Search in sources :

Example 56 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlRegisteredServiceCachedMetadataEndpoint method invalidate.

/**
 * Invalidate.
 *
 * @param serviceId the service id
 */
@DeleteOperation
@Operation(summary = "Invalidate SAML2 metadata cache using an entity id.", parameters = { @Parameter(name = "serviceId") })
public void invalidate(@Nullable final String serviceId) {
    if (StringUtils.isBlank(serviceId)) {
        cachingMetadataResolver.invalidate();
    } else {
        val registeredService = findRegisteredService(serviceId);
        val criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIdCriterion(serviceId));
        criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
        cachingMetadataResolver.invalidate(registeredService, criteriaSet);
    }
}
Also used : lombok.val(lombok.val) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) DeleteOperation(org.springframework.boot.actuate.endpoint.annotation.DeleteOperation) ReadOperation(org.springframework.boot.actuate.endpoint.annotation.ReadOperation) DeleteOperation(org.springframework.boot.actuate.endpoint.annotation.DeleteOperation) Operation(io.swagger.v3.oas.annotations.Operation)

Example 57 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlRegisteredServiceCacheKeyTests method verifyCacheKeyDynamicMetadata.

@Test
public void verifyCacheKeyDynamicMetadata() {
    val criteriaSet = new CriteriaSet();
    val entityIdCriterion = new EntityIdCriterion("https://carmenwiki.osu.edu/shibboleth");
    criteriaSet.add(entityIdCriterion);
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    val service = new SamlRegisteredService();
    service.setName("Example");
    service.setId(1000);
    service.setServiceId(".+");
    service.setMetadataLocation("https://mdq.something.net/entities/{0}");
    val result1 = new SamlRegisteredServiceCacheKey(service, criteriaSet);
    assertNotNull(result1.getId());
    assertNotNull(result1.toString());
    assertEquals(entityIdCriterion.getEntityId(), result1.getCacheKey());
    val result2 = new SamlRegisteredServiceCacheKey(service, criteriaSet);
    assertEquals(result1, result2);
}
Also used : lombok.val(lombok.val) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) Test(org.junit.jupiter.api.Test)

Example 58 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlRegisteredServiceMetadataResolverCacheLoaderTests method verifyFileByExpression.

@Test
public void verifyFileByExpression() throws Exception {
    val mdFile = File.createTempFile("spsamlmetadata", ".xml");
    val content = IOUtils.toString(new ClassPathResource("sample-sp.xml").getInputStream(), StandardCharsets.UTF_8);
    FileUtils.writeStringToFile(mdFile, content, StandardCharsets.UTF_8);
    System.setProperty("SP_REF", mdFile.getCanonicalPath());
    val props = new SamlIdPProperties();
    props.getMetadata().getFileSystem().setLocation(new FileSystemResource(FileUtils.getTempDirectory()).getFile().getCanonicalPath());
    val plan = new DefaultSamlRegisteredServiceMetadataResolutionPlan();
    plan.registerMetadataResolver(new FileSystemResourceMetadataResolver(props, openSamlConfigBean));
    val loader = new SamlRegisteredServiceMetadataResolverCacheLoader(openSamlConfigBean, httpClient, plan);
    val service = new SamlRegisteredService();
    service.setName("Example");
    service.setId(1000);
    service.setServiceId("https://example.org/saml");
    service.setMetadataLocation("${#systemProperties['SP_REF']}");
    val key = new SamlRegisteredServiceCacheKey(service, new CriteriaSet());
    assertNotNull(loader.load(key));
}
Also used : lombok.val(lombok.val) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) DefaultSamlRegisteredServiceMetadataResolutionPlan(org.apereo.cas.support.saml.services.idp.metadata.plan.DefaultSamlRegisteredServiceMetadataResolutionPlan) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) FileSystemResource(org.springframework.core.io.FileSystemResource) FileSystemResourceMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver) ClassPathResource(org.springframework.core.io.ClassPathResource) Test(org.junit.jupiter.api.Test)

Example 59 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlRegisteredServiceMetadataResolverCacheLoaderTests method verifyClasspathByExpression.

