From bebd0a7d4d96363c5606d8ef507fedf18a4854dd Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 30 Sep 2022 15:45:47 -0700
Subject: [PATCH] SHIBUI-2409

Fixing clientSecretRef between front and backend
---
 .../frontend/KeyDescriptorRepresentation.java |  2 +-
 .../JPAEntityDescriptorServiceImpl.java       |  2 +-
 .../util/EntityDescriptorConversionUtils.java |  6 +-
 .../EntityDescriptorControllerTests.groovy    | 58 +++++++++----------
 .../test/resources/json/SHIBUI-2380-1.json    |  6 ++
 5 files changed, 38 insertions(+), 36 deletions(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/KeyDescriptorRepresentation.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/KeyDescriptorRepresentation.java
index aa6c564ea..b81a65b24 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/KeyDescriptorRepresentation.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/KeyDescriptorRepresentation.java
@@ -16,6 +16,6 @@ public class KeyDescriptorRepresentation implements Serializable {
     private ElementType elementType;
 
     public enum ElementType {
-        jwksData, jwksUri, clientSecret, clientSecretKeyReference, X509Data, unsupported
+        jwksData, jwksUri, clientSecret, clientSecretRef, X509Data, unsupported
     }
 }
\ No newline at end of file
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 4a54c7543..4973ca110 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -543,7 +543,7 @@ private KeyDescriptorRepresentation.ElementType determineKeyInfoType(KeyInfo key
         case "ClientSecret":
             return KeyDescriptorRepresentation.ElementType.clientSecret;
         case "ClientSecretKeyReference":
-            return KeyDescriptorRepresentation.ElementType.clientSecretKeyReference;
+            return KeyDescriptorRepresentation.ElementType.clientSecretRef;
         case "JwksData":
             return KeyDescriptorRepresentation.ElementType.jwksData;
         case "JwksUri":
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java
index 7a32ff156..1a44ba44d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EntityDescriptorConversionUtils.java
@@ -1,6 +1,5 @@
 package edu.internet2.tier.shibboleth.admin.util;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
 import edu.internet2.tier.shibboleth.admin.ui.domain.AssertionConsumerService;
 import edu.internet2.tier.shibboleth.admin.ui.domain.Audience;
@@ -51,12 +50,10 @@
 import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.PostLogoutRedirectUriBuilder;
 import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.RequestUri;
 import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.RequestUriBuilder;
-import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.ValueXMLObject;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityService;
 import lombok.NonNull;
 import lombok.Setter;
-import org.opensaml.core.xml.XMLObject;
 import org.opensaml.xmlsec.signature.KeyInfo;
 import org.opensaml.xmlsec.signature.X509Certificate;
 import org.opensaml.xmlsec.signature.X509Data;
@@ -66,7 +63,6 @@
 import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Optional;
@@ -120,7 +116,7 @@ public static KeyDescriptor createKeyDescriptor(String name, String usageType, S
             xmlObject.setValue(value);
             keyInfo.getXMLObjects().add(xmlObject);
             break;
-        case clientSecretKeyReference:
+        case clientSecretRef:
             xmlObject = openSamlObjects.buildDefaultInstanceOfType(ClientSecretKeyReference.class);
             xmlObject.setValue(value);
             keyInfo.getXMLObjects().add(xmlObject);
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
index a8eda4349..7c9ee1537 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
@@ -717,35 +717,35 @@ class EntityDescriptorControllerTests extends AbstractBaseDataJpaTest {
 
