    // TODO remove snapshots after the versions become final
+    maven {
+        url 'https://build.shibboleth.net/maven/snapshots'
+    }
     maven {  // for the springboot plugin
         url "https://plugins.gradle.org/m2/"
     }
@@ -143,10 +147,12 @@ dependencies {
     //Spring Configuration Annotation Processor - makes IntelliJ happy about @SpringBootConfigurationProperties
     compileOnly "org.springframework.boot:spring-boot-configuration-processor:${project.'springbootVersion'}"
 
-    runtimeOnly "org.bouncycastle:bcprov-jdk15on:1.70"
-    runtimeOnly "org.bouncycastle:bcprov-ext-jdk15on:1.70"
-    runtimeOnly "org.bouncycastle:bcutil-jdk15on:1.70"
-    runtimeOnly "org.bouncycastle:bcpkix-jdk15on:1.70"
+    // signature and encryption
+    runtimeOnly "org.bouncycastle:bcprov-jdk18on:1.72"
+    runtimeOnly "org.bouncycastle:bcprov-ext-jdk18on:1.72"
+    runtimeOnly "org.bouncycastle:bcutil-jdk18on:1.72"
+    runtimeOnly "org.bouncycastle:bcpkix-jdk18on:1.72"
+
     // DB drivers
     runtimeOnly "org.postgresql:postgresql:${project.'postgresVersion'}"
     runtimeOnly "org.mariadb.jdbc:mariadb-java-client:${project.'mariadbVersion'}"
@@ -170,7 +176,9 @@ dependencies {
         integrationTestImplementation "net.shibboleth.idp:${it}:${project.'shibbolethVersion'}"
     }
 
+    implementation "net.shibboleth.ext:spring-extensions:${project.'shibExtSpringExtensionsVersion'}"
     implementation "net.shibboleth.oidc:oidc-common-saml-api:${project.'shibOIDCVersion'}"
+    implementation "net.shibboleth.utilities:java-support:${project.'shibUtilitiesJavaSupportVersion'}"
 
     // hibernate deps
     ['hibernate-core'].each {
@@ -277,12 +285,14 @@ dependencies {
 
     integrationTestImplementation sourceSets.main.output
     integrationTestImplementation configurations.compile
+    integrationTestImplementation "net.shibboleth.ext:spring-extensions:${project.'shibExtSpringExtensionsVersion'}"
     integrationTestImplementation "net.shibboleth.oidc:oidc-common-saml-api:${project.'shibOIDCVersion'}"
+    integrationTestImplementation "net.shibboleth.utilities:java-support:${project.'shibUtilitiesJavaSupportVersion'}"
     integrationTestImplementation "org.hibernate:hibernate-envers:${project.'hibernateVersion'}"
     integrationTestImplementation "com.opencsv:opencsv:${project.'opencsvVersion'}", {
         exclude group: 'commons-collections'
     }
-    integrationTestImplementation 'com.saucelabs:sebuilder-interpreter:1.0.6'
+    integrationTestImplementation "com.saucelabs:sebuilder-interpreter:1.0.6"
     integrationTestImplementation "jp.vmi:selenese-runner-java:${project.'seleneseRunnerVersion'}"
     integrationTestImplementation "org.seleniumhq.selenium:selenium-http-jdk-client:4.8.3"
 

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy

@@ -700,6 +700,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                             break
                     }
                     target.setRules(rules)
+                    target.initialize()
                     metadataFilters.add(target)
                 }
                 if (metadataFilter instanceof NameIdFormatFilter) {

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConfiguration.java

@@ -7,8 +7,8 @@
 import edu.internet2.tier.shibboleth.admin.ui.service.IndexWriterService;
 import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverConverterService;
 import edu.internet2.tier.shibboleth.admin.util.TokenPlaceholderResolvers;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.resolver.ResolverException;
 import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
 import org.opensaml.saml.metadata.resolver.MetadataResolver;
 import org.slf4j.Logger;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java

@@ -9,7 +9,7 @@
 import io.swagger.v3.oas.annotations.tags.Tags;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.shared.resolver.ResolverException;
 import org.apache.http.client.utils.DateUtils;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersController.java

