From b7e92535bc503c8360c0b41483bfe9b8ee009e02 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 24 Jun 2022 15:56:26 -0700 Subject: [PATCH 1/3] SHIBUI-2269 Added ExternalMetadataResolver to resolver types. TODO: define XML wrapper around filters block TODO: Unit test --- .../JPAMetadataResolverServiceImpl.groovy | 44 +++++++++++++-- .../CoreShibUiConfiguration.java | 9 ++++ .../MetadataResolversController.java | 14 +++++ .../resolvers/ExternalMetadataResolver.java | 4 ++ ...ternalMetadataProvidersScheduledTasks.java | 53 +++++++++++++++++++ .../ui/service/MetadataResolverService.java | 5 +- .../src/main/resources/application.properties | 6 +++ .../MetadataFiltersControllerTests.groovy | 5 ++ 8 files changed, 136 insertions(+), 4 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/scheduled/ExternalMetadataProvidersScheduledTasks.java diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index ed3f794c0..8b8c27645 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -449,11 +449,11 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd' ) { - resolversPositionOrderContainerService.allMetadataResolversInDefinedOrderOrUnordered.each { edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr -> - //TODO: We do not currently marshall the internal incommon chaining resolver (with BaseMetadataResolver type) - if ((mr.type != 'BaseMetadataResolver') && (mr.enabled)) { + // We do not currently marshall the internal incommon chaining resolver (with BaseMetadataResolver type) + // We do not want to include the custom type: ExternalMetadataResolver + if ((mr.type != 'BaseMetadataResolver') && (mr.type != 'ExternalMetadataResolver') && (mr.enabled)) { constructXmlNodeForResolver(mr, delegate) { //TODO: enhance def didNamespaceProtectionFilter = !(shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0) @@ -478,6 +478,44 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } } + @Override + Document generateExternalMetadataFilterConfiguration() { + // TODO: this can probably be a better writer + new StringWriter().withCloseable { writer -> + def xml = new MarkupBuilder(writer) + xml.omitEmptyAttributes = true + xml.omitNullAttributes = true + + // CHARLESTODO - determine wrapping type here - possible: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1279033515/ByReferenceFilter + xml.MetadataProvider(id: 'ShibbolethIdPUIGeneratedMetadata', + xmlns: 'urn:mace:shibboleth:2.0:metadata', + 'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance', + 'xsi:type': 'ChainingMetadataProvider', + 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd' + ) { + + resolversPositionOrderContainerService.allMetadataResolversInDefinedOrderOrUnordered.each { + edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr -> + // Only include the custom type: ExternalMetadataResolver + if ((mr.type != 'ExternalMetadataResolver') && (mr.enabled)) { + constructXmlNodeForResolver(mr, delegate) { + //TODO: enhance + def didNamespaceProtectionFilter = !(shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0) + mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter -> + if (filter.isFilterEnabled()) { + doNamespaceProtectionFilter() + constructXmlNodeForFilter(filter, delegate) + } + } + doNamespaceProtectionFilter() + } + } + } + } + return DOMBuilder.newInstance().parseText(writer.toString()) + } + } + private String generateJavaScriptRegexScript(String regex) { return """ "use strict"; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java index c897a31b5..fdc85e20f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java @@ -6,6 +6,7 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository; import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks; +import edu.internet2.tier.shibboleth.admin.ui.scheduled.ExternalMetadataProvidersScheduledTasks; import edu.internet2.tier.shibboleth.admin.ui.scheduled.MetadataProvidersScheduledTasks; import edu.internet2.tier.shibboleth.admin.ui.security.model.listener.GroupUpdatedEntityListener; import edu.internet2.tier.shibboleth.admin.ui.security.model.listener.UserUpdatedEntityListener; @@ -88,6 +89,14 @@ public MetadataProvidersScheduledTasks metadataProvidersScheduledTasks( return new MetadataProvidersScheduledTasks(resource, metadataResolverService, fileWritingService()); } + @Bean + @ConditionalOnProperty(name = "shibui.external.metadataProviders.target") + public ExternalMetadataProvidersScheduledTasks externalMetadataProvidersScheduledTasks( + @Value("${shibui.external.metadataProviders.target}") final Resource resource, + final MetadataResolverService metadataResolverService) { + return new ExternalMetadataProvidersScheduledTasks(resource, metadataResolverService, fileWritingService()); + } + @Bean