Remove certificate data from SAML entities

Certificate data is no longer visible on SPD, if the value is set in
Manage, SPD will not overwrite it.

In addition to Form and Command logic, some validators and other helper
utils have been removed

See: https://www.pivotaltracker.com/story/show/186341612

ci/qa/phpstan-baseline.php

@@ -611,11 +611,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/../../src/Surfnet/ServiceProviderDashboard/Application/Factory/EntityDetailFactory.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Cannot call method getCertData\\(\\) on Surfnet\\\\ServiceProviderDashboard\\\\Domain\\\\Entity\\\\Entity\\\\MetaData\\|null\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/../../src/Surfnet/ServiceProviderDashboard/Application/Factory/EntityDetailFactory.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Cannot call method getContacts\\(\\) on Surfnet\\\\ServiceProviderDashboard\\\\Domain\\\\Entity\\\\Entity\\\\MetaData\\|null\\.$#',
 	'count' => 3,
@@ -886,11 +881,6 @@
 	'count' => 2,
 	'path' => __DIR__ . '/../../src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Cannot call method getCertData\\(\\) on Surfnet\\\\ServiceProviderDashboard\\\\Domain\\\\Entity\\\\Entity\\\\MetaData\\|null\\.$#',
-	'count' => 4,
-	'path' => __DIR__ . '/../../src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Cannot call method getContacts\\(\\) on Surfnet\\\\ServiceProviderDashboard\\\\Domain\\\\Entity\\\\Entity\\\\MetaData\\|null\\.$#',
 	'count' => 6,
@@ -4501,11 +4491,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/../../src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Factory/SaveCommandFactory.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Cannot call method getCertData\\(\\) on Surfnet\\\\ServiceProviderDashboard\\\\Domain\\\\Entity\\\\Entity\\\\MetaData\\|null\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/../../src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Factory/SaveCommandFactory.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Cannot call method getClientSecret\\(\\) on Surfnet\\\\ServiceProviderDashboard\\\\Domain\\\\Entity\\\\Entity\\\\OidcClientInterface\\|null\\.$#',
 	'count' => 3,

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveEntityCommandInterface.php

@@ -60,8 +60,6 @@ public function getApplicationUrl(): ?string;
 
     public function getEulaUrl(): ?string;
 
-    public function getCertificate(): ?string;
-
     public function getLogoUrl(): ?string;
 
     public function getComments(): ?string;

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveOauthClientCredentialClientCommand.php

@@ -522,11 +522,6 @@ public function getMetadataUrl(): ?string
         return null;
     }
 
-    public function getCertificate(): ?string
-    {
-        return null;
-    }
-
     public function getNameIdFormat(): string
     {
         return $this->getSubjectType();

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveOidcngEntityCommand.php

@@ -678,11 +678,6 @@ public function getMetadataUrl(): ?string
         return null;
     }
 
-    public function getCertificate(): ?string
-    {
-        return null;
-    }
-
     public function getNameIdFormat(): string
     {
         return $this->getSubjectType();

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveOidcngResourceServerEntityCommand.php

@@ -435,11 +435,6 @@ public function getEulaUrl(): ?string
         return null;
     }
 
-    public function getCertificate(): ?string
-    {
-        return null;
-    }
-
     public function getLogoUrl(): ?string
     {
         return null;

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveSamlEntityCommand.php

@@ -82,9 +82,6 @@ class SaveSamlEntityCommand implements SaveEntityCommandInterface
     #[Assert\NotBlank]
     private string $entityId;
 
-    #[SpDashboardAssert\ValidSSLCertificate()]
-    private ?string $certificate = null;
-
     #[SpDashboardAssert\ValidLogo()]
     #[Assert\Url]
     #[Assert\NotBlank]
@@ -292,16 +289,6 @@ public function setEntityId(string $entityId): void
         $this->entityId = $entityId;
     }
 
