Skip to content

Commit

Permalink
Merge branch 'master' into docker-wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@jj
jj committed Sep 4, 2018
2 parents e984388 + dcdac35 commit b79f63d
Show file tree
Hide file tree
Showing 135 changed files with 3,401 additions and 1,648 deletions.
4 changes: 2 additions & 2 deletions backend/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ dependencies {
}

// shibboleth idp deps
[].each {
['idp-profile-spring', 'idp-profile-api'].each {
compile "net.shibboleth.idp:${it}:${project.'shibboleth.version'}"
}

Expand Down Expand Up @@ -107,7 +107,7 @@ dependencies {
testCompile "org.xmlunit:xmlunit-core:2.5.1"
testRuntime 'cglib:cglib-nodep:3.2.5'

testCompile "net.shibboleth.ext:spring-extensions:5.4.0-SNAPSHOT"
compile "net.shibboleth.ext:spring-extensions:5.4.0-SNAPSHOT"

//JSON schema generator
testCompile 'com.kjetland:mbknor-jackson-jsonschema_2.12:1.0.29'
Expand Down
104 changes: 80 additions & 24 deletions ...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverReposit
import groovy.util.logging.Slf4j
import groovy.xml.DOMBuilder
import groovy.xml.MarkupBuilder
import net.shibboleth.utilities.java.support.logic.ScriptedPredicate
import net.shibboleth.utilities.java.support.resolver.ResolverException
import net.shibboleth.utilities.java.support.scripting.EvaluableScript
import org.opensaml.saml.common.profile.logic.EntityIdPredicate
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver
import org.opensaml.saml.metadata.resolver.MetadataResolver
Expand All @@ -28,6 +30,8 @@ import org.opensaml.saml.saml2.metadata.EntityDescriptor
import org.springframework.beans.factory.annotation.Autowired
import org.w3c.dom.Document

import javax.annotation.Nonnull

import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.CLASSPATH
import static edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver.ResourceType.SVN

Expand Down Expand Up @@ -64,11 +68,24 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {

org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter target = new org.opensaml.saml.metadata.resolver.filter.impl.EntityAttributesFilter()
Map<Predicate<EntityDescriptor>, Collection<Attribute>> rules = new HashMap<>()
if (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType() == EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY) {
rules.put(
new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
(List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes()
)
switch (entityAttributesFilter.getEntityAttributesFilterTarget().getEntityAttributesFilterTargetType()) {
case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.ENTITY:
rules.put(
new EntityIdPredicate(entityAttributesFilter.getEntityAttributesFilterTarget().getValue()),
(List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes()
)
break
case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT:
rules.put(new ScriptedPredicate(new EvaluableScript(entityAttributesFilter.entityAttributesFilterTarget.value[0])),
(List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
break
case EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX:
rules.put(new ScriptedPredicate(new EvaluableScript(generateJavaScriptRegexScript(entityAttributesFilter.entityAttributesFilterTarget.value[0]))),
(List<Attribute>) (List<? extends Attribute>) entityAttributesFilter.getAttributes())
break
default:
// do nothing, we'd have exploded elsewhere previously.
break
}
target.setRules(rules)
metadataFilters.add(target)
Expand All @@ -86,6 +103,12 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
}
}

private class ScriptedPredicate extends net.shibboleth.utilities.java.support.logic.ScriptedPredicate<EntityDescriptor> {
protected ScriptedPredicate(@Nonnull EvaluableScript theScript) {
super(theScript)
}
}

// TODO: enhance
@Override
Document generateConfiguration() {
Expand Down Expand Up @@ -126,16 +149,18 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
}

void constructXmlNodeForFilter(SignatureValidationFilter filter, def markupBuilderDelegate) {
markupBuilderDelegate.MetadataFilter(id: filter.name,
'xsi:type': 'SignatureValidation',
'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
'requireSignedRoot': !filter.requireSignedRoot ?: null,
'certificateFile': filter.certificateFile,
'defaultCriteriaRef': filter.defaultCriteriaRef,
'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
'trustEngineRef': filter.trustEngineRef,
'publicKey': filter.publicKey)
if(filter.xmlShouldBeGenerated()) {
markupBuilderDelegate.MetadataFilter(id: filter.name,
'xsi:type': 'SignatureValidation',
'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
'requireSignedRoot': !filter.requireSignedRoot ?: null,
'certificateFile': filter.certificateFile,
'defaultCriteriaRef': filter.defaultCriteriaRef,
'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
'trustEngineRef': filter.trustEngineRef,
'publicKey': filter.publicKey)
}
}

