You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2020/10/21 07:17:45 UTC
[syncope] branch master updated: SYNCOPE-1593: signing/encryption
algs per WA SAML2 SP (#221)
This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 8755e9c SYNCOPE-1593: signing/encryption algs per WA SAML2 SP (#221)
8755e9c is described below
commit 8755e9cd79704e979014c5eee567f7e16e970334
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Wed Oct 21 11:17:36 2020 +0400
SYNCOPE-1593: signing/encryption algs per WA SAML2 SP (#221)
---
.../syncope/common/lib/XmlSecAlgorithms.java | 168 +++++++++++++++++++++
.../syncope/common/lib/to/client/SAML2SPTO.java | 76 ++++++++++
.../core/persistence/api/entity/auth/SAML2SP.java | 27 ++++
.../persistence/jpa/entity/auth/JPASAML2SP.java | 109 +++++++++++++
.../core/persistence/jpa/inner/SAML2SPTest.java | 32 ++--
.../java/data/ClientAppDataBinderImpl.java | 16 ++
6 files changed, 419 insertions(+), 9 deletions(-)
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/XmlSecAlgorithms.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/XmlSecAlgorithms.java
new file mode 100644
index 0000000..7fac813
--- /dev/null
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/XmlSecAlgorithms.java
@@ -0,0 +1,168 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.syncope.common.lib;
+
+public enum XmlSecAlgorithms {
+
+ /**
+ * Triple DES EDE (192 bit key) in CBC mode
+ */
+ TRIPLEDES("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"),
+
+ /**
+ * AES 128 Cipher
+ */
+ AES_128("http://www.w3.org/2001/04/xmlenc#aes128-cbc"),
+
+ /**
+ * AES 256 Cipher
+ */
+ AES_256("http://www.w3.org/2001/04/xmlenc#aes256-cbc"),
+
+ /**
+ * AES 192 Cipher
+ */
+ AES_192("http://www.w3.org/2001/04/xmlenc#aes192-cbc"),
+
+ /**
+ * AES 128 GCM Cipher
+ */
+ AES_128_GCM("http://www.w3.org/2009/xmlenc11#aes128-gcm"),
+
+ /**
+ * AES 192 GCM Cipher
+ */
+ AES_192_GCM("http://www.w3.org/2009/xmlenc11#aes192-gcm"),
+
+ /**
+ * AES 256 GCM Cipher
+ */
+ AES_256_GCM("http://www.w3.org/2009/xmlenc11#aes256-gcm"),
+
+ /**
+ * SEED 128 Cipher
+ */
+ SEED_128("http://www.w3.org/2007/05/xmldsig-more#seed128-cbc"),
+
+ /**
+ * CAMELLIA 128 Cipher
+ */
+ CAMELLIA_128("http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc"),
+
+ /**
+ * CAMELLIA 192 Cipher
+ */
+ CAMELLIA_192("http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc"),
+
+ /**
+ * CAMELLIA 256 Cipher
+ */
+ CAMELLIA_256("http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc"),
+
+ /**
+ * RSA 1.5 Cipher
+ */
+ RSA_v1dot5("http://www.w3.org/2001/04/xmlenc#rsa-1_5"),
+
+ /**
+ * RSA OAEP Cipher
+ */
+ RSA_OAEP("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"),
+
+ /**
+ * RSA OAEP Cipher
+ */
+ RSA_OAEP_11("http://www.w3.org/2009/xmlenc11#rsa-oaep"),
+
+ /**
+ * DIFFIE_HELLMAN Cipher
+ */
+ DIFFIE_HELLMAN("http://www.w3.org/2001/04/xmlenc#dh"),
+
+ /**
+ * Triple DES EDE (192 bit key) in CBC mode KEYWRAP
+ */
+ TRIPLEDES_KeyWrap("http://www.w3.org/2001/04/xmlenc#kw-tripledes"),
+
+ /**
+ * AES 128 Cipher KeyWrap
+ */
+ AES_128_KeyWrap("http://www.w3.org/2001/04/xmlenc#kw-aes128"),
+
+ /**
+ * AES 256 Cipher KeyWrap
+ */
+ AES_256_KeyWrap("http://www.w3.org/2001/04/xmlenc#kw-aes256"),
+
+ /**
