mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-27 14:22:47 +00:00
Polish JdbcAssertingPartyMetadataRepository
- Remove GetBytes since it's not used yet - Remove customizable RowMapper since this can be added later - Change signing_algorithms to be a String since the conversion strategy is simple - Standardize test names - Simplify conversion of credentials using ThrowingFunction - Change column names to match RelyingPartyRegistration field names Issue gh-16012
This commit is contained in:
Josh Cummings
parent
2bd05128ec
commit
e8f920e0ee
@ -20,15 +20,13 @@ import java.sql.ResultSet;
|
|||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Types;
|
import java.sql.Types;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.function.Function;
|
import java.util.function.Function;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
|
|
||||||
import org.springframework.core.log.LogMessage;
|
|
||||||
import org.springframework.core.serializer.DefaultDeserializer;
|
import org.springframework.core.serializer.DefaultDeserializer;
|
||||||
import org.springframework.core.serializer.DefaultSerializer;
|
import org.springframework.core.serializer.DefaultSerializer;
|
||||||
import org.springframework.core.serializer.Deserializer;
|
import org.springframework.core.serializer.Deserializer;
|
||||||
@ -53,22 +51,22 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
|
|
||||||
private final JdbcOperations jdbcOperations;
|
private final JdbcOperations jdbcOperations;
|
||||||
|
|
||||||
private RowMapper<AssertingPartyMetadata> assertingPartyMetadataRowMapper = new AssertingPartyMetadataRowMapper(
|
private final RowMapper<AssertingPartyMetadata> assertingPartyMetadataRowMapper = new AssertingPartyMetadataRowMapper();
|
||||||
ResultSet::getBytes);
|
|
||||||
|
|
||||||
private final AssertingPartyMetadataParametersMapper assertingPartyMetadataParametersMapper = new AssertingPartyMetadataParametersMapper();
|
private final AssertingPartyMetadataParametersMapper assertingPartyMetadataParametersMapper = new AssertingPartyMetadataParametersMapper();
|
||||||
|
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
static final String COLUMN_NAMES = "entity_id, "
|
static final String[] COLUMN_NAMES = { "entity_id",
|
||||||
+ "singlesignon_url, "
|
"single_sign_on_service_location",
|
||||||
+ "singlesignon_binding, "
|
"single_sign_on_service_binding",
|
||||||
+ "singlesignon_sign_request, "
|
"want_authn_requests_signed",
|
||||||
+ "signing_algorithms, "
|
"signing_algorithms",
|
||||||
+ "verification_credentials, "
|
"verification_credentials",
|
||||||
+ "encryption_credentials, "
|
"encryption_credentials",
|
||||||
+ "singlelogout_url, "
|
"single_logout_service_location",
|
||||||
+ "singlelogout_response_url, "
|
"single_logout_service_response_location",
|
||||||
+ "singlelogout_binding";
|
"single_logout_service_binding" };
|
||||||
|
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|
||||||
private static final String TABLE_NAME = "saml2_asserting_party_metadata";
|
private static final String TABLE_NAME = "saml2_asserting_party_metadata";
|
||||||
@ -76,30 +74,23 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
private static final String ENTITY_ID_FILTER = "entity_id = ?";
|
private static final String ENTITY_ID_FILTER = "entity_id = ?";
|
||||||
|
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
private static final String LOAD_BY_ID_SQL = "SELECT " + COLUMN_NAMES
|
private static final String LOAD_BY_ID_SQL = "SELECT " + String.join(",", COLUMN_NAMES)
|
||||||
+ " FROM " + TABLE_NAME
|
+ " FROM " + TABLE_NAME
|
||||||
+ " WHERE " + ENTITY_ID_FILTER;
|
+ " WHERE " + ENTITY_ID_FILTER;
|
||||||
|
|
||||||
private static final String LOAD_ALL_SQL = "SELECT " + COLUMN_NAMES
|
private static final String LOAD_ALL_SQL = "SELECT " + String.join(",", COLUMN_NAMES)
|
||||||
+ " FROM " + TABLE_NAME;
|
+ " FROM " + TABLE_NAME;
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
private static final String SAVE_CREDENTIAL_RECORD_SQL = "INSERT INTO " + TABLE_NAME
|
private static final String SAVE_CREDENTIAL_RECORD_SQL = "INSERT INTO " + TABLE_NAME
|
||||||
+ " (" + COLUMN_NAMES + ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
|
+ " (" + String.join(",", COLUMN_NAMES) + ") VALUES (" + String.join(",", Collections.nCopies(COLUMN_NAMES.length, "?")) + ")";
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
private static final String UPDATE_CREDENTIAL_RECORD_SQL = "UPDATE " + TABLE_NAME
|
private static final String UPDATE_CREDENTIAL_RECORD_SQL = "UPDATE " + TABLE_NAME
|
||||||
+ " SET singlesignon_url = ?, "
|
+ " SET " + String.join(" = ?,", Arrays.copyOfRange(COLUMN_NAMES, 1, COLUMN_NAMES.length))
|
||||||
+ "singlesignon_binding = ?, "
|
+ " = ?"