@@ -15,7 +15,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.tags.Tags;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.shared.component.ComponentInitializationException;
 import net.shibboleth.utilities.java.support.scripting.EvaluableScript;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -261,16 +261,8 @@ private void validateScriptFilterOrThrowScriptException(MetadataFilter metadataF
         }
         if (EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT != ((EntityAttributesFilter) metadataFilter).getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType()) {
             return;
-        } try {
-            EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter;
-            EvaluableScript es = new EvaluableScript();
-            es.setScript(entityAttributesFilter.getEntityAttributesFilterTarget().getValue().get(0));
-            es.initialize();
-        }
-        catch (Exception ex) {
-            if (ex instanceof ComponentInitializationException) {
-                throw new ScriptException(ex);
-            }
         }
+        EntityAttributesFilter entityAttributesFilter = (EntityAttributesFilter) metadataFilter;
+        new EvaluableScript(entityAttributesFilter.getEntityAttributesFilterTarget().getValue().get(0));
     }
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java

@@ -19,8 +19,8 @@
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.tags.Tags;
 import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.resolver.ResolverException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractXMLObject.java

@@ -5,13 +5,14 @@
 import jakarta.persistence.InheritanceType;
 import jakarta.persistence.Transient;
 import lombok.EqualsAndHashCode;
-import net.shibboleth.utilities.java.support.collection.LockableClassToInstanceMultiMap;
+import net.shibboleth.shared.collection.LockableClassToInstanceMultiMap;
 import net.shibboleth.utilities.java.support.xml.QNameSupport;
 import org.hibernate.envers.AuditOverride;
 import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.Namespace;
 import org.opensaml.core.xml.NamespaceManager;
 import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.XMLRuntimeException;
 import org.opensaml.core.xml.schema.XSBooleanValue;
 import org.opensaml.core.xml.util.IDIndex;
 import org.w3c.dom.Element;
@@ -22,7 +23,6 @@
 import java.util.List;
 import java.util.Set;
 
-
 /**
  * This covers both SAMLObject and XMLObject
  */
@@ -41,15 +41,25 @@ public abstract class AbstractXMLObject extends AbstractAuditable implements XML
     private String schemaTypeElementLocalName;
     private String schemaTypeNamespacePrefix;
 
-    //TODO all this class
-
     public void detach() {
-
     }
 
     @Transient
     private transient Element dom;
 
+    /**
+     * copied from org.opensaml.core.xml.AbstractXMLObject
+     * @since OpenSAML 5.0.0
+     */
+    @Nonnull
+    @Override
+    public Element ensureDOM() {
+        if (dom != null) {
+            return dom;
+        }
+        throw new XMLRuntimeException("DOM was null");
+    }
+
     @Nullable
     public Element getDOM() {
         return this.dom;
@@ -225,6 +235,7 @@ public void setNil(@Nullable XSBooleanValue xsBooleanValue) {
     private transient final LockableClassToInstanceMultiMap<Object> objectMetadata = new LockableClassToInstanceMultiMap<>(true);
 
     @Nonnull
+    @Override
     public LockableClassToInstanceMultiMap<Object> getObjectMetadata() {
         return objectMetadata;
     }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AttributeConsumingService.java

@@ -38,12 +38,12 @@ public class AttributeConsumingService extends AbstractXMLObject implements org.
     private List<RequestedAttribute> requestedAttributes = new ArrayList<>();
 
     @Override
-    public int getIndex() {
+    public Integer getIndex() {
         return acsIndex;
     }
 
     @Override
-    public void setIndex(int index) {
+    public void setIndex(Integer index) {
         this.acsIndex = index;
     }
 

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptorResolver.java

@@ -2,8 +2,8 @@
 
 import jakarta.persistence.Entity;
 import lombok.EqualsAndHashCode;
-import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import net.shibboleth.shared.resolver.CriteriaSet;
+import net.shibboleth.shared.resolver.ResolverException;
 import org.opensaml.saml.saml2.metadata.RoleDescriptor;
 
 import javax.annotation.Nonnull;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/opensaml/OpenSamlNameIdFormatFilter.java

