Skip to content

Commit

Permalink
[squash] changed structure for request-object related fields
Browse files Browse the repository at this point in the history
  • Loading branch information
Prarthona Paul committed Jun 5, 2024
1 parent 969b16e commit 8eeffe2
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 44 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import java.io.InputStream;
import java.security.PublicKey;
import java.util.concurrent.Callable;
import java.util.Map;

import org.apache.http.client.HttpClient;
import org.wildfly.common.iteration.CodePointIterator;
Expand Down Expand Up @@ -105,36 +106,6 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc
if (oidcJsonConfiguration.getScope() != null) {
oidcClientConfiguration.setScope(oidcJsonConfiguration.getScope());
}
if (oidcJsonConfiguration.getAuthenticationRequestFormat() != null) {
oidcClientConfiguration.setAuthenticationRequestFormat(oidcJsonConfiguration.getAuthenticationRequestFormat());
} else {
oidcClientConfiguration.setAuthenticationRequestFormat(OAUTH2.getValue());
}
if (oidcJsonConfiguration.getRequestObjectSigningAlgorithm() != null) {
oidcClientConfiguration.setRequestObjectSigningAlgorithm(oidcJsonConfiguration.getRequestObjectSigningAlgorithm());
} else {
oidcClientConfiguration.setRequestObjectSigningAlgorithm(NONE);
}
if (oidcJsonConfiguration.getRequestObjectEncryptionAlgValue() != null && oidcJsonConfiguration.getRequestObjectEncryptionEncValue() != null) { //both are required to encrypt the request object
oidcClientConfiguration.setRequestObjectEncryptionAlgValue(oidcJsonConfiguration.getRequestObjectEncryptionAlgValue());
oidcClientConfiguration.setRequestObjectEncryptionEncValue(oidcJsonConfiguration.getRequestObjectEncryptionEncValue());
JWKEncPublicKeyLocator encryptionPublicKeyLocator = new JWKEncPublicKeyLocator();
oidcClientConfiguration.setEncryptionPublicKeyLocator(encryptionPublicKeyLocator);
} else if (oidcClientConfiguration.getRequestObjectEncryptionAlgValue() != null || oidcClientConfiguration.getRequestObjectEncryptionEncValue() != null) { //if only one is specified, that is not correct
throw log.invalidRequestObjectEncryptionAlgorithmConfiguration();
}
if (oidcJsonConfiguration.getRequestObjectSigningKeyStoreFile() != null
&& oidcJsonConfiguration.getRequestObjectSigningKeyStorePassword() != null
&& oidcJsonConfiguration.getRequestObjectSigningKeyPassword() != null
&& oidcJsonConfiguration.getRequestObjectSigningKeyAlias() != null) {
oidcClientConfiguration.setRequestObjectSigningKeyStoreFile(oidcJsonConfiguration.getRequestObjectSigningKeyStoreFile());
oidcClientConfiguration.setRequestObjectSigningKeyStorePassword(oidcJsonConfiguration.getRequestObjectSigningKeyStorePassword());
oidcClientConfiguration.setRequestObjectSigningKeyPassword(oidcJsonConfiguration.getRequestObjectSigningKeyPassword());
oidcClientConfiguration.setRequestObjectSigningKeyAlias(oidcJsonConfiguration.getRequestObjectSigningKeyAlias());
if (oidcJsonConfiguration.getRequestObjectSigningKeyStoreType() != null) {
oidcClientConfiguration.setRequestObjectSigningKeyStoreType(oidcJsonConfiguration.getRequestObjectSigningKeyStoreType());
}
}
if (oidcJsonConfiguration.getPrincipalAttribute() != null) oidcClientConfiguration.setPrincipalAttribute(oidcJsonConfiguration.getPrincipalAttribute());