|
||||||
+ "singlesignon_sign_request = ?, "
|
|
||||||
+ "signing_algorithms = ?, "
|
|
||||||
+ "verification_credentials = ?, "
|
|
||||||
+ "encryption_credentials = ?, "
|
|
||||||
+ "singlelogout_url = ?, "
|
|
||||||
+ "singlelogout_response_url = ?, "
|
|
||||||
+ "singlelogout_binding = ?"
|
|
||||||
+ " WHERE " + ENTITY_ID_FILTER;
|
+ " WHERE " + ENTITY_ID_FILTER;
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|
||||||
@ -113,18 +104,6 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
this.jdbcOperations = jdbcOperations;
|
this.jdbcOperations = jdbcOperations;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Sets the {@link RowMapper} used for mapping the current row in
|
|
||||||
* {@code java.sql.ResultSet} to {@link AssertingPartyMetadata}. The default is
|
|
||||||
* {@link AssertingPartyMetadataRowMapper}.
|
|
||||||
* @param assertingPartyMetadataRowMapper the {@link RowMapper} used for mapping the
|
|
||||||
* current row in {@code java.sql.ResultSet} to {@link AssertingPartyMetadata}
|
|
||||||
*/
|
|
||||||
public void setAssertingPartyMetadataRowMapper(RowMapper<AssertingPartyMetadata> assertingPartyMetadataRowMapper) {
|
|
||||||
Assert.notNull(assertingPartyMetadataRowMapper, "assertingPartyMetadataRowMapper cannot be null");
|
|
||||||
this.assertingPartyMetadataRowMapper = assertingPartyMetadataRowMapper;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AssertingPartyMetadata findByEntityId(String entityId) {
|
public AssertingPartyMetadata findByEntityId(String entityId) {
|
||||||
Assert.hasText(entityId, "entityId cannot be empty");
|
Assert.hasText(entityId, "entityId cannot be empty");
|
||||||
@ -172,52 +151,26 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
*/
|
*/
|
||||||
private static final class AssertingPartyMetadataRowMapper implements RowMapper<AssertingPartyMetadata> {
|
private static final class AssertingPartyMetadataRowMapper implements RowMapper<AssertingPartyMetadata> {
|
||||||
|
|
||||||
private final Log logger = LogFactory.getLog(AssertingPartyMetadataRowMapper.class);
|
|
||||||
|
|
||||||
private final Deserializer<Object> deserializer = new DefaultDeserializer();
|
private final Deserializer<Object> deserializer = new DefaultDeserializer();
|
||||||
|
|
||||||
private final GetBytes getBytes;
|
|
||||||
|
|
||||||
AssertingPartyMetadataRowMapper(GetBytes getBytes) {
|
|
||||||
this.getBytes = getBytes;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AssertingPartyMetadata mapRow(ResultSet rs, int rowNum) throws SQLException {
|
public AssertingPartyMetadata mapRow(ResultSet rs, int rowNum) throws SQLException {
|
||||||
String entityId = rs.getString("entity_id");
|
String entityId = rs.getString(COLUMN_NAMES[0]);
|
||||||
String singleSignOnUrl = rs.getString("singlesignon_url");
|
String singleSignOnUrl = rs.getString(COLUMN_NAMES[1]);
|
||||||
Saml2MessageBinding singleSignOnBinding = Saml2MessageBinding.from(rs.getString("singlesignon_binding"));
|
Saml2MessageBinding singleSignOnBinding = Saml2MessageBinding.from(rs.getString(COLUMN_NAMES[2]));
|
||||||
boolean singleSignOnSignRequest = rs.getBoolean("singlesignon_sign_request");
|