         then:
         result.andExpect(status().isCreated())
-                .andExpect(content().contentType(APPLICATION_JSON))
-                .andExpect(jsonPath("\$.entityId").value("mockSamlClientId2"))
-                .andExpect(jsonPath("\$.serviceEnabled").value(false))
-                .andExpect(jsonPath("\$.idOfOwner").value("admingroup"))
-                .andExpect(jsonPath("\$.serviceProviderSsoDescriptor.protocolSupportEnum").value("http://openid.net/specs/openid-connect-core-1_0.html"))
-                .andExpect(jsonPath("\$.securityInfo.keyDescriptors[0].name").value("test1"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.clientUri").value("https://example.org/clientUri"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.responseTypes").value("code id_token"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.sectorIdentifierUri").value("https://example.org/sectorIdentifier"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.idTokenEncryptedResponseEnc").value("A256GCM"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.applicationType").value("web"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.tokenEndpointAuthMethod").value("client_secret_basic"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.userInfoEncryptedResponseEnc").value("A192GCM"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.userInfoSignedResponseAlg").value("RS384"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.userInfoEncryptedResponseAlg").value("A192KW"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.grantTypes").value("authorization_code"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.softwareId").value("mockSoftwareId"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.requestObjectEncryptionEnc").value("A128GCM"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.initiateLoginUri").value("https://example.org/initiateLogin"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.tokenEndpointAuthMethod").value("client_secret_basic"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.requestObjectSigningAlg").value("RS256"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.scopes").value("openid profile"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.idTokenEncryptedResponseAlg").value("A256KW"))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.softwareVersion").value("mockSoftwareVersion"))
-                .andExpect(jsonPath(shortNameToOAuth + "postLogoutRedirectUris[0]").value("https://example.org/postLogout"))
-                .andExpect(jsonPath(shortNameToOAuth + "requestUris[0]").value("https://example.org/request"))
-                .andExpect(jsonPath(shortNameToOAuth + "defaultAcrValues").isArray())
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.requireAuthTime").value(Boolean.FALSE))
-                .andExpect(jsonPath(shortNameToOAuth + "attributes.defaultMaxAge").value(Integer.valueOf(0)))
+            .andExpect(content().contentType(APPLICATION_JSON))
+            .andExpect(jsonPath("\$.entityId").value("mockSamlClientId2"))
+            .andExpect(jsonPath("\$.serviceEnabled").value(false))
+            .andExpect(jsonPath("\$.idOfOwner").value("admingroup"))
+            .andExpect(jsonPath("\$.serviceProviderSsoDescriptor.protocolSupportEnum").value("http://openid.net/specs/openid-connect-core-1_0.html"))
+            .andExpect(jsonPath("\$.securityInfo.keyDescriptors[0].name").value("test1"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.clientUri").value("https://example.org/clientUri"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.responseTypes").value("code id_token"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.sectorIdentifierUri").value("https://example.org/sectorIdentifier"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.idTokenEncryptedResponseEnc").value("A256GCM"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.applicationType").value("web"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.tokenEndpointAuthMethod").value("client_secret_basic"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.userInfoEncryptedResponseEnc").value("A192GCM"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.userInfoSignedResponseAlg").value("RS384"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.userInfoEncryptedResponseAlg").value("A192KW"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.grantTypes").value("authorization_code"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.softwareId").value("mockSoftwareId"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.requestObjectEncryptionEnc").value("A128GCM"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.initiateLoginUri").value("https://example.org/initiateLogin"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.tokenEndpointAuthMethod").value("client_secret_basic"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.requestObjectSigningAlg").value("RS256"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.scopes").value("openid profile"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.idTokenEncryptedResponseAlg").value("A256KW"))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.softwareVersion").value("mockSoftwareVersion"))
+            .andExpect(jsonPath(shortNameToOAuth + "postLogoutRedirectUris[0]").value("https://example.org/postLogout"))
+            .andExpect(jsonPath(shortNameToOAuth + "requestUris[0]").value("https://example.org/request"))
+            .andExpect(jsonPath(shortNameToOAuth + "defaultAcrValues").isArray())
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.requireAuthTime").value(Boolean.FALSE))
+            .andExpect(jsonPath(shortNameToOAuth + "attributes.defaultMaxAge").value(Integer.valueOf(0)))
     }
 
     @WithMockAdmin
diff --git a/backend/src/test/resources/json/SHIBUI-2380-1.json b/backend/src/test/resources/json/SHIBUI-2380-1.json
index 833ca5bff..29a3a8e69 100644
--- a/backend/src/test/resources/json/SHIBUI-2380-1.json
+++ b/backend/src/test/resources/json/SHIBUI-2380-1.json
@@ -41,6 +41,12 @@
         "value": "mockClientSecretValue",
         "type": "both",
         "elementType": "clientSecret"
+      },
+      {
+        "value": "mockClientSecretValue",
+        "name": "mockClientSecretKeyReference",
+        "type": "both",
+        "elementType": "clientSecretRef"
       }
     ]
   },