@Test
public void verifyClasspathByExpression() throws Exception {
    System.setProperty("SP_REF", "classpath:sample-sp.xml");
    val props = new SamlIdPProperties();
    props.getMetadata().getFileSystem().setLocation(new FileSystemResource(FileUtils.getTempDirectory()).getFile().getCanonicalPath());
    val plan = new DefaultSamlRegisteredServiceMetadataResolutionPlan();
    plan.registerMetadataResolver(new ClasspathResourceMetadataResolver(props, openSamlConfigBean));
    val loader = new SamlRegisteredServiceMetadataResolverCacheLoader(openSamlConfigBean, httpClient, plan);
    val service = new SamlRegisteredService();
    service.setName("Example");
    service.setId(1000);
    service.setServiceId("https://example.org/saml");
    service.setMetadataLocation("${#systemProperties['SP_REF']}");
    val key = new SamlRegisteredServiceCacheKey(service, new CriteriaSet());
    assertNotNull(loader.load(key));
}
Also used : lombok.val(lombok.val) ClasspathResourceMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.ClasspathResourceMetadataResolver) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) DefaultSamlRegisteredServiceMetadataResolutionPlan(org.apereo.cas.support.saml.services.idp.metadata.plan.DefaultSamlRegisteredServiceMetadataResolutionPlan) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) FileSystemResource(org.springframework.core.io.FileSystemResource) Test(org.junit.jupiter.api.Test)

Example 60 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlRegisteredServiceMetadataExpirationPolicyTests method verifyPolicyByServiceExpirationPolicy.

@Test
@SuppressWarnings("JavaTimeDefaultTimeZone")
public void verifyPolicyByServiceExpirationPolicy() throws Exception {
    val policy = new SamlRegisteredServiceMetadataExpirationPolicy(Beans.newDuration("PT5M"));
    val props = new SamlIdPProperties();
    props.getMetadata().getFileSystem().setLocation(new FileSystemResource(FileUtils.getTempDirectory()).getFile().getCanonicalPath());
    val service = new SamlRegisteredService();
    service.setExpirationPolicy(new DefaultRegisteredServiceExpirationPolicy().setExpirationDate(LocalDate.now(Clock.systemDefaultZone()).plusDays(1).toString()));
    service.setMetadataExpirationDuration(StringUtils.EMPTY);
    service.setServiceId("https://carmenwiki.osu.edu/shibboleth");
    service.setMetadataLocation("classpath:GroovyMetadataResolver.groovy");
    val cacheKey = new SamlRegisteredServiceCacheKey(service, new CriteriaSet());
    val resolver = mock(MetadataResolver.class);
    val entity = mock(EntityDescriptor.class);
    when(entity.getCacheDuration()).thenReturn(null);
    when(resolver.resolveSingle(argThat(argument -> argument != null && argument.size() == 1))).thenReturn(entity);
    when(resolver.resolveSingle(argThat(argument -> argument != null && argument.size() > 1))).thenReturn(null);
    assertNotEquals(policy.getDefaultExpiration(), policy.expireAfterCreate(cacheKey, resolver, System.currentTimeMillis()));
}
Also used : lombok.val(lombok.val) DefaultRegisteredServiceExpirationPolicy(org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) BaseSamlIdPServicesTests(org.apereo.cas.support.saml.services.BaseSamlIdPServicesTests) lombok.val(lombok.val) FileSystemResource(org.springframework.core.io.FileSystemResource) FileUtils(org.apache.commons.io.FileUtils) Beans(org.apereo.cas.configuration.support.Beans) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) SamlRegisteredServiceCacheKey(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCacheKey) StringUtils(org.apache.commons.lang3.StringUtils) Test(org.junit.jupiter.api.Test) Mockito(org.mockito.Mockito) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) Duration(java.time.Duration) LocalDate(java.time.LocalDate) Assertions(org.junit.jupiter.api.Assertions) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Clock(java.time.Clock) SamlRegisteredServiceMetadataExpirationPolicy(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataExpirationPolicy) Tag(org.junit.jupiter.api.Tag) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SamlRegisteredServiceCacheKey(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCacheKey) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) DefaultRegisteredServiceExpirationPolicy(org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy) SamlRegisteredServiceMetadataExpirationPolicy(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataExpirationPolicy) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) FileSystemResource(org.springframework.core.io.FileSystemResource) Test(org.junit.jupiter.api.Test)

Aggregations

CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)68 lombok.val (lombok.val)44 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)40 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)28 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)18 Test (org.junit.jupiter.api.Test)16 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)11 SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)10 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)10 ArrayList (java.util.ArrayList)9 SignatureSigningConfigurationCriterion (org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)9 MetadataResolver (org.opensaml.saml.metadata.resolver.MetadataResolver)8 SAMLMetadataSignatureSigningParametersResolver (org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)8 SneakyThrows (lombok.SneakyThrows)7 StringUtils (org.apache.commons.lang3.StringUtils)7 SignatureSigningParameters (org.opensaml.xmlsec.SignatureSigningParameters)7 FileSystemResource (org.springframework.core.io.FileSystemResource)7 SamlException (org.apereo.cas.support.saml.SamlException)6 EvaluableEntityRoleEntityDescriptorCriterion (org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion)6 Credential (org.opensaml.security.credential.Credential)6