[JENKINS-63350] update pac4j to 3.9.0

Jenkinsfile

@@ -1,15 +1,17 @@
 //def buildConfiguration = buildPlugin.recommendedConfigurations()
 
-def lts = "2.176.1"
-def weekly = "2.199"
+def lts = "2.249.3"
+def weekly = "2.266"
 def buildConfiguration = [
+/*
   [ platform: "linux",   jdk: "8", jenkins: lts, javaLevel: "8" ],
   [ platform: "windows", jdk: "8", jenkins: lts, javaLevel: "8" ],
   [ platform: "linux",   jdk: "11", jenkins: lts, javaLevel: "8" ],
   [ platform: "windows", jdk: "11", jenkins: lts, javaLevel: "8" ],
+*/
   // Also build on recent weekly
-//  [ platform: "linux",   jdk: "11", jenkins: weekly, javaLevel: "8" ],
-//  [ platform: "windows", jdk: "11", jenkins: weekly, javaLevel: "8" ]
+  [ platform: "linux",   jdk: "11", jenkins: weekly, javaLevel: "8" ],
+  [ platform: "windows", jdk: "11", jenkins: weekly, javaLevel: "8" ]
 ]
 
 buildPlugin(configurations: buildConfiguration)

pom.xml

@@ -25,7 +25,7 @@ under the License.
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>3.55</version>
+    <version>4.3</version>
   </parent>
 
   <artifactId>saml</artifactId>
@@ -42,9 +42,9 @@ under the License.
   </scm>
 
   <properties>
-    <revision>1.1.8</revision>
+    <revision>2.0.0</revision>
     <changelist>-SNAPSHOT</changelist>
-    <jenkins.version>2.176.1</jenkins.version>
+    <jenkins.version>2.266</jenkins.version>
     <java.level>8</java.level>
     <jcasc.version>1.35</jcasc.version>
   </properties>
@@ -78,6 +78,17 @@ under the License.
       <id>repo.jenkins-ci.org</id>
       <url>https://repo.jenkins-ci.org/public/</url>
     </repository>
+    <!-- TODO remove when https://issues.jenkins.io/browse/INFRA-2809 is resolved -->
+    <repository>
+      <id>shib-release</id>
+      <url>https://build.shibboleth.net/nexus/content/groups/public</url>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
+      <releases>
+        <enabled>true</enabled>
+      </releases>
+    </repository>
   </repositories>
   <pluginRepositories>
     <pluginRepository>
@@ -90,8 +101,13 @@ under the License.
     <dependency>
       <groupId>org.pac4j</groupId>
       <artifactId>pac4j-saml</artifactId>
-      <version>1.9.9</version>
+      <!-- versions 4.x.x require JDK 11 -->
+      <version>3.9.0</version>
       <exclusions>
+        <exclusion>
+          <groupId>org.springframework</groupId>
+          <artifactId>spring-beans</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>spring-core</artifactId>
@@ -104,17 +120,17 @@ under the License.
           <groupId>org.slf4j</groupId>
           <artifactId>jcl-over-slf4j</artifactId>
         </exclusion>
-        <exclusion>
-          <groupId>commons-codec</groupId>
-          <artifactId>commons-codec</artifactId>
-        </exclusion>
         <exclusion>
           <groupId>org.bouncycastle</groupId>
           <artifactId>bcprov-jdk15on</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.apache.httpcomponents</groupId>
-          <artifactId>httpclient</artifactId>
+          <groupId>org.dom4j</groupId>
+          <artifactId>dom4j</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
         </exclusion>
       </exclusions>
     </dependency>
@@ -129,21 +145,6 @@ under the License.
       <artifactId>bouncycastle-api</artifactId>
       <version>2.18</version>
     </dependency>
-    <dependency>
-      <groupId>net.shibboleth.utilities</groupId>
-      <artifactId>java-support</artifactId>
-      <version>7.2.0</version>
-      <exclusions>
-        <exclusion>
-          <groupId>commons-codec</groupId>
-          <artifactId>commons-codec</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.slf4j</groupId>
-          <artifactId>slf4j-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>
@@ -171,10 +172,20 @@ under the License.
   </dependencies>
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>antlr</groupId>
+        <artifactId>antlr</artifactId>
+      </dependency>
+      <dependency>
+        <groupId>io.jenkins.tools.bom</groupId>
+        <artifactId>bom-2.249.x</artifactId>
+        <version>17</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>org.cryptacular</groupId>
         <artifactId>cryptacular</artifactId>
-        <version>1.2.4</version>
       </dependency>
       <!-- TODO: remove when CVE-2019-12400 is resolved -->
       <dependency>

src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java

@@ -25,7 +25,9 @@
 import org.pac4j.core.context.J2EContext;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.saml.client.SAML2Client;
+import org.pac4j.saml.config.SAML2Configuration;
 