-    public function getCertificate(): ?string
-    {
-        return $this->certificate;
-    }
-
-    public function setCertificate(?string $certificate): void
-    {
-        $this->certificate = $certificate;
-    }
-
     public function getLogoUrl(): ?string
     {
         return $this->logoUrl;

src/Surfnet/ServiceProviderDashboard/Application/CommandHandler/Entity/LoadMetadataCommandHandler.php

@@ -86,7 +86,6 @@ private function mapTextFields(
             'descriptionNl' => ['getDescriptionNl', 'setDescriptionNl'],
             'descriptionEn' => ['getDescriptionEn', 'setDescriptionEn'],
             'applicationUrlEn' => ['getApplicationUrl', 'setApplicationUrl'],
-            'certificate' => ['getCertificate', 'setCertificate'],
         ];
 
         $this->map($map, $command, $metadata);

src/Surfnet/ServiceProviderDashboard/Application/Factory/EntityDetailFactory.php

@@ -81,7 +81,6 @@ public function buildFrom(ManageEntity $manageEntity): EntityDetail
             $manageEntity->getMetaData()->getAcsLocations(),
             $manageEntity->getMetaData()->getEntityId(),
             $manageEntity->getProtocol()->getProtocol(),
-            $manageEntity->getMetaData()->getCertData(),
             $logo,
             $manageEntity->getMetaData()->getNameNl(),
             $manageEntity->getMetaData()->getNameEn(),

src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator.php

@@ -213,7 +213,6 @@ private function generateMetadataFields(ManageEntity $entity): array
 
         $metadata['NameIDFormat'] = $entity->getMetaData()->getNameIdFormat();
         $metadata['coin:signature_method'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
-        $metadata = array_merge($metadata, $this->generateCertDataMetadata($entity));
 
         // When publishing to production, the coin:exclude_from_push must be present and set to '1'. This prevents the
         // entity from being pushed to EngineBlock. Once the entity is checked a final time, the flag is set to 0
@@ -231,31 +230,6 @@ private function generateMetadataFields(ManageEntity $entity): array
         return $metadata;
     }
 
-    private function generateCertDataMetadata(ManageEntity $entity): array
-    {
-        $metadata = [];
-        if ($entity->getMetaData()->getCertData() !== null
-            && $entity->getMetaData()->getCertData() !== ''
-            && $entity->getMetaData()->getCertData() !== '0') {
-            $metadata['certData'] = $this->stripCertificateEnvelope(
-                $entity->getMetaData()->getCertData()
-            );
-        }
-
-        return $metadata;
-    }
-
-    /**
-     * Strip header and footer from certificate data.
-     */
-    private function stripCertificateEnvelope(string $certData): string
-    {
-        $certData = str_replace('-----BEGIN CERTIFICATE-----', '', $certData);
-        $certData = str_replace('-----END CERTIFICATE-----', '', $certData);
-
-        return trim($certData);
-    }
-
     private function generateAllContactsMetadata(ManageEntity $entity): array
     {
         $metadata = [];

src/Surfnet/ServiceProviderDashboard/Application/Service/EntityMergeService.php

@@ -65,7 +65,6 @@ public function mergeEntityCommand(
             $command->getMetadataUrl(),
             $command->getAcsLocations(),
             $command->getNameIdFormat(),
-            $command->getCertificate(),
             $command->getDescriptionEn(),
             $command->getDescriptionNl(),
             $command->getNameEn(),

src/Surfnet/ServiceProviderDashboard/Application/ViewObject/EntityDetail.php

@@ -41,7 +41,6 @@ public function __construct(
         private readonly array $acsLocations,
         private readonly string $entityId,
         private readonly string $protocol,
-        private readonly string $certificate,
         private readonly ?string $logoUrl,
         private readonly string $nameNl,
         private readonly string $nameEn,
@@ -91,11 +90,6 @@ public function getEntityId(): string
         return $this->entityId;
     }
 
