feat: backport to IdP 4

TomiBelan · TomiBelan · commit 6b99b204a1cb · 2024-11-25T14:17:41.000+01:00
diff --git a/.github/workflows/build-snapshot.yml b/.github/workflows/build-snapshot.yml
@@ -14,10 +14,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - name: Set up JDK 17
+    - name: Set up JDK 11
       uses: actions/setup-java@v4
       with:
-        java-version: '17'
+        java-version: '11'
         distribution: 'temurin'
         cache: maven
     - name: Generate single-use GPG key
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,10 +21,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - name: Set up JDK 17
+    - name: Set up JDK 11
       uses: actions/setup-java@v4
       with:
-        java-version: '17'
+        java-version: '11'
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven
@@ -35,5 +35,5 @@ jobs:
         subject-path: andrvotr-dist/target/*.tar.gz*
     - name: Release
       run: |
-        title="Andrvotr $GITHUB_REF_NAME (for IdP 5.x)"
+        title="Andrvotr $GITHUB_REF_NAME (for IdP 4.x)"
         gh release create "$GITHUB_REF_NAME" --title "$title" --verify-tag andrvotr-dist/target/*.tar.gz*
diff --git a/andrvotr-impl/pom.xml b/andrvotr-impl/pom.xml
@@ -32,8 +32,8 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>jakarta.servlet</groupId>
-            <artifactId>jakarta.servlet-api</artifactId>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/AndrvotrPlugin.java b/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/AndrvotrPlugin.java
@@ -1,8 +1,8 @@
 package io.github.fmfi_svt.andrvotr;
 
 import java.io.IOException;
+import net.shibboleth.idp.plugin.PluginException;
 import net.shibboleth.idp.plugin.PropertyDrivenIdPPlugin;
-import net.shibboleth.profile.plugin.PluginException;
 
 public class AndrvotrPlugin extends PropertyDrivenIdPPlugin {
     public AndrvotrPlugin() throws IOException, PluginException {
diff --git a/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/AuthorityTokenGenerator.java b/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/AuthorityTokenGenerator.java
@@ -1,29 +1,30 @@
 package io.github.fmfi_svt.andrvotr;
 
 import com.google.common.base.Strings;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.List;
 import java.util.function.Function;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import net.shibboleth.idp.attribute.IdPAttributeValue;
 import net.shibboleth.idp.attribute.StringAttributeValue;
+import net.shibboleth.idp.profile.context.RelyingPartyContext;
 import net.shibboleth.idp.profile.context.SpringRequestContext;
 import net.shibboleth.idp.session.IdPSession;
 import net.shibboleth.idp.session.context.SessionContext;
-import net.shibboleth.profile.context.RelyingPartyContext;
-import net.shibboleth.shared.component.AbstractInitializableComponent;
-import net.shibboleth.shared.component.ComponentInitializationException;
-import net.shibboleth.shared.logic.Constraint;
-import net.shibboleth.shared.primitive.LoggerFactory;
-import net.shibboleth.shared.security.DataSealer;
-import net.shibboleth.shared.security.DataSealerException;
+import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.component.ComponentSupport;
+import net.shibboleth.utilities.java.support.logic.Constraint;
+import net.shibboleth.utilities.java.support.security.DataSealer;
+import net.shibboleth.utilities.java.support.security.DataSealerException;
 import org.opensaml.profile.context.ProfileRequestContext;
 import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.webflow.context.ExternalContext;
 import org.springframework.webflow.execution.RequestContext;
 
@@ -41,23 +42,23 @@ public final class AuthorityTokenGenerator extends AbstractInitializableComponen
     private Duration tokenLifetime;
 
     public void setConfig(@Nonnull Config newConfig) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         config = Constraint.isNotNull(newConfig, "Config cannot be null");
     }
 
     public void setDataSealer(@Nonnull DataSealer sealer) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         dataSealer = Constraint.isNotNull(sealer, "DataSealer cannot be null");
     }
 
     public void setIdpSessionCookieName(@Nonnull String name) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         Constraint.isFalse(Strings.isNullOrEmpty(name), "idpSessionCookieName cannot be null or empty");
         idpSessionCookieName = name;
     }
 
     public void setTokenLifetime(@Nonnull Duration lifetime) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         Constraint.isNotNull(lifetime, "Lifetime cannot be null");
         Constraint.isFalse(lifetime.isNegative() || lifetime.isZero(), "Lifetime must be positive");
         tokenLifetime = lifetime;
diff --git a/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/Config.java b/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/Config.java
@@ -1,36 +1,37 @@
 package io.github.fmfi_svt.andrvotr;
 
 import com.google.common.base.Strings;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import net.shibboleth.shared.collection.CollectionSupport;
-import net.shibboleth.shared.collection.Pair;
-import net.shibboleth.shared.component.AbstractInitializableComponent;
-import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.collection.Pair;
+import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.component.ComponentSupport;
 
 public final class Config extends AbstractInitializableComponent {
 
     private @Nullable String apiKeysString;
 