@@ -1,7 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml;
 
+import net.shibboleth.shared.component.ComponentSupport;
 import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
-import net.shibboleth.utilities.java.support.component.ComponentSupport;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.saml.common.SAMLObjectBuilder;
@@ -34,8 +34,7 @@ public class OpenSamlNameIdFormatFilter extends NameIDFormatFilter {
 
     public OpenSamlNameIdFormatFilter() {
         formatBuilder = (SAMLObjectBuilder<NameIDFormat>)
-                XMLObjectProviderRegistrySupport.getBuilderFactory().<NameIDFormat>getBuilderOrThrow(
-                        NameIDFormat.DEFAULT_ELEMENT_NAME);
+                XMLObjectProviderRegistrySupport.getBuilderFactory().<NameIDFormat>ensureBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME);
     }
 
     @Override

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlChainingMetadataResolver.java

@@ -2,11 +2,12 @@
 
 import com.google.common.base.Predicates;
 import com.google.common.collect.Collections2;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.component.ComponentSupport;
+import net.shibboleth.shared.component.InitializableComponent;
+import net.shibboleth.shared.resolver.CriteriaSet;
+import net.shibboleth.shared.resolver.ResolverException;
 import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.component.ComponentSupport;
-import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
 import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
 import org.opensaml.saml.metadata.resolver.MetadataResolver;
 import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
@@ -23,7 +24,7 @@
 /**
  * @author Bill Smith (wsmith@unicon.net)
  */
-public class OpenSamlChainingMetadataResolver extends ChainingMetadataResolver {
+public class OpenSamlChainingMetadataResolver extends ChainingMetadataResolver implements InitializableComponent {
     @Nonnull private final Logger log = LoggerFactory.getLogger(OpenSamlChainingMetadataResolver.class);
 
     @Nonnull @NonnullElements private List<MetadataResolver> mutableResolvers;
@@ -55,6 +56,7 @@ public List<MetadataResolver> getResolvers() {
 
     @Override
     @Nonnull public Iterable<EntityDescriptor> resolve(@Nullable final CriteriaSet criteria) throws ResolverException {
+        //noinspection removal
         ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
         //Our overridden method uses a collection of mutable resolvers instead of regular resolvers
         for (final MetadataResolver resolver : mutableResolvers) {
@@ -90,4 +92,4 @@ public void refresh() throws ResolverException {
             }
         }
     }
-}
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFileBackedHTTPMetadataResolver.java

@@ -1,11 +1,11 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml;
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
-import net.shibboleth.utilities.java.support.xml.ParserPool;
-import org.apache.http.HttpResponse;
-import org.apache.http.impl.client.HttpClients;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.resolver.ResolverException;
+import net.shibboleth.shared.xml.ParserPool;
+import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.core5.http.ClassicHttpResponse;
 import org.apache.lucene.index.IndexWriter;
 import org.opensaml.saml.metadata.resolver.filter.FilterException;
 import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
@@ -22,21 +22,14 @@
 import static edu.internet2.tier.shibboleth.admin.util.DurationUtility.toPositiveNonZeroDuration;
 import static edu.internet2.tier.shibboleth.admin.util.TokenPlaceholderResolvers.placeholderResolverService;
 
-/**
- * @author Bill Smith (wsmith@unicon.net)
- */
 public class OpenSamlFileBackedHTTPMetadataResolver extends FileBackedHTTPMetadataResolver implements Refilterable {
-
     private static final Logger logger = LoggerFactory.getLogger(OpenSamlFileBackedHTTPMetadataResolver.class);
 
+    private OpenSamlMetadataResolverDelegate delegate;
     private IndexWriter indexWriter;
     private FileBackedHttpMetadataResolver sourceResolver;
 
