Remove fetch and list endpoint

Author: cicnavi

routing/routes/routes.php

@@ -17,7 +17,6 @@
 use SimpleSAML\Module\oidc\Controllers\ConfigurationDiscoveryController;
 use SimpleSAML\Module\oidc\Controllers\EndSessionController;
 use SimpleSAML\Module\oidc\Controllers\Federation\EntityStatementController;
-use SimpleSAML\Module\oidc\Controllers\Federation\SubordinateListingsController;
 use SimpleSAML\Module\oidc\Controllers\JwksController;
 use SimpleSAML\Module\oidc\Controllers\OAuth2\OAuth2ServerConfigurationController;
 use SimpleSAML\Module\oidc\Controllers\UserInfoController;
@@ -114,14 +113,6 @@
         ->controller([EntityStatementController::class, 'configuration'])
         ->methods([HttpMethodsEnum::GET->value]);
 
-    $routes->add(RoutesEnum::FederationFetch->name, RoutesEnum::FederationFetch->value)
-        ->controller([EntityStatementController::class, 'fetch'])
-        ->methods([HttpMethodsEnum::GET->value]);
-
-    $routes->add(RoutesEnum::FederationList->name, RoutesEnum::FederationList->value)
-        ->controller([SubordinateListingsController::class, 'list'])
-        ->methods([HttpMethodsEnum::GET->value]);
-
     /*****************************************************************************************************************
      * OpenID for Verifiable Credential Issuance
      ****************************************************************************************************************/

src/Controllers/Federation/EntityStatementController.php

@@ -6,7 +6,6 @@
 
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
-use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\Module\oidc\Services\OpMetadataService;
@@ -16,11 +15,9 @@
 use SimpleSAML\OpenID\Codebooks\ClientRegistrationTypesEnum;
 use SimpleSAML\OpenID\Codebooks\ContentTypesEnum;
 use SimpleSAML\OpenID\Codebooks\EntityTypesEnum;
-use SimpleSAML\OpenID\Codebooks\ErrorsEnum;
 use SimpleSAML\OpenID\Codebooks\HttpHeadersEnum;
 use SimpleSAML\OpenID\Federation;
 use SimpleSAML\OpenID\Jwks;
-use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 class EntityStatementController
@@ -35,7 +32,6 @@ public function __construct(
         protected readonly ModuleConfig $moduleConfig,
         protected readonly Jwks $jwks,
         protected readonly OpMetadataService $opMetadataService,
-        protected readonly ClientRepository $clientRepository,
         protected readonly Helpers $helpers,
         protected readonly Routes $routes,
         protected readonly Federation $federation,
@@ -224,113 +220,6 @@ public function configuration(): Response
         return $this->prepareEntityStatementResponse($entityConfigurationToken);
     }
 