public EntityIdsSearchService entityIdsSearchService(LuceneUtility luceneUtility, Analyzer fullTokenAnalyzer) { return new EntityIdsSearchServiceImpl(luceneUtility, fullTokenAnalyzer); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java index 0f7b92338..080b8580a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataResolversController.java @@ -103,6 +103,20 @@ public ResponseEntity getXml() throws IOException, TransformerException { } } + @GetMapping(value = "/MetadataResolvers/External", produces = "application/xml") + @Transactional(readOnly = true) + public ResponseEntity getExternalXml() throws IOException, TransformerException { + // TODO: externalize + try (StringWriter writer = new StringWriter()) { + Transformer transformer = TransformerFactory.newInstance().newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2"); + + transformer.transform(new DOMSource(metadataResolverService.generateExternalMetadataFilterConfiguration()), new StreamResult(writer)); + return ResponseEntity.ok(writer.toString()); + } + } + @GetMapping("/MetadataResolvers/{resourceId}") @Transactional(readOnly = true) public ResponseEntity getOne(@PathVariable String resourceId) { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java new file mode 100644 index 000000000..7c857aaa2 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java @@ -0,0 +1,4 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.resolvers; + +public class ExternalMetadataResolver extends MetadataResolver { + } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/scheduled/ExternalMetadataProvidersScheduledTasks.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/scheduled/ExternalMetadataProvidersScheduledTasks.java new file mode 100644 index 000000000..b2e3c7d37 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/scheduled/ExternalMetadataProvidersScheduledTasks.java @@ -0,0 +1,53 @@ +package edu.internet2.tier.shibboleth.admin.ui.scheduled; + +import edu.internet2.tier.shibboleth.admin.ui.service.FileWritingService; +import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.core.io.WritableResource; +import org.springframework.scheduling.annotation.Scheduled; +import org.springframework.transaction.annotation.Transactional; + +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; +import java.io.IOException; +import java.io.StringWriter; + +@Configuration +@ConditionalOnProperty("shibui.external.metadataProviders.target") +public class ExternalMetadataProvidersScheduledTasks { + private static final Logger logger = LoggerFactory.getLogger(ExternalMetadataProvidersScheduledTasks.class); + + private final Resource target; + private final MetadataResolverService metadataResolverService; + private final FileWritingService fileWritingService; + + public ExternalMetadataProvidersScheduledTasks(Resource target, MetadataResolverService metadataResolverService, FileWritingService fileWritingService) { + this.target = target; + this.metadataResolverService = metadataResolverService; + this.fileWritingService = fileWritingService; + } + + @Scheduled(fixedRateString = "${shibui.external.metadataProviders.taskRunRate:30000}") + @Transactional(readOnly = true) + public void generateMetadataProvidersFile() { + try (StringWriter os = new StringWriter()) { + Transformer transformer = TransformerFactory.newInstance().newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2"); + + + transformer.transform(new DOMSource(metadataResolverService.generateExternalMetadataFilterConfiguration()), new StreamResult(os)); + this.fileWritingService.write((WritableResource)this.target, os.toString()); + } catch (IOException | TransformerException e) { + logger.error(e.getLocalizedMessage(), e); + } + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java index 5fd205c20..d851cd021 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java @@ -7,6 +7,7 @@ import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; +import org.w3c.dom.Node; public interface MetadataResolverService { public MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException; @@ -16,4 +17,6 @@ public interface MetadataResolverService { public void reloadFilters(String metadataResolverName); public MetadataResolver updateMetadataResolverEnabledStatus(MetadataResolver existingResolver) throws ForbiddenException, MetadataFileNotFoundException, InitializationException; -} + + public Document generateExternalMetadataFilterConfiguration(); +} \ No newline at end of file diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 7943285f7..adcb452f0 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -80,6 +80,12 @@ shibui.nameid-filter-ui-schema-location=classpath:nameid-filter.schema.json # shibui.metadataProviders.target=file:/opt/shibboleth-idp/conf/shibui-metadata-providers.xml # shibui.metadataProviders.taskRunRate=30000 +# Set the following property to periodically write out external metadata providers (ie metadata-filters) configuration. +# There is no default value; the following is just an example +# @see - https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1279033515/ByReferenceFilter +# shibui.external.metadataProviders.target=file:/opt/shibboleth-idp/conf/metadata-filters.xml +# shibui.external.metadataProviders.taskRunRate=30000 + # Email configuration (local mailhog) # spring.mail.host=mailhog # spring.mail.port=1025 diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy index c0a7d0e68..82bee21b2 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy @@ -96,6 +96,11 @@ class MetadataFiltersControllerTests extends AbstractBaseDataJpaTest { return null } + @Override + Document generateExternalMetadataFilterConfiguration() { + return null + } + @Override MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException { // This won't get called From a9e09dbf057c9892f64d9d91dd908abbfd36064a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 27 Jun 2022 17:46:06 -0700 Subject: [PATCH 2/3] SHIBUI-2269 Unit test to check that the service builds the proper XML for the "external provider" --- .../JPAMetadataResolverServiceImpl.groovy | 27 ++++++----- .../resolvers/ExternalMetadataResolver.java | 26 +++++++++- ...JPAMetadataResolverServiceImplTests.groovy | 47 +++++++++++++++++++ .../admin/ui/util/TestHelpers.groovy | 31 ++++++++---- backend/src/test/resources/conf/2269.xml | 21 +++++++++ 5 files changed, 131 insertions(+), 21 deletions(-) create mode 100644 backend/src/test/resources/conf/2269.xml diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index 8b8c27645..a05788bfe 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -11,6 +11,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilF import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml.OpenSamlNameIdFormatFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver +import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FilesystemMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver @@ -286,6 +287,12 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } } + void constructXmlNodeForResolver(ExternalMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) { + markupBuilderDelegate.MetadataFilters(providerRef: 'InCommonMD') { + childNodes() + } + } + void constructXmlNodeForResolver(FileBackedHttpMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) { markupBuilderDelegate.MetadataProvider(id: resolver.xmlId, 'xsi:type': 'FileBackedHTTPMetadataProvider', @@ -486,28 +493,26 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { xml.omitEmptyAttributes = true xml.omitNullAttributes = true - // CHARLESTODO - determine wrapping type here - possible: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1279033515/ByReferenceFilter - xml.MetadataProvider(id: 'ShibbolethIdPUIGeneratedMetadata', - xmlns: 'urn:mace:shibboleth:2.0:metadata', + // https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1279033515/ByReferenceFilter + xml.MetadataFilter( + 'xsi:type': 'ByReference', 'xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance', - 'xsi:type': 'ChainingMetadataProvider', - 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd' + 'xsi:schemaLocation': 'urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd', + 'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata', + 'xmlns': 'urn:mace:shibboleth:2.0:metadata', + 'xmlns:security': 'urn:mace:shibboleth:2.0:security', + 'xmlns:saml2': 'urn:oasis:names:tc:SAML:2.0:assertion' ) { - resolversPositionOrderContainerService.allMetadataResolversInDefinedOrderOrUnordered.each { edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver mr -> // Only include the custom type: ExternalMetadataResolver - if ((mr.type != 'ExternalMetadataResolver') && (mr.enabled)) { + if ((mr.type == 'ExternalMetadataResolver') && (mr.enabled)) { constructXmlNodeForResolver(mr, delegate) { - //TODO: enhance - def didNamespaceProtectionFilter = !