[JENKINS-63350] update pac4j to 3.9.0

pom.xml

@@ -7,9 +7,7 @@ Jenkins CI licenses this file to you under the Apache License,
 Version 2.0 (the "License"); you may not use this file except
 in compliance with the License.  You may obtain a copy of the
 License at
-
   http://www.apache.org/licenses/LICENSE-2.0
-
 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -25,7 +23,7 @@ under the License.
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>3.55</version>
+    <version>4.3</version>
   </parent>
 
   <artifactId>saml</artifactId>
@@ -44,7 +42,7 @@ under the License.
   <properties>
     <revision>1.1.7</revision>
     <changelist>-SNAPSHOT</changelist>
-    <jenkins.version>2.176.1</jenkins.version>
+    <jenkins.version>2.251</jenkins.version>
     <java.level>8</java.level>
     <jcasc.version>1.35</jcasc.version>
   </properties>
@@ -78,6 +76,16 @@ under the License.
       <id>repo.jenkins-ci.org</id>
       <url>https://repo.jenkins-ci.org/public/</url>
     </repository>
+    <repository>
+      <id>shib-release</id>
+      <url>https://build.shibboleth.net/nexus/content/groups/public</url>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
+      <releases>
+        <enabled>true</enabled>
+      </releases>
+    </repository>
   </repositories>
   <pluginRepositories>
     <pluginRepository>
@@ -90,7 +98,7 @@ under the License.
     <dependency>
       <groupId>org.pac4j</groupId>
       <artifactId>pac4j-saml</artifactId>
-      <version>1.9.9</version>
+      <version>3.8.3</version>
       <exclusions>
         <exclusion>
           <groupId>org.springframework</groupId>
@@ -116,6 +124,11 @@ under the License.
           <groupId>org.apache.httpcomponents</groupId>
           <artifactId>httpclient</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.opensaml</groupId>
+          <artifactId>opensaml-storage-impl</artifactId>
+        </exclusion>
+
       </exclusions>
     </dependency>
     <dependency>
@@ -129,21 +142,6 @@ under the License.
       <artifactId>bouncycastle-api</artifactId>
       <version>2.18</version>
     </dependency>
-    <dependency>
-      <groupId>net.shibboleth.utilities</groupId>
-      <artifactId>java-support</artifactId>
-      <version>7.2.0</version>
-      <exclusions>
-        <exclusion>
-          <groupId>commons-codec</groupId>
-          <artifactId>commons-codec</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.slf4j</groupId>
-          <artifactId>slf4j-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>
@@ -171,11 +169,18 @@ under the License.
   </dependencies>
   <dependencyManagement>
     <dependencies>
-    <dependency>
-      <groupId>org.cryptacular</groupId>
-      <artifactId>cryptacular</artifactId>
-      <version>1.2.4</version>
-    </dependency>
+      <dependency>
+        <groupId>org.cryptacular</groupId>
+        <artifactId>cryptacular</artifactId>
+        <version>1.2.4</version>
+      </dependency>
+      <dependency>
+        <groupId>io.jenkins.tools.bom</groupId>
+        <artifactId>bom-2.235.x</artifactId>
+        <version>11</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>
   <build>
@@ -188,4 +193,4 @@ under the License.
       </plugin>
     </plugins>
   </build>
-</project>
+</project>

src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java

@@ -25,7 +25,9 @@
 import org.pac4j.core.context.J2EContext;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.saml.client.SAML2Client;
+import org.pac4j.saml.config.SAML2Configuration;
 
+import java.io.IOException;
 import java.util.logging.Logger;
 
 import static java.util.logging.Level.*;
@@ -91,9 +93,9 @@ protected WebContext createWebContext() {
      * @return a SAML2Client object to interact with the IdP service.
      */
     protected SAML2Client createSAML2Client() {
-        final SAML2ClientConfigurationCustom config = new SAML2ClientConfigurationCustom();
+        final SAML2Configuration config = new SAML2Configuration();
         config.setIdentityProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getIDPMetadataFilePath()));
-        config.setDestinationBindingType(samlPluginConfig.getBinding());
+        config.setAuthnRequestBindingType(samlPluginConfig.getBinding());
         config.setWantsAssertionsSigned(true);
 
