Merge branch 'master' into SHIBUI-782

TIER · Aug 25, 2018 · 5751aa0 · 5751aa0
2 parents 40d15f8 + b71bddd
commit 5751aa0
Show file tree

Hide file tree

Showing 44 changed files with 1,128 additions and 180 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -60,7 +60,7 @@ dependencies {
     }
 
     // shibboleth idp deps
-    [].each {
+    ['idp-profile-spring', 'idp-profile-api'].each {
         compile "net.shibboleth.idp:${it}:${project.'shibboleth.version'}"
     }
 
@@ -106,7 +106,7 @@ dependencies {
     testCompile "org.xmlunit:xmlunit-core:2.5.1"
     testRuntime 'cglib:cglib-nodep:3.2.5'
 
-    testCompile "net.shibboleth.ext:spring-extensions:5.4.0-SNAPSHOT"
+    compile "net.shibboleth.ext:spring-extensions:5.4.0-SNAPSHOT"
 
     //JSON schema generator
     testCompile 'com.kjetland:mbknor-jackson-jsonschema_2.12:1.0.29'

diff --git a/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -16,7 +16,9 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverReposit
 import groovy.util.logging.Slf4j
 import groovy.xml.DOMBuilder
 import groovy.xml.MarkupBuilder
+import net.shibboleth.utilities.java.support.logic.ScriptedPredicate
 import net.shibboleth.utilities.java.support.resolver.ResolverException
+import net.shibboleth.utilities.java.support.scripting.EvaluableScript
 import org.opensaml.saml.common.profile.logic.EntityIdPredicate
 import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver
 import org.opensaml.saml.metadata.resolver.MetadataResolver
@@ -28,6 +30,8 @@ import org.opensaml.saml.saml2.metadata.EntityDescriptor
 import org.springframework.beans.factory.annotation.Autowired
 import org.w3c.dom.Document
 
+import javax.annotation.Nonnull
+
 import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.CLASSPATH
 import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.SVN
 
@@ -64,11 +68,24 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
 
                     org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
                     Map<Predicate<EntityDescriptor>, Collection<Attribute>> rules = new HashMap<>()
-                    if (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType() == EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY) {
-                        rules.put(
-                                new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
-                                (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes()
-                        )
+                    switch (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType()) {
+                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY:
+                            rules.put(
+                                    new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
+                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes()
+                            )
+                            break
+                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT:
+                            rules.put(new ScriptedPredicate(new EvaluableScript(entityAttributesFilter.entityAttributesFilterTarget.value[0])),
+                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
+                            break
+                        case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX:
+                            rules.put(new ScriptedPredicate(new EvaluableScript(generateJavaScriptRegexScript(entityAttributesFilter.entityAttributesFilterTarget.value[0]))),
+                                    (List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
+                            break
+                        default:
+                            // do nothing, we'd have exploded elsewhere previously.
+                            break
                     }
                     target.setRules(rules)
                     metadataFilters.add(target)
@@ -86,6 +103,12 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+    private class ScriptedPredicate extends net.shibboleth.utilities.java.support.logic.ScriptedPredicate<EntityDescriptor> {
+        protected ScriptedPredicate(@Nonnull EvaluableScript theScript) {
+            super(theScript)
+        }
+    }
+
     // TODO: enhance
     @Override
     Document generateConfiguration() {
@@ -146,15 +169,44 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
             filter.attributes.each { attribute ->
                 mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(attribute, false))
             }
-            if (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType == EntityAttributesFilterTarget
-                    .EntityAttributesFilterTargetType.ENTITY) {
-                filter.entityAttributesFilterTarget.value.each {
-                    Entity(it)
-                }
+            switch (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType) {
+                case EntityAttributesFilterTarget
+                        .EntityAttributesFilterTargetType.ENTITY:
+                    filter.entityAttributesFilterTarget.value.each {
+                        Entity(it)
+                    }
+                    break
+                case EntityAttributesFilterTarget
+                        .EntityAttributesFilterTargetType.CONDITION_SCRIPT:
+                case EntityAttributesFilterTarget
+                        .EntityAttributesFilterTargetType.REGEX:
+                    ConditionScript() {
+                        Script() {
+                            def script
+                            if (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType ==
+                                    EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT) {
+                                script = filter.entityAttributesFilterTarget.value[0]
+                            } else if (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType ==
+                                    EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX) {
+                                script = generateJavaScriptRegexScript(filter.entityAttributesFilterTarget.value[0])
+                            }
+                            mkp.yieldUnescaped("\n<![CDATA[\n${script}\n]]>\n")
+                        }
+                    }
+                    break
+                default:
+                    // do nothing, we'd have exploded elsewhere previously.
+                    break
             }
         }
     }
 