(shibUIConfiguration.protectedAttributeNamespaces && shibUIConfiguration.protectedAttributeNamespaces.size() > 0) mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter -> if (filter.isFilterEnabled()) { - doNamespaceProtectionFilter() constructXmlNodeForFilter(filter, delegate) } } - doNamespaceProtectionFilter() } } } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java index 7c857aaa2..08727018e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java @@ -1,4 +1,28 @@ package edu.internet2.tier.shibboleth.admin.ui.domain.resolvers; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; + +@Entity +@EqualsAndHashCode(callSuper = true) +@Getter +@Setter +@ToString +@Audited public class ExternalMetadataResolver extends MetadataResolver { - } \ No newline at end of file + @Column + private String description; + + @Column(unique = true) + private String externalResolverId; + + public ExternalMetadataResolver() { + type = "ExternalMetadataResolver"; + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 594ee6750..712229089 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -1,14 +1,19 @@ package edu.internet2.tier.shibboleth.admin.ui.service +import com.google.common.collect.Lists import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.configuration.PlaceholderResolverComponentsConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration +import edu.internet2.tier.shibboleth.admin.ui.domain.Attribute +import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeValue +import edu.internet2.tier.shibboleth.admin.ui.domain.XSString import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ClasspathMetadataResource import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver +import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ExternalMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataQueryProtocolScheme import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.RegexScheme @@ -18,6 +23,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSaml import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository import edu.internet2.tier.shibboleth.admin.ui.util.TestObjectGenerator +import edu.internet2.tier.shibboleth.admin.util.AttributeUtility import groovy.xml.DOMBuilder import groovy.xml.MarkupBuilder import net.shibboleth.ext.spring.resource.ResourceHelper @@ -31,6 +37,8 @@ import org.springframework.boot.test.context.TestConfiguration import org.springframework.context.annotation.Bean import org.springframework.core.io.ClassPathResource import org.springframework.test.context.ContextConfiguration +import org.w3c.dom.Document +import org.w3c.dom.Node import org.xmlunit.builder.DiffBuilder import org.xmlunit.builder.Input import spock.lang.Ignore @@ -67,6 +75,7 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { @Autowired TestObjectGenerator testObjectGenerator + AttributeUtility attributeUtility DOMBuilder domBuilder = DOMBuilder.newInstance() StringWriter writer = new StringWriter() MarkupBuilder markupBuilder @@ -75,6 +84,7 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { markupBuilder = new MarkupBuilder(writer) markupBuilder.omitNullAttributes = true markupBuilder.omitEmptyAttributes = true + attributeUtility = new AttributeUtility(openSamlObjects) } def cleanup() { @@ -82,6 +92,43 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { writer.close() } + def 'test generating ExternalMetadataResolver XML'() { + given: + def resolver = new ExternalMetadataResolver().with { + it.setEnabled(true) + it.setName("testme") + it.setExternalResolverId("InCommonMD") + it.setDescription("some description that won't appear in the xml") + it.addFilter(new EntityAttributesFilter().with { + it.name = 'EntityAttributes' + EntityAttributesFilterTarget filterTarget = testObjectGenerator.buildEntityAttributesFilterTarget() + filterTarget.setSingleValue("https://sp.example.org/shibboleth") + it.setEntityAttributesFilterTarget(filterTarget) + def attribute = attributeUtility.createAttributeWithStringValues('http://shibboleth.net/ns/attributes/releaseAllValues', null, 'eduPersonPrincipalName') + attribute.nameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri' + attribute.namespacePrefix = 'saml2' + attribute.attributeValues.each { val -> + ((XSString)val).namespacePrefix = 'saml2' + + '' + } + it.attributes = [attribute] + it.intoTransientRepresentation() + it.enabled = true; + it + }) + it + } + metadataResolverRepository.save(resolver) + metadataResolverService.reloadFilters("testme") + + when: + Document doc = JPAMetadataResolverServiceImpl.cast(metadataResolverService).generateExternalMetadataFilterConfiguration() + Node node = doc.getFirstChild() + + then: + generatedXmlIsTheSameAsExpectedXml('/conf/2269.xml', node) + } + def 'test adding a filter'() { given: def expectedXML = ''' diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy index f50263663..e2d67412e 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestHelpers.groovy @@ -3,20 +3,20 @@ package edu.internet2.tier.shibboleth.admin.ui.util import edu.internet2.tier.shibboleth.admin.ui.security.model.User import groovy.xml.XmlUtil import junit.framework.Assert -import javax.xml.transform.Source; -import