SHIBUI-2268

Fixing broken enhancements

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy

@@ -104,7 +104,8 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                 'xmlns:security': 'urn:mace:shibboleth:2.0:security',
                 'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion',
                 'xmlns:xenc11': 'http://www.w3.org/2009/xmlenc11#',
-                'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport'
+                'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport',
+                'xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#'
         ) {
             filter.unknownXMLObjects.each { xmlObject ->
                 {

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java

@@ -6,7 +6,10 @@
 import lombok.Setter;
 import lombok.ToString;
 import org.hibernate.envers.Audited;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.xmlsec.encryption.AlgorithmIdentifierType;
 
+import javax.annotation.Nullable;
 import javax.persistence.Entity;
 
 @Entity
@@ -15,6 +18,19 @@
 @Setter
 @ToString
 @EqualsAndHashCode(callSuper = true)
-public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject {
+public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject implements AlgorithmIdentifierType {
     private String algorithm;
+
+    @Nullable
+    @Override
+    public XMLObject getParameters() {
+        // implement?
+        return null;
+    }
+
+    @Override
+    public void setParameters(@Nullable final XMLObject newParameters) {
+        // do nothing?
+    }
+
 }

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy

@@ -6,7 +6,7 @@ class JPAXMLObjectProviderInitializerForTest extends AbstractXMLObjectProviderIn
     @Override
     protected String[] getConfigResources() {
         return new String[]{
-                "/jpa-saml2-metadata-config.xml", "jpa-saml2-metadata-algorithm-config.xml", "jpa-saml2-metadata-ds-config.xml"
+                "/jpa-saml2-metadata-config.xml", "jpa-saml2-metadata-algorithm-config.xml", "jpa-encryption-config.xml", "jpa-signature-config.xml"
         }
     }
 }

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy

@@ -4,11 +4,18 @@ package edu.internet2.tier.shibboleth.admin.ui.service
 import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest
 import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.AlgorithmDigestMethod
+import edu.internet2.tier.shibboleth.admin.ui.domain.EncryptionMethod
+import edu.internet2.tier.shibboleth.admin.ui.domain.SignatureDigestMethod
+import edu.internet2.tier.shibboleth.admin.ui.domain.SigningMethod
+import edu.internet2.tier.shibboleth.admin.ui.domain.XSString
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.Entity
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.MGF
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm.PRF
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver
@@ -19,6 +26,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.SvnMetadataResour
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
+import edu.internet2.tier.shibboleth.admin.ui.opensaml.config.JPAXMLObjectProviderInitializerForTest
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
 import edu.internet2.tier.shibboleth.admin.ui.util.TestObjectGenerator
 import edu.internet2.tier.shibboleth.admin.util.AttributeUtility
@@ -48,7 +56,6 @@ import java.time.Instant
 
 import static edu.internet2.tier.shibboleth.admin.ui.util.TestHelpers.generatedXmlIsTheSameAsExpectedXml
 
-@ContextConfiguration(classes=[ JPAMRSIConfig, PlaceholderResolverComponentsConfiguration ])
 @ContextConfiguration(classes=[ JPAMRSIConfig, PlaceholderResolverComponentsConfiguration, JPAXMLObjectProviderInitializerForTest ])
 class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest {
 
@@ -217,9 +224,12 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest {
         filter.addUnknownXMLObject(encryptionMethod)
 
         EncryptionMethod encryptionMethod2 = getEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep")
-//        MGF mgf = new MGF()
-//        mgf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256")
-//        encryptionMethod2.addUnknownXMLObject(mgf)
+        MGF mgf = new MGF()
+        mgf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256")
+        encryptionMethod2.addUnknownXMLObject(mgf)
+        PRF prf = new PRF()
+        prf.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha384")
+        encryptionMethod2.addUnknownXMLObject(prf)
         SignatureDigestMethod dm = getSignatureDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256")
         encryptionMethod2.addUnknownXMLObject(dm)
         filter.addUnknownXMLObject(encryptionMethod2)

backend/src/test/resources/conf/2268-complex.xml

@@ -1,36 +1,29 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                  id="ShibbolethMetadata"
-                  xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
-                                      urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
-                                      urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
-                                      urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
-                                      urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"
+<MetadataProvider id="ShibbolethMetadata"
+                  xmlns="urn:mace:shibboleth:2.0:metadata"
+                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                  xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"
                   xsi:type="ChainingMetadataProvider">
-    <MetadataFilter xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    <MetadataFilter xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
+                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                     xmlns:security="urn:mace:shibboleth:2.0:security"
                     xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
-                    xmlns:ds="http://www.w3.org/2000/09/xmldsig"
-                    xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
-                    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
-                                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
-                                        urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
-                                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
-                                        urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
-                                        http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
-                                        http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd
-                                        http://www.w3.org/2000/09/xmldsig https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"
+                    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd"
                     xsi:type="Algorithm">
+
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
         <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
             <xenc11:MGF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256"/>
+            <xenc11:PRF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha384"/>
             <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
         </md:EncryptionMethod>
 
-        <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+        <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha51"/>
         <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
 
-        <Entity>https://sp2.example.org</Entity>
+        <Entity>https://broken.example.org/sp</Entity>
+
     </MetadataFilter>
 </MetadataProvider>

backend/src/test/resources/conf/2268-simple.xml

@@ -1,25 +1,22 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                  id="ShibbolethMetadata"
-                  xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
-                                      urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
-                                      urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
-                                      urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
-                                      urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"
+<MetadataProvider id="ShibbolethMetadata"
+                  xmlns="urn:mace:shibboleth:2.0:metadata"
+                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                  xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd"
                   xsi:type="ChainingMetadataProvider">
-    <MetadataFilter xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
-                    xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
-                    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
-                                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
-                                        urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
-                                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
-                                        urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
-                                        http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
-                                        http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd"
+    <MetadataFilter xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
+                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+                    xmlns:security="urn:mace:shibboleth:2.0:security"
+                    xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
+                    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd"
                     xsi:type="Algorithm">
+
         <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
 
         <Entity>https://broken.example.org/sp</Entity>
         <Entity>https://also-broken.example.org/sp</Entity>
+
     </MetadataFilter>
 </MetadataProvider>