oidcClientConfiguration.setResourceCredentials(oidcJsonConfiguration.getCredentials());
Expand Down Expand Up @@ -171,6 +142,38 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc
oidcClientConfiguration.setIgnoreOAuthQueryParameter(oidcJsonConfiguration.isIgnoreOAuthQueryParameter());
oidcClientConfiguration.setRewriteRedirectRules(oidcJsonConfiguration.getRedirectRewriteRules());
oidcClientConfiguration.setVerifyTokenAudience(oidcJsonConfiguration.isVerifyTokenAudience());
Map<String, String> authenticationRequest = oidcJsonConfiguration.getAuthenticationRequest();
if (authenticationRequest!= null) {
if (authenticationRequest.get("authentication-request-format") != null)
oidcClientConfiguration.setAuthenticationRequestFormat(authenticationRequest.get("authentication-request-format"));
else
oidcClientConfiguration.setAuthenticationRequestFormat(OAUTH2.getValue());
if (authenticationRequest.get("request-object-encryption-enc-value") != null && authenticationRequest.get("request-object-encryption-alg-value") != null) { //both are required to encrypt the request object
oidcClientConfiguration.setRequestObjectEncryptionEncValue(authenticationRequest.get("request-object-encryption-enc-value"));
oidcClientConfiguration.setRequestObjectEncryptionAlgValue(authenticationRequest.get("request-object-encryption-alg-value"));
JWKEncPublicKeyLocator encryptionPublicKeyLocator = new JWKEncPublicKeyLocator();
oidcClientConfiguration.setEncryptionPublicKeyLocator(encryptionPublicKeyLocator);
} else if (authenticationRequest.get("request-object-encryption-enc-value") != null || authenticationRequest.get("request-object-encryption-alg-value") != null) { //if only one is specified, that is not correct
throw log.invalidRequestObjectEncryptionAlgorithmConfiguration();
}
if (authenticationRequest.get("authentication-request-signing-algorithm") != null)
oidcClientConfiguration.setRequestObjectSigningAlgorithm(authenticationRequest.get("request-object-signing-algorithm"));
else
oidcClientConfiguration.setRequestObjectSigningAlgorithm(NONE);
if (authenticationRequest.get("request-object-signing-key-alias") != null
&& authenticationRequest.get("request-object-signing-key-password") != null
&& authenticationRequest.get("request-object-signing-keystore-file") != null
&& authenticationRequest.get("request-object-signing-keystore-password") != null) {
oidcClientConfiguration.setRequestObjectSigningKeyAlias(authenticationRequest.get("request-object-signing-key-alias"));
oidcClientConfiguration.setRequestObjectSigningKeyPassword(authenticationRequest.get("request-object-signing-key-password"));
oidcClientConfiguration.setRequestObjectSigningKeyStoreFile(authenticationRequest.get("request-object-signing-keystore-file"));
oidcClientConfiguration.setRequestObjectSigningKeyStorePassword(authenticationRequest.get("request-object-signing-keystore-password"));
if (authenticationRequest.get("request-object-signing-keystore-type") != null)
oidcClientConfiguration.setRequestObjectSigningKeyStoreType(authenticationRequest.get("request-object-signing-keystore-type"));
}
} else {
oidcClientConfiguration.setAuthenticationRequestFormat(OAUTH2.getValue());
}

if (realmKeyPem == null && oidcJsonConfiguration.isBearerOnly()
&& (oidcJsonConfiguration.getAuthServerUrl() == null && oidcJsonConfiguration.getProviderUrl() == null)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value",
"request-object-encryption-enc-value", "request-object-signing-keystore-file",
"request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias",
"request-object-signing-keystore-type"
"request-object-signing-keystore-type", "authentication-request"
})
public class OidcJsonConfiguration {

Expand Down Expand Up @@ -138,6 +138,8 @@ public class OidcJsonConfiguration {
protected Map<String, Object> credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
@JsonProperty("redirect-rewrite-rules")
protected Map<String, String> redirectRewriteRules;
@JsonProperty("authentication-request")
protected Map<String, String> authenticationRequest;
@JsonProperty("realm")
protected String realm;
@JsonProperty("realm-public-key")
Expand Down Expand Up @@ -569,6 +571,14 @@ public void setRedirectRewriteRules(Map<String, String> redirectRewriteRules) {
this.redirectRewriteRules = redirectRewriteRules;
}

public Map<String, String> getAuthenticationRequest() {
return authenticationRequest;
}

public void setAuthenticationRequest(Map<String, String> authenticationRequest) {
this.authenticationRequest = authenticationRequest;
}

public String getTokenSignatureAlgorithm() {
return tokenSignatureAlgorithm;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -768,13 +768,15 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r
" \"public-client\" : \"false\",\n" +
" \"ssl-required\" : \"EXTERNAL\",\n" +
" \"ssl-required\" : \"EXTERNAL\",\n" +
" \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
" \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
" \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
" \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" +
" \"scope\" : \"profile email phone\",\n" +
" \"credentials\" : {\n" +
" \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
" },\n" +
" \"authentication-request\" : {\n" +
" \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
" \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
" \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
" \"request-object-encryption-enc-value\" : \"" + encMethod + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
Expand All @@ -786,18 +788,20 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r
" \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
" \"public-client\" : \"false\",\n" +
" \"ssl-required\" : \"EXTERNAL\",\n" +
" \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
" \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
" \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
" \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" +
" \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" +
" \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" +
" \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" +
" \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" +
" \"request-object-signing-key-alias\" : \"" + alias + "\",\n" +
" \"scope\" : \"email phone profile\",\n" +
" \"credentials\" : {\n" +
" \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
" },\n" +
" \"authentication-request\" : {\n" +
" \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
" \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
" \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
" \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" +
" \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" +
" \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" +
" \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" +
" \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" +
" \"request-object-signing-key-alias\" : \"" + alias + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
Expand Down

0 comments on commit 8eeffe2

Please sign in to comment.