+ * AES 192 Cipher KeyWrap
+ */
+ AES_192_KeyWrap("http://www.w3.org/2001/04/xmlenc#kw-aes192"),
+
+ /**
+ * CAMELLIA 128 Cipher KeyWrap
+ */
+ CAMELLIA_128_KeyWrap("http://www.w3.org/2001/04/xmldsig-more#kw-camellia128"),
+
+ /**
+ * CAMELLIA 192 Cipher KeyWrap
+ */
+ CAMELLIA_192_KeyWrap("http://www.w3.org/2001/04/xmldsig-more#kw-camellia192"),
+
+ /**
+ * CAMELLIA 256 Cipher KeyWrap
+ */
+ CAMELLIA_256_KeyWrap("http://www.w3.org/2001/04/xmldsig-more#kw-camellia256"),
+
+ /**
+ * SEED 128 Cipher KeyWrap
+ */
+ SEED_128_KeyWrap("http://www.w3.org/2007/05/xmldsig-more#kw-seed128"),
+
+ /**
+ * SHA1 Cipher
+ */
+ SHA1("http://www.w3.org/2000/09/xmldsig#sha1"),
+
+ /**
+ * SHA256 Cipher
+ */
+ SHA256("http://www.w3.org/2001/04/xmlenc#sha256"),
+
+ /**
+ * SHA512 Cipher
+ */
+ SHA512("http://www.w3.org/2001/04/xmlenc#sha512"),
+
+ /**
+ * RIPEMD Cipher
+ */
+ RIPEMD_160("http://www.w3.org/2001/04/xmlenc#ripemd160");
+
+ private final String algorithm;
+
+ XmlSecAlgorithms(final String uri) {
+ this.algorithm = uri;
+ }
+
+ public String getAlgorithm() {
+ return algorithm;
+ }
+}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2SPTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2SPTO.java
index cdedf9e..5638b11 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2SPTO.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2SPTO.java
@@ -23,8 +23,12 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import io.swagger.v3.oas.annotations.media.Schema;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.XmlSecAlgorithms;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import java.util.ArrayList;
+import java.util.List;
+
@Schema(allOf = { ClientAppTO.class })
public class SAML2SPTO extends ClientAppTO {
@@ -56,6 +60,18 @@ public class SAML2SPTO extends ClientAppTO {
private String serviceProviderNameIdQualifier;
+ private List<XmlSecAlgorithms> signingSignatureAlgorithms = new ArrayList<>();
+
+ private List<XmlSecAlgorithms> signingSignatureReferenceDigestMethods = new ArrayList<>();
+
+ private List<XmlSecAlgorithms> encryptionDataAlgorithms = new ArrayList<>();
+
+ private List<XmlSecAlgorithms> encryptionKeyAlgorithms = new ArrayList<>();
+
+ private List<XmlSecAlgorithms> signingSignatureBlackListedAlgorithms = new ArrayList<>();
+
+ private List<XmlSecAlgorithms> encryptionBlackListedAlgorithms = new ArrayList<>();
+
@JacksonXmlProperty(localName = "_class", isAttribute = true)
@JsonProperty("_class")
@Schema(name = "_class", required = true, example = "org.apache.syncope.common.lib.to.client.SAML2SPTO")
@@ -168,6 +184,54 @@ public class SAML2SPTO extends ClientAppTO {
this.serviceProviderNameIdQualifier = serviceProviderNameIdQualifier;
}
+ public List<XmlSecAlgorithms> getSigningSignatureAlgorithms() {
+ return signingSignatureAlgorithms;
+ }
+
+ public List<XmlSecAlgorithms> getSigningSignatureReferenceDigestMethods() {
+ return signingSignatureReferenceDigestMethods;
+ }
+
+ public List<XmlSecAlgorithms> getEncryptionDataAlgorithms() {
+ return encryptionDataAlgorithms;
+ }
+
+ public List<XmlSecAlgorithms> getEncryptionKeyAlgorithms() {
+ return encryptionKeyAlgorithms;
+ }
+
+ public void setSigningSignatureAlgorithms(final List<XmlSecAlgorithms> signingSignatureAlgorithms) {
