Skip to content

Commit

Permalink
Merged in SHIBUI-920 (pull request #213)
Browse files Browse the repository at this point in the history 
SHIBUI-920

Approved-by: Dmitriy Kopylenko <dkopylenko@unicon.net>
Approved-by: Bill Smith <wsmith@unicon.net>
  • Loading branch information
Jonathan Johnson committed Oct 10, 2018
2 parents 6ca0465 + 7aee901 commit f0d54af
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 15 deletions.
5 changes: 0 additions & 5 deletions ...oovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,11 +128,6 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
//TODO: We do not currently marshall the internal incommon chaining resolver (with BaseMetadataResolver type)
if ((mr.type != 'BaseMetadataResolver') && (mr.enabled)) {
constructXmlNodeForResolver(mr, delegate) {
MetadataFilter(
'xsi:type': 'SignatureValidation',
'requireSignedRoot': 'true',
'certificateFile': '%{idp.home}/credentials/inc-md-cert.pem'
)
//TODO: enhance
mr.metadataFilters.each { edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter filter ->
constructXmlNodeForFilter(filter, delegate)
Expand Down
8 changes: 8 additions & 0 deletions ...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.scheduled.MetadataProvidersScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
Expand Down Expand Up @@ -34,6 +35,7 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.ResourceBundleMessageSource;
import org.springframework.core.io.Resource;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
Expand Down Expand Up @@ -95,6 +97,12 @@ public EntityDescriptorFilesScheduledTasks entityDescriptorFilesScheduledTasks(E
return new EntityDescriptorFilesScheduledTasks(metadataDir, entityDescriptorRepository, openSamlObjects());
}

@Bean
@ConditionalOnProperty(name = "shibui.metadataProviders.target")
public MetadataProvidersScheduledTasks metadataProvidersScheduledTasks(@Value("${shibui.metadataProviders.target}") final Resource resource, final MetadataResolverService metadataResolverService) {
return new MetadataProvidersScheduledTasks(resource, metadataResolverService);
}

@Bean
public EntityIdsSearchService entityIdsSearchService(LuceneUtility luceneUtility, Analyzer fullTokenAnalyzer) {
return new EntityIdsSearchServiceImpl(luceneUtility, fullTokenAnalyzer);
Expand Down
49 changes: 49 additions & 0 deletions ...ava/edu/internet2/tier/shibboleth/admin/ui/scheduled/MetadataProvidersScheduledTasks.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
package edu.internet2.tier.shibboleth.admin.ui.scheduled;

import edu.internet2.tier.shibboleth.admin.ui.service.MetadataResolverService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.io.WritableResource;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.transaction.annotation.Transactional;

import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import java.io.IOException;
import java.io.OutputStream;

@Configuration
@ConditionalOnProperty("shibui.metadataProviders.target")
public class MetadataProvidersScheduledTasks {
private static final Logger logger = LoggerFactory.getLogger(MetadataProvidersScheduledTasks.class);

private final Resource target;
private final MetadataResolverService metadataResolverService;

public MetadataProvidersScheduledTasks(Resource target, MetadataResolverService metadataResolverService) {
this.target = target;
this.metadataResolverService = metadataResolverService;
}

@Scheduled(fixedRateString = "${shibui.metadataProviders.taskRunRate:30000}")
@Transactional(readOnly = true)
public void generateMetadataProvidersFile() {
try (OutputStream os = ((WritableResource)target).getOutputStream()) {
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");


transformer.transform(new DOMSource(metadataResolverService.generateConfiguration()), new StreamResult(os));
} catch (IOException | TransformerException e) {
logger.error(e.getLocalizedMessage(), e);
}
}
}
6 changes: 6 additions & 0 deletions backend/src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,9 @@ spring.profiles.active=default
#Actuator endpoints (info)
# Un-comment to get full git details exposed like author, abbreviated SHA-1, commit message
#management.info.git.mode=full