boolean singleSignOnSignRequest = rs.getBoolean(COLUMN_NAMES[3]);
|
||||||
String singleLogoutUrl = rs.getString("singlelogout_url");
|
List<String> algorithms = List.of(rs.getString(COLUMN_NAMES[4]).split(","));
|
||||||
String singleLogoutResponseUrl = rs.getString("singlelogout_response_url");
|
byte[] verificationCredentialsBytes = rs.getBytes(COLUMN_NAMES[5]);
|
||||||
Saml2MessageBinding singleLogoutBinding = Saml2MessageBinding.from(rs.getString("singlelogout_binding"));
|
byte[] encryptionCredentialsBytes = rs.getBytes(COLUMN_NAMES[6]);
|
||||||
byte[] signingAlgorithmsBytes = this.getBytes.getBytes(rs, "signing_algorithms");
|
ThrowingFunction<byte[], Collection<Saml2X509Credential>> credentials = (
|
||||||
byte[] verificationCredentialsBytes = this.getBytes.getBytes(rs, "verification_credentials");
|
bytes) -> (Collection<Saml2X509Credential>) this.deserializer.deserializeFromByteArray(bytes);
|
||||||
byte[] encryptionCredentialsBytes = this.getBytes.getBytes(rs, "encryption_credentials");
|
|
||||||
|
|
||||||
AssertingPartyMetadata.Builder<?> builder = new AssertingPartyDetails.Builder();
|
AssertingPartyMetadata.Builder<?> builder = new AssertingPartyDetails.Builder();
|
||||||
try {
|
Collection<Saml2X509Credential> verificationCredentials = credentials.apply(verificationCredentialsBytes);
|
||||||
if (signingAlgorithmsBytes != null) {
|
Collection<Saml2X509Credential> encryptionCredentials = (encryptionCredentialsBytes != null)
|
||||||
List<String> signingAlgorithms = (List<String>) this.deserializer
|
? credentials.apply(encryptionCredentialsBytes) : List.of();
|
||||||
.deserializeFromByteArray(signingAlgorithmsBytes);
|
String singleLogoutUrl = rs.getString(COLUMN_NAMES[7]);
|
||||||
builder.signingAlgorithms((algorithms) -> algorithms.addAll(signingAlgorithms));
|
String singleLogoutResponseUrl = rs.getString(COLUMN_NAMES[8]);
|
||||||
}
|
Saml2MessageBinding singleLogoutBinding = Saml2MessageBinding.from(rs.getString(COLUMN_NAMES[9]));
|
||||||
if (verificationCredentialsBytes != null) {
|
|
||||||
Collection<Saml2X509Credential> verificationCredentials = (Collection<Saml2X509Credential>) this.deserializer
|
|
||||||
.deserializeFromByteArray(verificationCredentialsBytes);
|
|
||||||
builder.verificationX509Credentials((credentials) -> credentials.addAll(verificationCredentials));
|
|
||||||
}
|
|
||||||
if (encryptionCredentialsBytes != null) {
|
|
||||||
Collection<Saml2X509Credential> encryptionCredentials = (Collection<Saml2X509Credential>) this.deserializer
|
|
||||||
.deserializeFromByteArray(encryptionCredentialsBytes);
|
|
||||||
builder.encryptionX509Credentials((credentials) -> credentials.addAll(encryptionCredentials));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (Exception ex) {
|
|
||||||
this.logger.debug(LogMessage.format("Parsing serialized credentials for entity %s failed", entityId),
|
|
||||||
ex);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
builder.entityId(entityId)
|
builder.entityId(entityId)
|
||||||
.wantAuthnRequestsSigned(singleSignOnSignRequest)
|
.wantAuthnRequestsSigned(singleSignOnSignRequest)
|
||||||
@ -225,7 +178,10 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
