Finish implementing SAML provider config. (#428)

I've implemented addAllX509Certificates and removed the TODOs for the request signing, since we are not ready to expose that yet.

I've also added unit tests for SamlProviderConfig.UpdateRequest, because those were missed in a previous PR.

On an unrelated note, I've also added a comment describing why 'suppressLoadErrors' needs to be set.

Author: micahstairs

checkstyle.xml

@@ -229,6 +229,8 @@
             <property name="allowedAnnotations" value="Override, Test"/>
             <property name="allowThrowsTagsForSubclasses" value="true"/>
             <property name="allowMissingJavadoc" value="true"/>
+            <!-- Setting this property helps avoid some strange errors. For more information, see -->
+            <!-- https://stackoverflow.com/questions/27938039/unable-to-get-class-information-for-checkstyle. -->
             <property name="suppressLoadErrors" value="true"/>
         </module>
         <module name="MethodName">

src/main/java/com/google/firebase/auth/SamlProviderConfig.java

@@ -27,6 +27,7 @@
 import com.google.firebase.auth.ProviderConfig.AbstractCreateRequest;
 import com.google.firebase.auth.ProviderConfig.AbstractUpdateRequest;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -177,7 +178,23 @@ public CreateRequest addX509Certificate(String x509Certificate) {
       return this;
     }
 
-    // TODO(micahstairs): Add 'addAllX509Certificates' method.
+    /**
+     * Adds a collection of x509 certificates to the new provider.
+     *
+     * @param x509Certificates A non-null, non-empty collection of x509 certificate strings.
+     * @throws IllegalArgumentException If the collection is null or empty, or if any x509
+     *     certificates are null or empty.
+     */
+    public CreateRequest addAllX509Certificates(Collection<String> x509Certificates) {
+      checkArgument(x509Certificates != null,
+          "The collection of x509 certificates must not be null.");
+      checkArgument(!x509Certificates.isEmpty(),
+          "The collection of x509 certificates must not be empty.");
+      for (String certificate : x509Certificates) {
+        addX509Certificate(certificate);
+      }
+      return this;
+    }
 
     /**
      * Sets the RP entity ID for the new provider.
@@ -205,8 +222,6 @@ public CreateRequest setCallbackUrl(String callbackUrl) {
       return this;
     }
 
-    // TODO(micahstairs): Add 'setRequestSigningEnabled' method.
-
     CreateRequest getThis() {
       return this;
     }
@@ -279,7 +294,23 @@ public UpdateRequest addX509Certificate(String x509Certificate) {
       return this;
     }
 
-    // TODO(micahstairs): Add 'addAllX509Certificates' method.
+    /**
+     * Adds a collection of x509 certificates to the existing provider.
+     *
+     * @param x509Certificates A non-null, non-empty collection of x509 certificate strings.
+     * @throws IllegalArgumentException If the collection is null or empty, or if any x509
+     *     certificates are null or empty.
+     */
+    public UpdateRequest addAllX509Certificates(Collection<String> x509Certificates) {
+      checkArgument(x509Certificates != null,
+          "The collection of x509 certificates must not be null.");
+      checkArgument(!x509Certificates.isEmpty(),
+          "The collection of x509 certificates must not be empty.");
+      for (String certificate : x509Certificates) {
+        addX509Certificate(certificate);
+      }
+      return this;
+    }
 
     /**
      * Sets the RP entity ID for the existing provider.
@@ -307,8 +338,6 @@ public UpdateRequest setCallbackUrl(String callbackUrl) {
       return this;
     }
 
-    // TODO(micahstairs): Add 'setRequestSigningEnabled' method.
-
     UpdateRequest getThis() {
       return this;
     }

src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java

@@ -1798,8 +1798,6 @@ public void testTenantAwareDeleteOidcProviderConfig() throws Exception {
   public void testCreateSamlProvider() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement(
         TestUtils.loadResource("saml.json"));
-    // TODO(micahstairs): Add 'signRequest' to the create request once that field is added to
-    // SamlProviderConfig.
     SamlProviderConfig.CreateRequest createRequest =
         new SamlProviderConfig.CreateRequest()
           .setProviderId("saml.provider-id")
@@ -1823,6 +1821,7 @@ public void testCreateSamlProvider() throws Exception {
     GenericJson parsed = parseRequestContent(interceptor);
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
+
     Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
     assertNotNull(idpConfig);
     assertEquals(3, idpConfig.size());
@@ -1833,6 +1832,7 @@ public void testCreateSamlProvider() throws Exception {
     assertEquals(2, idpCertificates.size());
     assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
     assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
     Map<String, Object> spConfig = (Map<String, Object>) parsed.get("spConfig");
     assertNotNull(spConfig);
     assertEquals(2, spConfig.size());
@@ -1938,7 +1938,7 @@ public void testTenantAwareCreateSamlProvider() throws Exception {
     TenantAwareFirebaseAuth tenantAwareAuth =
         FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
 