javax.xml.transform.Transformer -import javax.xml.transform.TransformerException -import javax.xml.transform.TransformerFactory -import javax.xml.transform.dom.DOMSource -import javax.xml.transform.stream.StreamResult - import org.apache.commons.lang.StringUtils -import org.springframework.security.core.context.SecurityContextHolder import org.w3c.dom.Document +import org.w3c.dom.Node import org.xmlunit.builder.DiffBuilder import org.xmlunit.builder.Input import org.xmlunit.builder.Input.Builder +import javax.xml.transform.Source +import javax.xml.transform.Transformer +import javax.xml.transform.TransformerException +import javax.xml.transform.TransformerFactory +import javax.xml.transform.dom.DOMSource +import javax.xml.transform.stream.StreamResult + /** * @author Bill Smith (wsmith@unicon.net) */ @@ -50,6 +50,19 @@ class TestHelpers { Assert.assertFalse(myDiff.toString(), myDiff.hasDifferences()); } + static void generatedXmlIsTheSameAsExpectedXml(String expectedXmlResource, Node generatedXml) { + def Builder builder = Input.fromNode(generatedXml) + def Source source = builder.build() + def myDiff = DiffBuilder.compare(Input.fromStream(TestHelpers.getResourceAsStream(expectedXmlResource))) + .withTest(builder) + .withAttributeFilter({attribute -> !attribute.name.equals("sourceDirectory")}) + .ignoreComments() + .ignoreWhitespace() + .build() + System.out.println("@@@ \n" + getString(source) + "\n") + Assert.assertFalse(myDiff.toString(), myDiff.hasDifferences()); + } + public static String getString(DOMSource domSource) throws TransformerException { StringWriter writer = new StringWriter(); StreamResult result = new StreamResult(writer); @@ -67,4 +80,4 @@ class TestHelpers { def user = new User(username: username, role: rolename) Optional.of(user) } -} +} \ No newline at end of file diff --git a/backend/src/test/resources/conf/2269.xml b/backend/src/test/resources/conf/2269.xml new file mode 100644 index 000000000..f4c166e29 --- /dev/null +++ b/backend/src/test/resources/conf/2269.xml @@ -0,0 +1,21 @@ + + + + + + + eduPersonPrincipalName + + https://sp.example.org/shibboleth + + + + \ No newline at end of file From e7980dd24de843d63434367079acbfc8794031a5 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 28 Jun 2022 14:03:57 -0700 Subject: [PATCH 3/3] SHIBUI-2269 Additional missing bits to get backend to a point to allow UI to integrate --- .../admin/ui/domain/resolvers/ExternalMetadataResolver.java | 3 +++ .../shibboleth/admin/ui/domain/resolvers/MetadataResolver.java | 3 ++- .../admin/ui/jsonschema/JsonSchemaResourceLocation.java | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java index 08727018e..f7e2375bc 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ExternalMetadataResolver.java @@ -22,6 +22,9 @@ public class ExternalMetadataResolver extends MetadataResolver { @Column(unique = true) private String externalResolverId; + @Column + String name; + public ExternalMetadataResolver() { type = "ExternalMetadataResolver"; } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java index 63a04d764..19c96e753 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/MetadataResolver.java @@ -43,7 +43,8 @@ @JsonSubTypes.Type(value = FileBackedHttpMetadataResolver.class, name = "FileBackedHttpMetadataResolver"), @JsonSubTypes.Type(value = DynamicHttpMetadataResolver.class, name = "DynamicHttpMetadataResolver"), @JsonSubTypes.Type(value = FilesystemMetadataResolver.class, name = "FilesystemMetadataResolver"), - @JsonSubTypes.Type(value = ResourceBackedMetadataResolver.class, name = "ResourceBackedMetadataResolver")}) + @JsonSubTypes.Type(value = ResourceBackedMetadataResolver.class, name = "ResourceBackedMetadataResolver"), + @JsonSubTypes.Type(value = ExternalMetadataResolver.class, name = "ExternalMetadataResolver")}) @Audited @AuditOverride(forClass = AbstractAuditable.class) public class MetadataResolver extends AbstractAuditable implements IActivatable { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaResourceLocation.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaResourceLocation.java index 2d25fac0b..1b9054cd3 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaResourceLocation.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaResourceLocation.java @@ -104,7 +104,8 @@ public enum SchemaType { FILE_BACKED_HTTP_METADATA_RESOLVER("FileBackedHttpMetadataResolver"), FILESYSTEM_METADATA_RESOLVER("FilesystemMetadataResolver"), LOCAL_DYNAMIC_METADATA_RESOLVER("LocalDynamicMetadataResolver"), - DYNAMIC_HTTP_METADATA_RESOLVER("DynamicHttpMetadataResolver"); + DYNAMIC_HTTP_METADATA_RESOLVER("DynamicHttpMetadataResolver"), + EXTERNAL_METADATA_RESOLVER("ExternalMetadataResolver"); String jsonType;