-    public function fetch(Request $request): Response
-    {
-        $subject = $request->query->getString(ClaimsEnum::Sub->value);
-
-        if (empty($subject)) {
-            return $this->routes->newJsonErrorResponse(
-                ErrorsEnum::InvalidRequest->value,
-                sprintf('Missing parameter %s', ClaimsEnum::Sub->value),
-                400,
-            );
-        }
-
-        /** @var non-empty-string $subject */
-
-        $cachedSubordinateStatement = $this->federationCache?->get(
-            null,
-            self::KEY_RP_SUBORDINATE_ENTITY_STATEMENT,
-            $subject,
-        );
-
-        if (!is_null($cachedSubordinateStatement)) {
-            return $this->prepareEntityStatementResponse((string)$cachedSubordinateStatement);
-        }
-
-        $client = $this->clientRepository->findFederatedByEntityIdentifier($subject);
-        if (empty($client)) {
-            return $this->routes->newJsonErrorResponse(
-                ErrorsEnum::NotFound->value,
-                sprintf('Subject not found (%s)', $subject),
-                404,
-            );
-        }
-
-        $jwks = $client->getFederationJwks();
-        if (empty($jwks)) {
-            return $this->routes->newJsonErrorResponse(
-                ErrorsEnum::InvalidClient->value,
-                sprintf('Subject does not contain JWKS claim (%s)', $subject),
-                401,
-            );
-        }
-
-        $currentTimestamp = $this->helpers->dateTime()->getUtc()->getTimestamp();
-
-        $payload = [
-            ClaimsEnum::Iss->value => $this->moduleConfig->getIssuer(),
-            ClaimsEnum::Iat->value => $currentTimestamp,
-            ClaimsEnum::Jti->value => $this->helpers->random()->getIdentifier(),
-
-            ClaimsEnum::Sub->value => $subject,
-            ClaimsEnum::Exp->value => $this->helpers->dateTime()->getUtc()->add(
-                $this->moduleConfig->getFederationEntityStatementDuration(),
-            )->getTimestamp(),
-            ClaimsEnum::Jwks->value => $jwks,
-            ClaimsEnum::Metadata->value => [
-                EntityTypesEnum::OpenIdRelyingParty->value => [
-                    ClaimsEnum::ClientName->value => $client->getName(),
-                    ClaimsEnum::ClientId->value => $client->getIdentifier(),
-                    ClaimsEnum::RedirectUris->value => $client->getRedirectUris(),
-                    ClaimsEnum::Scope->value => implode(' ', $client->getScopes()),
-                    ClaimsEnum::ClientRegistrationTypes->value => $client->getClientRegistrationTypes(),
-                    // Optional claims...
-                    ...(array_filter(
-                        [
-                            ClaimsEnum::BackChannelLogoutUri->value => $client->getBackChannelLogoutUri(),
-                            ClaimsEnum::PostLogoutRedirectUris->value => $client->getPostLogoutRedirectUri(),
-                        ],
-                    )),
-                    // TODO v7 mivanci Continue
-                    // https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
-                    // https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata
-                ],
-            ],
-        ];
-
-        // TODO v7 mivanci Continue
-        // Note: claims which can be present in subordinate statements:
-        // * metadata_policy
-        // * constraints
-        // * metadata_policy_crit
-
-        $signingKeyPair = $this->moduleConfig
-            ->getFederationSignatureKeyPairBag()
-            ->getFirstOrFail();
-
-
-        $header = [
-            ClaimsEnum::Kid->value => $signingKeyPair->getKeyPair()->getKeyId(),
-        ];
-
-        $subordinateStatementToken = $this->federation->entityStatementFactory()->fromData(
-            $signingKeyPair->getKeyPair()->getPrivateKey(),
-            $signingKeyPair->getSignatureAlgorithm(),
-            $payload,
-            $header,
-        )->getToken();
-
-        $this->federationCache?->set(
-            $subordinateStatementToken,
-            $this->moduleConfig->getFederationEntityStatementCacheDurationForProduced(),
-            self::KEY_RP_SUBORDINATE_ENTITY_STATEMENT,
-            $subject,
-        );
-
-        return $this->prepareEntityStatementResponse($subordinateStatementToken);
-    }
-
     protected function prepareEntityStatementResponse(string $entityStatementToken): Response
     {
         return $this->routes->newResponse(

src/Controllers/Federation/SubordinateListingsController.php

@@ -10,7 +10,6 @@
 use SimpleSAML\Module\oidc\Controllers\Federation\EntityStatementController;
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
-use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\Module\oidc\Services\OpMetadataService;
@@ -25,7 +24,6 @@ class EntityStatementControllerTest extends TestCase
     protected MockObject $moduleConfigMock;
     protected MockObject $jwksMock;
     protected MockObject $opMetadataServiceMock;
-    protected MockObject $clientRepositoryMock;
     protected MockObject $helpersMock;
     protected MockObject $routesMock;
     protected MockObject $federationMock;
@@ -38,7 +36,6 @@ protected function setUp(): void
         $this->moduleConfigMock = $this->createMock(ModuleConfig::class);
         $this->jwksMock = $this->createMock(Jwks::class);
         $this->opMetadataServiceMock = $this->createMock(OpMetadataService::class);
-        $this->clientRepositoryMock = $this->createMock(ClientRepository::class);
         $this->helpersMock = $this->createMock(Helpers::class);
         $this->routesMock = $this->createMock(Routes::class);
         $this->federationMock = $this->createMock(Federation::class);
@@ -50,7 +47,6 @@ protected function sut(
         ?ModuleConfig $moduleConfig = null,
         ?Jwks $jwks = null,
         ?OpMetadataService $opMetadataService = null,
-        ?ClientRepository $clientRepository = null,
         ?Helpers $helpers = null,
         ?Routes $routes = null,
         ?Federation $federation = null,
@@ -60,7 +56,6 @@ protected function sut(
         $moduleConfig ??= $this->moduleConfigMock;
         $jwks ??= $this->jwksMock;
         $opMetadataService ??= $this->opMetadataServiceMock;
-        $clientRepository ??= $this->clientRepositoryMock;
         $helpers ??= $this->helpersMock;
         $routes ??= $this->routesMock;
         $federation ??= $this->federationMock;
@@ -71,7 +66,6 @@ protected function sut(
             $moduleConfig,
             $jwks,
             $opMetadataService,
-            $clientRepository,
             $helpers,
             $routes,
             $federation,