+import java.io.IOException;
 import java.util.logging.Logger;
 
 import static java.util.logging.Level.*;
@@ -91,9 +93,9 @@ protected WebContext createWebContext() {
      * @return a SAML2Client object to interact with the IdP service.
      */
     protected SAML2Client createSAML2Client() {
-        final SAML2ClientConfigurationCustom config = new SAML2ClientConfigurationCustom();
+        final SAML2Configuration config = new SAML2Configuration();
         config.setIdentityProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getIDPMetadataFilePath()));
-        config.setDestinationBindingType(samlPluginConfig.getBinding());
+        config.setAuthnRequestBindingType(samlPluginConfig.getBinding());
         config.setWantsAssertionsSigned(true);
 
         SamlEncryptionData encryptionData = samlPluginConfig.getEncryptionData();
@@ -150,10 +152,14 @@ protected SAML2Client createSAML2Client() {
         config.setServiceProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getSPMetadataFilePath()));
         final SAML2Client saml2Client = new SAML2Client(config);
         saml2Client.setCallbackUrl(samlPluginConfig.getConsumerServiceUrl());
-        saml2Client.init(createWebContext());
+        saml2Client.init();
 
         if (LOG.isLoggable(FINE)) {
-            LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata());
+            try {
+                LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata());
+            } catch (IOException e) {
+                LOG.fine("Is not possible to show the metadata : " + e.getMessage());
+            }
         }
         return saml2Client;
     }

src/main/java/org/jenkinsci/plugins/saml/SamlFileResource.java

@@ -18,15 +18,19 @@
 package org.jenkinsci.plugins.saml;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.NotImplementedException;
 import org.pac4j.core.exception.TechnicalException;
-import org.pac4j.core.io.WritableResource;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.WritableResource;
 
 import javax.annotation.Nonnull;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URL;
 import java.util.logging.Logger;
 
 /**
@@ -61,11 +65,36 @@ public boolean exists() {
         return getFile().exists();
     }
 
+    @Override
+    public boolean isReadable() {
+        return getFile().canRead();
+    }
+
+    @Override
+    public boolean isOpen() {
+        return false;
+    }
+
+    @Override
+    public URL getURL() {
+        throw new NotImplementedException();
+    }
+
+    @Override
+    public URI getURI() {
+        throw new NotImplementedException();
+    }
+
     @Override
     public String getFilename() {
         return fileName;
     }
 
+    @Override
+    public String getDescription() {
+        return fileName;
+    }
+
     @Override
     public InputStream getInputStream() throws IOException {
         return FileUtils.openInputStream(getFile());
@@ -76,8 +105,28 @@ public File getFile() {
         return new File(fileName);
     }
 
+    @Override
+    public long contentLength() {
+        return getFile().length();
+    }
+
+    @Override
+    public long lastModified() {
+        return getFile().lastModified();
+    }
+
+    @Override
+    public Resource createRelative(String s) {
+        throw new NotImplementedException();
+    }
+
+    @Override
+    public boolean isWritable() {
+        return getFile().canWrite();
+    }
+
     @Override
     public OutputStream getOutputStream() throws IOException {
         return FileUtils.openOutputStream(getFile());
     }
-}
+}

src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java

@@ -19,7 +19,7 @@
 
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
-import org.pac4j.core.client.RedirectAction;
+import org.pac4j.core.redirect.RedirectAction;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.exception.HttpAction;
 import org.pac4j.saml.client.SAML2Client;

src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java

@@ -23,6 +23,8 @@
 import org.kohsuke.stapler.StaplerResponse;
 import org.pac4j.saml.client.SAML2Client;
 
+import java.io.IOException;
+
 /**
  * build the Service Provider(SP) metadata from the configuration.
  */
@@ -41,6 +43,12 @@ public SamlSPMetadataWrapper(SamlPluginConfig samlPluginConfig, StaplerRequest r
     @Override
     protected HttpResponse process() throws IllegalStateException {
         final SAML2Client client = createSAML2Client();
-        return HttpResponses.plainText(client.getServiceProviderMetadataResolver().getMetadata());
+        String metadata = "";
+        try {
+            metadata = client.getServiceProviderMetadataResolver().getMetadata();
+        } catch (IOException e) {
+           new IllegalStateException(e);
+        }
+        return HttpResponses.text(metadata);
     }
 }

src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java

@@ -39,8 +39,8 @@
 import org.jenkinsci.plugins.saml.user.SamlCustomProperty;
 import org.kohsuke.stapler.*;
 import org.kohsuke.stapler.interceptor.RequirePOST;
-import org.pac4j.core.client.RedirectAction;
-import org.pac4j.core.client.RedirectAction.RedirectType;
+import org.pac4j.core.redirect.RedirectAction;
+import org.pac4j.core.redirect.RedirectAction.RedirectType;
 import org.springframework.dao.DataAccessException;
 import org.pac4j.saml.profile.SAML2Profile;