Refactor annotations and formatting

Use RestController, Slf4j, Getter Use textblocks Co-authored-by: Duane May <duane.may@broadcom.com>
cloudfoundry · May 10, 2024 · ea3dbe4 · ea3dbe4
1 parent c82ecd6
commit ea3dbe4
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 89 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/ConfigMetadataProvider.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/ConfigMetadataProvider.java
@@ -1,22 +1,17 @@
 package org.cloudfoundry.identity.uaa.provider.saml;
 
-//import org.opensaml.saml2.metadata.provider.AbstractMetadataProvider;
-//import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-//import org.opensaml.xml.XMLObject;
-//import org.opensaml.xml.io.UnmarshallingException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
 
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 
+@Slf4j
 public class ConfigMetadataProvider /* extends AbstractMetadataProvider */ implements ComparableProvider {
 
-    private final Logger log = LoggerFactory.getLogger(ConfigMetadataProvider.class);
-
     private final String metadata;
+    @Getter
     private final String zoneId;
+    @Getter
     private final String alias;
 
     public ConfigMetadataProvider(String zoneId, String alias, String metadata) {
@@ -45,22 +40,12 @@ public byte[] fetchMetadata() {
 //    @Override
     public boolean equals(Object o) {
         if (this == o) return true;
-        if (o == null || !(o instanceof ComparableProvider)) return false;
-        return this.compareTo((ComparableProvider)o) == 0;
+        if (!(o instanceof ComparableProvider)) return false;
+        return this.compareTo((ComparableProvider) o) == 0;
     }
 
     @Override
     public int hashCode() {
         return getHashCode();
     }
-
-    @Override
-    public String getAlias() {
-        return alias;
-    }
-
-    @Override
-    public String getZoneId() {
-        return zoneId;
-    }
 }
diff --git a/...va/org/cloudfoundry/identity/uaa/provider/saml/LoginSAMLAuthenticationFailureHandler.java b/...va/org/cloudfoundry/identity/uaa/provider/saml/LoginSAMLAuthenticationFailureHandler.java
@@ -1,9 +1,8 @@
 package org.cloudfoundry.identity.uaa.provider.saml;
 
+import lombok.extern.slf4j.Slf4j;
 import org.apache.http.client.utils.URIBuilder;
 import org.cloudfoundry.identity.uaa.util.SessionUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@@ -21,19 +20,16 @@
  * with LoginSAMLException. Currently, the only scenario for this is when a
  * shadow account does not exist for the user and the IdP configuration does not
  * allow automatic creation of the shadow account.
- *
  */
+@Slf4j
 public class LoginSAMLAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
-    private static final Logger LOG = LoggerFactory.getLogger(LoginSAMLAuthenticationFailureHandler.class);
 
     @Override
     public void onAuthenticationFailure(final HttpServletRequest request, final HttpServletResponse response,
-            final AuthenticationException exception) throws IOException, ServletException {
+                                        final AuthenticationException exception) throws IOException, ServletException {
 
         String redirectTo = null;
-
         if (exception instanceof LoginSAMLException) {
-
             HttpSession session = request.getSession();
             if (session != null) {
                 DefaultSavedRequest savedRequest =
@@ -48,10 +44,7 @@ public void onAuthenticationFailure(final HttpServletRequest request, final Http
                         uriBuilder.addParameter("error_description", exception.getMessage());
                         redirectTo = uriBuilder.toString();
 
-                        if (LOG.isDebugEnabled()) {
-                            LOG.debug("Error redirect to: " + redirectTo);
-                        }
-
+                        log.debug("Error redirect to: {}", redirectTo);
                         getRedirectStrategy().sendRedirect(request, response, redirectTo);
                     }
                 }
@@ -64,8 +57,7 @@ public void onAuthenticationFailure(final HttpServletRequest request, final Http
                 AuthenticationException e = new AuthenticationServiceException(cause.getMessage(), cause.getCause());
                 logger.debug(cause);
                 super.onAuthenticationFailure(request, response, e);
-            }
-            else {
+            } else {
                 logger.debug(exception);
                 super.onAuthenticationFailure(request, response, exception);
             }

diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/SamlMetadataEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/SamlMetadataEndpoint.java
@@ -12,35 +12,32 @@
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
 import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
-import org.springframework.stereotype.Controller;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.function.Consumer;
 
-@Controller
+@RestController
 public class SamlMetadataEndpoint {
     private static final String DEFAULT_REGISTRATION_ID = "example";
     private static final String DEFAULT_FILE_NAME = "saml-sp-metadata.xml";
-    public static final String APPLICATION_XML_CHARSET_UTF_8 = "application/xml; charset=UTF-8";
-    /*
-     * @todo - this should be a Zone aware resolver
-     */
+    private static final String APPLICATION_XML_CHARSET_UTF_8 = "application/xml; charset=UTF-8";
+    private static final String CONTENT_DISPOSITION_FORMAT = "attachment; filename=\"%s\"; filename*=UTF-8''%s";
+
+    // @todo - this should be a Zone aware resolver
     private final RelyingPartyRegistrationResolver relyingPartyRegistrationResolver;
     private final Saml2MetadataResolver saml2MetadataResolver;
 
     private String fileName;
     private String encodedFileName;
 
-    private class EntityDescriptorCustomizer implements Consumer<OpenSamlMetadataResolver.EntityDescriptorParameters> {
-
+    private static class EntityDescriptorCustomizer implements Consumer<OpenSamlMetadataResolver.EntityDescriptorParameters> {
         @Override
         public void accept(OpenSamlMetadataResolver.EntityDescriptorParameters entityDescriptorParameters) {
             EntityDescriptor descriptor = entityDescriptorParameters.getEntityDescriptor();
@@ -50,10 +47,7 @@ public void accept(OpenSamlMetadataResolver.EntityDescriptorParameters entityDes
         }
     }
 
