Add operation to update SAML provider configs. (#424)

Author: micahstairs

src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java

@@ -992,6 +992,7 @@ protected OidcProviderConfig execute() throws FirebaseAuthException {
    * @param request A non-null {@link OidcProviderConfig.UpdateRequest} instance.
    * @return A {@link OidcProviderConfig} instance corresponding to the updated provider config.
    * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
    * @throws FirebaseAuthException if an error occurs while updating the provider config.
    */
   public OidcProviderConfig updateOidcProviderConfig(
@@ -1006,6 +1007,8 @@ public OidcProviderConfig updateOidcProviderConfig(
    * @return An {@code ApiFuture} which will complete successfully with a {@link OidcProviderConfig}
    *     instance corresponding to the updated provider config. If an error occurs while updating
    *     the provider config, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
    */
   public ApiFuture<OidcProviderConfig> updateOidcProviderConfigAsync(
       @NonNull OidcProviderConfig.UpdateRequest request) {
@@ -1016,6 +1019,8 @@ private CallableOperation<OidcProviderConfig, FirebaseAuthException> updateOidcP
       final OidcProviderConfig.UpdateRequest request) {
     checkNotDestroyed();
     checkNotNull(request, "Update request must not be null.");
+    checkArgument(!request.getProperties().isEmpty(),
+        "Update request must have at least one property set.");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<OidcProviderConfig, FirebaseAuthException>() {
       @Override
@@ -1242,6 +1247,51 @@ protected SamlProviderConfig execute() throws FirebaseAuthException {
     };
   }
 
+  /**
+   * Updates an existing SAML Auth provider config with the attributes contained in the specified
+   * {@link OidcProviderConfig.UpdateRequest}.
+   *
+   * @param request A non-null {@link SamlProviderConfig.UpdateRequest} instance.
+   * @return A {@link SamlProviderConfig} instance corresponding to the updated provider config.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
+   * @throws FirebaseAuthException if an error occurs while updating the provider config.
+   */
+  public SamlProviderConfig updateSamlProviderConfig(
+      @NonNull SamlProviderConfig.UpdateRequest request) throws FirebaseAuthException {
+    return updateSamlProviderConfigOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #updateSamlProviderConfig} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link SamlProviderConfig.UpdateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link SamlProviderConfig}
+   *     instance corresponding to the updated provider config. If an error occurs while updating
+   *     the provider config, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
+   */
+  public ApiFuture<SamlProviderConfig> updateSamlProviderConfigAsync(
+      @NonNull SamlProviderConfig.UpdateRequest request) {
+    return updateSamlProviderConfigOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<SamlProviderConfig, FirebaseAuthException> updateSamlProviderConfigOp(
+      final SamlProviderConfig.UpdateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "Update request must not be null.");
+    checkArgument(!request.getProperties().isEmpty(),
+        "Update request must have at least one property set.");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<SamlProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected SamlProviderConfig execute() throws FirebaseAuthException {
+        return userManager.updateSamlProviderConfig(request);
+      }
+    };
+  }
+
   /**
    * Gets the SAML provider Auth config corresponding to the specified provider ID.
    *

src/main/java/com/google/firebase/auth/FirebaseUserManager.java

@@ -54,6 +54,7 @@
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * FirebaseUserManager provides methods for interacting with the Google Identity Toolkit via its
@@ -256,7 +257,7 @@ Tenant updateTenant(Tenant.UpdateRequest request) throws FirebaseAuthException {
     // CallableOperation.
     checkArgument(!properties.isEmpty(), "tenant update must have at least one property set");
     GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(request.getTenantId()));
-    url.put("updateMask", generateMask(properties));
+    url.put("updateMask", Joiner.on(",").join(generateMask(properties)));
     return sendRequest("PATCH", url, properties, Tenant.class);
   }
 
