From e5aca0505b67234571cfbfe71e82e9ca680a4451 Mon Sep 17 00:00:00 2001
From: Dmitriy Kopylenko <dima767@gmail.com>
Date: Tue, 7 Aug 2018 14:00:44 -0400
Subject: [PATCH] SHIBUI-693: Don't gen filter if requireSignedRoot is not set

---
 .../JPAMetadataResolverServiceImpl.groovy     | 22 +++++++++-------
 .../filters/SignatureValidationFilter.java    | 11 +++-----
 .../SignatureValidationFilterTests.groovy     | 26 +++++++++++++++++++
 3 files changed, 42 insertions(+), 17 deletions(-)
 create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilterTests.groovy

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index 07214d33c..18796b950 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -126,16 +126,18 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
     }
 
     void constructXmlNodeForFilter(SignatureValidationFilter filter, def markupBuilderDelegate) {
-        markupBuilderDelegate.MetadataFilter(id: filter.name,
-                'xsi:type': 'SignatureValidation',
-                'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
-                'requireSignedRoot': !filter.requireSignedRoot ?: null,
-                'certificateFile': filter.certificateFile,
-                'defaultCriteriaRef': filter.defaultCriteriaRef,
-                'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
-                'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
-                'trustEngineRef': filter.trustEngineRef,
-                'publicKey': filter.publicKey)
+        if(filter.xmlShouldBeGenerated()) {
+            markupBuilderDelegate.MetadataFilter(id: filter.name,
+                    'xsi:type': 'SignatureValidation',
+                    'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
+                    'requireSignedRoot': !filter.requireSignedRoot ?: null,
+                    'certificateFile': filter.certificateFile,
+                    'defaultCriteriaRef': filter.defaultCriteriaRef,
+                    'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
+                    'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
+                    'trustEngineRef': filter.trustEngineRef,
+                    'publicKey': filter.publicKey)
+        }
     }
 
     void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java
index f5bd331b9..7e83ae6d4 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java
@@ -5,14 +5,7 @@
 import lombok.Setter;
 import lombok.ToString;
 
-import javax.persistence.CollectionTable;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
 import javax.persistence.Entity;
-import javax.persistence.JoinColumn;
-import javax.persistence.OrderColumn;
-import java.util.ArrayList;
-import java.util.List;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
@@ -38,4 +31,8 @@ public SignatureValidationFilter() {
     private String trustEngineRef;
 
     private String publicKey;
+
+    public boolean xmlShouldBeGenerated() {
+        return requireSignedRoot;
+    }
 }
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilterTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilterTests.groovy
new file mode 100644
index 000000000..439306621
--- /dev/null
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilterTests.groovy
@@ -0,0 +1,26 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.filters
+
+import spock.lang.Specification
+import spock.lang.Subject
+
+/**
+ * @author Dmitriy Kopylenko
+ */
+class SignatureValidationFilterTests extends Specification {
+
+    def "correct logic in xmlShouldBeGenerated() method"() {
+        given: "filter under test with requireSignedRoot set to false"
+        @Subject
+        def filter = new SignatureValidationFilter(requireSignedRoot: false)
+
+        expect:
+        !filter.xmlShouldBeGenerated()
+
+        when: "filter under test with requireSignedRoot set to true"
+        filter.requireSignedRoot = true
+
+        then:
+        filter.xmlShouldBeGenerated()
+
+    }
+}