From 8764e8097459bd6a2dbaa4daa1cd6b79b51a1d9d Mon Sep 17 00:00:00 2001
From: Sebastian <sgonzalezoyuela@gmail.com>
Date: Mon, 3 Jul 2023 12:59:21 -0400
Subject: [PATCH] v0.7.0

---
 go.mod                                        |  8 ++----
 go.sum                                        |  4 +++
 iamtf/data_source_iamtf_identity_appliance.go |  6 +++++
 iamtf/resource_iamtf_federated_connection.go  | 16 ++++++++---
 iamtf/resource_iamtf_identity_appliance.go    |  6 ++++-
 iamtf/resource_iamtf_idp.go                   | 27 +++++++++++++++++--
 iamtf/resource_iamtf_vp.go                    |  2 +-
 .../github.com/atricore/josso-sdk-go/go.mod   |  4 +--
 .../github.com/atricore/josso-sdk-go/go.sum   |  2 ++
 vendor/modules.txt                            |  6 ++---
 10 files changed, 61 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index 90c950a..b9398f9 100644
--- a/go.mod
+++ b/go.mod
@@ -3,8 +3,8 @@ module github.com/atricore/terraform-provider-iamtf
 go 1.16
 
 require (
-	github.com/atricore/josso-api-go v0.4.4
-	github.com/atricore/josso-sdk-go v0.4.6
+	github.com/atricore/josso-api-go v0.5.0
+	github.com/atricore/josso-sdk-go v0.5.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-hclog v1.2.0
 	github.com/hashicorp/terraform-plugin-docs v0.13.0
@@ -13,7 +13,3 @@ require (
 	golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c // indirect
 	google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d // indirect
 )
-
-replace github.com/atricore/josso-sdk-go => ../josso-sdk-go
-
-replace github.com/atricore/josso-api-go => ../josso-api-go
diff --git a/go.sum b/go.sum
index e90743d..4e40796 100644
--- a/go.sum
+++ b/go.sum
@@ -67,6 +67,10 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/atricore/josso-api-go v0.5.0 h1:sywK9PZO0r05x0kgxsy3sDjjAzNsmTGhIn9kvmnFEi0=
+github.com/atricore/josso-api-go v0.5.0/go.mod h1:Oys9D0y1x+bvyIsnRFl6JOYiIV7KQkuToIQa+jxeuHs=
+github.com/atricore/josso-sdk-go v0.5.0 h1:4EiUY7F7rdWqAyrRWsezNsymFUS8G8YlGh9U7eWyXAY=
+github.com/atricore/josso-sdk-go v0.5.0/go.mod h1:lQ1GHEP3BFlfuyO514wDYeAwfZpUci7QrxD5ABmQ324=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
diff --git a/iamtf/data_source_iamtf_identity_appliance.go b/iamtf/data_source_iamtf_identity_appliance.go
index 8d53305..849d8ad 100644
--- a/iamtf/data_source_iamtf_identity_appliance.go
+++ b/iamtf/data_source_iamtf_identity_appliance.go
@@ -44,6 +44,12 @@ func dataSourceIdentityAppliance() *schema.Resource {
 				Optional:    true,
 				Description: "list of additional OSGi bundles this appliance requires",
 			},
+			"branding": {
+				Type:        schema.TypeString,
+				Description: "the name of the UI branding plugin installed in JOSSO",
+				Default:     "josso25-branding",
+				Optional:    true,
+			},
 		},
 	}
 }
diff --git a/iamtf/resource_iamtf_federated_connection.go b/iamtf/resource_iamtf_federated_connection.go
index 43ed3ff..350366f 100644
--- a/iamtf/resource_iamtf_federated_connection.go
+++ b/iamtf/resource_iamtf_federated_connection.go
@@ -468,11 +468,16 @@ func convertIdPSaml2MapArrToDTO(saml2_arr interface{}, idp *api.IdentityProvider
 		return nil
 	}
 