-    public SamlMetadataEndpoint(
-            RelyingPartyRegistrationRepository relyingPartyRegistrationRepository
-
-    ) {
+    public SamlMetadataEndpoint(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
         Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null");
         this.relyingPartyRegistrationResolver = new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository);
         OpenSamlMetadataResolver resolver = new OpenSamlMetadataResolver();
@@ -63,7 +57,6 @@ public SamlMetadataEndpoint(
     }
 
     @GetMapping(value = "/saml/metadata", produces = APPLICATION_XML_CHARSET_UTF_8)
-    @ResponseBody
     public ResponseEntity<String> legacyMetadataEndpoint(HttpServletRequest request) {
         return metadataEndpoint(DEFAULT_REGISTRATION_ID, request);
     }
@@ -72,36 +65,25 @@ public ResponseEntity<String> legacyMetadataEndpoint(HttpServletRequest request)
     private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
 
     @GetMapping(value = "/saml/metadata/{registrationId}", produces = APPLICATION_XML_CHARSET_UTF_8)
-    @ResponseBody
     public ResponseEntity<String> metadataEndpoint(@PathVariable String registrationId,
                                                    HttpServletRequest request
                                                    //, HttpServletResponse response
 
     ) {
-
-        String format = "attachment; filename=\"%s\"; filename*=UTF-8''%s";
-
         RelyingPartyRegistration relyingPartyRegistration = relyingPartyRegistrationRepository.findByRegistrationId(registrationId);
         if (relyingPartyRegistration == null) {
             return ResponseEntity.status(HttpServletResponse.SC_UNAUTHORIZED).build();
         }
-        String metadata = this.saml2MetadataResolver.resolve(relyingPartyRegistration);
-
-        /*
-         * @todo - fileName may need to be dynamic based on registrationID
-        */
+        String metadata = saml2MetadataResolver.resolve(relyingPartyRegistration);
 
+         // @todo - fileName may need to be dynamic based on registrationID
         return ResponseEntity.ok()
-                .header(HttpHeaders.CONTENT_DISPOSITION, String.format(format, fileName, encodedFileName))
+                .header(HttpHeaders.CONTENT_DISPOSITION, String.format(CONTENT_DISPOSITION_FORMAT, fileName, encodedFileName))
                 .body(metadata);
     }
 
     public void setFileName(String fileName) {
-        try {
-            this.encodedFileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8.name());
-            this.fileName = fileName;
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
+        encodedFileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8);
+        this.fileName = fileName;
     }
-}
+}
diff --git a/...a/org/cloudfoundry/identity/uaa/provider/saml/SamlRelyingPartyRegistrationRepository.java b/...a/org/cloudfoundry/identity/uaa/provider/saml/SamlRelyingPartyRegistrationRepository.java
@@ -42,27 +42,30 @@ public class SamlRelyingPartyRegistrationRepository {
     @Value("${login.saml.nameID:urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified}")
     private String samlSpNameID;
 
-    @Value("${login.saml.signRequest: true}")
+    @Value("${login.saml.signRequest:true}")
     private Boolean samlSignRequest;
 
     @Bean
     RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() throws CertificateException, NoSuchAlgorithmException, InvalidKeySpecException {
 
-        String certString = new String("-----BEGIN CERTIFICATE-----\nMIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" +
-        "                    YXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\n" +
-        "                    BgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\n" +
-        "                    MjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\n" +
-        "                    ChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\n" +
-        "                    HTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
-        "                    gQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\n" +
-        "                    4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\n" +
-        "                    xhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\n" +
-        "                    GDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\n" +
-        "                    MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\n" +
-        "                    EwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\n" +
-        "                    MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\n" +
-        "                    2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\n" +
-        "                    ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=\n-----END CERTIFICATE-----");
+        String certString = """
+                -----BEGIN CERTIFICATE-----
+                MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF
+                YXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM
+                BgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2
+                MjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE
+                ChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx
+                HTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+                gQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR
+                4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY
+                xhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy
+                GDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3
+                MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL
+                EwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA
+                MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am
+                2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o
+                ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
+                -----END CERTIFICATE-----""";
         InputStream stream = new ByteArrayInputStream(certString.getBytes(StandardCharsets.UTF_8));
         CertificateFactory cf = CertificateFactory. getInstance("X.509");
         X509Certificate cert = (X509Certificate) cf. generateCertificate(stream);
@@ -76,7 +79,6 @@ RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() throws C
 
         RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
 
-        X509Certificate finalCert = cert;
         RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
                 .fromMetadataLocation(CLASSPATH_DUMMY_SAML_IDP_METADATA_XML)
                 .entityId(samlEntityID)
@@ -85,13 +87,11 @@ RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() throws C
                 .assertingPartyDetails(details -> details
                         .wantAuthnRequestsSigned(samlSignRequest)
                         )
-                .signingX509Credentials( (cred) -> cred
-                        .add(Saml2X509Credential.signing( privateKey, finalCert)
-                        )
+                .signingX509Credentials( cred -> cred
+                        .add(Saml2X509Credential.signing( privateKey, cert))
                 )
                 .build();
 
         return new InMemoryRelyingPartyRegistrationRepository(relyingPartyRegistration);
     }
-
-}
+}