-    SamlProviderConfig config = tenantAwareAuth.createSamlProviderConfig(createRequest);
+    tenantAwareAuth.createSamlProviderConfig(createRequest);
 
     checkRequestHeaders(interceptor);
     checkUrl(interceptor, "POST", TENANTS_BASE_URL + "/TENANT_ID/inboundSamlConfigs");
@@ -1948,8 +1948,6 @@ public void testTenantAwareCreateSamlProvider() throws Exception {
   public void testUpdateSamlProvider() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement(
         TestUtils.loadResource("saml.json"));
-    // TODO(micahstairs): Add 'signRequest' to the create request once that field is added to
-    // SamlProviderConfig.
     SamlProviderConfig.UpdateRequest updateRequest =
         new SamlProviderConfig.UpdateRequest("saml.provider-id")
           .setDisplayName("DISPLAY_NAME")

src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java

@@ -106,6 +106,29 @@ public void testCreateRequest() throws IOException {
     assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
   }
 
+  @Test
+  public void testCreateRequestX509Certificates() throws IOException {
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .addX509Certificate("certificate1")
+          .addAllX509Certificates(ImmutableList.of("certificate2", "certificate3"))
+          .addX509Certificate("certificate4");
+
+    Map<String,Object> properties = createRequest.getProperties();
+    assertEquals(1, properties.size());
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(1, idpConfig.size());
+
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(4, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate3"), idpCertificates.get(2));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate4"), idpCertificates.get(3));
+  }
+
   @Test(expected = IllegalArgumentException.class)
   public void testCreateRequestMissingProviderId() {
     new SamlProviderConfig.CreateRequest().setProviderId(null);
@@ -141,6 +164,16 @@ public void testCreateRequestMissingX509Certificate() {
     new SamlProviderConfig.CreateRequest().addX509Certificate(null);
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestNullX509CertificatesCollection() {
+    new SamlProviderConfig.CreateRequest().addAllX509Certificates(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestEmptyX509CertificatesCollection() {
+    new SamlProviderConfig.CreateRequest().addAllX509Certificates(ImmutableList.<String>of());
+  }
+
   @Test(expected = IllegalArgumentException.class)
   public void testCreateRequestMissingRpEntityId() {
     new SamlProviderConfig.CreateRequest().setRpEntityId(null);
@@ -155,4 +188,136 @@ public void testCreateRequestMissingCallbackUrl() {
   public void testCreateRequestInvalidCallbackUrl() {
     new SamlProviderConfig.CreateRequest().setCallbackUrl("not a valid url");
   }
+
+  @Test
+  public void testUpdateRequestFromSamlProviderConfig() throws IOException {
+    SamlProviderConfig config = jsonFactory.fromString(SAML_JSON_STRING, SamlProviderConfig.class);
+
+    SamlProviderConfig.UpdateRequest updateRequest = config.updateRequest();
+
+    assertEquals("saml.provider-id", updateRequest.getProviderId());
+    assertTrue(updateRequest.getProperties().isEmpty());
+  }
+
+  @Test
+  public void testUpdateRequest() throws IOException {
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id");
+    updateRequest
+      .setDisplayName("DISPLAY_NAME")
+      .setEnabled(false)
+      .setIdpEntityId("IDP_ENTITY_ID")
+      .setSsoUrl("https://example.com/login")
+      .addX509Certificate("certificate1")
+      .addX509Certificate("certificate2")
+      .setRpEntityId("RP_ENTITY_ID")
+      .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    Map<String,Object> properties = updateRequest.getProperties();
+    assertEquals(4, properties.size());
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) properties.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testUpdateRequestX509Certificates() throws IOException {
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id");
+    updateRequest
+      .addX509Certificate("certificate1")
+      .addAllX509Certificates(ImmutableList.of("certificate2", "certificate3"))
+      .addX509Certificate("certificate4");
+
+    Map<String,Object> properties = updateRequest.getProperties();
+    assertEquals(1, properties.size());
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(1, idpConfig.size());
+
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(4, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate3"), idpCertificates.get(2));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate4"), idpCertificates.get(3));
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingProviderId() {
+    new SamlProviderConfig.UpdateRequest(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidProviderId() {
+    new SamlProviderConfig.UpdateRequest("oidc.invalid-saml-provider-id");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingDisplayName() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setDisplayName(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingIdpEntityId() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setIdpEntityId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingSsoUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setSsoUrl(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidSsoUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setSsoUrl("not a valid url");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingX509Certificate() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").addX509Certificate(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestNullX509CertificatesCollection() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").addAllX509Certificates(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestEmptyX509CertificatesCollection() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id")
+        .addAllX509Certificates(ImmutableList.<String>of());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingRpEntityId() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setRpEntityId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingCallbackUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setCallbackUrl(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidCallbackUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setCallbackUrl("not a valid url");
+  }
 }