+	enc, err := mapTFEncryptionToSaml2(saml2_map["encrypt_algorithm"].(string))
+	if err != nil {
+		return err
+	}
+
 	idp.SetWantAuthnRequestsSigned(saml2_map["want_authn_req_signed"].(bool))
 	idp.SetWantSignedRequests(saml2_map["want_req_signed"].(bool))
 	idp.SetSignRequests(saml2_map["sign_reqs"].(bool))
 	idp.SetSignatureHash(saml2_map["signature_hash"].(string))
-	idp.SetEncryptAssertionAlgorithm(saml2_map["encrypt_algorithm"].(string))
+	idp.SetEncryptAssertionAlgorithm(enc)
 	//idp.SetEnableMetadataEndpoint(saml2_map["metadata_endpoint"].(bool))
 	idp.SetEnableMetadataEndpoint(true)
 	idp.SetMessageTtl(int32(saml2_map["message_ttl"].(int)))
@@ -523,8 +528,13 @@ func convertSPFederatedConnectionsMapArrToDTOs(idp IdPRole, d *schema.ResourceDa
 			spChannel.SetWantAuthnRequestsSigned(GetAsBool(d, fmt.Sprintf("%d", spIdx), idp.GetWantAuthnRequestsSigned()))
 			// NOT SUPPORETD BY SERVER :spChannel.SetWantSignedRequests(api.AsBool(saml2_m["want_req_signed"], true))
 			// NOT SUPPORETD BY SERVER :spChannel.SetSignRequests(api.AsBool(saml2_m["sign_reqs"], true))
+
+			enc, err := mapTFEncryptionToSaml2(GetAsString(d, fmt.Sprintf("sp.%d.saml2.0.encrypt_algorithm", spIdx), idp.GetEncryptAssertionAlgorithm()))
+			if err != nil {
+				return result, err
+			}
 			spChannel.SetSignatureHash(GetAsString(d, fmt.Sprintf("sp.%d.saml2.0.signature_hash", spIdx), idp.GetSignatureHash()))
-			spChannel.SetEncryptAssertionAlgorithm(GetAsString(d, fmt.Sprintf("sp.%d.saml2.0.encrypt_algorithm", spIdx), idp.GetEncryptAssertionAlgorithm()))
+			spChannel.SetEncryptAssertionAlgorithm(enc)
 			spChannel.SetMessageTtl(GetAsInt32(d, fmt.Sprintf("sp.%d.saml2.0.message_ttl", spIdx), idp.GetMessageTtl()))
 			spChannel.SetMessageTtlTolerance(GetAsInt32(d, fmt.Sprintf("sp.%d.saml2.0.message_ttl_tolerance", spIdx), idp.GetMessageTtlTolerance()))
 
@@ -560,7 +570,7 @@ func convertSPFederatedConnectionsMapArrToDTOs(idp IdPRole, d *schema.ResourceDa
 	return result, nil
 }
 
-func convertSPFederatedConnectionsToMapArr(fcs []api.FederatedConnectionDTO) ([]map[string]interface{}, error) {
+func convertSPFederatedConnectionDTOsToMapArr(fcs []api.FederatedConnectionDTO) ([]map[string]interface{}, error) {
 
 	result := make([]map[string]interface{}, 0)
 
diff --git a/iamtf/resource_iamtf_identity_appliance.go b/iamtf/resource_iamtf_identity_appliance.go
index 13c8983..77cc550 100644
--- a/iamtf/resource_iamtf_identity_appliance.go
+++ b/iamtf/resource_iamtf_identity_appliance.go
@@ -203,7 +203,11 @@ func buildIdentityApplianceResource(idaName string, d *schema.ResourceData, iam
 	_ = d.Set("name", cli.StrDeref(iam.Name))
 	_ = d.Set("namespace", cli.StrDeref(iam.Namespace))
 	_ = d.Set("description", cli.StrDeref(iam.Description))
-	_ = d.Set("branding", cli.StrDeref(iam.UserDashboardBranding.Name))
+
+	if iam.GetUserDashboardBranding().Name != nil {
+		b := cli.StrDeref(iam.GetUserDashboardBranding().Name)
+		_ = d.Set("branding", b)
+	}
 	_ = setNonPrimitives(d, map[string]interface{}{
 		"bundles": convertStringSetToInterface(iam.GetRequiredBundles())})
 
diff --git a/iamtf/resource_iamtf_idp.go b/iamtf/resource_iamtf_idp.go
index d07345f..7aeab0f 100644
--- a/iamtf/resource_iamtf_idp.go
+++ b/iamtf/resource_iamtf_idp.go
@@ -862,7 +862,7 @@ func buildIdPResource(idaName string, d *schema.ResourceData, idp api.IdentityPr
 	_ = d.Set("saml2", saml2_m)
 
