From 1bd22e4cbcef9e91a489cbd7b712e0886c26b834 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Tue, 26 Sep 2023 12:28:46 +0530 Subject: [PATCH 01/23] Support new OAuth attributes in the DCR endpoint --- .../endpoint/dto/RegistrationRequestDTO.java | 219 +++++++++++++++++- .../dcr/endpoint/dto/UpdateRequestDTO.java | 171 ++++++++++++-- .../oauth2/dcr/endpoint/util/DCRMUtils.java | 26 +++ .../api.identity.oauth.dcr.endpoint.yaml | 44 ++++ .../bean/ApplicationRegistrationRequest.java | 164 +++++++++++++ .../oauth/dcr/service/DCRMService.java | 53 +++++ .../carbon/identity/oauth/dao/OAuthAppDO.java | 125 ++++++++++ .../oauth/dto/OAuthConsumerAppDTO.java | 127 +++++++++- 8 files changed, 895 insertions(+), 34 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java index acc2606301..a68c637502 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java @@ -1,11 +1,11 @@ package org.wso2.carbon.identity.oauth2.dcr.endpoint.dto; -import com.fasterxml.jackson.annotation.JsonProperty; -import io.swagger.annotations.ApiModel; -import io.swagger.annotations.ApiModelProperty; - import java.util.ArrayList; import java.util.List; + +import io.swagger.annotations.*; +import com.fasterxml.jackson.annotation.*; + import javax.validation.constraints.NotNull; @@ -40,14 +40,30 @@ public class RegistrationRequestDTO { private boolean extPkceMandatory; private boolean extPkceSupportPlain; private boolean extPublicClient; - + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSigningAlg = null; + private String sectorIdentifierUri = null; + private String idTokenSignedResponseAlg = null; + private String idTokenEncryptedResponseAlg = null; + private String idTokenEncryptedResponseEnc = null; + private String authorizationEncryptedResponseAlg = null; + private String authorizationSignedResponseAlg = null; + private String authorizationEncryptedResponseEnc = null; + private String requestObjectSigningAlg = null; + private String tlsClientAuthSubjectDn = null; + private boolean requirePushAuthorizationRequest; + private boolean requireSignedRequestObject; + private boolean tlsClientCertificateBoundAccessToken; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; + private String softwareStatement; @ApiModelProperty(required = true) @JsonProperty("redirect_uris") public List getRedirectUris() { return redirectUris; } - public void setRedirectUris(List redirectUris) { this.redirectUris = redirectUris; } @@ -57,7 +73,6 @@ public void setRedirectUris(List redirectUris) { public String getClientName() { return clientName; } - public void setClientName(String clientName) { this.clientName = clientName; } @@ -67,7 +82,6 @@ public void setClientName(String clientName) { public List getGrantTypes() { return grantTypes; } - public void setGrantTypes(List grantTypes) { this.grantTypes = grantTypes; } @@ -77,7 +91,6 @@ public void setGrantTypes(List grantTypes) { public String getApplicationType() { return applicationType; } - public void setApplicationType(String applicationType) { this.applicationType = applicationType; } @@ -295,6 +308,176 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_method") + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_signing_alg") + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("sector_identifier_uri") + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_signed_response_alg") + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_alg") + public String getIdTokenEncryptedResponseAlg() { + return idTokenEncryptedResponseAlg; + } + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { + this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_enc") + public String getIdTokenEncryptedResponseEnc() { + return idTokenEncryptedResponseEnc; + } + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { + this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_encrypted_response_alg") + public String getAuthorizationEncryptedResponseAlg() { + return authorizationEncryptedResponseAlg; + } + public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { + this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_signed_response_alg") + public String getAuthorizationSignedResponseAlg() { + return authorizationSignedResponseAlg; + } + public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { + this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_encrypted_response_enc") + public String getAuthorizationEncryptedResponseEnc() { + return authorizationEncryptedResponseEnc; + } + public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { + this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_signing_alg") + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_auth_subject_dn") + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_pushed_authorization_requests") + public boolean isRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + + public void setRequirePushAuthorizationRequest(boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_signed_request_object") + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_certificate_bound_access_tokens") + public boolean isTlsClientCertificateBoundAccessToken() { + return tlsClientCertificateBoundAccessToken; + } + + public void setTlsClientCertificateBoundAccessToken(boolean tlsClientCertificateBoundAccessToken) { + this.tlsClientCertificateBoundAccessToken = tlsClientCertificateBoundAccessToken; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject_type") + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_alg") + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_enc") + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + @ApiModelProperty(value = "") + @JsonProperty("software_statement") + public String getSoftwareStatement() { + return softwareStatement; + } + + public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; + } + @Override public String toString() { StringBuilder sb = new StringBuilder(); @@ -326,6 +509,24 @@ public String toString() { sb.append(" ext_pkce_mandatory: ").append(extPkceMandatory).append("\n"); sb.append(" ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n"); sb.append(" ext_public_client: ").append(extPublicClient).append("\n"); + sb.append(" tokenEndpointAuthMethod: ").append(tokenEndpointAuthMethod).append("\n"); + sb.append(" tokenEndpointAuthSigningAlg: ").append(tokenEndpointAuthSigningAlg).append("\n"); + sb.append(" sectorIdentifierUri: ").append(sectorIdentifierUri).append("\n"); + sb.append(" idTokenSignedResponseAlg: ").append(idTokenSignedResponseAlg).append("\n"); + sb.append(" idTokenEncryptedResponseAlg: ").append(idTokenEncryptedResponseAlg).append("\n"); + sb.append(" idTokenEncryptedResponseEnc: ").append(idTokenEncryptedResponseEnc).append("\n"); + sb.append(" authorizationEncryptedResponseAlg: ").append(authorizationEncryptedResponseAlg).append("\n"); + sb.append(" authorizationSignedResponseAlg: ").append(authorizationSignedResponseAlg).append("\n"); + sb.append(" authorizationEncryptedResponseEnc: ").append(authorizationEncryptedResponseEnc).append("\n"); + sb.append(" requestObjectSigningAlg: ").append(requestObjectSigningAlg).append("\n"); + sb.append(" tlsClientAuthSubjectDn: ").append(tlsClientAuthSubjectDn).append("\n"); + sb.append(" require_signed_request_object: ").append(requireSignedRequestObject).append("\n"); + sb.append(" require_pushed_authorization_requests: ").append(requirePushAuthorizationRequest).append("\n"); + sb.append(" tls_client_certificate_bound_access_tokens: ") + .append(tlsClientCertificateBoundAccessToken).append("\n"); + sb.append(" subject_type: ").append(subjectType).append("\n"); + sb.append(" request_object_encryption_alg: ").append(requestObjectEncryptionAlgorithm).append("\n"); + sb.append(" request_object_encryption_enc").append(requestObjectEncryptionMethod).append("\n"); sb.append("}\n"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java index 00383b17b7..8959cf34cc 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java @@ -1,14 +1,15 @@ package org.wso2.carbon.identity.oauth2.dcr.endpoint.dto; -import com.fasterxml.jackson.annotation.JsonProperty; -import io.swagger.annotations.ApiModel; -import io.swagger.annotations.ApiModelProperty; - import java.util.ArrayList; import java.util.List; +import io.swagger.annotations.*; +import com.fasterxml.jackson.annotation.*; + +import javax.validation.constraints.NotNull; + -@ApiModel +@ApiModel(description = "") public class UpdateRequestDTO { private List redirectUris = new ArrayList<>(); @@ -28,8 +29,19 @@ public class UpdateRequestDTO { private boolean extPkceMandatory; private boolean extPkceSupportPlain; private boolean extPublicClient; - - @ApiModelProperty + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSigningAlg = null; + private String sectorIdentifierUri = null; + private String idTokenSignedResponseAlg = null; + private String idTokenEncryptedResponseAlg = null; + private String idTokenEncryptedResponseEnc = null; + private String authorizationEncryptedResponseAlg = null; + private String authorizationSignedResponseAlg = null; + private String authorizationEncryptedResponseEnc = null; + private String requestObjectSigningAlg = null; + private String tlsClientAuthSubjectDn = null; + + @ApiModelProperty(value = "") @JsonProperty("redirect_uris") public List getRedirectUris() { return redirectUris; @@ -198,28 +210,139 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_method") + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_signing_alg") + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("sector_identifier_uri") + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_signed_response_alg") + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_alg") + public String getIdTokenEncryptedResponseAlg() { + return idTokenEncryptedResponseAlg; + } + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { + this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_enc") + public String getIdTokenEncryptedResponseEnc() { + return idTokenEncryptedResponseEnc; + } + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { + this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_encrypted_response_alg") + public String getAuthorizationEncryptedResponseAlg() { + return authorizationEncryptedResponseAlg; + } + public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { + this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_signed_response_alg") + public String getAuthorizationSignedResponseAlg() { + return authorizationSignedResponseAlg; + } + public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { + this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_encrypted_response_enc") + public String getAuthorizationEncryptedResponseEnc() { + return authorizationEncryptedResponseEnc; + } + public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { + this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_signing_alg") + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_auth_subject_dn") + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class UpdateRequestDTO {\n"); - sb.append(" redirect_uris: ").append(redirectUris).append("\n"); - sb.append(" client_name: ").append(clientName).append("\n"); - sb.append(" grant_types: ").append(grantTypes).append("\n"); - sb.append(" token_type_extension: ").append(tokenType).append("\n"); - sb.append(" client_id: ").append(clientId).append("\n"); - sb.append(" client_secret: ").append(clientSecret).append("\n"); - sb.append(" backchannel_logout_uri: ").append(backchannelLogoutUri).append("\n"); - sb.append(" backchannel_logout_session_required: ").append(backchannelLogoutSessionRequired).append("\n"); - sb.append(" ext_application_display_name: ").append(extApplicationDisplayName).append("\n"); - sb.append(" ext_application_owner: ").append(extApplicationOwner).append("\n"); - sb.append(" ext_application_token_lifetime: ").append(extApplicationTokenLifetime).append("\n"); - sb.append(" ext_user_token_lifetime: ").append(extUserTokenLifetime).append("\n"); - sb.append(" ext_refresh_token_lifetime: ").append(extRefreshTokenLifetime).append("\n"); - sb.append(" ext_id_token_lifetime: ").append(extIdTokenLifetime).append("\n"); - sb.append(" ext_pkce_mandatory: ").append(extPkceMandatory).append("\n"); - sb.append(" ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n"); - sb.append(" ext_public_client: ").append(extPublicClient).append("\n"); + sb.append(" redirectUris: ").append(redirectUris).append("\n"); + sb.append(" clientName: ").append(clientName).append("\n"); + sb.append(" clientId: ").append(clientId).append("\n"); + sb.append(" clientSecret: ").append(clientSecret).append("\n"); + sb.append(" grantTypes: ").append(grantTypes).append("\n"); + sb.append(" backchannelLogoutUri: ").append(backchannelLogoutUri).append("\n"); + sb.append(" backchannelLogoutSessionRequired: ").append(backchannelLogoutSessionRequired).append("\n"); + sb.append(" extApplicationDisplayName: ").append(extApplicationDisplayName).append("\n"); + sb.append(" tokenTypeExtension: ").append(tokenType).append("\n"); + sb.append(" extApplicationOwner: ").append(extApplicationOwner).append("\n"); + sb.append(" extApplicationTokenLifetime: ").append(extApplicationTokenLifetime).append("\n"); + sb.append(" extUserTokenLifetime: ").append(extUserTokenLifetime).append("\n"); + sb.append(" extRefreshTokenLifetime: ").append(extRefreshTokenLifetime).append("\n"); + sb.append(" extIdTokenLifetime: ").append(extIdTokenLifetime).append("\n"); + sb.append(" extPkceMandatory: ").append(extPkceMandatory).append("\n"); + sb.append(" extPkceSupportPlain: ").append(extPkceSupportPlain).append("\n"); + sb.append(" extPublicClient: ").append(extPublicClient).append("\n"); + sb.append(" tokenEndpointAuthMethod: ").append(tokenEndpointAuthMethod).append("\n"); + sb.append(" tokenEndpointAuthSigningAlg: ").append(tokenEndpointAuthSigningAlg).append("\n"); + sb.append(" sectorIdentifierUri: ").append(sectorIdentifierUri).append("\n"); + sb.append(" idTokenSignedResponseAlg: ").append(idTokenSignedResponseAlg).append("\n"); + sb.append(" idTokenEncryptedResponseAlg: ").append(idTokenEncryptedResponseAlg).append("\n"); + sb.append(" idTokenEncryptedResponseEnc: ").append(idTokenEncryptedResponseEnc).append("\n"); + sb.append(" authorizationEncryptedResponseAlg: ").append(authorizationEncryptedResponseAlg).append("\n"); + sb.append(" authorizationSignedResponseAlg: ").append(authorizationSignedResponseAlg).append("\n"); + sb.append(" authorizationEncryptedResponseEnc: ").append(authorizationEncryptedResponseEnc).append("\n"); + sb.append(" requestObjectSigningAlg: ").append(requestObjectSigningAlg).append("\n"); + sb.append(" tlsClientAuthSubjectDn: ").append(tlsClientAuthSubjectDn).append("\n"); sb.append("}\n"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index 6e278f3316..b7e8d001b1 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -78,6 +78,32 @@ public static ApplicationRegistrationRequest getApplicationRegistrationRequest( appRegistrationRequest.setExtPkceMandatory(registrationRequestDTO.getExtPkceMandatory()); appRegistrationRequest.setExtPkceSupportPlain(registrationRequestDTO.getExtPkceSupportPlain()); appRegistrationRequest.setExtPublicClient(registrationRequestDTO.getExtPublicClient()); + appRegistrationRequest.setTokenEndpointAuthMethod(registrationRequestDTO.getTokenEndpointAuthMethod()); + appRegistrationRequest.setTokenEndpointAuthSignatureAlgorithm + (registrationRequestDTO.getTokenEndpointAuthSigningAlg()); + appRegistrationRequest.setSectorIdentifierURI(registrationRequestDTO.getSectorIdentifierUri()); + appRegistrationRequest.setIdTokenSignatureAlgorithm(registrationRequestDTO.getIdTokenSignedResponseAlg()); + appRegistrationRequest.setIdTokenEncryptionAlgorithm(registrationRequestDTO.getIdTokenEncryptedResponseAlg()); + appRegistrationRequest.setIdTokenEncryptionMethod(registrationRequestDTO.getIdTokenEncryptedResponseEnc()); + appRegistrationRequest.setAuthorizationResponseEncryptionAlgorithm + (registrationRequestDTO.getAuthorizationEncryptedResponseAlg()); + appRegistrationRequest.setAuthorizationResponseEncryptionMethod + (registrationRequestDTO.getAuthorizationEncryptedResponseEnc()); + appRegistrationRequest.setAuthorizationResponseSignatureAlgorithm + (registrationRequestDTO.getAuthorizationSignedResponseAlg()); + appRegistrationRequest.setRequestObjectSignatureAlgorithm(registrationRequestDTO.getRequestObjectSigningAlg()); + appRegistrationRequest.setRequestObjectEncryptionAlgorithm + (registrationRequestDTO.getRequestObjectEncryptionAlgorithm()); + appRegistrationRequest.setRequestObjectEncryptionMethod + (registrationRequestDTO.getRequestObjectEncryptionMethod()); + appRegistrationRequest.setTlsClientAuthSubjectDN(registrationRequestDTO.getTlsClientAuthSubjectDn()); + appRegistrationRequest.setRequirePushedAuthorizationRequests + (registrationRequestDTO.isRequireSignedRequestObject()); + appRegistrationRequest.setRequireSignedRequestObject(registrationRequestDTO.isRequireSignedRequestObject()); + appRegistrationRequest.setTlsClientCertificateBoundAccessTokens + (registrationRequestDTO.isTlsClientCertificateBoundAccessToken()); + appRegistrationRequest.setSubjectType(registrationRequestDTO.getSubjectType()); + appRegistrationRequest.setSoftwareStatement(registrationRequestDTO.getSoftwareStatement()); return appRegistrationRequest; } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml b/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml index a8bc490201..cd3264e720 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml @@ -332,6 +332,28 @@ definitions: type: boolean ext_public_client: type: boolean + token_endpoint_auth_method: + type: string + token_endpoint_auth_signing_alg: + type: string + sector_identifier_uri: + type: string + id_token_signed_response_alg: + type: string + id_token_encrypted_response_alg: + type: string + id_token_encrypted_response_enc: + type: string + authorization_encrypted_response_alg: + type: string + authorization_signed_response_alg: + type: string + authorization_encrypted_response_enc: + type: string + request_object_signing_alg: + type: string + tls_client_auth_subject_dn: + type: string #----------------------------------------------------- # The Application Update Request Object #----------------------------------------------------- @@ -380,6 +402,28 @@ definitions: type: boolean ext_public_client: type: boolean + token_endpoint_auth_method: + type: string + token_endpoint_auth_signing_alg: + type: string + sector_identifier_uri: + type: string + id_token_signed_response_alg: + type: string + id_token_encrypted_response_alg: + type: string + id_token_encrypted_response_enc: + type: string + authorization_encrypted_response_alg: + type: string + authorization_signed_response_alg: + type: string + authorization_encrypted_response_enc: + type: string + request_object_signing_alg: + type: string + tls_client_auth_subject_dn: + type: string #----------------------------------------------------- # The OAuth2 Application Object #----------------------------------------------------- diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java index bf2a2ea0b1..76501e777e 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java @@ -47,6 +47,24 @@ public class ApplicationRegistrationRequest implements Serializable { private boolean extPkceMandatory = false; private boolean extPkceSupportPlain = false; private boolean extPublicClient = false; + private String softwareStatement; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String idTokenEncryptionAlgorithm; + private String idTokenEncryptionMethod; + private String authorizationResponseEncryptionAlgorithm; + private String authorizationResponseSignatureAlgorithm; + private String authorizationResponseEncryptionMethod; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private boolean requireSignedRequestObject; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; public List getRedirectUris() { @@ -320,4 +338,150 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; + } + + + public String getAuthorizationResponseEncryptionAlgorithm() { + return authorizationResponseEncryptionAlgorithm; + } + + public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { + this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + } + + public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; + } + + public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionMethod() { + return authorizationResponseEncryptionMethod; + } + + public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { + this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + } + + public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + public String getIdTokenEncryptionAlgorithm() { + return idTokenEncryptionAlgorithm; + } + + public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; + } + + public String getIdTokenEncryptionMethod() { + return idTokenEncryptionMethod; + } + + public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + this.idTokenEncryptionMethod = idTokenEncryptionMethod; + } + + public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + public String getSoftwareStatement() { + return softwareStatement; + } + + public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; + } + + } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 16c0a4f50a..2a3d196022 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -477,6 +477,59 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist if (registrationRequest.getExtIdTokenLifetime() != null) { oAuthConsumerApp.setIdTokenExpiryTime(registrationRequest.getExtIdTokenLifetime()); } + if (registrationRequest.getTokenEndpointAuthMethod() != null) { + oAuthConsumerApp.setTokenEndpointAuthMethod(registrationRequest.getTokenEndpointAuthMethod()); + } + if (registrationRequest.getTokenEndpointAuthSignatureAlgorithm() != null) { + oAuthConsumerApp.setTokenEndpointAuthSignatureAlgorithm + (registrationRequest.getTokenEndpointAuthSignatureAlgorithm()); + } + if (registrationRequest.getSectorIdentifierURI() != null) { + oAuthConsumerApp.setSectorIdentifierURI(registrationRequest.getSectorIdentifierURI()); + } + if (registrationRequest.getIdTokenSignatureAlgorithm() != null) { + oAuthConsumerApp.setIdTokenSignatureAlgorithm(registrationRequest.getIdTokenSignatureAlgorithm()); + } + if (registrationRequest.getIdTokenEncryptionAlgorithm() != null) { + oAuthConsumerApp.setIdTokenEncryptionAlgorithm(registrationRequest.getIdTokenEncryptionAlgorithm()); + } + if (registrationRequest.getIdTokenEncryptionMethod() != null) { + oAuthConsumerApp.setIdTokenEncryptionMethod(registrationRequest.getIdTokenEncryptionMethod()); + } + if (registrationRequest.getAuthorizationResponseSignatureAlgorithm() != null) { + oAuthConsumerApp.setAuthorizationResponseSignatureAlgorithm + (registrationRequest.getAuthorizationResponseSignatureAlgorithm()); + } + if (registrationRequest.getAuthorizationResponseEncryptionAlgorithm() != null) { + oAuthConsumerApp.setAuthorizationResponseEncryptionAlgorithm + (registrationRequest.getAuthorizationResponseEncryptionAlgorithm()); + } + if (registrationRequest.getAuthorizationResponseEncryptionMethod() != null) { + oAuthConsumerApp.setAuthorizationResponseEncryptionMethod + (registrationRequest.getRequestObjectEncryptionMethod()); + } + if (registrationRequest.getRequestObjectSignatureAlgorithm() != null) { + oAuthConsumerApp.setRequestObjectSignatureValidationEnabled + (registrationRequest.isRequireSignedRequestObject()); + } + if (registrationRequest.getTlsClientAuthSubjectDN() != null) { + oAuthConsumerApp.setTlsClientAuthSubjectDN(registrationRequest.getTlsClientAuthSubjectDN()); + } + if (registrationRequest.getSubjectType() != null) { + oAuthConsumerApp.setSubjectType(registrationRequest.getSubjectType()); + } + if (registrationRequest.getRequestObjectEncryptionAlgorithm() != null) { + oAuthConsumerApp.setRequestObjectEncryptionAlgorithm + (registrationRequest.getRequestObjectEncryptionAlgorithm()); + } + if (registrationRequest.getRequestObjectEncryptionMethod() != null) { + oAuthConsumerApp.setRequestObjectEncryptionMethod(registrationRequest.getRequestObjectEncryptionMethod()); + } + oAuthConsumerApp.setRequestObjectSignatureValidationEnabled(registrationRequest.isRequireSignedRequestObject()); + oAuthConsumerApp.setRequirePushedAuthorizationRequests + (registrationRequest.isRequirePushedAuthorizationRequests()); + oAuthConsumerApp.setTlsClientCertificateBoundAccessTokens + (registrationRequest.isTlsClientCertificateBoundAccessTokens()); oAuthConsumerApp.setPkceMandatory(registrationRequest.isExtPkceMandatory()); oAuthConsumerApp.setPkceSupportPlain(registrationRequest.isExtPkceSupportPlain()); oAuthConsumerApp.setBypassClientCredentials(registrationRequest.isExtPublicClient()); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java index 60e6362a4e..a4baf117c4 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java @@ -78,6 +78,20 @@ public class OAuthAppDO extends InboundConfigurationProtocol implements Serializ private String tokenBindingType; private boolean tokenRevocationWithIDPSessionTerminationEnabled; private boolean tokenBindingValidationEnabled; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String authorizationResponseEncryptionAlgorithm; + private String authorizationResponseSignatureAlgorithm; + private String authorizationResponseEncryptionMethod; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; public AuthenticatedUser getAppOwner() { @@ -341,4 +355,115 @@ public void setTokenBindingValidationEnabled(boolean tokenBindingValidationEnabl this.tokenBindingValidationEnabled = tokenBindingValidationEnabled; } + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; + } + + public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionAlgorithm() { + return authorizationResponseEncryptionAlgorithm; + } + + public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { + this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + } + + public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; + } + + public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionMethod() { + return authorizationResponseEncryptionMethod; + } + + public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { + this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + } + + public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + + public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index 4c6e3d2cf9..e980cfbcf0 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -52,6 +52,20 @@ public class OAuthConsumerAppDTO { private String tokenBindingType; private boolean tokenRevocationWithIDPSessionTerminationEnabled; private boolean tokenBindingValidationEnabled; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String authorizationResponseEncryptionAlgorithm; + private String authorizationResponseSignatureAlgorithm; + private String authorizationResponseEncryptionMethod; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; public long getUserAccessTokenExpiryTime() { return userAccessTokenExpiryTime; @@ -252,7 +266,7 @@ public boolean isBypassClientCredentials() { * This method is deprecated. Use the 'isBypassClientCredentials' method instead. */ @Deprecated - public boolean getBypassClientCredentials() { + public boolean getBypassClientCredentials() { return bypassClientCredentials; } @@ -300,5 +314,116 @@ public void setTokenBindingValidationEnabled(boolean tokenBindingValidationEnabl this.tokenBindingValidationEnabled = tokenBindingValidationEnabled; } + + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; + } + public String getAuthorizationResponseEncryptionAlgorithm() { + return authorizationResponseEncryptionAlgorithm; + } + + public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { + this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + } + + public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; + } + + public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionMethod() { + return authorizationResponseEncryptionMethod; + } + + public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { + this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + } + + public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + + public boolean getRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean getTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + } From 6c0144d80943480eb539878288993cb1c07ccb53 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Tue, 26 Sep 2023 15:38:33 +0530 Subject: [PATCH 02/23] Add missing attributes to DTOs --- .../endpoint/dto/RegistrationRequestDTO.java | 8 +- .../dcr/endpoint/dto/UpdateRequestDTO.java | 87 +++++++++++++++++++ 2 files changed, 91 insertions(+), 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java index a68c637502..3b8474fbfb 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java @@ -54,10 +54,10 @@ public class RegistrationRequestDTO { private boolean requirePushAuthorizationRequest; private boolean requireSignedRequestObject; private boolean tlsClientCertificateBoundAccessToken; - private String subjectType; - private String requestObjectEncryptionAlgorithm; - private String requestObjectEncryptionMethod; - private String softwareStatement; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; + private String softwareStatement = null; @ApiModelProperty(required = true) @JsonProperty("redirect_uris") diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java index 8959cf34cc..a2ae14e6b0 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java @@ -40,6 +40,13 @@ public class UpdateRequestDTO { private String authorizationEncryptedResponseEnc = null; private String requestObjectSigningAlg = null; private String tlsClientAuthSubjectDn = null; + private boolean requirePushAuthorizationRequest; + private boolean requireSignedRequestObject; + private boolean tlsClientCertificateBoundAccessToken; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; + private String softwareStatement = null; @ApiModelProperty(value = "") @JsonProperty("redirect_uris") @@ -215,6 +222,7 @@ public void setExtPublicClient(boolean extPublicClient) { public String getTokenEndpointAuthMethod() { return tokenEndpointAuthMethod; } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } @@ -224,6 +232,7 @@ public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { public String getTokenEndpointAuthSigningAlg() { return tokenEndpointAuthSigningAlg; } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; } @@ -233,6 +242,7 @@ public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { public String getSectorIdentifierUri() { return sectorIdentifierUri; } + public void setSectorIdentifierUri(String sectorIdentifierUri) { this.sectorIdentifierUri = sectorIdentifierUri; } @@ -242,6 +252,7 @@ public void setSectorIdentifierUri(String sectorIdentifierUri) { public String getIdTokenSignedResponseAlg() { return idTokenSignedResponseAlg; } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; } @@ -251,6 +262,7 @@ public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { public String getIdTokenEncryptedResponseAlg() { return idTokenEncryptedResponseAlg; } + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; } @@ -260,6 +272,7 @@ public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { public String getIdTokenEncryptedResponseEnc() { return idTokenEncryptedResponseEnc; } + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } @@ -269,6 +282,7 @@ public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { public String getAuthorizationEncryptedResponseAlg() { return authorizationEncryptedResponseAlg; } + public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; } @@ -278,6 +292,7 @@ public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedRe public String getAuthorizationSignedResponseAlg() { return authorizationSignedResponseAlg; } + public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; } @@ -287,6 +302,7 @@ public void setAuthorizationSignedResponseAlg(String authorizationSignedResponse public String getAuthorizationEncryptedResponseEnc() { return authorizationEncryptedResponseEnc; } + public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; } @@ -296,6 +312,7 @@ public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedRe public String getRequestObjectSigningAlg() { return requestObjectSigningAlg; } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { this.requestObjectSigningAlg = requestObjectSigningAlg; } @@ -305,10 +322,80 @@ public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { public String getTlsClientAuthSubjectDn() { return tlsClientAuthSubjectDn; } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; } + @ApiModelProperty(value = "") + @JsonProperty("require_pushed_authorization_requests") + public boolean isRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + + public void setRequirePushAuthorizationRequest(boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_signed_request_object") + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_certificate_bound_access_tokens") + public boolean isTlsClientCertificateBoundAccessToken() { + return tlsClientCertificateBoundAccessToken; + } + + public void setTlsClientCertificateBoundAccessToken(boolean tlsClientCertificateBoundAccessToken) { + this.tlsClientCertificateBoundAccessToken = tlsClientCertificateBoundAccessToken; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject_type") + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_alg") + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_enc") + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + @ApiModelProperty(value = "") + @JsonProperty("software_statement") + public String getSoftwareStatement() { + return softwareStatement; + } + public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; + } + @Override public String toString() { From