+ this.signingSignatureAlgorithms = signingSignatureAlgorithms;
+ }
+
+ public void setSigningSignatureReferenceDigestMethods(final List<XmlSecAlgorithms> algs) {
+ this.signingSignatureReferenceDigestMethods = algs;
+ }
+
+ public void setEncryptionDataAlgorithms(final List<XmlSecAlgorithms> encryptionDataAlgorithms) {
+ this.encryptionDataAlgorithms = encryptionDataAlgorithms;
+ }
+
+ public void setEncryptionKeyAlgorithms(final List<XmlSecAlgorithms> encryptionKeyAlgorithms) {
+ this.encryptionKeyAlgorithms = encryptionKeyAlgorithms;
+ }
+
+ public List<XmlSecAlgorithms> getSigningSignatureBlackListedAlgorithms() {
+ return signingSignatureBlackListedAlgorithms;
+ }
+
+ public void setSigningSignatureBlackListedAlgorithms(final List<XmlSecAlgorithms> algs) {
+ this.signingSignatureBlackListedAlgorithms = algs;
+ }
+
+ public List<XmlSecAlgorithms> getEncryptionBlackListedAlgorithms() {
+ return encryptionBlackListedAlgorithms;
+ }
+
+ public void setEncryptionBlackListedAlgorithms(final List<XmlSecAlgorithms> algs) {
+ this.encryptionBlackListedAlgorithms = algs;
+ }
+
@Override
public boolean equals(final Object obj) {
if (obj == null) {
@@ -195,6 +259,12 @@ public class SAML2SPTO extends ClientAppTO {
.append(this.nameIdQualifier, rhs.nameIdQualifier)
.append(this.assertionAudiences, rhs.assertionAudiences)
.append(this.serviceProviderNameIdQualifier, rhs.serviceProviderNameIdQualifier)
+ .append(this.signingSignatureAlgorithms, rhs.signingSignatureAlgorithms)
+ .append(this.signingSignatureReferenceDigestMethods, rhs.signingSignatureReferenceDigestMethods)
+ .append(this.encryptionDataAlgorithms, rhs.encryptionDataAlgorithms)
+ .append(this.encryptionKeyAlgorithms, rhs.encryptionKeyAlgorithms)
+ .append(this.encryptionBlackListedAlgorithms, rhs.encryptionBlackListedAlgorithms)
+ .append(this.signingSignatureBlackListedAlgorithms, rhs.signingSignatureBlackListedAlgorithms)
.isEquals();
}
@@ -215,6 +285,12 @@ public class SAML2SPTO extends ClientAppTO {
.append(nameIdQualifier)
.append(assertionAudiences)
.append(serviceProviderNameIdQualifier)
+ .append(signingSignatureAlgorithms)
+ .append(signingSignatureReferenceDigestMethods)
+ .append(encryptionDataAlgorithms)
+ .append(encryptionKeyAlgorithms)
+ .append(signingSignatureBlackListedAlgorithms)
+ .append(encryptionBlackListedAlgorithms)
.toHashCode();
}
}
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/auth/SAML2SP.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/auth/SAML2SP.java
index 2103b5d..7bb28af 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/auth/SAML2SP.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/auth/SAML2SP.java
@@ -18,8 +18,11 @@
*/
package org.apache.syncope.core.persistence.api.entity.auth;
+import org.apache.syncope.common.lib.XmlSecAlgorithms;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import java.util.List;
+
public interface SAML2SP extends ClientApp {
String getEntityId();
@@ -73,4 +76,28 @@ public interface SAML2SP extends ClientApp {
void setServiceProviderNameIdQualifier(String location);
String getServiceProviderNameIdQualifier();
+
+ List<XmlSecAlgorithms> getSigningSignatureAlgorithms();
+
+ List<XmlSecAlgorithms> getSigningSignatureReferenceDigestMethods();