 	// "sp" list
-	sps, err := convertSPFederatedConnectionsToMapArr(idp.FederatedConnectionsA)
+	sps, err := convertSPFederatedConnectionDTOsToMapArr(idp.FederatedConnectionsA)
 	if err != nil {
 		return err
 	}
@@ -1533,6 +1533,29 @@ func mapSaml2EncryptionToTF(encryption string) (string, error) {
 	case "http://www.w3.org/2001/04/xmlenc#tripledes-cbc":
 		return "AES3DES", nil
 	default:
-		return "", fmt.Errorf("invalid encryption type [%s]", encryption)
+		return "", fmt.Errorf("invalid SAML2 encryption type [%s]", encryption)
+	}
+}
+
+func mapTFEncryptionToSaml2(encryption string) (string, error) {
+
+	// "NONE", "AES-128", "AES-256", "AES-3DES"
+
+	// disabled
+	// "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+	// "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+	// "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+	switch encryption {
+	case "NONE":
+		return "NONE", nil
+	case "AES128":
+		return "http://www.w3.org/2001/04/xmlenc#aes128-cbc", nil
+	case "AES256":
+		return "http://www.w3.org/2001/04/xmlenc#aes256-cbc", nil
+	case "AES3DES":
+		return "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", nil
+	default:
+		return "", fmt.Errorf("invalid TF encryption type [%s]", encryption)
 	}
 }
diff --git a/iamtf/resource_iamtf_vp.go b/iamtf/resource_iamtf_vp.go
index aa29bef..1b6577e 100644
--- a/iamtf/resource_iamtf_vp.go
+++ b/iamtf/resource_iamtf_vp.go
@@ -449,7 +449,7 @@ func buildVPResource(idaName string, d *schema.ResourceData, vp api.VirtualSaml2
 	_ = d.Set("saml2_sp", saml2_sp_m)
 
 	// "sp" list
-	sps, err := convertSPFederatedConnectionsToMapArr(vp.FederatedConnectionsA)
+	sps, err := convertSPFederatedConnectionDTOsToMapArr(vp.FederatedConnectionsA)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/atricore/josso-sdk-go/go.mod b/vendor/github.com/atricore/josso-sdk-go/go.mod
index c7ac913..f550ab4 100644
--- a/vendor/github.com/atricore/josso-sdk-go/go.mod
+++ b/vendor/github.com/atricore/josso-sdk-go/go.mod
@@ -3,12 +3,10 @@ module github.com/atricore/josso-sdk-go
 go 1.16
 
 require (
-	github.com/atricore/josso-api-go v0.4.4
+	github.com/atricore/josso-api-go v0.5.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/kr/pretty v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.2
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 )
-
-replace github.com/atricore/josso-api-go => ../josso-api-go
diff --git a/vendor/github.com/atricore/josso-sdk-go/go.sum b/vendor/github.com/atricore/josso-sdk-go/go.sum
index 91fc03d..625afef 100644
--- a/vendor/github.com/atricore/josso-sdk-go/go.sum
+++ b/vendor/github.com/atricore/josso-sdk-go/go.sum
@@ -33,6 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/atricore/josso-api-go v0.5.0 h1:sywK9PZO0r05x0kgxsy3sDjjAzNsmTGhIn9kvmnFEi0=
+github.com/atricore/josso-api-go v0.5.0/go.mod h1:Oys9D0y1x+bvyIsnRFl6JOYiIV7KQkuToIQa+jxeuHs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 235e95c..1bb20dd 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -12,10 +12,10 @@ github.com/apparentlymart/go-cidr/cidr
 github.com/apparentlymart/go-textseg/v13/textseg
 # github.com/armon/go-radix v1.0.0
 github.com/armon/go-radix
-# github.com/atricore/josso-api-go v0.4.4 => ../josso-api-go
+# github.com/atricore/josso-api-go v0.5.0
 ## explicit
 github.com/atricore/josso-api-go
-# github.com/atricore/josso-sdk-go v0.4.6 => ../josso-sdk-go
+# github.com/atricore/josso-sdk-go v0.5.0
 ## explicit
 github.com/atricore/josso-sdk-go
 # github.com/bgentry/speakeasy v0.1.0
@@ -348,5 +348,3 @@ google.golang.org/protobuf/types/known/anypb
 google.golang.org/protobuf/types/known/durationpb
 google.golang.org/protobuf/types/known/emptypb
 google.golang.org/protobuf/types/known/timestamppb
-# github.com/atricore/josso-sdk-go => ../josso-sdk-go
-# github.com/atricore/josso-api-go => ../josso-api-go