.singleSignOnServiceBinding(singleSignOnBinding)
|
.singleSignOnServiceBinding(singleSignOnBinding)
|
||||||
.singleLogoutServiceLocation(singleLogoutUrl)
|
.singleLogoutServiceLocation(singleLogoutUrl)
|
||||||
.singleLogoutServiceBinding(singleLogoutBinding)
|
.singleLogoutServiceBinding(singleLogoutBinding)
|
||||||
.singleLogoutServiceResponseLocation(singleLogoutResponseUrl);
|
.singleLogoutServiceResponseLocation(singleLogoutResponseUrl)
|
||||||
|
.signingAlgorithms((a) -> a.addAll(algorithms))
|
||||||
|
.verificationX509Credentials((c) -> c.addAll(verificationCredentials))
|
||||||
|
.encryptionX509Credentials((c) -> c.addAll(encryptionCredentials));
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -244,8 +200,7 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
parameters.add(new SqlParameterValue(Types.VARCHAR, record.getSingleSignOnServiceLocation()));
|
parameters.add(new SqlParameterValue(Types.VARCHAR, record.getSingleSignOnServiceLocation()));
|
||||||
parameters.add(new SqlParameterValue(Types.VARCHAR, record.getSingleSignOnServiceBinding().getUrn()));
|
parameters.add(new SqlParameterValue(Types.VARCHAR, record.getSingleSignOnServiceBinding().getUrn()));
|
||||||
parameters.add(new SqlParameterValue(Types.BOOLEAN, record.getWantAuthnRequestsSigned()));
|
parameters.add(new SqlParameterValue(Types.BOOLEAN, record.getWantAuthnRequestsSigned()));
|
||||||
ThrowingFunction<List<String>, byte[]> algorithms = this.serializer::serializeToByteArray;
|
parameters.add(new SqlParameterValue(Types.BLOB, String.join(",", record.getSigningAlgorithms())));
|
||||||
parameters.add(new SqlParameterValue(Types.BLOB, algorithms.apply(record.getSigningAlgorithms())));
|
|
||||||
ThrowingFunction<Collection<Saml2X509Credential>, byte[]> credentials = this.serializer::serializeToByteArray;
|
ThrowingFunction<Collection<Saml2X509Credential>, byte[]> credentials = this.serializer::serializeToByteArray;
|
||||||
parameters
|
parameters
|
||||||
.add(new SqlParameterValue(Types.BLOB, credentials.apply(record.getVerificationX509Credentials())));
|
.add(new SqlParameterValue(Types.BLOB, credentials.apply(record.getVerificationX509Credentials())));
|
||||||
@ -259,10 +214,4 @@ public final class JdbcAssertingPartyMetadataRepository implements AssertingPart
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private interface GetBytes {
|
|
||||||
|
|
||||||
byte[] getBytes(ResultSet rs, String columnName) throws SQLException;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,14 +1,14 @@
|
|||||||
CREATE TABLE saml2_asserting_party_metadata
|
CREATE TABLE saml2_asserting_party_metadata
|
||||||
(
|
(
|
||||||
entity_id VARCHAR(1000) NOT NULL,
|
entity_id VARCHAR(1000) NOT NULL,
|
||||||
singlesignon_url VARCHAR(1000) NOT NULL,
|
single_sign_on_service_location VARCHAR(1000) NOT NULL,
|
||||||
singlesignon_binding VARCHAR(100),
|
single_sign_on_service_binding VARCHAR(100),
|
||||||
singlesignon_sign_request boolean,
|
want_authn_requests_signed boolean,
|
||||||
signing_algorithms BYTEA,
|
signing_algorithms BYTEA,
|
||||||
verification_credentials BYTEA NOT NULL,
|
verification_credentials BYTEA NOT NULL,
|