-    private OpenSamlMetadataResolverDelegate delegate;
-
-    public OpenSamlFileBackedHTTPMetadataResolver(ParserPool parserPool,
-                                                  IndexWriter indexWriter,
-                    FileBackedHttpMetadataResolver sourceResolver) throws ResolverException {
+    public OpenSamlFileBackedHTTPMetadataResolver(ParserPool parserPool, IndexWriter indexWriter, FileBackedHttpMetadataResolver sourceResolver) throws ResolverException {
         super(HttpClients.createMinimal(), sourceResolver.getMetadataURL(), sourceResolver.getBackingFile());
         this.indexWriter = indexWriter;
         this.sourceResolver = sourceResolver;
@@ -72,23 +65,19 @@ public Instant getLastRefresh() {
 
     // TODO: this is still probably not the best way to do this?
     @Override
-    protected void processConditionalRetrievalHeaders(HttpResponse response) {
+    protected void processConditionalRetrievalHeaders(ClassicHttpResponse response) {
         // let's do nothing 'cause we want to allow a refresh
     }
 
     @Override
     protected void initMetadataResolver() throws ComponentInitializationException {
         super.initMetadataResolver();
-
-
-        delegate.addIndexedDescriptorsFromBackingStore(this.getBackingStore(),
-                                                       this.sourceResolver.getResourceId(),
-                                                       indexWriter);
+        delegate.addIndexedDescriptorsFromBackingStore(this.getBackingStore(), this.sourceResolver.getResourceId(), indexWriter);
     }
 
     @Nonnull
     @Override
-    protected BatchEntityBackingStore getBackingStore() {
+    protected EntityBackingStore getBackingStore() {
         if (super.getBackingStore() == null) {
             super.setBackingStore(super.createNewBackingStore());
         }
@@ -100,7 +89,7 @@ protected BatchEntityBackingStore getBackingStore() {
      */
     public void refilter() {
         try {
-            this.getBackingStore().setCachedFilteredMetadata(filterMetadata(getCachedOriginalMetadata()));
+            ((BatchEntityBackingStore)this.getBackingStore()).setCachedFilteredMetadata(filterMetadata(getCachedOriginalMetadata()));
         } catch (FilterException e) {
             logger.error("An error occurred while attempting to filter metadata!", e);
         }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFilesystemMetadataResolver.java

@@ -1,8 +1,8 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml;
 
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
-import net.shibboleth.utilities.java.support.xml.ParserPool;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.resolver.ResolverException;
+import net.shibboleth.shared.xml.ParserPool;
 import org.apache.lucene.index.IndexWriter;
 import org.opensaml.saml.metadata.resolver.filter.FilterException;
 import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
@@ -15,16 +15,12 @@
 import java.io.File;
 import java.time.Instant;
 
-/**
- * @author Bill Smith (wsmith@unicon.net)
- */
 public class OpenSamlFilesystemMetadataResolver extends FilesystemMetadataResolver implements Refilterable {
-
     private static final Logger logger = LoggerFactory.getLogger(OpenSamlFilesystemMetadataResolver.class);
 
+    private OpenSamlMetadataResolverDelegate delegate;
     private IndexWriter indexWriter;
     private edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FilesystemMetadataResolver sourceResolver;
-    private OpenSamlMetadataResolverDelegate delegate;
 
     public OpenSamlFilesystemMetadataResolver(ParserPool parserPool,
                                               IndexWriter indexWriter,
@@ -70,7 +66,7 @@ protected void initMetadataResolver() throws ComponentInitializationException {
 
     @Nonnull
     @Override
-    protected BatchEntityBackingStore getBackingStore() {
+    protected EntityBackingStore getBackingStore() {
         if (super.getBackingStore() == null) {
             super.setBackingStore(super.createNewBackingStore());
         }
@@ -82,7 +78,7 @@ protected BatchEntityBackingStore getBackingStore() {
      */
     public void refilter() {
         try {
-            this.getBackingStore().setCachedFilteredMetadata(filterMetadata(getCachedOriginalMetadata()));
+            ((BatchEntityBackingStore)this.getBackingStore()).setCachedFilteredMetadata(filterMetadata(getCachedOriginalMetadata()));
         } catch (FilterException e) {
             logger.error("An error occurred while attempting to filter metadata!", e);
         }