void constructXmlNodeForFilter(EntityAttributesFilter filter, def markupBuilderDelegate) {
Expand All @@ -144,15 +169,44 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
filter.attributes.each { attribute ->
mkp.yieldUnescaped(openSamlObjects.marshalToXmlString(attribute, false))
}
if (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType == EntityAttributesFilterTarget
.EntityAttributesFilterTargetType.ENTITY) {
filter.entityAttributesFilterTarget.value.each {
Entity(it)
}
switch (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType) {
case EntityAttributesFilterTarget
.EntityAttributesFilterTargetType.ENTITY:
filter.entityAttributesFilterTarget.value.each {
Entity(it)
}
break
case EntityAttributesFilterTarget
.EntityAttributesFilterTargetType.CONDITION_SCRIPT:
case EntityAttributesFilterTarget
.EntityAttributesFilterTargetType.REGEX:
ConditionScript() {
Script() {
def script
if (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType ==
EntityAttributesFilterTarget.EntityAttributesFilterTargetType.CONDITION_SCRIPT) {
script = filter.entityAttributesFilterTarget.value[0]
} else if (filter.entityAttributesFilterTarget.entityAttributesFilterTargetType ==
EntityAttributesFilterTarget.EntityAttributesFilterTargetType.REGEX) {
script = generateJavaScriptRegexScript(filter.entityAttributesFilterTarget.value[0])
}
mkp.yieldUnescaped("\n<![CDATA[\n${script}\n]]>\n")
}
}
break
default:
// do nothing, we'd have exploded elsewhere previously.
break
}
}
}

private String generateJavaScriptRegexScript(String regex) {
return """
"use strict";
${regex}.test(input.getEntityID());\n"""
}

void constructXmlNodeForFilter(EntityRoleWhiteListFilter filter, def markupBuilderDelegate) {
markupBuilderDelegate.MetadataFilter(
'xsi:type': 'EntityRoleWhiteList',
Expand All @@ -165,10 +219,12 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
}

void constructXmlNodeForFilter(RequiredValidUntilFilter filter, def markupBuilderDelegate) {
markupBuilderDelegate.MetadataFilter(
'xsi:type': 'RequiredValidUntil',
maxValidityInterval: filter.maxValidityInterval
)
if(filter.xmlShouldBeGenerated()) {
markupBuilderDelegate.MetadataFilter(
'xsi:type': 'RequiredValidUntil',
maxValidityInterval: filter.maxValidityInterval
)
}
}

void constructXmlNodeForResolver(FilesystemMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
Expand Down
65 changes: 29 additions & 36 deletions ...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,29 @@
package edu.internet2.tier.shibboleth.admin.ui.configuration;

import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityIdsSearchResultRepresentation;
import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolversPositionOrderContainer;
import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.service.*;
import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
import edu.internet2.tier.shibboleth.admin.ui.service.EntityIdsSearchService;
import edu.internet2.tier.shibboleth.admin.ui.service.EntityIdsSearchServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.EntityService;
import edu.internet2.tier.shibboleth.admin.ui.service.FilterService;
import edu.internet2.tier.shibboleth.admin.ui.service.FilterTargetService;
import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.JPAFilterServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.JPAFilterTargetServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.JPAMetadataResolverServiceImpl;
import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService;
import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolversPositionOrderContainerService;
import edu.internet2.tier.shibboleth.admin.util.AttributeUtility;
import edu.internet2.tier.shibboleth.admin.util.LuceneUtility;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.DirectoryReader;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.search.IndexSearcher;
import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopDocs;
import org.apache.lucene.store.Directory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
Expand All @@ -33,9 +39,6 @@
import org.springframework.web.util.UrlPathHelper;

import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

@Configuration
public class CoreShibUiConfiguration {
Expand Down Expand Up @@ -79,12 +82,6 @@ public AttributeUtility attributeUtility() {
return new AttributeUtility(openSamlObjects());
}

@Autowired
Analyzer fullTokenAnalyzer;

@Autowired
Directory directory;

@Autowired
LocaleResolver localeResolver;

Expand All @@ -97,22 +94,8 @@ public EntityDescriptorFilesScheduledTasks entityDescriptorFilesScheduledTasks(E
}

