Skip to content

Commit

Permalink
SHIBUI-2189
Browse files Browse the repository at this point in the history 
When filter is disabled, do not include it in the xml generation
  • Loading branch information
@chasegawa
chasegawa committed Oct 23, 2021
1 parent 168c892 commit 86578f5
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 4 deletions.
7 changes: 5 additions & 2 deletions ...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
}

void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) {
if (!filter.isFilterEnabled()) { return }
markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') {
// TODO: enhance. currently this does weird things with namespaces
filter.attributes.each { attribute ->
Expand Down Expand Up @@ -459,8 +460,10 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
}
}
mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter ->
doNamespaceProtectionFilter()
constructXmlNodeForFilter(filter, delegate)
if (filter.isFilterEnabled()) {
doNamespaceProtectionFilter()
constructXmlNodeForFilter(filter, delegate)
}
}
doNamespaceProtectionFilter()
}
Expand Down
7 changes: 5 additions & 2 deletions ...rnet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes
def 'simple test generation of metadata-providers.xml'() {
when:
def mr = metadataResolverRepository.findAll().iterator().next()
mr.metadataFilters << new SignatureValidationFilter(requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem')
mr.metadataFilters << new SignatureValidationFilter(enabled: true, requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem')
mr.metadataFilters << requiredValidUntilFilterForXmlGenerationTests()
mr.metadataFilters << entityRoleWhiteListFilterForXmlGenerationTests()
metadataResolverRepository.save(mr)
Expand All @@ -52,9 +52,10 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes
when:
//TODO: this might break later
def mr = metadataResolverRepository.findAll().iterator().next()
mr.metadataFilters << new SignatureValidationFilter(requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem')
mr.metadataFilters << new SignatureValidationFilter(enabled: true, requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem')
mr.metadataFilters << requiredValidUntilFilterForXmlGenerationTests()
mr.metadataFilters.add(new EntityAttributesFilter().with {
it.enabled = true
it.entityAttributesFilterTarget = new EntityAttributesFilterTarget().with {
it.entityAttributesFilterTargetType = EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY
it.value = ['https://sp1.example.org']
Expand All @@ -81,13 +82,15 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes
EntityRoleWhiteListFilter entityRoleWhiteListFilterForXmlGenerationTests() {
new EntityRoleWhiteListFilter().with {
it.retainedRoles = ['md:SPSSODescriptor']
it.enabled = true
it
}
}

RequiredValidUntilFilter requiredValidUntilFilterForXmlGenerationTests() {
new RequiredValidUntilFilter().with {
it.maxValidityInterval = 'P14D'
it.enabled = true
it
}
}
Expand Down
14 changes: 14 additions & 0 deletions ...edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,20 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest {
generatedXmlIsTheSameAsExpectedXml('/conf/661.xml', domBuilder.parseText(writer.toString()))
}

def 'test generating xml when filter is disabled'() {
given:
def filter = testObjectGenerator.entityAttributesFilterWithConditionScript()
filter.setEnabled(Boolean.FALSE)

when:
genXmlSnippet(markupBuilder) {
JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it)
}

then:
generatedXmlIsTheSameAsExpectedXml('/conf/661.3.xml', domBuilder.parseText(writer.toString()))
}

def 'test generating EntityAttributesFilter xml snippet with regex'() {
given:
def filter = testObjectGenerator.entityAttributesFilterWithRegex()
Expand Down
9 changes: 9 additions & 0 deletions ...nd/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ class TestObjectGenerator {
it.dynamicTrustedNamesStrategyRef = generator.randomString(10)
it.trustEngineRef = generator.randomString(10)
it.publicKey = generator.randomString(50)
it.enabled = true;
it
}
}
Expand All @@ -202,6 +203,7 @@ class TestObjectGenerator {
it.name = 'EntityRoleWhiteList'
it.retainedRoles = ['role1', 'role2']
it.removeRolelessEntityDescriptors = true
it.enabled = true;
it
}
}
Expand All @@ -212,6 +214,7 @@ class TestObjectGenerator {
it.setEntityAttributesFilterTarget(buildEntityAttributesFilterTarget())
it.setAttributes(buildAttributesList())
it.intoTransientRepresentation()
it.enabled = true;
it
}
}
Expand All @@ -221,6 +224,7 @@ class TestObjectGenerator {
it.name = 'EntityAttributes'
it.setEntityAttributesFilterTarget(buildEntityAttributesFilterTargetWithConditionScript())
it.intoTransientRepresentation()
it.enabled = true;
it
}
}
Expand All @@ -230,13 +234,15 @@ class TestObjectGenerator {
it.name = 'EntityAttributes'
it.setEntityAttributesFilterTarget(buildEntityAttributesFilterTargetWithRegex())
it.intoTransientRepresentation()
it.enabled = true;
it
}
}

RequiredValidUntilFilter requiredValidUntilFilter() {
return new RequiredValidUntilFilter().with {
it.maxValidityInterval = 'P14D'
it.enabled = true;
it
}
}
Expand All @@ -246,6 +252,7 @@ class TestObjectGenerator {
it.name = "NameIDFormat"
it.formats = ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent']
it.setNameIdFormatFilterTarget(new NameIdFormatFilterTarget(nameIdFormatFilterTargetType: ENTITY, singleValue: 'https://sp1.example.org'))
it.enabled = true;
it
}
}
Expand All @@ -255,6 +262,7 @@ class TestObjectGenerator {
it.name = requiredValidUntilFilter.name
it.resourceId = requiredValidUntilFilter.resourceId
it.maxValidityInterval = requiredValidUntilFilter.maxValidityInterval
it.enabled = true;
it
}
}
Expand All @@ -270,6 +278,7 @@ class TestObjectGenerator {
it.requireSignedRoot = signatureValidationFilter.requireSignedRoot
it.certificateFile = signatureValidationFilter.certificateFile
it.defaultCriteriaRef = signatureValidationFilter.defaultCriteriaRef
it.enabled = true;
it
}
}
Expand Down
2 changes: 2 additions & 0 deletions backend/src/test/resources/conf/661.3.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<MetadataProvider id='ShibbolethMetadata' xmlns='urn:mace:shibboleth:2.0:metadata' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:type='ChainingMetadataProvider' xsi:schemaLocation='urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd'>
</MetadataProvider>

0 comments on commit 86578f5

Please sign in to comment.