SHIBUI-2268

intermediate update (non-passing tests / working code)
TIER · Jul 22, 2022 · 5abc51a · 5abc51a
1 parent 644508d
commit 5abc51a
Show file tree

Hide file tree

Showing 21 changed files with 407 additions and 29 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -331,6 +331,12 @@ task generateSources {
                 processLine(it['@className'].toString(), 'src/main/templates/AlgorithmBuilderTemplate.java')
             }
         }
+
+        new XmlSlurper().parse(file('src/main/resources/jpa-saml2-metadata-ds-config.xml')).with { builders ->
+            builders.ObjectProviders.ObjectProvider.BuilderClass.each {
+                processLine(it['@className'].toString(), 'src/main/templates/SignatureBuilderTemplate.java')
+            }
+        }
     }
 }
 

diff --git a/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -97,11 +97,13 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         markupBuilderDelegate.MetadataFilter(
                 'xsi:type': 'Algorithm',
                 'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
-                'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd',
+                'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:metadata:algsupport https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd http://www.w3.org/2000/09/xmldsig# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd http://www.w3.org/2009/xmlenc11# https://www.w3.org/TR/xmlenc-core1/xenc-schema-11.xsd',
                 'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
                 'xmlns': 'urn:mace:shibboleth:2.0:metadata',
                 'xmlns:security': 'urn:mace:shibboleth:2.0:security',
-                'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion'
+                'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion',
+                'xmlns:xenc11': 'http://www.w3.org/2009/xmlenc11#',
+                'xmlns:alg': 'urn:oasis:names:tc:SAML:metadata:algsupport'
         ) {
             filter.unknownXMLObjects.each { xmlObject ->
                 {

diff --git a/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java b/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AlgorithmDigestMethod.java
@@ -0,0 +1,29 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.EqualsAndHashCode;
+
+import javax.annotation.Nullable;
+import javax.persistence.Entity;
+
+@Entity(name = "DigestMethod") // for backwards compatibility instead of dealing with renaming the table
+@EqualsAndHashCode(callSuper = true)
+public class AlgorithmDigestMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.DigestMethod {
+    private String algorithm;
+
+    public AlgorithmDigestMethod() {}
+
+    public AlgorithmDigestMethod(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    @Nullable
+    @Override
+    public String getAlgorithm() {
+        return this.algorithm;
+    }
+
+    @Override
+    public void setAlgorithm(@Nullable String value) {
+        this.algorithm = value;
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/EncryptionMethod.java
@@ -2,12 +2,14 @@
 
 import lombok.EqualsAndHashCode;
 import org.hibernate.envers.Audited;
+import org.opensaml.core.xml.XMLObject;
 import org.opensaml.xmlsec.encryption.KeySize;
 import org.opensaml.xmlsec.encryption.OAEPparams;
 
 import javax.annotation.Nullable;
 import javax.persistence.Embedded;
 import javax.persistence.Entity;
+import java.util.List;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
@@ -16,12 +18,9 @@ public class EncryptionMethod extends AbstractElementExtensibleXMLObject impleme
 
     private String algorithm;
 
-    @Embedded
-    private KeySize keySize;
-
-    @Embedded
-    private OAEPparams oaePparams;
+    @Embedded private KeySize keySize;
 
+    @Embedded private OAEPparams oaePparams;
 
     @Nullable
     @Override
@@ -56,5 +55,8 @@ public void setOAEPparams(@Nullable org.opensaml.xmlsec.encryption.OAEPparams oa
         this.oaePparams = oaePparams;
     }
 
-
+    @Override
+    public List<XMLObject> getOrderedChildren() {
+        return this.getUnknownXMLObjects();
+    }
 }
diff --git a/...bboleth/admin/ui/domain/DigestMethod.java → ...dmin/ui/domain/SignatureDigestMethod.java b/...bboleth/admin/ui/domain/DigestMethod.java → ...dmin/ui/domain/SignatureDigestMethod.java
@@ -1,18 +1,19 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.opensaml.xmlsec.signature.DigestMethod;
 
 import javax.annotation.Nullable;
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
-public class DigestMethod extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2alg.DigestMethod {
+public class SignatureDigestMethod extends AbstractElementExtensibleXMLObject implements DigestMethod {
     private String algorithm;
 
-    public DigestMethod() {}
+    public SignatureDigestMethod() {}
 
-    public DigestMethod(String algorithm) {
+    public SignatureDigestMethod(String algorithm) {
         this.algorithm = algorithm;
     }
 
@@ -26,4 +27,4 @@ public String getAlgorithm() {
     public void setAlgorithm(@Nullable String value) {
         this.algorithm = value;
     }
-}
+}
diff --git a/...t2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java b/...t2/tier/shibboleth/admin/ui/domain/filters/algorithm/AbstractAlgorithmIdentifierType.java
@@ -0,0 +1,20 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public abstract class AbstractAlgorithmIdentifierType extends AbstractXMLObject {
+    private String algorithm;
+}
diff --git a/...src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java b/...src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/Entity.java
@@ -1,13 +1,24 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm;
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.AbstractXMLObject;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
 
 import javax.annotation.Nullable;
 
+@javax.persistence.Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
 public class Entity extends AbstractXMLObject implements org.opensaml.core.xml.schema.XSString {
     private String uri;
 