@@ -334,16 +335,21 @@ SamlProviderConfig createSamlProviderConfig(
   OidcProviderConfig updateOidcProviderConfig(OidcProviderConfig.UpdateRequest request)
       throws FirebaseAuthException {
     Map<String, Object> properties = request.getProperties();
-    // TODO(micahstairs): Move this check so that argument validation happens outside the
-    // CallableOperation.
-    checkArgument(!properties.isEmpty(),
-        "Provider config update must have at least one property set.");
     GenericUrl url =
         new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(request.getProviderId()));
-    url.put("updateMask", generateMask(properties));
+    url.put("updateMask", Joiner.on(",").join(generateMask(properties)));
     return sendRequest("PATCH", url, properties, OidcProviderConfig.class);
   }
 
+  SamlProviderConfig updateSamlProviderConfig(SamlProviderConfig.UpdateRequest request)
+      throws FirebaseAuthException {
+    Map<String, Object> properties = request.getProperties();
+    GenericUrl url =
+        new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(request.getProviderId()));
+    url.put("updateMask", Joiner.on(",").join(generateMask(properties)));
+    return sendRequest("PATCH", url, properties, SamlProviderConfig.class);
+  }
+
   OidcProviderConfig getOidcProviderConfig(String providerId) throws FirebaseAuthException {
     GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId));
     return sendRequest("GET", url, null, OidcProviderConfig.class);
@@ -384,12 +390,19 @@ void deleteSamlProviderConfig(String providerId) throws FirebaseAuthException {
     sendRequest("DELETE", url, null, GenericJson.class);
   }
 
-  private static String generateMask(Map<String, Object> properties) {
-    // This implementation does not currently handle the case of nested properties. This is fine
-    // since we do not currently generate masks for any properties with nested values. When it
-    // comes time to implement this, we can check if a property has nested properties by checking
-    // if it is an instance of the Map class.
-    return Joiner.on(",").join(ImmutableSortedSet.copyOf(properties.keySet()));
+  private static Set<String> generateMask(Map<String, Object> properties) {
+    ImmutableSortedSet.Builder<String> maskBuilder = ImmutableSortedSet.naturalOrder();
+    for (Map.Entry<String, Object> entry : properties.entrySet()) {
+      if (entry.getValue() instanceof Map) {
+        Set<String> childMask = generateMask((Map<String, Object>) entry.getValue());
+        for (String childProperty : childMask) {
+          maskBuilder.add(entry.getKey() + "." + childProperty);
+        }
+      } else {
+        maskBuilder.add(entry.getKey());
+      }
+    }
+    return maskBuilder.build();
   }
 
   private static String getTenantUrlSuffix(String tenantId) {

src/main/java/com/google/firebase/auth/SamlProviderConfig.java

@@ -71,6 +71,16 @@ public String getCallbackUrl() {
     return (String) spConfig.get("callbackUri");
   }
 