-    private @Nonnull Set<Pair<String, String>> apiKeys = CollectionSupport.emptySet();
+    private @Nonnull Set<Pair<String, String>> apiKeys = Collections.emptySet();
 
-    private @Nonnull Set<String> apiKeyFronts = CollectionSupport.emptySet();
+    private @Nonnull Set<String> apiKeyFronts = Collections.emptySet();
 
     private @Nullable String allowedConnectionsString;
 
-    private @Nonnull Set<Pair<String, String>> allowedConnections = CollectionSupport.emptySet();
+    private @Nonnull Set<Pair<String, String>> allowedConnections = Collections.emptySet();
 
-    private @Nonnull Set<String> allowedConnectionFronts = CollectionSupport.emptySet();
+    private @Nonnull Set<String> allowedConnectionFronts = Collections.emptySet();
 
     public void setApiKeys(@Nullable String string) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         apiKeysString = string;
     }
 
     public void setAllowedConnections(@Nullable String string) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         allowedConnectionsString = string;
     }
 
diff --git a/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/FabricationWebflowListener.java b/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/FabricationWebflowListener.java
@@ -1,18 +1,19 @@
 package io.github.fmfi_svt.andrvotr;
 
 import com.google.common.base.Strings;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import javax.annotation.Nonnull;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import net.shibboleth.idp.profile.context.RelyingPartyContext;
 import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
-import net.shibboleth.profile.context.RelyingPartyContext;
-import net.shibboleth.shared.component.AbstractInitializableComponent;
-import net.shibboleth.shared.component.ComponentInitializationException;
-import net.shibboleth.shared.logic.Constraint;
-import net.shibboleth.shared.primitive.LoggerFactory;
-import net.shibboleth.shared.security.DataSealer;
+import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.component.ComponentSupport;
+import net.shibboleth.utilities.java.support.logic.Constraint;
+import net.shibboleth.utilities.java.support.security.DataSealer;
 import org.opensaml.profile.context.ProfileRequestContext;
 import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.webflow.definition.StateDefinition;
 import org.springframework.webflow.execution.Event;
 import org.springframework.webflow.execution.FlowExecutionListener;
@@ -46,12 +47,12 @@ public final class FabricationWebflowListener extends AbstractInitializableCompo
     private DataSealer dataSealer;
 
     public void setDataSealer(@Nonnull DataSealer sealer) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         dataSealer = Constraint.isNotNull(sealer, "DataSealer cannot be null");
     }
 
     public void setConfig(@Nonnull Config newConfig) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         config = Constraint.isNotNull(newConfig, "Config cannot be null");
     }
 
diff --git a/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/FabricationWebflowListenerInjector.java b/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/FabricationWebflowListenerInjector.java
@@ -2,9 +2,9 @@
 
 import java.util.Map;
 import javax.annotation.Nonnull;
-import net.shibboleth.shared.component.AbstractInitializableComponent;
-import net.shibboleth.shared.primitive.LoggerFactory;
+import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
 import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
diff --git a/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/HttpController.java b/andrvotr-impl/src/main/java/io/github/fmfi_svt/andrvotr/HttpController.java
@@ -1,8 +1,6 @@
 package io.github.fmfi_svt.andrvotr;
 
 import com.google.common.base.Strings;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.net.URL;
@@ -13,18 +11,21 @@
 import java.util.List;
 import java.util.stream.Collectors;
 import javax.annotation.Nonnull;
-import net.shibboleth.shared.component.AbstractInitializableComponent;
-import net.shibboleth.shared.component.ComponentInitializationException;
-import net.shibboleth.shared.logic.Constraint;
-import net.shibboleth.shared.primitive.LoggerFactory;
-import net.shibboleth.shared.security.DataExpiredException;
-import net.shibboleth.shared.security.DataSealer;
-import net.shibboleth.shared.security.DataSealerException;
-import org.apache.hc.client5.http.classic.HttpClient;
-import org.apache.hc.client5.http.classic.methods.HttpGet;
-import org.apache.hc.core5.http.Header;
-import org.apache.hc.core5.http.io.entity.EntityUtils;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.component.ComponentSupport;
+import net.shibboleth.utilities.java.support.logic.Constraint;
+import net.shibboleth.utilities.java.support.security.DataExpiredException;
+import net.shibboleth.utilities.java.support.security.DataSealer;
+import net.shibboleth.utilities.java.support.security.DataSealerException;
+import org.apache.http.Header;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.util.EntityUtils;
 import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -44,22 +45,22 @@ public final class HttpController extends AbstractInitializableComponent {
     private String idpEntityID;
 
