diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index 049869b64..fdc9cf799 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -89,6 +89,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) { + if (!filter.isFilterEnabled()) { return } markupBuilderDelegate.MetadataFilter('xsi:type': 'EntityAttributes') { // TODO: enhance. currently this does weird things with namespaces filter.attributes.each { attribute -> @@ -459,8 +460,10 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } } mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter -> - doNamespaceProtectionFilter() - constructXmlNodeForFilter(filter, delegate) + if (filter.isFilterEnabled()) { + doNamespaceProtectionFilter() + constructXmlNodeForFilter(filter, delegate) + } } doNamespaceProtectionFilter() } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy index a44b4beed..378995e99 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy @@ -38,7 +38,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes def 'simple test generation of metadata-providers.xml'() { when: def mr = metadataResolverRepository.findAll().iterator().next() - mr.metadataFilters << new SignatureValidationFilter(requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem') + mr.metadataFilters << new SignatureValidationFilter(enabled: true, requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem') mr.metadataFilters << requiredValidUntilFilterForXmlGenerationTests() mr.metadataFilters << entityRoleWhiteListFilterForXmlGenerationTests() metadataResolverRepository.save(mr) @@ -52,9 +52,10 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes when: //TODO: this might break later def mr = metadataResolverRepository.findAll().iterator().next() - mr.metadataFilters << new SignatureValidationFilter(requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem') + mr.metadataFilters << new SignatureValidationFilter(enabled: true, requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem') mr.metadataFilters << requiredValidUntilFilterForXmlGenerationTests() mr.metadataFilters.add(new EntityAttributesFilter().with { + it.enabled = true it.entityAttributesFilterTarget = new EntityAttributesFilterTarget().with { it.entityAttributesFilterTargetType = EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY it.value = ['https://sp1.example.org'] @@ -81,6 +82,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes EntityRoleWhiteListFilter entityRoleWhiteListFilterForXmlGenerationTests() { new EntityRoleWhiteListFilter().with { it.retainedRoles = ['md:SPSSODescriptor'] + it.enabled = true it } } @@ -88,6 +90,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTes RequiredValidUntilFilter requiredValidUntilFilterForXmlGenerationTests() { new RequiredValidUntilFilter().with { it.maxValidityInterval = 'P14D' + it.enabled = true it } } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 28ba48d30..1bdee5a70 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -149,6 +149,20 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { generatedXmlIsTheSameAsExpectedXml('/conf/661.xml', domBuilder.parseText(writer.toString())) } + def 'test generating xml when filter is disabled'() { + given: + def filter = testObjectGenerator.entityAttributesFilterWithConditionScript() + filter.setEnabled(Boolean.FALSE) + + when: + genXmlSnippet(markupBuilder) { + JPAMetadataResolverServiceImpl.cast(metadataResolverService).constructXmlNodeForFilter(filter, it) + } + + then: + generatedXmlIsTheSameAsExpectedXml('/conf/661.3.xml', domBuilder.parseText(writer.toString())) + } + def 'test generating EntityAttributesFilter xml snippet with regex'() { given: def filter = testObjectGenerator.entityAttributesFilterWithRegex() diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy index 7ed0709df..bf17b107e 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy @@ -193,6 +193,7 @@ class TestObjectGenerator { it.dynamicTrustedNamesStrategyRef = generator.randomString(10) it.trustEngineRef = generator.randomString(10) it.publicKey = generator.randomString(50) + it.enabled = true; it } } @@ -202,6 +203,7 @@ class TestObjectGenerator { it.name = 'EntityRoleWhiteList' it.retainedRoles = ['role1', 'role2'] it.removeRolelessEntityDescriptors = true + it.enabled = true; it } } @@ -212,6 +214,7 @@ class TestObjectGenerator { it.setEntityAttributesFilterTarget(buildEntityAttributesFilterTarget()) it.setAttributes(buildAttributesList()) it.intoTransientRepresentation() + it.enabled = true; it } } @@ -221,6 +224,7 @@ class TestObjectGenerator { it.name = 'EntityAttributes' it.setEntityAttributesFilterTarget(buildEntityAttributesFilterTargetWithConditionScript()) it.intoTransientRepresentation() + it.enabled = true; it } } @@ -230,6 +234,7 @@ class TestObjectGenerator { it.name = 'EntityAttributes' it.setEntityAttributesFilterTarget(buildEntityAttributesFilterTargetWithRegex()) it.intoTransientRepresentation() + it.enabled = true; it } } @@ -237,6 +242,7 @@ class TestObjectGenerator { RequiredValidUntilFilter requiredValidUntilFilter() { return new RequiredValidUntilFilter().with { it.maxValidityInterval = 'P14D' + it.enabled = true; it } } @@ -246,6 +252,7 @@ class TestObjectGenerator { it.name = "NameIDFormat" it.formats = ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'] it.setNameIdFormatFilterTarget(new NameIdFormatFilterTarget(nameIdFormatFilterTargetType: ENTITY, singleValue: 'https://sp1.example.org')) + it.enabled = true; it } } @@ -255,6 +262,7 @@ class TestObjectGenerator { it.name = requiredValidUntilFilter.name it.resourceId = requiredValidUntilFilter.resourceId it.maxValidityInterval = requiredValidUntilFilter.maxValidityInterval + it.enabled = true; it } } @@ -270,6 +278,7 @@ class TestObjectGenerator { it.requireSignedRoot = signatureValidationFilter.requireSignedRoot it.certificateFile = signatureValidationFilter.certificateFile it.defaultCriteriaRef = signatureValidationFilter.defaultCriteriaRef + it.enabled = true; it } } diff --git a/backend/src/test/resources/conf/661.3.xml b/backend/src/test/resources/conf/661.3.xml new file mode 100644 index 000000000..39eabfe8e --- /dev/null +++ b/backend/src/test/resources/conf/661.3.xml @@ -0,0 +1,2 @@ + + \ No newline at end of file