+
+ List<XmlSecAlgorithms> getEncryptionDataAlgorithms();
+
+ List<XmlSecAlgorithms> getEncryptionKeyAlgorithms();
+
+ void setSigningSignatureAlgorithms(List<XmlSecAlgorithms> algorithms);
+
+ void setSigningSignatureReferenceDigestMethods(List<XmlSecAlgorithms> methods);
+
+ void setEncryptionDataAlgorithms(List<XmlSecAlgorithms> algorithms);
+
+ void setEncryptionKeyAlgorithms(List<XmlSecAlgorithms> algorithms);
+
+ List<XmlSecAlgorithms> getSigningSignatureBlackListedAlgorithms();
+
+ List<XmlSecAlgorithms> getEncryptionBlackListedAlgorithms();
+
+ void setSigningSignatureBlackListedAlgorithms(List<XmlSecAlgorithms> algorithms);
+
+ void setEncryptionBlackListedAlgorithms(List<XmlSecAlgorithms> algorithms);
}
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/auth/JPASAML2SP.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/auth/JPASAML2SP.java
index 864df57..c13167d 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/auth/JPASAML2SP.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/auth/JPASAML2SP.java
@@ -18,11 +18,19 @@
*/
package org.apache.syncope.core.persistence.jpa.entity.auth;
+import javax.persistence.CollectionTable;
import javax.persistence.Column;
+import javax.persistence.ElementCollection;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.JoinColumn;
import javax.persistence.Table;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
import org.apache.syncope.core.persistence.api.entity.auth.SAML2SP;
+import org.apache.syncope.common.lib.XmlSecAlgorithms;
+
+import java.util.ArrayList;
+import java.util.List;
@Entity
@Table(name = JPASAML2SP.TABLE)
@@ -62,6 +70,48 @@ public class JPASAML2SP extends AbstractClientApp implements SAML2SP {
@Column(name = "spNameIdQualifier")
private String serviceProviderNameIdQualifier;
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "SAML2SP_SigningSignatureAlgs",
+ joinColumns =
+ @JoinColumn(name = "client_app_id", referencedColumnName = "id"))
+ private List<XmlSecAlgorithms> signingSignatureAlgorithms = new ArrayList<>();
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "SAML2SP_SigningSignatureRefDigestAlgs",
+ joinColumns =
+ @JoinColumn(name = "client_app_id", referencedColumnName = "id"))
+ private List<XmlSecAlgorithms> signingSignatureReferenceDigestMethods = new ArrayList<>();
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "SAML2SP_EncryptionDataAlgs",
+ joinColumns =
+ @JoinColumn(name = "client_app_id", referencedColumnName = "id"))
+ private List<XmlSecAlgorithms> encryptionDataAlgorithms = new ArrayList<>();
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "SAML2SP_EncryptionKeyAlgs",
+ joinColumns =
+ @JoinColumn(name = "client_app_id", referencedColumnName = "id"))
+ private List<XmlSecAlgorithms> encryptionKeyAlgorithms = new ArrayList<>();
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "SAML2SP_BlacklistedSigningAlgs",
+ joinColumns =
+ @JoinColumn(name = "client_app_id", referencedColumnName = "id"))
+ private List<XmlSecAlgorithms> signingSignatureBlackListedAlgorithms = new ArrayList<>();
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "SAML2SP_BlacklistedEncryptionAlgs",
+ joinColumns =
+ @JoinColumn(name = "client_app_id", referencedColumnName = "id"))