+  /**
+   * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this
+   * provider config.
+   *
+   * @return a non-null {@link UpdateRequest} instance.
+   */
+  public UpdateRequest updateRequest() {
+    return new UpdateRequest(getProviderId());
+  }
+
   static void checkSamlProviderId(String providerId) {
     checkArgument(!Strings.isNullOrEmpty(providerId), "Provider ID must not be null or empty.");
     checkArgument(providerId.startsWith("saml."),
@@ -201,4 +211,106 @@ CreateRequest getThis() {
       return this;
     }
   }
+
+  /**
+   * A specification class for updating an existing SAML Auth provider.
+   *
+   * <p>An instance of this class can be obtained via a {@link SamlProviderConfig} object, or from
+   * a provider ID string. Specify the changes to be made to the provider config by calling the
+   * various setter methods available in this class.
+   */
+  public static final class UpdateRequest extends AbstractUpdateRequest<UpdateRequest> {
+    /**
+     * Creates a new {@link UpdateRequest}, which can be used to updates an existing SAML Auth
+     * provider.
+     *
+     * <p>The returned object should be passed to
+     * {@link AbstractFirebaseAuth#updateSamlProviderConfig(UpdateRequest)} to update the provider
+     * information persistently.
+     *
+     * @param providerId a non-null, non-empty provider ID string.
+     * @throws IllegalArgumentException If the provider ID is null or empty, or is not prefixed with
+     *     'saml.'.
+     */
+    public UpdateRequest(String providerId) {
+      super(providerId);
+      checkSamlProviderId(providerId);
+    }
+
+    /**
+     * Sets the IDP entity ID for the existing provider.
+     *
+     * @param idpEntityId A non-null, non-empty IDP entity ID string.
+     * @throws IllegalArgumentException If the IDP entity ID is null or empty.
+     */
+    public UpdateRequest setIdpEntityId(String idpEntityId) {
+      checkArgument(!Strings.isNullOrEmpty(idpEntityId),
+          "IDP entity ID must not be null or empty.");
+      ensureNestedMap(properties, "idpConfig").put("idpEntityId", idpEntityId);
+      return this;
+    }
+
+    /**
+     * Sets the SSO URL for the existing provider.
+     *
+     * @param ssoUrl A non-null, non-empty SSO URL string.
+     * @throws IllegalArgumentException If the SSO URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public UpdateRequest setSsoUrl(String ssoUrl) {
+      checkArgument(!Strings.isNullOrEmpty(ssoUrl), "SSO URL must not be null or empty.");
+      assertValidUrl(ssoUrl);
+      ensureNestedMap(properties, "idpConfig").put("ssoUrl", ssoUrl);
+      return this;
+    }
+
+    /**
+     * Adds a x509 certificate to the existing provider.
+     *
+     * @param x509Certificate A non-null, non-empty x509 certificate string.
+     * @throws IllegalArgumentException If the x509 certificate is null or empty.
+     */
+    public UpdateRequest addX509Certificate(String x509Certificate) {
+      checkArgument(!Strings.isNullOrEmpty(x509Certificate),
+          "The x509 certificate must not be null or empty.");
+      Map<String, Object> idpConfigProperties = ensureNestedMap(properties, "idpConfig");
+      List<Object> x509Certificates = ensureNestedList(idpConfigProperties, "idpCertificates");
+      x509Certificates.add(ImmutableMap.<String, Object>of("x509Certificate", x509Certificate));
+      return this;
+    }
+
+    // TODO(micahstairs): Add 'addAllX509Certificates' method.
+
+    /**
+     * Sets the RP entity ID for the existing provider.
+     *
+     * @param rpEntityId A non-null, non-empty RP entity ID string.
+     * @throws IllegalArgumentException If the RP entity ID is null or empty.
+     */
+    public UpdateRequest setRpEntityId(String rpEntityId) {
+      checkArgument(!Strings.isNullOrEmpty(rpEntityId), "RP entity ID must not be null or empty.");
+      ensureNestedMap(properties, "spConfig").put("spEntityId", rpEntityId);
+      return this;
+    }
+
+    /**
+     * Sets the callback URL for the exising provider.
+     *
+     * @param callbackUrl A non-null, non-empty callback URL string.
+     * @throws IllegalArgumentException If the callback URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public UpdateRequest setCallbackUrl(String callbackUrl) {
+      checkArgument(!Strings.isNullOrEmpty(callbackUrl), "Callback URL must not be null or empty.");
+      assertValidUrl(callbackUrl);
+      ensureNestedMap(properties, "spConfig").put("callbackUri", callbackUrl);
+      return this;
+    }
+
+    // TODO(micahstairs): Add 'setRequestSigningEnabled' method.
+
+    UpdateRequest getThis() {
+      return this;
+    }
+  }
 }

src/test/java/com/google/firebase/auth/FirebaseAuthIT.java

@@ -708,7 +708,17 @@ public void testSamlProviderConfigLifecycle() throws Exception {
     assertEquals("RP_ENTITY_ID", config.getRpEntityId());
     assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
 
-    // TODO(micahstairs): Once implemented, add tests for updating the SAML provider config.
+    // Update provider config
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest(providerId)
+            .setDisplayName("NewDisplayName")
+            .setEnabled(false)
+            .addX509Certificate("certificate");
+    config = auth.updateSamlProviderConfigAsync(updateRequest).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("NewDisplayName", config.getDisplayName());
+    assertFalse(config.isEnabled());
+    assertEquals(ImmutableList.of("certificate"), config.getX509Certificates());
 
     // Delete provider config
     temporaryProviderConfig.deleteSamlProviderConfig(providerId);