-    public function getCertificate(): string
-    {
-        return $this->certificate;
-    }
-
     /**
      * @return string
      */

src/Surfnet/ServiceProviderDashboard/Domain/Entity/Entity/MetaData.php

@@ -40,7 +40,6 @@ public static function fromApiResponse(array $data): self
         $metaDataUrl = $data['data']['metadataurl'] ?? '';
         $acsLocations = self::getAcsLocationsFromMetaDataFields($metaDataFields);
         $nameIdFormat = $metaDataFields['NameIDFormat'] ?? '';
-        $certData = $metaDataFields['certData'] ?? '';
         $descriptionEn = $metaDataFields['description:en'] ?? '';
         $descriptionNl = $metaDataFields['description:nl'] ?? '';
         $nameEn = $metaDataFields['name:en'] ?? '';
@@ -50,7 +49,6 @@ public static function fromApiResponse(array $data): self
         Assert::string($metaDataUrl);
         Assert::allString($acsLocations);
         Assert::string($nameIdFormat);
-        Assert::string($certData);
         Assert::string($descriptionEn);
         Assert::string($descriptionNl);
         Assert::string($nameEn);
@@ -74,7 +72,6 @@ public static function fromApiResponse(array $data): self
             $metaDataUrl,
             $acsLocations,
             $nameIdFormat,
-            $certData,
             $descriptionEn,
             $descriptionNl,
             $nameEn,
@@ -94,7 +91,6 @@ public function __construct(
         private ?string $metaDataUrl,
         private ?array $acsLocations,
         private ?string $nameIdFormat,
-        private ?string $certData,
         private ?string $descriptionEn,
         private ?string $descriptionNl,
         private ?string $nameEn,
@@ -131,11 +127,6 @@ public function getNameIdFormat(): ?string
         return $this->nameIdFormat;
     }
 
-    public function getCertData(): ?string
-    {
-        return $this->certData;
-    }
-
     public function getDescriptionEn(): ?string
     {
         return $this->descriptionEn;
@@ -186,7 +177,6 @@ public function merge(MetaData $metaData): void
         $this->metaDataUrl = is_null($metaData->getMetaDataUrl()) ? null : $metaData->getMetaDataUrl();
         $this->acsLocations = is_null($metaData->getAcsLocations()) ? null : $metaData->getAcsLocations();
         $this->nameIdFormat = is_null($metaData->getNameIdFormat()) ? null : $metaData->getNameIdFormat();
-        $this->certData = is_null($metaData->getCertData()) ? null : $metaData->getCertData();
         $this->descriptionEn = is_null($metaData->getDescriptionEn()) ? null : $metaData->getDescriptionEn();
         $this->descriptionNl = is_null($metaData->getDescriptionNl()) ? null : $metaData->getDescriptionNl();
         $this->nameEn = is_null($metaData->getNameEn()) ? null : $metaData->getNameEn();
@@ -228,7 +218,6 @@ public function asArray(): array
             'entityid' => $this->getEntityId(),
             'metadataurl' => $this->getMetaDataUrl(),
             'metaDataFields.NameIDFormat' => $this->getNameIdFormat(),
-            'metaDataFields.certData' => $this->getCertData(),
             'metaDataFields.description:nl' => $this->getDescriptionNl(),
             'metaDataFields.description:en' => $this->getDescriptionEn(),
             'metaDataFields.name:nl' => $this->getNameNl(),

src/Surfnet/ServiceProviderDashboard/Domain/ValueObject/Metadata.php

@@ -37,11 +37,6 @@ class Metadata
      */
     public $entityId;
 
-    /**
-     * @var string
-     */
-    public $certificate;
-
     /**
      * @var string
      */

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Form/Entity/SamlEntityType.php