+ private List<XmlSecAlgorithms> encryptionBlackListedAlgorithms = new ArrayList<>();
+
@Override
public String getEntityId() {
return entityId;
@@ -192,4 +242,63 @@ public class JPASAML2SP extends AbstractClientApp implements SAML2SP {
this.serviceProviderNameIdQualifier = serviceProviderNameIdQualifier;
}
+ @Override
+ public List<XmlSecAlgorithms> getSigningSignatureAlgorithms() {
+ return signingSignatureAlgorithms;
+ }
+
+ @Override
+ public void setSigningSignatureAlgorithms(final List<XmlSecAlgorithms> signingSignatureAlgorithms) {
+ this.signingSignatureAlgorithms = signingSignatureAlgorithms;
+ }
+
+ @Override
+ public List<XmlSecAlgorithms> getSigningSignatureReferenceDigestMethods() {
+ return signingSignatureReferenceDigestMethods;
+ }
+
+ @Override
+ public void setSigningSignatureReferenceDigestMethods(final List<XmlSecAlgorithms> algorithms) {
+ this.signingSignatureReferenceDigestMethods = algorithms;
+ }
+
+ @Override
+ public List<XmlSecAlgorithms> getEncryptionDataAlgorithms() {
+ return encryptionDataAlgorithms;
+ }
+
+ @Override
+ public void setEncryptionDataAlgorithms(final List<XmlSecAlgorithms> algorithms) {
+ this.encryptionDataAlgorithms = algorithms;
+ }
+
+ @Override
+ public List<XmlSecAlgorithms> getEncryptionKeyAlgorithms() {
+ return encryptionKeyAlgorithms;
+ }
+
+ @Override
+ public void setEncryptionKeyAlgorithms(final List<XmlSecAlgorithms> algorithms) {
+ this.encryptionKeyAlgorithms = algorithms;
+ }
+
+ @Override
+ public List<XmlSecAlgorithms> getSigningSignatureBlackListedAlgorithms() {
+ return signingSignatureBlackListedAlgorithms;
+ }
+
+ @Override
+ public void setSigningSignatureBlackListedAlgorithms(final List<XmlSecAlgorithms> algorithms) {
+ this.signingSignatureBlackListedAlgorithms = algorithms;
+ }
+
+ @Override
+ public List<XmlSecAlgorithms> getEncryptionBlackListedAlgorithms() {
+ return encryptionBlackListedAlgorithms;
+ }
+
+ @Override
+ public void setEncryptionBlackListedAlgorithms(final List<XmlSecAlgorithms> algorithms) {
+ this.encryptionBlackListedAlgorithms = algorithms;
+ }
}
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2SPTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2SPTest.java
index a5e50c7..6df8cea 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2SPTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2SPTest.java
@@ -18,19 +18,24 @@
*/
package org.apache.syncope.core.persistence.jpa.inner;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-
-import java.util.UUID;
+import org.apache.openjpa.jdbc.kernel.exps.Lit;
+import org.apache.syncope.common.lib.XmlSecAlgorithms;
+import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import org.apache.syncope.core.persistence.api.dao.auth.SAML2SPDAO;
+import org.apache.syncope.core.persistence.api.entity.auth.SAML2SP;
import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
-import org.apache.syncope.common.lib.types.SAML2SPNameId;
-import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
-import org.apache.syncope.core.persistence.api.dao.auth.SAML2SPDAO;
-import org.apache.syncope.core.persistence.api.entity.auth.SAML2SP;
+
+import java.util.List;
+import java.util.UUID;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