@Bean
public EntityIdsSearchService entityIdsSearchService() {
return (term, limit) -> {
List<String> entityIds = new ArrayList<>();
try {
IndexSearcher searcher = new IndexSearcher(DirectoryReader.open(directory));
QueryParser parser = new QueryParser("content", fullTokenAnalyzer);
TopDocs topDocs = searcher.search(parser.parse(term.trim()), limit);
for (ScoreDoc scoreDoc : topDocs.scoreDocs) {
Document document = searcher.doc(scoreDoc.doc);
entityIds.add(document.get("id"));
}
} catch (IOException | ParseException e) {
logger.error(e.getMessage(), e);
}
return new EntityIdsSearchResultRepresentation(entityIds);
};
public EntityIdsSearchService entityIdsSearchService(LuceneUtility luceneUtility, Analyzer fullTokenAnalyzer) {
return new EntityIdsSearchServiceImpl(luceneUtility, fullTokenAnalyzer);
}

@Bean
Expand Down Expand Up @@ -175,4 +158,14 @@ public void addInterceptors(InterceptorRegistry registry) {
return new DefaultMetadataResolversPositionOrderContainerService(positionOrderContainerRepository, resolverRepository);

}

@Bean
public DirectoryService directoryService() {
return new DirectoryServiceImpl();
}

@Bean
public LuceneUtility luceneUtility(DirectoryService directoryService) {
return new LuceneUtility(directoryService);
}
}
75 changes: 15 additions & 60 deletions ...a/edu/internet2/tier/shibboleth/admin/ui/configuration/MetadataResolverConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,20 @@
package edu.internet2.tier.shibboleth.admin.ui.configuration;

import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver;
import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
import edu.internet2.tier.shibboleth.admin.ui.service.IndexWriterService;
import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverConverterService;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.HttpClients;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.StringField;
import org.apache.lucene.document.TextField;
import org.apache.lucene.index.IndexWriter;
import org.joda.time.DateTime;
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
import org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.annotation.Nullable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
Expand All @@ -38,66 +30,29 @@ public class MetadataResolverConfiguration {
OpenSamlObjects openSamlObjects;

@Autowired
IndexWriter indexWriter;
IndexWriterService indexWriterService;

@Autowired
MetadataResolverRepository metadataResolverRepository;

@Autowired
MetadataResolverConverterService metadataResolverConverterService;

@Bean
public MetadataResolver metadataResolver() throws ResolverException, ComponentInitializationException {
ChainingMetadataResolver metadataResolver = new ChainingMetadataResolver();
ChainingMetadataResolver metadataResolver = new OpenSamlChainingMetadataResolver();
metadataResolver.setId("chain");

List<MetadataResolver> resolvers = new ArrayList<>();

// TODO: remove this later when we allow for creation of arbitrary metadata resolvers
FileBackedHTTPMetadataResolver incommonMR = new FileBackedHTTPMetadataResolver(HttpClients.createMinimal(), "http://md.incommon.org/InCommon/InCommon-metadata.xml", "/tmp/incommonmd.xml"){
@Override
protected void initMetadataResolver() throws ComponentInitializationException {
super.initMetadataResolver();

for (String entityId: this.getBackingStore().getIndexedDescriptors().keySet()) {
Document document = new Document();
document.add(new StringField("id", entityId, Field.Store.YES));
document.add(new TextField("content", entityId, Field.Store.YES)); // TODO: change entityId to be content of entity descriptor block
try {
indexWriter.addDocument(document);
} catch (IOException e) {
logger.error(e.getMessage(), e);
}
}
try {
indexWriter.commit();
} catch (IOException e) {
throw new ComponentInitializationException(e);
}
}

// TODO: this is probably not the best way to do this
@Nullable
@Override
public DateTime getLastRefresh() {
return null;
Iterable<edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver> persistedResolvers = metadataResolverRepository.findAll();
for (edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver resolver : persistedResolvers) {
try {
MetadataResolver openSamlResolver = metadataResolverConverterService.convertToOpenSamlRepresentation(resolver);
resolvers.add(openSamlResolver);
} catch (IOException e) {
//TODO: do something interesting here?
}

// TODO: this is probably not the best way to do this
@Override
protected void processConditionalRetrievalHeaders(HttpResponse response) {
// let's do nothing 'cause we want to allow a refresh
}
};
incommonMR.setId("incommonmd");
incommonMR.setParserPool(openSamlObjects.getParserPool());
incommonMR.setMetadataFilter(new MetadataFilterChain());
incommonMR.initialize();


resolvers.add(incommonMR);

if (!metadataResolverRepository.findAll().iterator().hasNext()) {
edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr = new edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver();
mr.setName("incommonmd");
metadataResolverRepository.save(mr);
}

metadataResolver.setResolvers(resolvers);
Expand Down
Loading

0 comments on commit b79f63d

Please sign in to comment.