@@ -164,17 +164,6 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                             ],
                         ]
                     )
-                    ->add(
-                        'certificate',
-                        TextareaType::class,
-                        [
-                            'required' => false,
-                            'attr' => [
-                                'data-help' => 'entity.edit.information.certificate',
-                                'rows' => 10,
-                            ],
-                        ]
-                    )
                     ->add(
                         'logoUrl',
                         TextType::class,

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Resources/translations/messages.en.yml

@@ -59,7 +59,6 @@ entity:
       name_id_format: NameID format
       type_of_service: Type of service
       subject_type: Subject type
-      certificate: Certificate
       logo_url: Logo URL
       name_nl: Name NL
       description_nl: Description NL
@@ -160,7 +159,7 @@ In the following pages we will ask you to submit the necessary information that
 <li>Various contacts responsible for the entity. Support, administrative and technical
 should be present.</li>
 <li>Information about SAML 2.0 configuration.</li>
-<li>Metadata information including URL, certificate and logo of your entity.</li>
+<li>Metadata information including URL and logo of your entity.</li>
 <li>A list of the attributes your Service Provider requires to operate.</li>
 </ul>
 
@@ -228,7 +227,7 @@ In the following pages we will ask you to submit the necessary information that
 <li>Various contacts responsible for the entity. Support, administrative and technical
 should be present.</li>
 <li>Information about SAML 2.0 configuration.</li>
-<li>Metadata information including URL, certificate and logo of your entity.</li>
+<li>Metadata information including URL and logo of your entity.</li>
 <li>A list of the attributes your Service Provider requires to operate.</li>
 </ul>
 "
@@ -243,7 +242,7 @@ In the following pages we will ask you to submit the necessary information that
 <li>Various contacts responsible for the entity. Support, administrative and technical
 should be present.</li>
 <li>Information about SAML 2.0 configuration.</li>
-<li>Metadata information including URL, certificate and logo of your entity.</li>
+<li>Metadata information including URL and logo of your entity.</li>
 <li>A list of the attributes your Service Provider requires to operate.</li>
 </ul>
 "
@@ -258,7 +257,7 @@ In the following pages we will ask you to submit the necessary information that
 <li>Various contacts responsible for the entity. Support, administrative and technical
 should be present.</li>
 <li>Information about SAML 2.0 configuration.</li>
-<li>Metadata information including URL, certificate and logo of your entity.</li>
+<li>Metadata information including URL and logo of your entity.</li>
 <li>A list of the attributes your Service Provider requires to operate.</li>
 </ul>
 "
@@ -354,7 +353,6 @@ entity.edit.information.resourceServers: Text should be set in web translations
 entity.edit.information.redirectUrls: Text should be set in web translations
 entity.edit.information.isPublicClient: Text should be set in web translations
 entity.edit.information.pastedMetadata: Text should be set in web translations
-entity.edit.information.certificate: Text should be set in web translations
 entity.edit.information.logoUrl: Text should be set in web translations
 entity.edit.information.nameNl: Text should be set in web translations
 entity.edit.information.descriptionNl: Text should be set in web translations

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Resources/translations/validators.en.yml

@@ -4,9 +4,6 @@ validator.attribute.at_least_one_attribute_required: 'At least one attribute mus
 validator.logo.wrong_type: 'Logo should be a PNG or GIF image.'
 validator.logo.not_an_image: 'Logo is not a valid image. Press question mark for details.'
 validator.logo.download_failed: 'The logo could not be downloaded to the server.'
-validator.ssl_certificate.not_valid: 'The certificate is not valid.'
-validator.ssl_certificate.unknown_key_length: 'Cannot determine key length.'
-validator.ssl_certificate.wrong_key_length: 'Key length is %length% bit, it should be 2048 bit or more.'
 validator.entity_id.invalid_url: 'Invalid metadataUrl.'
 validator.entity_id.invalid_entity_id: 'Invalid entityId.'
 validator.entity_id.registry_failure: 'Failed checking registry.'