@Transactional("Master")
public class SAML2SPTest extends AbstractClientAppTest {
@@ -50,6 +55,10 @@ public class SAML2SPTest extends AbstractClientAppTest {
sp.setRequiredNameIdFormat(SAML2SPNameId.EMAIL_ADDRESS);
sp.setEncryptionOptional(true);
sp.setEncryptAssertions(true);
+ sp.setEncryptionDataAlgorithms(List.of(XmlSecAlgorithms.AES_128_GCM));
+ sp.setEncryptionKeyAlgorithms(List.of(XmlSecAlgorithms.RSA_OAEP_11));
+ sp.setSigningSignatureReferenceDigestMethods(List.of(XmlSecAlgorithms.SHA1));
+ sp.setSigningSignatureAlgorithms(List.of(XmlSecAlgorithms.SHA256, XmlSecAlgorithms.SHA512));
AccessPolicy accessPolicy = buildAndSaveAccessPolicy();
sp.setAccessPolicy(accessPolicy);
@@ -74,6 +83,11 @@ public class SAML2SPTest extends AbstractClientAppTest {
sp = saml2spDAO.findByClientAppId(sp.getClientAppId());
assertNotNull(sp);
+ assertFalse(sp.getSigningSignatureAlgorithms().isEmpty());
+ assertFalse(sp.getSigningSignatureReferenceDigestMethods().isEmpty());
+ assertFalse(sp.getEncryptionDataAlgorithms().isEmpty());
+ assertFalse(sp.getEncryptionKeyAlgorithms().isEmpty());
+
saml2spDAO.deleteByEntityId(sp.getEntityId());
assertNull(saml2spDAO.findByName(sp.getName()));
}
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index d00bfb1..71f60fc 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -118,6 +118,14 @@ public class ClientAppDataBinderImpl implements ClientAppDataBinder {
clientApp.setAssertionAudiences(clientAppTO.getAssertionAudiences());
clientApp.setServiceProviderNameIdQualifier(clientAppTO.getServiceProviderNameIdQualifier());
+ clientApp.setSigningSignatureAlgorithms(clientAppTO.getSigningSignatureAlgorithms());
+ clientApp.setSigningSignatureReferenceDigestMethods(clientAppTO.getSigningSignatureReferenceDigestMethods());
+ clientApp.setEncryptionKeyAlgorithms(clientAppTO.getEncryptionKeyAlgorithms());
+ clientApp.setEncryptionDataAlgorithms(clientAppTO.getEncryptionDataAlgorithms());
+
+ clientApp.setSigningSignatureBlackListedAlgorithms(clientAppTO.getSigningSignatureBlackListedAlgorithms());
+ clientApp.setEncryptionBlackListedAlgorithms(clientAppTO.getEncryptionBlackListedAlgorithms());
+
if (clientAppTO.getAuthPolicy() == null) {
clientApp.setAuthPolicy(null);
} else {
@@ -182,6 +190,14 @@ public class ClientAppDataBinderImpl implements ClientAppDataBinder {
clientAppTO.setAssertionAudiences(clientApp.getAssertionAudiences());
clientAppTO.setServiceProviderNameIdQualifier(clientApp.getServiceProviderNameIdQualifier());
+ clientAppTO.setSigningSignatureAlgorithms(clientApp.getSigningSignatureAlgorithms());
+ clientAppTO.setSigningSignatureReferenceDigestMethods(clientApp.getSigningSignatureReferenceDigestMethods());
+ clientAppTO.setEncryptionKeyAlgorithms(clientApp.getEncryptionKeyAlgorithms());
+ clientAppTO.setEncryptionDataAlgorithms(clientApp.getEncryptionDataAlgorithms());
+
+ clientAppTO.setSigningSignatureBlackListedAlgorithms(clientApp.getSigningSignatureBlackListedAlgorithms());
+ clientAppTO.setEncryptionBlackListedAlgorithms(clientApp.getEncryptionBlackListedAlgorithms());
+
clientAppTO.setAuthPolicy(clientApp.getAuthPolicy() == null
? null : clientApp.getAuthPolicy().getKey());
clientAppTO.setAccessPolicy(clientApp.getAccessPolicy() == null