||||||
encryption_credentials BYTEA,
|
encryption_credentials BYTEA,
|
||||||
singlelogout_url VARCHAR(1000),
|
single_logout_service_location VARCHAR(1000),
|
||||||
singlelogout_response_url VARCHAR(1000),
|
single_logout_service_response_location VARCHAR(1000),
|
||||||
singlelogout_binding VARCHAR(100),
|
single_logout_service_binding VARCHAR(100),
|
||||||
PRIMARY KEY (entity_id)
|
PRIMARY KEY (entity_id)
|
||||||
);
|
);
|
||||||
|
|||||||
@ -1,14 +1,14 @@
|
|||||||
CREATE TABLE saml2_asserting_party_metadata
|
CREATE TABLE saml2_asserting_party_metadata
|
||||||
(
|
(
|
||||||
entity_id VARCHAR(1000) NOT NULL,
|
entity_id VARCHAR(1000) NOT NULL,
|
||||||
singlesignon_url VARCHAR(1000) NOT NULL,
|
single_sign_on_service_location VARCHAR(1000) NOT NULL,
|
||||||
singlesignon_binding VARCHAR(100),
|
single_sign_on_service_binding VARCHAR(100),
|
||||||
singlesignon_sign_request boolean,
|
want_authn_requests_signed boolean,
|
||||||
signing_algorithms blob,
|
signing_algorithms VARCHAR(256) NOT NULL,
|
||||||
verification_credentials blob NOT NULL,
|
verification_credentials blob NOT NULL,
|
||||||
encryption_credentials blob,
|
encryption_credentials blob,
|
||||||
singlelogout_url VARCHAR(1000),
|
single_logout_service_location VARCHAR(1000),
|
||||||
singlelogout_response_url VARCHAR(1000),
|
single_logout_service_response_location VARCHAR(1000),
|
||||||
singlelogout_binding VARCHAR(100),
|
single_logout_service_binding VARCHAR(100),
|
||||||
PRIMARY KEY (entity_id)
|
PRIMARY KEY (entity_id)
|
||||||
);
|
);
|
||||||
|
|||||||
@ -79,7 +79,7 @@ class JdbcAssertingPartyMetadataRepositoryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void findByEntityId() {
|
void findByEntityIdWhenEntityPresentThenReturns() {
|
||||||
this.repository.save(this.metadata);
|
this.repository.save(this.metadata);
|
||||||
|
|
||||||
AssertingPartyMetadata found = this.repository.findByEntityId(this.metadata.getEntityId());
|
AssertingPartyMetadata found = this.repository.findByEntityId(this.metadata.getEntityId());
|
||||||
@ -88,17 +88,14 @@ class JdbcAssertingPartyMetadataRepositoryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void findByEntityIdWhenNotExists() {
|
void findByEntityIdWhenNotExistsThenNull() {
|
||||||
AssertingPartyMetadata found = this.repository.findByEntityId("non-existent-entity-id");
|
AssertingPartyMetadata found = this.repository.findByEntityId("non-existent-entity-id");
|
||||||
assertThat(found).isNull();
|
assertThat(found).isNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void iterator() {
|
void iteratorWhenEnitiesExistThenContains() {
|
||||||
AssertingPartyMetadata second = RelyingPartyRegistration.withAssertingPartyMetadata(this.metadata)
|
AssertingPartyMetadata second = this.metadata.mutate().entityId("https://example.org/idp").build();
|
||||||
.assertingPartyMetadata((a) -> a.entityId("https://example.org/idp"))
|
|
||||||
.build()
|
|
||||||
.getAssertingPartyMetadata();
|
|
||||||
this.repository.save(this.metadata);
|
this.repository.save(this.metadata);
|
||||||
this.repository.save(second);
|
this.repository.save(second);
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user