-    private Entity(){
+    public Entity(){
         setElementLocalName("Entity");
     }
 

diff --git a/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java b/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/MGF.java
@@ -0,0 +1,24 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
+
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public class MGF extends AbstractAlgorithmIdentifierType {
+    public MGF() {
+        setElementLocalName("MGF");
+        setNamespaceURI(EncryptionConstants.XMLENC11_NS);
+        setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX);
+    }
+}
diff --git a/...ain/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java b/...ain/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/OtherSource.java
@@ -0,0 +1,26 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
+
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public class OtherSource extends AbstractAlgorithmIdentifierType {
+    public OtherSource() {
+        {
+            setElementLocalName("OtherSource");
+            setNamespaceURI(EncryptionConstants.XMLENC11_NS);
+            setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX);
+        }
+    }
+}
diff --git a/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java b/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/algorithm/PRF.java
@@ -0,0 +1,24 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.filters.algorithm;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.envers.Audited;
+import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
+
+import javax.persistence.Entity;
+
+@Entity
+@Audited
+@Getter
+@Setter
+@ToString
+@EqualsAndHashCode(callSuper = true)
+public class PRF extends AbstractAlgorithmIdentifierType {
+    public PRF() {
+        setElementLocalName("PRF");
+        setNamespaceURI(EncryptionConstants.XMLENC11_NS);
+        setNamespacePrefix(EncryptionConstants.XMLENC11_PREFIX);
+    }
+}
diff --git a/...u/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java b/...u/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java
@@ -15,10 +15,11 @@ protected String[] getConfigResources() {
                 "/jpa-saml2-metadata-ui-config.xml",
                 "/jpa-signature-config.xml",
                 "/jpa-saml2-metadata-algorithm-config.xml",
+                "/jpa-saml2-metadata-ds-config.xml",
                 "/encryption-config.xml",
                 "/jpa-saml2-metadata-reqinit-config.xml",
                 "/saml2-protocol-config.xml",
                 "/modified-saml2-assertion-config.xml"
         };
     }
-}
+}
diff --git a/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml b/backend/src/main/resources/jpa-saml2-metadata-algorithm-config.xml
@@ -6,13 +6,13 @@
 
         <!-- DigestMethod provider -->
         <ObjectProvider qualifiedName="alg:DigestMethod">
-            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.DigestMethodBuilder"/>
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.AlgorithmDigestMethodBuilder"/>
             <MarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodMarshaller"/>
             <UnmarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodUnmarshaller"/>
         </ObjectProvider>
 
         <ObjectProvider qualifiedName="alg:DigestMethodType">
-            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.DigestMethodBuilder"/>
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.AlgorithmDigestMethodBuilder"/>
             <MarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodMarshaller"/>
             <UnmarshallingClass className="org.opensaml.saml.ext.saml2alg.impl.DigestMethodUnmarshaller"/>
         </ObjectProvider>
@@ -31,4 +31,4 @@
         </ObjectProvider>
 
     </ObjectProviders>
-</XMLTooling>
+</XMLTooling>
diff --git a/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml b/backend/src/main/resources/jpa-saml2-metadata-ds-config.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XMLTooling xmlns="http://www.opensaml.org/xmltooling-config"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xmlns:ds="http://www.w3.org/2000/09/xmldsig"
+            xsi:schemaLocation="http://www.opensaml.org/xmltooling-config ../../src/schema/xmltooling-config.xsd
+                                http://www.w3.org/2000/09/xmldsig https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd">
+
+    <ObjectProviders>
+        <!-- AlgorithmDigestMethod provider -->
+        <ObjectProvider qualifiedName="ds:DigestMethod">
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.SignatureDigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="ds:DigestMethodType">
+            <BuilderClass className="edu.internet2.tier.shibboleth.admin.ui.domain.SignatureDigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+
+    </ObjectProviders>
+</XMLTooling>
diff --git a/backend/src/main/templates/SignatureBuilderTemplate.java b/backend/src/main/templates/SignatureBuilderTemplate.java
@@ -0,0 +1,22 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import edu.internet2.tier.shibboleth.admin.ui.opensaml.xml.AbstractXMLObjectBuilder;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+
+public class {{TOKEN}}Builder extends AbstractXMLObjectBuilder<{{TOKEN}}> {
+    public {{TOKEN}}Builder() {
+    }
+
+    public {{TOKEN}} buildObject() {
+        return buildObject(SignatureConstants.XMLSIG_NS, {{TOKEN}}.DEFAULT_ELEMENT_LOCAL_NAME,
+                SignatureConstants.XMLSIG_PREFIX);
+    }
+
+    public {{TOKEN}} buildObject(final String namespaceURI, final String localName, final String namespacePrefix) {
+        {{TOKEN}} o = new {{TOKEN}}();
+        o.setNamespaceURI(namespaceURI);
+        o.setElementLocalName(localName);
+        o.setNamespacePrefix(namespacePrefix);
+        return o;
+    }
+}
diff --git a/...t2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy b/...t2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializerForTest.groovy
@@ -6,7 +6,7 @@ class JPAXMLObjectProviderInitializerForTest extends AbstractXMLObjectProviderIn
     @Override
     protected String[] getConfigResources() {
         return new String[]{
-                "/jpa-saml2-metadata-config.xml"
+                "/jpa-saml2-metadata-config.xml", "jpa-saml2-metadata-algorithm-config.xml", "jpa-saml2-metadata-ds-config.xml"
         }
     }
 }