Delete UNIQUE constraint on subject_dn column of iam_x509_cert table (#…

…672)

and replace it with a common index

iam-login-service/src/test/java/it/infn/mw/iam/test/ext_authn/x509/X509AuthenticationIntegrationTests.java

@@ -219,6 +219,9 @@ public void testx509AccountLinking() throws Exception {
     .andExpect(
         flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMsg)));
 
+    linkedAccount = iamAccountRepo.findByCertificateSubject(TEST_0_SUBJECT)
+        .orElseThrow(() -> new AssertionFailedError("Expected user linked to certificate not found"));
+
      assertThat(linkedAccount.getX509Certificates().size(), is(2));
 
   }
@@ -263,6 +266,9 @@ public void testx509AccountLinkingWithDifferentSubjectAndIssuer() throws Excepti
     .andExpect(
         flash().attribute(ACCOUNT_LINKING_DASHBOARD_MESSAGE_KEY, equalTo(confirmationMsg)));
 
+    linkedAccount = iamAccountRepo.findByCertificateSubject(TEST_1_SUBJECT)
+        .orElseThrow(() -> new AssertionFailedError("Expected user linked to certificate not found"));
+
      assertThat(linkedAccount.getX509Certificates().size(), is(2));
   }
 

iam-login-service/src/test/java/it/infn/mw/iam/test/ext_authn/x509/X509TestSupport.java

@@ -329,7 +329,7 @@ private HttpHeaders test0SSLHeaders(boolean verified, String verificationError)
   private HttpHeaders test2SSLHeaders(boolean verified, String verificationError) {
     HttpHeaders headers = new HttpHeaders();
     headers.add(DefaultX509AuthenticationCredentialExtractor.Headers.CLIENT_CERT.getHeader(),
-        TEST_0_CERT_STRING_NGINX);
+        TEST_1_CERT_STRING_NGINX);
 
     headers.add(DefaultX509AuthenticationCredentialExtractor.Headers.SUBJECT.getHeader(),
         TEST_1_SUBJECT);
@@ -365,7 +365,7 @@ private HttpHeaders test2SSLHeaders(boolean verified, String verificationError)
   private HttpHeaders test1SSLHeaders(boolean verified, String verificationError) {
     HttpHeaders headers = new HttpHeaders();
     headers.add(DefaultX509AuthenticationCredentialExtractor.Headers.CLIENT_CERT.getHeader(),
-        TEST_0_CERT_STRING_NGINX);
+        TEST_1_CERT_STRING_NGINX);
 
     headers.add(DefaultX509AuthenticationCredentialExtractor.Headers.SUBJECT.getHeader(),
         TEST_0_SUBJECT);

iam-persistence/src/main/java/it/infn/mw/iam/persistence/repository/IamAccountRepository.java

@@ -65,7 +65,7 @@ Optional<IamAccount> findByUsernameWithDifferentUUID(@Param("username") String u
   Optional<IamAccount> findByEmailWithDifferentUUID(@Param("emailAddress") String emailAddress,
       @Param("uuid") String uuid);
 
-  @Query("select a from IamAccount a join a.x509Certificates c where c.subjectDn = :subject")
+  @Query("select distinct a from IamAccount a join a.x509Certificates c where c.subjectDn = :subject")
   Optional<IamAccount> findByCertificateSubject(@Param("subject") String subject);
 
   @Query("select a from IamAccount a join a.x509Certificates c where c.certificate = :certificate")

iam-persistence/src/main/resources/db/migration/h2/V97__delete_unique_subject_dn.sql

@@ -0,0 +1,2 @@
+ALTER TABLE iam_x509_cert DROP CONSTRAINT CONSTRAINT_32;
+CREATE INDEX idx_subject_dn ON iam_x509_cert(subject_dn);

iam-persistence/src/main/resources/db/migration/mysql/V97__delete_unique_subject_dn.sql

@@ -0,0 +1,4 @@
+-- Drop unique constraint on subject dn
+ALTER TABLE iam_x509_cert DROP INDEX subject_dn;
+-- Add index on subject_dn
+ALTER TABLE iam_x509_cert ADD INDEX idx_subject_dn (subject_dn);