###
# metadata-providers.xml write configuration

# shibui.metadataProviders.target=file:/opt/shibboleth-idp/conf/shibui-metadata-providers.xml
# shibui.metadataProviders.taskRunRate=30000
3 changes: 3 additions & 0 deletions ...rnet2/tier/shibboleth/admin/ui/service/IncommonJPAMetadataResolverServiceImplTests.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFil
import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilterTarget
import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityRoleWhiteListFilter
import edu.internet2.tier.shibboleth.admin.ui.domain.filters.RequiredValidUntilFilter
import edu.internet2.tier.shibboleth.admin.ui.domain.filters.SignatureValidationFilter
import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
import edu.internet2.tier.shibboleth.admin.ui.util.TestObjectGenerator
Expand Down Expand Up @@ -48,6 +49,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends Specification {
def 'simple test generation of metadata-providers.xml'() {
when:
def mr = metadataResolverRepository.findAll().iterator().next()
mr.metadataFilters << new SignatureValidationFilter(requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem')
mr.metadataFilters << requiredValidUntilFilterForXmlGenerationTests()
mr.metadataFilters << entityRoleWhiteListFilterForXmlGenerationTests()
metadataResolverRepository.save(mr)
Expand All @@ -63,6 +65,7 @@ class IncommonJPAMetadataResolverServiceImplTests extends Specification {
when:
//TODO: this might break later
def mr = metadataResolverRepository.findAll().iterator().next()
mr.metadataFilters << new SignatureValidationFilter(requireSignedRoot: true, certificateFile: '%{idp.home}/credentials/inc-md-cert.pem')
mr.metadataFilters << requiredValidUntilFilterForXmlGenerationTests()
mr.metadataFilters.add(new EntityAttributesFilter().with {
it.entityAttributesFilterTarget = new EntityAttributesFilterTarget().with {
Expand Down
6 changes: 1 addition & 5 deletions backend/src/test/resources/conf/278.2.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
socketTimeout="PT5S"
supportedContentTypes="[]"
xsi:type="DynamicHttpMetadataProvider">
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" requireSignedRoot="true" xsi:type="SignatureValidation"/>
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" xsi:type="SignatureValidation"/>
<MetadataFilter maxValidityInterval="P14D" xsi:type="RequiredValidUntil"/>
<MetadataFilter xsi:type="EntityAttributes">
<saml:Attribute
Expand All @@ -42,8 +42,6 @@
metadataURL="https://idp.unicon.net/idp/shibboleth"
minRefreshDelay='PT0M'
maxRefreshDelay='P1D'>
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
certificateFile="%{idp.home}/credentials/inc-md-cert.pem" />
</MetadataProvider>
<MetadataProvider id="LocalDynamic"
backgroundInitializationFromCacheDelay="PT2S"
Expand All @@ -55,15 +53,13 @@
removeIdleEntityData="true"
sourceDirectory="/tmp"
xsi:type="DynamicHttpMetadataProvider">
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" requireSignedRoot="true" xsi:type="SignatureValidation"/>
</MetadataProvider>
<MetadataProvider id="ClasspathResourceMetadata"
refreshDelayFactor="0.3"
xsi:type="ResourceBackedMetadataProvider">
<MetadataResource xmlns:resource="urn:mace:shibboleth:2.0:resource"
xsi:type="resource:ClasspathResource"
file="metadata/metadata.xml" />
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" requireSignedRoot="true" xsi:type="SignatureValidation"/>
</MetadataProvider>

</MetadataProvider>
6 changes: 1 addition & 5 deletions backend/src/test/resources/conf/278.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
socketTimeout="PT5S"
supportedContentTypes="[]"
xsi:type="DynamicHttpMetadataProvider">
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" requireSignedRoot="true" xsi:type="SignatureValidation"/>
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" xsi:type="SignatureValidation"/>
<MetadataFilter maxValidityInterval="P14D" xsi:type="RequiredValidUntil"/>
<MetadataFilter xsi:type="EntityRoleWhiteList" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
Expand All @@ -35,8 +35,6 @@
metadataURL="https://idp.unicon.net/idp/shibboleth"
minRefreshDelay='PT0M'
maxRefreshDelay='P1D'>
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
certificateFile="%{idp.home}/credentials/inc-md-cert.pem" />
</MetadataProvider>
<MetadataProvider id="LocalDynamic"
backgroundInitializationFromCacheDelay="PT2S"
Expand All @@ -48,14 +46,12 @@
removeIdleEntityData="true"
sourceDirectory="/tmp"
xsi:type="DynamicHttpMetadataProvider">
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" requireSignedRoot="true" xsi:type="SignatureValidation"/>
</MetadataProvider>
<MetadataProvider id="ClasspathResourceMetadata"
refreshDelayFactor="0.3"
xsi:type="ResourceBackedMetadataProvider">
<MetadataResource xmlns:resource="urn:mace:shibboleth:2.0:resource"
xsi:type="resource:ClasspathResource"
file="metadata/metadata.xml" />
<MetadataFilter certificateFile="%{idp.home}/credentials/inc-md-cert.pem" requireSignedRoot="true" xsi:type="SignatureValidation"/>
</MetadataProvider>
</MetadataProvider>

0 comments on commit f0d54af

Please sign in to comment.