+    private String generateJavaScriptRegexScript(String regex) {
+        return """
+    "use strict";
+    ${regex}.test(input.getEntityID());\n"""
+    }
+
     void constructXmlNodeForFilter(EntityRoleWhiteListFilter filter, def markupBuilderDelegate) {
         markupBuilderDelegate.MetadataFilter(
                 'xsi:type': 'EntityRoleWhiteList',

diff --git a/...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -1,6 +1,5 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration;
 
-import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityIdsSearchResultRepresentation;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
@@ -11,6 +10,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityIdsSearchService;
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityIdsSearchServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FilterService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FilterTargetService;
@@ -24,13 +24,6 @@
 import edu.internet2.tier.shibboleth.admin.util.AttributeUtility;
 import edu.internet2.tier.shibboleth.admin.util.LuceneUtility;
 import org.apache.lucene.analysis.Analyzer;
-import org.apache.lucene.document.Document;
-import org.apache.lucene.index.IndexReader;
-import org.apache.lucene.queryparser.classic.ParseException;
-import org.apache.lucene.queryparser.classic.QueryParser;
-import org.apache.lucene.search.IndexSearcher;
-import org.apache.lucene.search.ScoreDoc;
-import org.apache.lucene.search.TopDocs;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -46,9 +39,6 @@
 import org.springframework.web.util.UrlPathHelper;
 
 import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
 
 @Configuration
 public class CoreShibUiConfiguration {
@@ -92,44 +82,20 @@ public AttributeUtility attributeUtility() {
         return new AttributeUtility(openSamlObjects());
     }
 
-    @Autowired
-    Analyzer fullTokenAnalyzer;
-
-    @Autowired
-    DirectoryService directoryService;
-
     @Autowired
     LocaleResolver localeResolver;
 
     @Autowired
     ResourceBundleMessageSource messageSource;
 
-    @Autowired
-    LuceneUtility luceneUtility;
-
     @Bean
     public EntityDescriptorFilesScheduledTasks entityDescriptorFilesScheduledTasks(EntityDescriptorRepository entityDescriptorRepository) {
         return new EntityDescriptorFilesScheduledTasks(this.metadataDir, entityDescriptorRepository, openSamlObjects());
     }
 
     @Bean
-    public EntityIdsSearchService entityIdsSearchService() {
-        return (resourceId, term, limit) -> {
-            List<String> entityIds = new ArrayList<>();
-            try {
-                IndexReader indexReader = luceneUtility.getIndexReader(resourceId);
-                IndexSearcher searcher = new IndexSearcher(indexReader);
-                QueryParser parser = new QueryParser("content", fullTokenAnalyzer);
-                TopDocs topDocs = searcher.search(parser.parse(term.trim()), limit);
-                for (ScoreDoc scoreDoc : topDocs.scoreDocs) {
-                    Document document = searcher.doc(scoreDoc.doc);
-                    entityIds.add(document.get("id"));
-                }
-            } catch (IOException | ParseException e) {
-                logger.error(e.getMessage(), e);
-            }
-            return new EntityIdsSearchResultRepresentation(entityIds);
-        };
+    public EntityIdsSearchService entityIdsSearchService(LuceneUtility luceneUtility, Analyzer fullTokenAnalyzer) {
+        return new EntityIdsSearchServiceImpl(luceneUtility, fullTokenAnalyzer);
     }
 