     public void setHttpClient(@Nonnull HttpClient client) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         httpClient = Constraint.isNotNull(client, "HttpClient cannot be null");
     }
 
     public void setConfig(@Nonnull Config newConfig) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         config = Constraint.isNotNull(newConfig, "Config cannot be null");
     }
 
     public void setDataSealer(@Nonnull DataSealer sealer) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         dataSealer = Constraint.isNotNull(sealer, "DataSealer cannot be null");
     }
 
     public void setIdpEntityID(@Nonnull String id) {
-        checkSetterPreconditions();
+        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
         Constraint.isFalse(Strings.isNullOrEmpty(id), "idpEntityId cannot be null or empty");
         idpEntityID = id;
     }
@@ -176,8 +177,9 @@ public void fabricate(@Nonnull HttpServletRequest httpRequest, @Nonnull HttpServ
         nestedRequest.addHeader(Constants.HEADER_ANDRVOTR_INTERNAL_FABRICATION_FRONT, frontEntityID);
 
         httpClient.execute(nestedRequest, (nestedResponse) -> {
-            int statusCode = nestedResponse.getCode();
-            String contentType = nestedResponse.getEntity().getContentType();
+            int statusCode = nestedResponse.getStatusLine().getStatusCode();
+            Header contentTypeHeader = nestedResponse.getEntity().getContentType();
+            String contentType = contentTypeHeader == null ? null : contentTypeHeader.getValue();
             long contentLength = nestedResponse.getEntity().getContentLength();
 
             List<String> trace = Arrays.stream(
@@ -207,7 +209,7 @@ public void fabricate(@Nonnull HttpServletRequest httpRequest, @Nonnull HttpServ
                 try {
                     if ((contentType != null && contentType.startsWith("text/"))
                             || nestedResponse.getEntity().getContentEncoding() != null) {
-                        String body = EntityUtils.toString(nestedResponse.getEntity(), 4096);
+                        String body = EntityUtils.toString(nestedResponse.getEntity());
                         log.warn("andrvotr/fabricate error body: [{}]", body.replace("\n", "[\\n]"));
                     }
                 } catch (Exception e) {
diff --git a/andrvotr-impl/src/main/resources/META-INF/net.shibboleth.idp/postconfig.xml b/andrvotr-impl/src/main/resources/META-INF/net.shibboleth.idp/postconfig.xml
@@ -19,7 +19,7 @@
         class="io.github.fmfi_svt.andrvotr.AuthorityTokenGenerator"
         p:config-ref="andrvotr.Config"
         p:dataSealer-ref="shibboleth.DataSealer"
-        p:idpSessionCookieName="%{idp.session.cookieName:__Host-shib_idp_session}"
+        p:idpSessionCookieName="%{idp.session.cookieName:shib_idp_session}"
         p:tokenLifetime="%{andrvotr.authorityTokenLifetime:PT5M}" />
 
     <bean class="io.github.fmfi_svt.andrvotr.HttpController"
diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.release>17</maven.compiler.release>
+        <maven.compiler.release>11</maven.compiler.release>
 
         <maven-dist-enforcer.version>3.3.0</maven-dist-enforcer.version>
         <maven-dist-enforcer-data.version>1.0.16</maven-dist-enforcer-data.version>
@@ -35,9 +35,9 @@
         <versions-maven-plugin.version>2.18.0</versions-maven-plugin.version>
 
         <idp.groupId>net.shibboleth.idp</idp.groupId>
-        <idp.version>5.0.0</idp.version>
+        <idp.version>4.2.0</idp.version>
         <opensaml.groupId>org.opensaml</opensaml.groupId>
-        <opensaml.version>5.0.0</opensaml.version>
+        <opensaml.version>4.2.0</opensaml.version>
         <checkstyle.configLocation>${project.basedir}/resources/checkstyle/checkstyle.xml</checkstyle.configLocation>
     </properties>
 
