From d9633de1624a8b3a6312beffa85f06a678217791 Mon Sep 17 00:00:00 2001
From: Bill Smith <wsmith@unicon.net>
Date: Tue, 19 Jun 2018 14:21:40 -0700
Subject: [PATCH] [SHIBUI-525]

First pass at SignatureValidationFilter. Still need tests.
---
 .../JPAMetadataResolverServiceImpl.groovy     | 16 +++++++-
 .../controller/MetadataFiltersController.java | 16 +++++++-
 .../ui/domain/filters/MetadataFilter.java     |  3 +-
 .../filters/SignatureValidationFilter.java    | 41 +++++++++++++++++++
 .../SignatureValidationFilterRepository.java  | 16 ++++++++
 5 files changed, 88 insertions(+), 4 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/SignatureValidationFilterRepository.java

diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
index 664599cfa..91145680e 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
@@ -4,6 +4,7 @@ import com.google.common.base.Predicate
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.DynamicHttpMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.FileBackedHttpMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetadataResolver
@@ -129,7 +130,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
     }
 
     void constructXmlNodeForFilter(EntityRoleWhiteListFilter filter, def markupBuilderDelegate) {
-        markupBuilderDelegate.MetadataFilter(
+        markupBuilderDelegate.MetadataFilter(id: filter.name,
                 'xsi:type': 'EntityRoleWhiteList',
                 'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata'
         ) {
@@ -139,6 +140,19 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
         }
     }
 
+    void constructXmlNodeForFilter(SignatureValidationFilter filter, def markupBuilderDelegate) {
+        markupBuilderDelegate.MetadataFilter(id: filter.name,
+                'xsi:type': 'SignatureValidation',
+                'xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
+                'requireSignedRoot': !filter.requireSignedRoot ?: null,
+                'certificateFile': filter.certificateFile,
+                'defaultCriteriaRef': filter.defaultCriteriaRef,
+                'signaturePrevalidatorRef': filter.signaturePrevalidatorRef,
+                'dynamicTrustedNamesStrategyRef': filter.dynamicTrustedNamesStrategyRef,
+                'trustEngineRef': filter.trustEngineRef,
+                'publicKey': filter.publicKey)
+    }
+
     void constructXmlNodeForResolver(DynamicHttpMetadataResolver resolver, def markupBuilderDelegate, Closure childNodes) {
         markupBuilderDelegate.MetadataProvider(id: resolver.name,
                 'xsi:type': 'DynamicHttpMetadataProvider',
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersController.java
index 40de7ea46..55b56b329 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersController.java
@@ -3,10 +3,9 @@
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
-import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter;
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
-import edu.internet2.tier.shibboleth.admin.ui.service.FilterService;
 import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -154,6 +153,9 @@ private MetadataFilter convertIntoTransientRepresentationIfNecessary(Stream<Meta
      * Add else if instanceof block here for each concrete filter types we add in the future
      */
     private void updateConcreteFilterTypeData(MetadataFilter filterToBeUpdated, MetadataFilter filterWithUpdatedData) {
+        //TODO: Could we maybe use Dozer here before things get out of control? https://dozermapper.github.io
+        // Mapper mapper = new net.sf.dozer.Mapper(); // or autowire one
+        // mapper.map(fromFilter, toFilter);
         if(filterWithUpdatedData instanceof EntityAttributesFilter) {
             EntityAttributesFilter toFilter = EntityAttributesFilter.class.cast(filterToBeUpdated);
             EntityAttributesFilter fromFilter = EntityAttributesFilter.class.cast(filterWithUpdatedData);
@@ -167,6 +169,16 @@ else if(filterWithUpdatedData instanceof EntityRoleWhiteListFilter) {
             toFilter.setRemoveEmptyEntitiesDescriptors(fromFilter.getRemoveEmptyEntitiesDescriptors());
             toFilter.setRemoveRolelessEntityDescriptors(fromFilter.getRemoveRolelessEntityDescriptors());
             toFilter.setRetainedRoles(fromFilter.getRetainedRoles());
+        } else if (filterWithUpdatedData instanceof SignatureValidationFilter) {
+            SignatureValidationFilter toFilter = SignatureValidationFilter.class.cast(filterToBeUpdated);
+            SignatureValidationFilter fromFilter = SignatureValidationFilter.class.cast(filterWithUpdatedData);
+            toFilter.setRequireSignedRoot(fromFilter.getRequireSignedRoot());
+            toFilter.setCertificateFile(fromFilter.getCertificateFile());
+            toFilter.setDefaultCriteriaRef(fromFilter.getDefaultCriteriaRef());
+            toFilter.setSignaturePrevalidatorRef(fromFilter.getSignaturePrevalidatorRef());
+            toFilter.setDynamicTrustedNamesStrategyRef(fromFilter.getDynamicTrustedNamesStrategyRef());
+            toFilter.setTrustEngineRef(fromFilter.getTrustEngineRef());
+            toFilter.setPublicKey(fromFilter.getPublicKey());
         }
         //TODO: add other types of concrete filters update here
     }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
index aa5b063a4..0dba9b676 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/MetadataFilter.java
@@ -29,7 +29,8 @@
 @ToString
 @JsonTypeInfo(use = JsonTypeInfo.Id.NAME, include = JsonTypeInfo.As.EXISTING_PROPERTY, property = "@type", visible = true)
 @JsonSubTypes({@JsonSubTypes.Type(value=EntityRoleWhiteListFilter.class, name="EntityRoleWhiteList"),
-       @JsonSubTypes.Type(value=EntityAttributesFilter.class, name="EntityAttributes")})
+        @JsonSubTypes.Type(value=EntityAttributesFilter.class, name="EntityAttributes"),
+        @JsonSubTypes.Type(value=SignatureValidationFilter.class, name="SignatureValidation")})
 public class MetadataFilter extends AbstractAuditable {
 
     @JsonProperty("@type")
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java
new file mode 100644
index 000000000..f5bd331b9
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/SignatureValidationFilter.java
@@ -0,0 +1,41 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain.filters;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+
+import javax.persistence.CollectionTable;
+import javax.persistence.Column;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.JoinColumn;
+import javax.persistence.OrderColumn;
+import java.util.ArrayList;
+import java.util.List;
+
+@Entity
+@EqualsAndHashCode(callSuper = true)
+@Getter
+@Setter
+@ToString
+public class SignatureValidationFilter extends MetadataFilter {
+
+    public SignatureValidationFilter() {
+        type = "SignatureValidation";
+    }
+
+    private Boolean requireSignedRoot = true;
+
+    private String certificateFile;
+
+    private String defaultCriteriaRef;
+
+    private String signaturePrevalidatorRef;
+
+    private String dynamicTrustedNamesStrategyRef;
+
+    private String trustEngineRef;
+
+    private String publicKey;
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/SignatureValidationFilterRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/SignatureValidationFilterRepository.java
new file mode 100644
index 000000000..7b1c70e0f
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/SignatureValidationFilterRepository.java
@@ -0,0 +1,16 @@
+package edu.internet2.tier.shibboleth.admin.ui.repository;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter;
+import org.springframework.data.repository.CrudRepository;
+
+/**
+ * Spring Data CRUD repository for instances of {@link SignatureValidationFilter}s.
+ */
+public interface SignatureValidationFilterRepository extends CrudRepository<SignatureValidationFilter, Long> {
+
+    SignatureValidationFilter findByName(String name);
+
+    SignatureValidationFilter findByResourceId(String resourceId);
+
+    boolean deleteByResourceId(String resourceId);
+}