     @Bean
@@ -199,7 +165,7 @@ public DirectoryService directoryService() {
     }
 
     @Bean
-    public LuceneUtility luceneUtility() {
-        return new LuceneUtility();
+    public LuceneUtility luceneUtility(DirectoryService directoryService) {
+        return new LuceneUtility(directoryService);
     }
 }
diff --git a/...a/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConfiguration.java b/...a/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConfiguration.java
@@ -1,29 +1,20 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
 import edu.internet2.tier.shibboleth.admin.ui.service.IndexWriterService;
+import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverConverterService;
 import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
 import net.shibboleth.utilities.java.support.resolver.ResolverException;
-import org.apache.http.HttpResponse;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.lucene.document.Document;
-import org.apache.lucene.document.Field;
-import org.apache.lucene.document.StringField;
-import org.apache.lucene.document.TextField;
-import org.apache.lucene.index.IndexWriter;
-import org.joda.time.DateTime;
 import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
 import org.opensaml.saml.metadata.resolver.MetadataResolver;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
-import org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import javax.annotation.Nullable;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
@@ -44,70 +35,24 @@ public class MetadataResolverConfiguration {
     @Autowired
     MetadataResolverRepository metadataResolverRepository;
 
+    @Autowired
+    MetadataResolverConverterService metadataResolverConverterService;
+
     @Bean
     public MetadataResolver metadataResolver() throws ResolverException, ComponentInitializationException {
-        ChainingMetadataResolver metadataResolver = new ChainingMetadataResolver();
+        ChainingMetadataResolver metadataResolver = new OpenSamlChainingMetadataResolver();
         metadataResolver.setId("chain");
 
         List<MetadataResolver> resolvers = new ArrayList<>();
 
-        String incommonMRId = "incommonmd";
-        // TODO: remove this later when we allow for creation of arbitrary metadata resolvers
-        FileBackedHTTPMetadataResolver incommonMR = new FileBackedHTTPMetadataResolver(HttpClients.createMinimal(), "http://md.incommon.org/InCommon/InCommon-metadata.xml", "/tmp/incommonmd.xml"){
-            @Override
-            protected void initMetadataResolver() throws ComponentInitializationException {
-                super.initMetadataResolver();
-
-                IndexWriter indexWriter;
-                try {
-                    indexWriter = indexWriterService.getIndexWriter(incommonMRId);
-                } catch (IOException e) {
-                    throw new ComponentInitializationException(e);
-                }
-
-                for (String entityId: this.getBackingStore().getIndexedDescriptors().keySet()) {
-
-                    Document document = new Document();
-                    document.add(new StringField("id", entityId, Field.Store.YES));
-                    document.add(new TextField("content", entityId, Field.Store.YES)); // TODO: change entityId to be content of entity descriptor block
-                    try {
-                        indexWriter.addDocument(document);
-                    } catch (IOException e) {
-                        logger.error(e.getMessage(), e);
-                    }
-                }
-                try {
-                    indexWriter.commit();
-                } catch (IOException e) {
-                    throw new ComponentInitializationException(e);
-                }
-            }
-
-            // TODO: this is probably not the best way to do this
-            @Nullable
-            @Override
-            public DateTime getLastRefresh() {
-                return null;
-            }
-
-            // TODO: this is probably not the best way to do this
-            @Override
-            protected void processConditionalRetrievalHeaders(HttpResponse response) {
-                // let's do nothing 'cause we want to allow a refresh
+        Iterable<edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver> persistedResolvers = metadataResolverRepository.findAll();
+        for (edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver resolver : persistedResolvers) {
+            try {
+                MetadataResolver openSamlResolver = metadataResolverConverterService.convertToOpenSamlRepresentation(resolver);
+                resolvers.add(openSamlResolver);
+            } catch (IOException e) {
+                //TODO: do something interesting here?
             }
-        };
-        incommonMR.setId(incommonMRId);
-        incommonMR.setParserPool(openSamlObjects.getParserPool());
-        incommonMR.setMetadataFilter(new MetadataFilterChain());
-        incommonMR.initialize();
-
-
-        resolvers.add(incommonMR);
-
-        if (!metadataResolverRepository.findAll().iterator().hasNext()) {
-            edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr = new edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver();
-            mr.setName("incommonmd");
-            metadataResolverRepository.save(mr);
         }
 
         metadataResolver.setResolvers(resolvers);