         SamlEncryptionData encryptionData = samlPluginConfig.getEncryptionData();
@@ -150,10 +152,14 @@ protected SAML2Client createSAML2Client() {
         config.setServiceProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getSPMetadataFilePath()));
         final SAML2Client saml2Client = new SAML2Client(config);
         saml2Client.setCallbackUrl(samlPluginConfig.getConsumerServiceUrl());
-        saml2Client.init(createWebContext());
+        saml2Client.init();
 
         if (LOG.isLoggable(FINE)) {
-            LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata());
+            try {
+                LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata());
+            } catch (IOException e) {
+                LOG.fine("Is not possible to show the metadata : " + e.getMessage());
+            }
         }
         return saml2Client;
     }

src/main/java/org/jenkinsci/plugins/saml/SamlFileResource.java

@@ -18,15 +18,19 @@
 package org.jenkinsci.plugins.saml;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.NotImplementedException;
 import org.pac4j.core.exception.TechnicalException;
-import org.pac4j.core.io.WritableResource;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.WritableResource;
 
 import javax.annotation.Nonnull;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URL;
 import java.util.logging.Logger;
 
 /**
@@ -61,11 +65,36 @@ public boolean exists() {
         return getFile().exists();
     }
 
+    @Override
+    public boolean isReadable() {
+        return getFile().canRead();
+    }
+
+    @Override
+    public boolean isOpen() {
+        return false;
+    }
+
+    @Override
+    public URL getURL() {
+        throw new NotImplementedException();
+    }
+
+    @Override
+    public URI getURI() {
+        throw new NotImplementedException();
+    }
+
     @Override
     public String getFilename() {
         return fileName;
     }
 
+    @Override
+    public String getDescription() {
+        return fileName;
+    }
+
     @Override
     public InputStream getInputStream() throws IOException {
         return FileUtils.openInputStream(getFile());
@@ -76,8 +105,28 @@ public File getFile() {
         return new File(fileName);
     }
 
+    @Override
+    public long contentLength() {
+        return getFile().length();
+    }
+
+    @Override
+    public long lastModified() {
+        return getFile().lastModified();
+    }
+
+    @Override
+    public Resource createRelative(String s) {
+        throw new NotImplementedException();
+    }
+
+    @Override
+    public boolean isWritable() {
+        return getFile().canWrite();
+    }
+
     @Override
     public OutputStream getOutputStream() throws IOException {
         return FileUtils.openOutputStream(getFile());
     }
-}
+}

src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java

@@ -19,7 +19,7 @@
 
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
-import org.pac4j.core.client.RedirectAction;
+import org.pac4j.core.redirect.RedirectAction;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.exception.HttpAction;
 import org.pac4j.saml.client.SAML2Client;

src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java

@@ -23,6 +23,8 @@
 import org.kohsuke.stapler.StaplerResponse;
 import org.pac4j.saml.client.SAML2Client;
 
+import java.io.IOException;
+
 /**
  * build the Service Provider(SP) metadata from the configuration.
  */
@@ -41,6 +43,12 @@ public SamlSPMetadataWrapper(SamlPluginConfig samlPluginConfig, StaplerRequest r
     @Override
     protected HttpResponse process() throws IllegalStateException {
         final SAML2Client client = createSAML2Client();
-        return HttpResponses.plainText(client.getServiceProviderMetadataResolver().getMetadata());
+        String metadata = "";
+        try {
+            metadata = client.getServiceProviderMetadataResolver().getMetadata();
+        } catch (IOException e) {
+           new IllegalStateException(e);
+        }
+        return HttpResponses.text(metadata);
     }
 }

src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java

@@ -39,8 +39,8 @@
 import org.jenkinsci.plugins.saml.user.SamlCustomProperty;
 import org.kohsuke.stapler.*;
 import org.kohsuke.stapler.interceptor.RequirePOST;
-import org.pac4j.core.client.RedirectAction;
-import org.pac4j.core.client.RedirectAction.RedirectType;
+import org.pac4j.core.redirect.RedirectAction;
+import org.pac4j.core.redirect.RedirectAction.RedirectType;
 import org.springframework.dao.DataAccessException;
 import org.pac4j.saml.profile.SAML2Profile;