e0f1080177fe32279665042f9fd43c6058f4eb3b Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 27 Sep 2023 12:33:15 +0530 Subject: [PATCH 03/23] store additional OIDC properties related to the application --- .../identity/oauth/common/OAuthConstants.java | 14 ++ .../identity/oauth/OAuthAdminServiceImpl.java | 19 +++ .../wso2/carbon/identity/oauth/OAuthUtil.java | 15 ++ .../identity/oauth/dao/OAuthAppDAO.java | 129 ++++++++++++++++-- 4 files changed, 164 insertions(+), 13 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java index f2aa3b9d34..e65323e75e 100644 --- a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java +++ b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java @@ -517,6 +517,20 @@ public static class OIDCConfigProperties { "tokenRevocationWithIDPSessionTermination"; public static final String TOKEN_BINDING_VALIDATION = "tokenBindingValidation"; public static final String TOKEN_BINDING_TYPE_NONE = "None"; + public static final String TOKEN_AUTH_METHOD = "tokenEndpointAuthMethod"; + public static final String TOKEN_AUTH_SIGNATURE_ALGORITHM = "tokenEndpointAuthSigningAlg"; + public static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri"; + public static final String ID_TOKEN_SIGNATURE_ALGORITHM = "idTokenSignedResponseAlg"; + public static final String AUTH_RESPONSE_ENCRYPTION_ALGORITHM = "authorizationEncryptedResponseAlg"; + public static final String AUTH_RESPONSE_SIGNATURE_ALGORITHM = "authorizationSignedResponseAlg"; + public static final String AUTH_RESPONSE_ENCRYPTION_METHOD = "authorizationEncryptedResponseEnc"; + public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHM = "requestObjectSigningAlg"; + public static final String TLS_SUBJECT_DN = "tlsClientAuthSubjectDn"; + public static final String IS_PUSH_AUTH = "requirePushAuthorizationRequest"; + public static final String IS_CERTIFICATE_BOUND_ACCESS_TOKEN = "tlsClientCertificateBoundAccessToken"; + public static final String SUBJECT_TYPE = "subjectType"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHM = "requestObjectEncryptionAlgorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_METHOD = "requestObjectEncryptionMethod"; private OIDCConfigProperties() { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 39ade0cb43..052a221e8a 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -345,6 +345,25 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer app.setTokenBindingValidationEnabled(application.isTokenBindingValidationEnabled()); app.setTokenRevocationWithIDPSessionTerminationEnabled( application.isTokenRevocationWithIDPSessionTerminationEnabled()); + app.setTokenEndpointAuthMethod(application.getTokenEndpointAuthMethod()); + app.setTokenEndpointAuthSignatureAlgorithm( + application.getTokenEndpointAuthSignatureAlgorithm()); + app.setSectorIdentifierURI(application.getSectorIdentifierURI()); + app.setIdTokenSignatureAlgorithm(application.getIdTokenSignatureAlgorithm()); + app.setAuthorizationResponseSignatureAlgorithm( + application.getAuthorizationResponseSignatureAlgorithm()); + app.setAuthorizationResponseEncryptionAlgorithm( + application.getAuthorizationResponseEncryptionAlgorithm()); + app.setAuthorizationResponseEncryptionMethod( + application.getAuthorizationResponseEncryptionMethod()); + app.setRequestObjectSignatureAlgorithm(application.getRequestObjectSignatureAlgorithm()); + app.setTlsClientAuthSubjectDN(application.getTlsClientAuthSubjectDN()); + app.setSubjectType(application.getSubjectType()); + app.setRequestObjectEncryptionAlgorithm(application.getRequestObjectEncryptionAlgorithm()); + app.setRequestObjectEncryptionMethod(application.getRequestObjectEncryptionMethod()); + app.setRequirePushedAuthorizationRequests(application.getRequirePushedAuthorizationRequests()); + app.setTlsClientCertificateBoundAccessTokens( + application.getTlsClientCertificateBoundAccessTokens()); } dao.addOAuthApplication(app); AppInfoCache.getInstance().addToCache(app.getOauthConsumerKey(), app); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 0348d0aca5..691522db2c 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -73,6 +73,7 @@ import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CURRENT_SESSION_IDENTIFIER; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CURRENT_TOKEN_IDENTIFIER; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.PRESERVE_LOGGED_IN_SESSION_AT_PASSWORD_UPDATE; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.*; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.TokenBindings.NONE; /** @@ -496,6 +497,20 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setTokenRevocationWithIDPSessionTerminationEnabled(appDO .isTokenRevocationWithIDPSessionTerminationEnabled()); dto.setTokenBindingValidationEnabled(appDO.isTokenBindingValidationEnabled()); + dto.setTokenEndpointAuthMethod(appDO.getTokenEndpointAuthMethod()); + dto.setTokenEndpointAuthSignatureAlgorithm(appDO.getTokenEndpointAuthSignatureAlgorithm()); + dto.setSectorIdentifierURI(appDO.getSectorIdentifierURI()); + dto.setIdTokenSignatureAlgorithm(appDO.getIdTokenSignatureAlgorithm()); + dto.setAuthorizationResponseSignatureAlgorithm(appDO.getAuthorizationResponseSignatureAlgorithm()); + dto.setAuthorizationResponseEncryptionAlgorithm(appDO.getAuthorizationResponseEncryptionAlgorithm()); + dto.setAuthorizationResponseEncryptionMethod(appDO.getAuthorizationResponseEncryptionMethod()); + dto.setRequestObjectSignatureAlgorithm(appDO.getRequestObjectSignatureAlgorithm()); + dto.setTlsClientAuthSubjectDN(appDO.getTlsClientAuthSubjectDN()); + dto.setSubjectType(appDO.getSubjectType()); + dto.setRequestObjectEncryptionAlgorithm(appDO.getAuthorizationResponseEncryptionAlgorithm()); + dto.setRequestObjectEncryptionMethod(appDO.getRequestObjectEncryptionMethod()); + dto.setRequirePushedAuthorizationRequests(appDO.isRequirePushedAuthorizationRequests()); + dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens()); return dto; } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index ce0790c68e..4155a79411 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -66,19 +66,7 @@ import java.util.Set; import static org.wso2.carbon.identity.oauth.OAuthUtil.handleError; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BACK_CHANNEL_LOGOUT_URL; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BYPASS_CLIENT_CREDENTIALS; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.FRONT_CHANNEL_LOGOUT_URL; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTED; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_ALGORITHM; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_METHOD; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.RENEW_REFRESH_TOKEN; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_SIGNED; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_TYPE; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_TYPE_NONE; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_VALIDATION; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_REVOCATION_WITH_IDP_SESSION_TERMINATION; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_TYPE; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.*; import static org.wso2.carbon.identity.oauth2.util.OAuth2Util.OPENID_CONNECT_AUDIENCE; /** @@ -1246,6 +1234,61 @@ private void addServiceProviderOIDCProperties(Connection connection, TOKEN_BINDING_VALIDATION, String.valueOf(consumerAppDO.isTokenBindingValidationEnabled())); + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + TOKEN_AUTH_METHOD, + String.valueOf(consumerAppDO.getTokenEndpointAuthMethod())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + TOKEN_AUTH_SIGNATURE_ALGORITHM, + String.valueOf(consumerAppDO.getTokenEndpointAuthSignatureAlgorithm())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, SECTOR_IDENTIFIER_URI, + String.valueOf(consumerAppDO.getSectorIdentifierURI())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + ID_TOKEN_SIGNATURE_ALGORITHM, + String.valueOf(consumerAppDO.getIdTokenSignatureAlgorithm())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + AUTH_RESPONSE_ENCRYPTION_ALGORITHM, + String.valueOf(consumerAppDO.getAuthorizationResponseEncryptionAlgorithm())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + AUTH_RESPONSE_ENCRYPTION_METHOD, + String.valueOf(consumerAppDO.getAuthorizationResponseEncryptionMethod())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + AUTH_RESPONSE_SIGNATURE_ALGORITHM, + String.valueOf(consumerAppDO.getAuthorizationResponseSignatureAlgorithm())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + REQUEST_OBJECT_SIGNATURE_ALGORITHM, + String.valueOf(consumerAppDO.getRequestObjectSignatureAlgorithm())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + REQUEST_OBJECT_ENCRYPTION_ALGORITHM, + String.valueOf(consumerAppDO.getRequestObjectEncryptionAlgorithm())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + REQUEST_OBJECT_ENCRYPTION_METHOD, + String.valueOf(consumerAppDO.getAuthorizationResponseEncryptionMethod())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + TLS_SUBJECT_DN, + String.valueOf(consumerAppDO.getTlsClientAuthSubjectDN())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + IS_PUSH_AUTH, + String.valueOf(consumerAppDO.isRequirePushedAuthorizationRequests())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + IS_CERTIFICATE_BOUND_ACCESS_TOKEN, + String.valueOf(consumerAppDO.isTlsClientCertificateBoundAccessTokens())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + SUBJECT_TYPE, + String.valueOf(consumerAppDO.getSubjectType())); + prepStmtAddOIDCProperty.executeBatch(); } } @@ -1349,6 +1392,66 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu String renewRefreshToken = getFirstPropertyValue(spOIDCProperties, RENEW_REFRESH_TOKEN); oauthApp.setRenewRefreshTokenEnabled(renewRefreshToken); + String tokenAuthMethod = getFirstPropertyValue(spOIDCProperties, TOKEN_AUTH_METHOD); + if ( tokenAuthMethod != null) { + oauthApp.setTokenEndpointAuthMethod(tokenAuthMethod); + } + String tokenSignatureAlgorithm = getFirstPropertyValue(spOIDCProperties, TOKEN_AUTH_SIGNATURE_ALGORITHM); + if ( tokenSignatureAlgorithm != null) { + oauthApp.setTokenEndpointAuthSignatureAlgorithm(tokenSignatureAlgorithm); + } + String sectorIdentifierURI = getFirstPropertyValue(spOIDCProperties, SECTOR_IDENTIFIER_URI); + if (sectorIdentifierURI != null) { + oauthApp.setSectorIdentifierURI(sectorIdentifierURI); + } + String idTokenSignatureAlgorithm = getFirstPropertyValue(spOIDCProperties, ID_TOKEN_SIGNATURE_ALGORITHM); + if (idTokenSignatureAlgorithm != null) { + oauthApp.setIdTokenSignatureAlgorithm(idTokenSignatureAlgorithm); + } + String authResponseSignatureAlgorithm = getFirstPropertyValue( + spOIDCProperties, AUTH_RESPONSE_SIGNATURE_ALGORITHM); + if (authResponseSignatureAlgorithm != null) { + oauthApp.setAuthorizationResponseSignatureAlgorithm(authResponseSignatureAlgorithm); + } + String authResponseEncryptionAlgorithm = getFirstPropertyValue( + spOIDCProperties, AUTH_RESPONSE_ENCRYPTION_ALGORITHM); + if (authResponseEncryptionAlgorithm != null) { + oauthApp.setAuthorizationResponseEncryptionAlgorithm(authResponseEncryptionAlgorithm); + } + String authResponseEncryptionMethod = getFirstPropertyValue( + spOIDCProperties, AUTH_RESPONSE_ENCRYPTION_METHOD); + if (authResponseEncryptionMethod != null) { + oauthApp.setAuthorizationResponseEncryptionMethod(authResponseEncryptionMethod); + } + String requestObjectSignatureAlgorithm = getFirstPropertyValue( + spOIDCProperties, REQUEST_OBJECT_SIGNATURE_ALGORITHM); + if (requestObjectSignatureAlgorithm != null) { + oauthApp.setRequestObjectSignatureAlgorithm(requestObjectSignatureAlgorithm); + } + String tlsClientAuthSubjectDn = getFirstPropertyValue( + spOIDCProperties, TLS_SUBJECT_DN); + if (tlsClientAuthSubjectDn != null) { + oauthApp.setTlsClientAuthSubjectDN(tlsClientAuthSubjectDn); + } + String subjectType = getFirstPropertyValue(spOIDCProperties, SUBJECT_TYPE); + if (subjectType != null) { + oauthApp.setSubjectType(subjectType); + } + String requestObjectEncryptionAlgorithm = getFirstPropertyValue( + spOIDCProperties, REQUEST_OBJECT_ENCRYPTION_ALGORITHM); + if (requestObjectEncryptionAlgorithm != null) { + oauthApp.setRequestObjectEncryptionAlgorithm(requestObjectEncryptionAlgorithm); + } + String requestObjectEncryptionMethod = getFirstPropertyValue(spOIDCProperties, REQUEST_OBJECT_ENCRYPTION_METHOD); + if (requestObjectEncryptionMethod != null) { + oauthApp.setRequestObjectEncryptionMethod(requestObjectEncryptionMethod); + } + boolean isRequirePAR = Boolean.parseBoolean(getFirstPropertyValue(spOIDCProperties, IS_PUSH_AUTH)); + oauthApp.setRequirePushedAuthorizationRequests(isRequirePAR); + boolean isCertificateBoundAccessToken = Boolean.parseBoolean(getFirstPropertyValue( + spOIDCProperties, IS_CERTIFICATE_BOUND_ACCESS_TOKEN)); + oauthApp.setTlsClientCertificateBoundAccessTokens(isCertificateBoundAccessToken); + } private String getFirstPropertyValue(Map> propertyMap, String key) { From 9069fd00ad1a550bde2cf7eb6220682226d67e43 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 27 Sep 2023 14:44:28 +0530 Subject: [PATCH 04/23] fix checkstyle --- .../identity/oauth/OAuthAdminServiceImpl.java | 19 +++ .../wso2/carbon/identity/oauth/OAuthUtil.java | 1 - .../identity/oauth/dao/OAuthAppDAO.java | 140 +++++++++++++++--- 3 files changed, 137 insertions(+), 23 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 052a221e8a..283695bee0 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -642,6 +642,25 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws oauthappdo.setTokenRevocationWithIDPSessionTerminationEnabled(consumerAppDTO .isTokenRevocationWithIDPSessionTerminationEnabled()); oauthappdo.setTokenBindingValidationEnabled(consumerAppDTO.isTokenBindingValidationEnabled()); + oauthappdo.setTokenEndpointAuthMethod(consumerAppDTO.getTokenEndpointAuthMethod()); + oauthappdo.setTokenEndpointAuthSignatureAlgorithm( + consumerAppDTO.getTokenEndpointAuthSignatureAlgorithm()); + oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI()); + oauthappdo.setIdTokenSignatureAlgorithm(consumerAppDTO.getIdTokenSignatureAlgorithm()); + oauthappdo.setAuthorizationResponseSignatureAlgorithm( + consumerAppDTO.getAuthorizationResponseSignatureAlgorithm()); + oauthappdo.setAuthorizationResponseEncryptionAlgorithm( + consumerAppDTO.getAuthorizationResponseEncryptionAlgorithm()); + oauthappdo.setAuthorizationResponseEncryptionMethod( + consumerAppDTO.getAuthorizationResponseEncryptionMethod()); + oauthappdo.setRequestObjectSignatureAlgorithm(consumerAppDTO.getRequestObjectSignatureAlgorithm()); + oauthappdo.setTlsClientAuthSubjectDN(consumerAppDTO.getTlsClientAuthSubjectDN()); + oauthappdo.setSubjectType(consumerAppDTO.getSubjectType()); + oauthappdo.setRequestObjectEncryptionAlgorithm(consumerAppDTO.getRequestObjectEncryptionAlgorithm()); + oauthappdo.setRequestObjectEncryptionMethod(consumerAppDTO.getRequestObjectEncryptionMethod()); + oauthappdo.setRequirePushedAuthorizationRequests(consumerAppDTO.getRequirePushedAuthorizationRequests()); + oauthappdo.setTlsClientCertificateBoundAccessTokens( + consumerAppDTO.getTlsClientCertificateBoundAccessTokens()); } dao.updateConsumerApplication(oauthappdo); AppInfoCache.getInstance().addToCache(oauthappdo.getOauthConsumerKey(), oauthappdo); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 691522db2c..437d5e8e37 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -73,7 +73,6 @@ import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CURRENT_SESSION_IDENTIFIER; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CURRENT_TOKEN_IDENTIFIER; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.PRESERVE_LOGGED_IN_SESSION_AT_PASSWORD_UPDATE; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.*; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.TokenBindings.NONE; /** diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index 4155a79411..7dae1469d4 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -66,7 +66,33 @@ import java.util.Set; import static org.wso2.carbon.identity.oauth.OAuthUtil.handleError; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.*; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_ENCRYPTION_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_ENCRYPTION_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_SIGNATURE_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BACK_CHANNEL_LOGOUT_URL; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BYPASS_CLIENT_CREDENTIALS; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.FRONT_CHANNEL_LOGOUT_URL; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTED; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_SIGNATURE_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_CERTIFICATE_BOUND_ACCESS_TOKEN; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_PUSH_AUTH; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.RENEW_REFRESH_TOKEN; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_ENCRYPTION_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_ENCRYPTION_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_SIGNATURE_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_SIGNED; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.SECTOR_IDENTIFIER_URI; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.SUBJECT_TYPE; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TLS_SUBJECT_DN; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_AUTH_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_AUTH_SIGNATURE_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_TYPE; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_TYPE_NONE; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_VALIDATION; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_REVOCATION_WITH_IDP_SESSION_TERMINATION; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_TYPE; import static org.wso2.carbon.identity.oauth2.util.OAuth2Util.OPENID_CONNECT_AUDIENCE; /** @@ -111,7 +137,7 @@ public void addOAuthApplication(OAuthAppDO consumerAppDO) throws IdentityOAuthAd String dbProductName = connection.getMetaData().getDatabaseProductName(); try (PreparedStatement prepStmt = connection - .prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.ADD_OAUTH_APP_WITH_PKCE, new String[] { + .prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.ADD_OAUTH_APP_WITH_PKCE, new String[]{ DBUtils.getConvertedAutoGeneratedColumnName(dbProductName, "ID") })) { prepStmt.setString(1, processedClientId); @@ -487,7 +513,7 @@ private boolean validateUserForOwnerUpdate(OAuthAppDO oAuthAppDO) throws Identit } domainName = oAuthAppDO.getAppOwner().getUserStoreDomain(); } - return isUserExists(userName, domainName); + return isUserExists(userName, domainName); } private boolean isUserExists(String userName, String domainName) throws IdentityOAuthAdminException { @@ -657,6 +683,75 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, TOKEN_BINDING_VALIDATION, String.valueOf(oauthAppDO.isTokenBindingValidationEnabled()), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + TOKEN_AUTH_METHOD, String.valueOf(oauthAppDO.getTokenEndpointAuthMethod()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + TOKEN_AUTH_SIGNATURE_ALGORITHM, + String.valueOf(oauthAppDO.getTokenEndpointAuthSignatureAlgorithm()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + SECTOR_IDENTIFIER_URI, + String.valueOf(oauthAppDO.getSectorIdentifierURI()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + ID_TOKEN_SIGNATURE_ALGORITHM, + String.valueOf(oauthAppDO.getIdTokenSignatureAlgorithm()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + AUTH_RESPONSE_ENCRYPTION_ALGORITHM, + String.valueOf(oauthAppDO.getAuthorizationResponseEncryptionAlgorithm()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + AUTH_RESPONSE_ENCRYPTION_METHOD, + String.valueOf(oauthAppDO.getAuthorizationResponseEncryptionMethod()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + AUTH_RESPONSE_SIGNATURE_ALGORITHM, + String.valueOf(oauthAppDO.getAuthorizationResponseSignatureAlgorithm()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + REQUEST_OBJECT_SIGNATURE_ALGORITHM, + String.valueOf(oauthAppDO.getRequestObjectSignatureAlgorithm()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + REQUEST_OBJECT_ENCRYPTION_ALGORITHM, + String.valueOf(oauthAppDO.getRequestObjectEncryptionAlgorithm()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + REQUEST_OBJECT_ENCRYPTION_METHOD, + String.valueOf(oauthAppDO.getAuthorizationResponseEncryptionMethod()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + TLS_SUBJECT_DN, + String.valueOf(oauthAppDO.getTlsClientAuthSubjectDN()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + IS_PUSH_AUTH, + String.valueOf(oauthAppDO.isRequirePushedAuthorizationRequests()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + IS_CERTIFICATE_BOUND_ACCESS_TOKEN, + String.valueOf(oauthAppDO.isTlsClientCertificateBoundAccessTokens()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + SUBJECT_TYPE, + String.valueOf(oauthAppDO.getSubjectType()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + // Execute batched add/update/delete. prepStatementForPropertyAdd.executeBatch(); preparedStatementForPropertyUpdate.executeBatch(); @@ -754,7 +849,7 @@ public void removeConsumerApplicationsByTenantId(int tenantId) throws IdentityOA // Delete Consumer Applications try (PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries - .REMOVE_APPLICATIONS_BY_TENANT_ID)) { + .REMOVE_APPLICATIONS_BY_TENANT_ID)) { prepStmt.setInt(1, tenantId); prepStmt.execute(); } @@ -810,18 +905,18 @@ public void updateOAuthConsumerApp(ServiceProvider serviceProvider, String consu if (validateUserForOwnerUpdate(serviceProvider)) { try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) { - try (PreparedStatement statement = connection.prepareStatement( - SQLQueries.OAuthAppDAOSQLQueries.UPDATE_OAUTH_CLIENT_WITH_OWNER)) { - statement.setString(1, serviceProvider.getApplicationName()); - statement.setString(2, serviceProvider.getOwner().getUserName()); - statement.setString(3, serviceProvider.getOwner().getUserStoreDomain()); - statement.setString(4, consumerKey); - statement.execute(); - IdentityDatabaseUtil.commitTransaction(connection); - } catch (SQLException e1) { - IdentityDatabaseUtil.rollbackTransaction(connection); - throw new IdentityApplicationManagementException("Error while executing the SQL statement.", e1); - } + try (PreparedStatement statement = connection.prepareStatement( + SQLQueries.OAuthAppDAOSQLQueries.UPDATE_OAUTH_CLIENT_WITH_OWNER)) { + statement.setString(1, serviceProvider.getApplicationName()); + statement.setString(2, serviceProvider.getOwner().getUserName()); + statement.setString(3, serviceProvider.getOwner().getUserStoreDomain()); + statement.setString(4, consumerKey); + statement.execute(); + IdentityDatabaseUtil.commitTransaction(connection); + } catch (SQLException e1) { + IdentityDatabaseUtil.rollbackTransaction(connection); + throw new IdentityApplicationManagementException("Error while executing the SQL statement.", e1); + } } catch (SQLException e) { throw new IdentityApplicationManagementException("Error while executing the SQL statement.", e); } @@ -1007,7 +1102,7 @@ private void removeOauthOIDCPropertyTable(Connection connection, String tenantDo * Delete all OAuth OIDC Properties of a given tenant. * * @param connection DB connection - * @param tenantId Id of the tenant + * @param tenantId Id of the tenant * @throws SQLException */ private void removeOAuthOIDCPropertiesByTenantId(Connection connection, int tenantId) throws SQLException { @@ -1022,7 +1117,7 @@ private void removeOAuthOIDCPropertiesByTenantId(Connection connection, int tena /** * Remove all SP associations of all OAuth apps of a given tenant. * - * @param tenantId Id of the tenant + * @param tenantId Id of the tenant * @param connection DB connection * @throws SQLException */ @@ -1040,7 +1135,7 @@ private void removeSPAssociations(int tenantId, Connection connection) throws SQ /** * Get a list of all Consumer Keys of a given tenant. * - * @param tenantId Id of the tenant + * @param tenantId Id of the tenant * @param connection DB connection * @return * @throws SQLException @@ -1393,11 +1488,11 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu oauthApp.setRenewRefreshTokenEnabled(renewRefreshToken); String tokenAuthMethod = getFirstPropertyValue(spOIDCProperties, TOKEN_AUTH_METHOD); - if ( tokenAuthMethod != null) { + if (tokenAuthMethod != null) { oauthApp.setTokenEndpointAuthMethod(tokenAuthMethod); } String tokenSignatureAlgorithm = getFirstPropertyValue(spOIDCProperties, TOKEN_AUTH_SIGNATURE_ALGORITHM); - if ( tokenSignatureAlgorithm != null) { + if (tokenSignatureAlgorithm != null) { oauthApp.setTokenEndpointAuthSignatureAlgorithm(tokenSignatureAlgorithm); } String sectorIdentifierURI = getFirstPropertyValue(spOIDCProperties, SECTOR_IDENTIFIER_URI); @@ -1442,7 +1537,8 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu if (requestObjectEncryptionAlgorithm != null) { oauthApp.setRequestObjectEncryptionAlgorithm(requestObjectEncryptionAlgorithm); } - String requestObjectEncryptionMethod = getFirstPropertyValue(spOIDCProperties, REQUEST_OBJECT_ENCRYPTION_METHOD); + String requestObjectEncryptionMethod = getFirstPropertyValue( + spOIDCProperties, REQUEST_OBJECT_ENCRYPTION_METHOD); if (requestObjectEncryptionMethod != null) { oauthApp.setRequestObjectEncryptionMethod(requestObjectEncryptionMethod); } From 09b42394545a8f7aad2e358fe50edf8e28e75047 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 27 Sep 2023 23:12:08 +0530 Subject: [PATCH 05/23] address pr comments --- .../identity/oauth/dao/OAuthAppDAO.java | 41 +++++++------------ 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index 7dae1469d4..94600fa2c6 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -684,72 +684,59 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - TOKEN_AUTH_METHOD, String.valueOf(oauthAppDO.getTokenEndpointAuthMethod()), + TOKEN_AUTH_METHOD, oauthAppDO.getTokenEndpointAuthMethod(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - TOKEN_AUTH_SIGNATURE_ALGORITHM, - String.valueOf(oauthAppDO.getTokenEndpointAuthSignatureAlgorithm()), + TOKEN_AUTH_SIGNATURE_ALGORITHM, oauthAppDO.getTokenEndpointAuthSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - SECTOR_IDENTIFIER_URI, - String.valueOf(oauthAppDO.getSectorIdentifierURI()), + SECTOR_IDENTIFIER_URI, oauthAppDO.getSectorIdentifierURI(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - ID_TOKEN_SIGNATURE_ALGORITHM, - String.valueOf(oauthAppDO.getIdTokenSignatureAlgorithm()), + ID_TOKEN_SIGNATURE_ALGORITHM, oauthAppDO.getIdTokenSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - AUTH_RESPONSE_ENCRYPTION_ALGORITHM, - String.valueOf(oauthAppDO.getAuthorizationResponseEncryptionAlgorithm()), + AUTH_RESPONSE_ENCRYPTION_ALGORITHM, oauthAppDO.getAuthorizationResponseEncryptionAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - AUTH_RESPONSE_ENCRYPTION_METHOD, - String.valueOf(oauthAppDO.getAuthorizationResponseEncryptionMethod()), + AUTH_RESPONSE_ENCRYPTION_METHOD, oauthAppDO.getAuthorizationResponseEncryptionMethod(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - AUTH_RESPONSE_SIGNATURE_ALGORITHM, - String.valueOf(oauthAppDO.getAuthorizationResponseSignatureAlgorithm()), + AUTH_RESPONSE_SIGNATURE_ALGORITHM, oauthAppDO.getAuthorizationResponseSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - REQUEST_OBJECT_SIGNATURE_ALGORITHM, - String.valueOf(oauthAppDO.getRequestObjectSignatureAlgorithm()), + REQUEST_OBJECT_SIGNATURE_ALGORITHM, oauthAppDO.getRequestObjectSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - REQUEST_OBJECT_ENCRYPTION_ALGORITHM, - String.valueOf(oauthAppDO.getRequestObjectEncryptionAlgorithm()), + REQUEST_OBJECT_ENCRYPTION_ALGORITHM, oauthAppDO.getRequestObjectEncryptionAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - REQUEST_OBJECT_ENCRYPTION_METHOD, - String.valueOf(oauthAppDO.getAuthorizationResponseEncryptionMethod()), + REQUEST_OBJECT_ENCRYPTION_METHOD, oauthAppDO.getAuthorizationResponseEncryptionMethod(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - TLS_SUBJECT_DN, - String.valueOf(oauthAppDO.getTlsClientAuthSubjectDN()), + TLS_SUBJECT_DN, oauthAppDO.getTlsClientAuthSubjectDN(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - IS_PUSH_AUTH, - String.valueOf(oauthAppDO.isRequirePushedAuthorizationRequests()), + IS_PUSH_AUTH, String.valueOf(oauthAppDO.isRequirePushedAuthorizationRequests()), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - IS_CERTIFICATE_BOUND_ACCESS_TOKEN, - String.valueOf(oauthAppDO.isTlsClientCertificateBoundAccessTokens()), + IS_CERTIFICATE_BOUND_ACCESS_TOKEN, String.valueOf(oauthAppDO.isTlsClientCertificateBoundAccessTokens()), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - SUBJECT_TYPE, - String.valueOf(oauthAppDO.getSubjectType()), + SUBJECT_TYPE, oauthAppDO.getSubjectType(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); // Execute batched add/update/delete. From 1f7f12798ffd60e7b87b1e835ead59c01f68ce33 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 28 Sep 2023 16:37:41 +0530 Subject: [PATCH 06/23] add changes to storing data --- .../identity/oauth/dao/OAuthAppDAO.java | 35 +++++++------------ 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index 94600fa2c6..e5e6c2a480 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -1317,47 +1317,37 @@ private void addServiceProviderOIDCProperties(Connection connection, String.valueOf(consumerAppDO.isTokenBindingValidationEnabled())); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - TOKEN_AUTH_METHOD, - String.valueOf(consumerAppDO.getTokenEndpointAuthMethod())); + TOKEN_AUTH_METHOD, consumerAppDO.getTokenEndpointAuthMethod()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - TOKEN_AUTH_SIGNATURE_ALGORITHM, - String.valueOf(consumerAppDO.getTokenEndpointAuthSignatureAlgorithm())); + TOKEN_AUTH_SIGNATURE_ALGORITHM, consumerAppDO.getTokenEndpointAuthSignatureAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, SECTOR_IDENTIFIER_URI, - String.valueOf(consumerAppDO.getSectorIdentifierURI())); + consumerAppDO.getSectorIdentifierURI()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - ID_TOKEN_SIGNATURE_ALGORITHM, - String.valueOf(consumerAppDO.getIdTokenSignatureAlgorithm())); + ID_TOKEN_SIGNATURE_ALGORITHM, consumerAppDO.getIdTokenSignatureAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - AUTH_RESPONSE_ENCRYPTION_ALGORITHM, - String.valueOf(consumerAppDO.getAuthorizationResponseEncryptionAlgorithm())); + AUTH_RESPONSE_ENCRYPTION_ALGORITHM, consumerAppDO.getAuthorizationResponseEncryptionAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - AUTH_RESPONSE_ENCRYPTION_METHOD, - String.valueOf(consumerAppDO.getAuthorizationResponseEncryptionMethod())); + AUTH_RESPONSE_ENCRYPTION_METHOD, consumerAppDO.getAuthorizationResponseEncryptionMethod()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - AUTH_RESPONSE_SIGNATURE_ALGORITHM, - String.valueOf(consumerAppDO.getAuthorizationResponseSignatureAlgorithm())); + AUTH_RESPONSE_SIGNATURE_ALGORITHM, consumerAppDO.getAuthorizationResponseSignatureAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - REQUEST_OBJECT_SIGNATURE_ALGORITHM, - String.valueOf(consumerAppDO.getRequestObjectSignatureAlgorithm())); + REQUEST_OBJECT_SIGNATURE_ALGORITHM, consumerAppDO.getRequestObjectSignatureAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - REQUEST_OBJECT_ENCRYPTION_ALGORITHM, - String.valueOf(consumerAppDO.getRequestObjectEncryptionAlgorithm())); + REQUEST_OBJECT_ENCRYPTION_ALGORITHM, consumerAppDO.getRequestObjectEncryptionAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - REQUEST_OBJECT_ENCRYPTION_METHOD, - String.valueOf(consumerAppDO.getAuthorizationResponseEncryptionMethod())); + REQUEST_OBJECT_ENCRYPTION_METHOD, consumerAppDO.getAuthorizationResponseEncryptionMethod()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - TLS_SUBJECT_DN, - String.valueOf(consumerAppDO.getTlsClientAuthSubjectDN())); + TLS_SUBJECT_DN, consumerAppDO.getTlsClientAuthSubjectDN()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, IS_PUSH_AUTH, @@ -1368,8 +1358,7 @@ private void addServiceProviderOIDCProperties(Connection connection, String.valueOf(consumerAppDO.isTlsClientCertificateBoundAccessTokens())); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - SUBJECT_TYPE, - String.valueOf(consumerAppDO.getSubjectType())); + SUBJECT_TYPE, consumerAppDO.getSubjectType()); prepStmtAddOIDCProperty.executeBatch(); } From e7cf87dd7fbebd90fe428771cb69d17c372784ac Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 28 Sep 2023 22:34:02 +0530 Subject: [PATCH 07/23] add attributes for update and retrieve requests --- .../oauth2/dcr/endpoint/util/DCRMUtils.java | 20 ++- .../identity/oauth/dcr/bean/Application.java | 153 +++++++++++++++- .../dcr/bean/ApplicationUpdateRequest.java | 164 ++++++++++++++++++ .../oauth/dcr/service/DCRMService.java | 72 +++++++- 4 files changed, 405 insertions(+), 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index b7e8d001b1..d2f477b3fb 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -200,7 +200,25 @@ public static ApplicationDTO getApplicationDTOFromApplication(Application applic specification we have to set the expiration time to 0. https://openid.net/specs/openid-connect-registration-1_0.html */ applicationDTO.setClientSecretExpiresAt(0L); - + application.setTokenEndpointAuthMethod(application.getTokenEndpointAuthMethod()); + application.setTokenEndpointAuthSignatureAlgorithm(application.getTokenEndpointAuthSignatureAlgorithm()); + application.setSectorIdentifierURI(application.getSectorIdentifierURI()); + application.setIdTokenSignatureAlgorithm(application.getIdTokenSignatureAlgorithm()); + application.setIdTokenEncryptionAlgorithm(application.getIdTokenEncryptionAlgorithm()); + application.setIdTokenEncryptionMethod(application.getIdTokenEncryptionMethod()); + application.setAuthorizationResponseSignatureAlgorithm( + application.getAuthorizationResponseSignatureAlgorithm()); + application.setAuthorizationResponseEncryptionAlgorithm( + application.getAuthorizationResponseEncryptionAlgorithm()); + application.setAuthorizationResponseEncryptionMethod(application.getRequestObjectEncryptionMethod()); + application.setRequestObjectSignatureValidationEnabled(application.isRequestObjectSignatureValidationEnabled()); + application.setRequestObjectSignatureAlgorithm(application.getRequestObjectSignatureAlgorithm()); + application.setTlsClientAuthSubjectDN(application.getTlsClientAuthSubjectDN()); + application.setSubjectType(application.getSubjectType()); + application.setRequestObjectEncryptionAlgorithm(application.getRequestObjectEncryptionAlgorithm()); + application.setRequestObjectEncryptionMethod(application.getRequestObjectEncryptionMethod()); + application.setRequirePushedAuthorizationRequests(application.isRequirePushedAuthorizationRequests()); + application.setTlsClientCertificateBoundAccessTokens(application.isTlsClientCertificateBoundAccessTokens()); return applicationDTO; } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java index 6e62c1be2b..7df68aa170 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java @@ -33,7 +33,23 @@ public class Application implements Serializable { private String clientSecret = null; private List redirectUris = null; private List grantTypes = null; - + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSignatureAlgorithm = null; + private String sectorIdentifierURI = null; + private String idTokenSignatureAlgorithm = null; + private String authorizationResponseEncryptionAlgorithm = null; + private String authorizationResponseSignatureAlgorithm = null; + private String authorizationResponseEncryptionMethod = null; + private String requestObjectSignatureAlgorithm = null; + private String tlsClientAuthSubjectDN = null; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; + private boolean isRequestObjectSignatureValidationEnabled; + private String idTokenEncryptionAlgorithm = null; + private String idTokenEncryptionMethod = null; public String getClientName() { return clientName; @@ -84,6 +100,141 @@ public void setGrantTypes(List grantTypes) { this.grantTypes = grantTypes; } + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; + } + + public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionAlgorithm() { + return authorizationResponseEncryptionAlgorithm; + } + + public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { + this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + } + + public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; + } + + public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionMethod() { + return authorizationResponseEncryptionMethod; + } + + public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { + this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + } + + public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + + public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + public boolean isRequestObjectSignatureValidationEnabled() { + return isRequestObjectSignatureValidationEnabled; + } + + public void setRequestObjectSignatureValidationEnabled(boolean requestObjectSignatureValidationEnabled) { + isRequestObjectSignatureValidationEnabled = requestObjectSignatureValidationEnabled; + } + + public String getIdTokenEncryptionAlgorithm() { + return idTokenEncryptionAlgorithm; + } + + public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; + } + + public String getIdTokenEncryptionMethod() { + return idTokenEncryptionMethod; + } + + public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + this.idTokenEncryptionMethod = idTokenEncryptionMethod; + } @Override public String toString() { diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java index f948ad6167..835379cdb6 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java @@ -44,6 +44,25 @@ public class ApplicationUpdateRequest implements Serializable { private boolean extPkceSupportPlain = false; private boolean extPublicClient = false; + private String softwareStatement; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String idTokenEncryptionAlgorithm; + private String idTokenEncryptionMethod; + private String authorizationResponseEncryptionAlgorithm; + private String authorizationResponseSignatureAlgorithm; + private String authorizationResponseEncryptionMethod; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private boolean requireSignedRequestObject; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; + public List getRedirectUris() { return redirectUris; @@ -255,4 +274,149 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; + } + + + public String getAuthorizationResponseEncryptionAlgorithm() { + return authorizationResponseEncryptionAlgorithm; + } + + public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { + this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + } + + public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; + } + + public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; + } + + public String getAuthorizationResponseEncryptionMethod() { + return authorizationResponseEncryptionMethod; + } + + public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { + this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + } + + public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + public String getIdTokenEncryptionAlgorithm() { + return idTokenEncryptionAlgorithm; + } + + public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; + } + + public String getIdTokenEncryptionMethod() { + return idTokenEncryptionMethod; + } + + public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + this.idTokenEncryptionMethod = idTokenEncryptionMethod; + } + + public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + public String getSoftwareStatement() { + return softwareStatement; + } + + public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; + } + } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 2a3d196022..62e3813a4e 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -259,6 +259,58 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str if (updateRequest.getExtIdTokenLifetime() != null) { appDTO.setIdTokenExpiryTime(updateRequest.getExtIdTokenLifetime()); } + if (updateRequest.getTokenEndpointAuthMethod() != null) { + appDTO.setTokenEndpointAuthMethod(updateRequest.getTokenEndpointAuthMethod()); + } + if (updateRequest.getTokenEndpointAuthSignatureAlgorithm() != null) { + appDTO.setTokenEndpointAuthSignatureAlgorithm + (updateRequest.getTokenEndpointAuthSignatureAlgorithm()); + } + if (updateRequest.getSectorIdentifierURI() != null) { + appDTO.setSectorIdentifierURI(updateRequest.getSectorIdentifierURI()); + } + if (updateRequest.getIdTokenSignatureAlgorithm() != null) { + appDTO.setIdTokenSignatureAlgorithm(updateRequest.getIdTokenSignatureAlgorithm()); + } + if (updateRequest.getIdTokenEncryptionAlgorithm() != null) { + appDTO.setIdTokenEncryptionAlgorithm(updateRequest.getIdTokenEncryptionAlgorithm()); + } + if (updateRequest.getIdTokenEncryptionMethod() != null) { + appDTO.setIdTokenEncryptionMethod(updateRequest.getIdTokenEncryptionMethod()); + } + if (updateRequest.getAuthorizationResponseSignatureAlgorithm() != null) { + appDTO.setAuthorizationResponseSignatureAlgorithm( + updateRequest.getAuthorizationResponseSignatureAlgorithm()); + } + if (updateRequest.getAuthorizationResponseEncryptionAlgorithm() != null) { + appDTO.setAuthorizationResponseEncryptionAlgorithm + (updateRequest.getAuthorizationResponseEncryptionAlgorithm()); + } + if (updateRequest.getAuthorizationResponseEncryptionMethod() != null) { + appDTO.setAuthorizationResponseEncryptionMethod + (updateRequest.getRequestObjectEncryptionMethod()); + } + if (updateRequest.getRequestObjectSignatureAlgorithm() != null) { + appDTO.setRequestObjectSignatureValidationEnabled + (updateRequest.isRequireSignedRequestObject()); + } + if (updateRequest.getTlsClientAuthSubjectDN() != null) { + appDTO.setTlsClientAuthSubjectDN(updateRequest.getTlsClientAuthSubjectDN()); + } + if (updateRequest.getSubjectType() != null) { + appDTO.setSubjectType(updateRequest.getSubjectType()); + } + if (updateRequest.getRequestObjectEncryptionAlgorithm() != null) { + appDTO.setRequestObjectEncryptionAlgorithm + (updateRequest.getRequestObjectEncryptionAlgorithm()); + } + if (updateRequest.getRequestObjectEncryptionMethod() != null) { + appDTO.setRequestObjectEncryptionMethod(updateRequest.getRequestObjectEncryptionMethod()); + } + updateRequest.setRequireSignedRequestObject(updateRequest.isRequireSignedRequestObject()); + updateRequest.setRequirePushedAuthorizationRequests(updateRequest.isRequirePushedAuthorizationRequests()); + updateRequest.setTlsClientCertificateBoundAccessTokens( + updateRequest.isTlsClientCertificateBoundAccessTokens()); appDTO.setPkceMandatory(updateRequest.isExtPkceMandatory()); appDTO.setPkceSupportPlain(updateRequest.isExtPkceSupportPlain()); appDTO.setBypassClientCredentials(updateRequest.isExtPublicClient()); @@ -406,8 +458,24 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp) { if (StringUtils.isNotEmpty(createdApp.getGrantTypes())) { grantTypesList = Arrays.asList(createdApp.getGrantTypes().split(" ")); } - application.setGrantTypes(grantTypesList); - + application.setTokenEndpointAuthMethod(createdApp.getTokenEndpointAuthMethod()); + application.setTokenEndpointAuthSignatureAlgorithm(createdApp.getTokenEndpointAuthSignatureAlgorithm()); + application.setSectorIdentifierURI(createdApp.getSectorIdentifierURI()); + application.setIdTokenSignatureAlgorithm(createdApp.getIdTokenSignatureAlgorithm()); + application.setIdTokenEncryptionAlgorithm(createdApp.getIdTokenEncryptionAlgorithm()); + application.setIdTokenEncryptionMethod(createdApp.getIdTokenEncryptionMethod()); + application.setAuthorizationResponseSignatureAlgorithm(createdApp.getAuthorizationResponseSignatureAlgorithm()); + application.setAuthorizationResponseEncryptionAlgorithm( + createdApp.getAuthorizationResponseEncryptionAlgorithm()); + application.setAuthorizationResponseEncryptionMethod(createdApp.getRequestObjectEncryptionMethod()); + application.setRequestObjectSignatureValidationEnabled(createdApp.isRequestObjectSignatureValidationEnabled()); + application.setRequestObjectSignatureAlgorithm(createdApp.getRequestObjectSignatureAlgorithm()); + application.setTlsClientAuthSubjectDN(createdApp.getTlsClientAuthSubjectDN()); + application.setSubjectType(createdApp.getSubjectType()); + application.setRequestObjectEncryptionAlgorithm(createdApp.getRequestObjectEncryptionAlgorithm()); + application.setRequestObjectEncryptionMethod(createdApp.getRequestObjectEncryptionMethod()); + application.setRequirePushedAuthorizationRequests(createdApp.getRequirePushedAuthorizationRequests()); + application.setTlsClientCertificateBoundAccessTokens(createdApp.getTlsClientCertificateBoundAccessTokens()); return application; } From bfa3e5808488853201d749150da613ae1400394f Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sun, 1 Oct 2023 10:58:06 +0530 Subject: [PATCH 08/23] add support to store jwksURI and upate properties --- .../dcr/endpoint/dto/ApplicationDTO.java | 188 +++++++++++++++++- .../dcr/endpoint/dto/UpdateRequestDTO.java | 11 + .../oauth2/dcr/endpoint/util/DCRMUtils.java | 65 ++++-- .../identity/oauth/dcr/bean/Application.java | 8 + .../bean/ApplicationRegistrationRequest.java | 9 + .../dcr/bean/ApplicationUpdateRequest.java | 10 +- .../oauth/dcr/service/DCRMService.java | 35 +++- .../wso2/carbon/identity/oauth/OAuthUtil.java | 2 +- .../identity/oauth/dao/OAuthAppDAO.java | 17 +- .../oauth/dto/OAuthConsumerAppDTO.java | 7 + 10 files changed, 311 insertions(+), 41 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java index 69d7351e69..54c5143d88 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java @@ -33,6 +33,24 @@ public class ApplicationDTO { private String clientName = null; + private String jwksUri = null; + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSigningAlg = null; + private String sectorIdentifierUri = null; + private String idTokenSignedResponseAlg = null; + private String idTokenEncryptedResponseAlg = null; + private String idTokenEncryptedResponseEnc = null; + private String authorizationEncryptedResponseAlg = null; + private String authorizationSignedResponseAlg = null; + private String authorizationEncryptedResponseEnc = null; + private String requestObjectSigningAlg = null; + private String tlsClientAuthSubjectDn = null; + private boolean requirePushAuthorizationRequest; + private boolean requireSignedRequestObject; + private boolean tlsClientCertificateBoundAccessToken; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; /** @@ -106,7 +124,175 @@ public void setClientName(String clientName) { this.clientName = clientName; } - + @ApiModelProperty + @JsonProperty("jwks_uri") + public String getJwksUri() { + return jwksUri; + } + + public void setJwksUri(String jwksUri) { + this.jwksUri = jwksUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_method") + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_signing_alg") + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("sector_identifier_uri") + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_signed_response_alg") + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_alg") + public String getIdTokenEncryptedResponseAlg() { + return idTokenEncryptedResponseAlg; + } + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { + this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_enc") + public String getIdTokenEncryptedResponseEnc() { + return idTokenEncryptedResponseEnc; + } + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { + this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_encrypted_response_alg") + public String getAuthorizationEncryptedResponseAlg() { + return authorizationEncryptedResponseAlg; + } + public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { + this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_signed_response_alg") + public String getAuthorizationSignedResponseAlg() { + return authorizationSignedResponseAlg; + } + public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { + this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("authorization_encrypted_response_enc") + public String getAuthorizationEncryptedResponseEnc() { + return authorizationEncryptedResponseEnc; + } + public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { + this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_signing_alg") + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_auth_subject_dn") + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_pushed_authorization_requests") + public boolean isRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + + public void setRequirePushAuthorizationRequest(boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_signed_request_object") + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_certificate_bound_access_tokens") + public boolean isTlsClientCertificateBoundAccessToken() { + return tlsClientCertificateBoundAccessToken; + } + + public void setTlsClientCertificateBoundAccessToken(boolean tlsClientCertificateBoundAccessToken) { + this.tlsClientCertificateBoundAccessToken = tlsClientCertificateBoundAccessToken; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject_type") + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_alg") + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_enc") + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } @Override public String toString() { diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java index a2ae14e6b0..ca2f16ce83 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java @@ -15,6 +15,7 @@ public class UpdateRequestDTO { private List redirectUris = new ArrayList<>(); private String clientName = null; private List grantTypes = new ArrayList<>(); + private String jwksUri = null; private String tokenType = null; private String clientId = null; private String clientSecret = null; @@ -396,6 +397,16 @@ public void setSoftwareStatement(String softwareStatement) { this.softwareStatement = softwareStatement; } + @ApiModelProperty + @JsonProperty("jwks_uri") + public String getJwksUri() { + return jwksUri; + } + + public void setJwksUri(String jwksUri) { + this.jwksUri = jwksUri; + } + @Override public String toString() { diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index d2f477b3fb..556f0308b3 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -78,6 +78,7 @@ public static ApplicationRegistrationRequest getApplicationRegistrationRequest( appRegistrationRequest.setExtPkceMandatory(registrationRequestDTO.getExtPkceMandatory()); appRegistrationRequest.setExtPkceSupportPlain(registrationRequestDTO.getExtPkceSupportPlain()); appRegistrationRequest.setExtPublicClient(registrationRequestDTO.getExtPublicClient()); + appRegistrationRequest.setJwksURI(registrationRequestDTO.getJwksUri()); appRegistrationRequest.setTokenEndpointAuthMethod(registrationRequestDTO.getTokenEndpointAuthMethod()); appRegistrationRequest.setTokenEndpointAuthSignatureAlgorithm (registrationRequestDTO.getTokenEndpointAuthSigningAlg()); @@ -125,8 +126,33 @@ public static ApplicationUpdateRequest getApplicationUpdateRequest(UpdateRequest applicationUpdateRequest.setExtPkceMandatory(updateRequestDTO.getExtPkceMandatory()); applicationUpdateRequest.setExtPkceSupportPlain(updateRequestDTO.getExtPkceSupportPlain()); applicationUpdateRequest.setExtPublicClient(updateRequestDTO.getExtPublicClient()); + applicationUpdateRequest.setJwksURI(updateRequestDTO.getJwksUri()); + applicationUpdateRequest.setTokenEndpointAuthMethod(updateRequestDTO.getTokenEndpointAuthMethod()); + applicationUpdateRequest.setTokenEndpointAuthSignatureAlgorithm + (updateRequestDTO.getTokenEndpointAuthSigningAlg()); + applicationUpdateRequest.setSectorIdentifierURI(updateRequestDTO.getSectorIdentifierUri()); + applicationUpdateRequest.setIdTokenSignatureAlgorithm(updateRequestDTO.getIdTokenSignedResponseAlg()); + applicationUpdateRequest.setIdTokenEncryptionAlgorithm(updateRequestDTO.getIdTokenEncryptedResponseAlg()); + applicationUpdateRequest.setIdTokenEncryptionMethod(updateRequestDTO.getIdTokenEncryptedResponseEnc()); + applicationUpdateRequest.setAuthorizationResponseEncryptionAlgorithm( + updateRequestDTO.getAuthorizationEncryptedResponseAlg()); + applicationUpdateRequest.setAuthorizationResponseEncryptionMethod( + updateRequestDTO.getAuthorizationEncryptedResponseEnc()); + applicationUpdateRequest.setAuthorizationResponseSignatureAlgorithm( + updateRequestDTO.getAuthorizationSignedResponseAlg()); + applicationUpdateRequest.setRequestObjectSignatureAlgorithm( + updateRequestDTO.getRequestObjectSigningAlg()); + applicationUpdateRequest.setRequestObjectEncryptionAlgorithm( + updateRequestDTO.getRequestObjectEncryptionAlgorithm()); + applicationUpdateRequest.setRequestObjectEncryptionMethod(updateRequestDTO.getRequestObjectEncryptionMethod()); + applicationUpdateRequest.setTlsClientAuthSubjectDN(updateRequestDTO.getTlsClientAuthSubjectDn()); + applicationUpdateRequest.setRequirePushedAuthorizationRequests(updateRequestDTO.isRequireSignedRequestObject()); + applicationUpdateRequest.setRequireSignedRequestObject(updateRequestDTO.isRequireSignedRequestObject()); + applicationUpdateRequest.setTlsClientCertificateBoundAccessTokens + (updateRequestDTO.isTlsClientCertificateBoundAccessToken()); + applicationUpdateRequest.setSubjectType(updateRequestDTO.getSubjectType()); + applicationUpdateRequest.setSoftwareStatement(updateRequestDTO.getSoftwareStatement()); return applicationUpdateRequest; - } public static void handleErrorResponse(DCRMException dcrmException, Log log) throws DCRMEndpointException { @@ -200,25 +226,24 @@ public static ApplicationDTO getApplicationDTOFromApplication(Application applic specification we have to set the expiration time to 0. https://openid.net/specs/openid-connect-registration-1_0.html */ applicationDTO.setClientSecretExpiresAt(0L); - application.setTokenEndpointAuthMethod(application.getTokenEndpointAuthMethod()); - application.setTokenEndpointAuthSignatureAlgorithm(application.getTokenEndpointAuthSignatureAlgorithm()); - application.setSectorIdentifierURI(application.getSectorIdentifierURI()); - application.setIdTokenSignatureAlgorithm(application.getIdTokenSignatureAlgorithm()); - application.setIdTokenEncryptionAlgorithm(application.getIdTokenEncryptionAlgorithm()); - application.setIdTokenEncryptionMethod(application.getIdTokenEncryptionMethod()); - application.setAuthorizationResponseSignatureAlgorithm( - application.getAuthorizationResponseSignatureAlgorithm()); - application.setAuthorizationResponseEncryptionAlgorithm( - application.getAuthorizationResponseEncryptionAlgorithm()); - application.setAuthorizationResponseEncryptionMethod(application.getRequestObjectEncryptionMethod()); - application.setRequestObjectSignatureValidationEnabled(application.isRequestObjectSignatureValidationEnabled()); - application.setRequestObjectSignatureAlgorithm(application.getRequestObjectSignatureAlgorithm()); - application.setTlsClientAuthSubjectDN(application.getTlsClientAuthSubjectDN()); - application.setSubjectType(application.getSubjectType()); - application.setRequestObjectEncryptionAlgorithm(application.getRequestObjectEncryptionAlgorithm()); - application.setRequestObjectEncryptionMethod(application.getRequestObjectEncryptionMethod()); - application.setRequirePushedAuthorizationRequests(application.isRequirePushedAuthorizationRequests()); - application.setTlsClientCertificateBoundAccessTokens(application.isTlsClientCertificateBoundAccessTokens()); + applicationDTO.setJwksUri(application.getJwksURI()); + applicationDTO.setTokenEndpointAuthMethod(application.getTokenEndpointAuthMethod()); + applicationDTO.setTokenEndpointAuthSigningAlg(application.getTokenEndpointAuthSignatureAlgorithm()); + applicationDTO.setSectorIdentifierUri(application.getSectorIdentifierURI()); + applicationDTO.setIdTokenSignedResponseAlg(application.getIdTokenSignatureAlgorithm()); + applicationDTO.setIdTokenEncryptedResponseAlg(application.getIdTokenEncryptionAlgorithm()); + applicationDTO.setIdTokenEncryptedResponseEnc(application.getIdTokenEncryptionMethod()); + applicationDTO.setAuthorizationSignedResponseAlg(application.getAuthorizationResponseSignatureAlgorithm()); + applicationDTO.setAuthorizationEncryptedResponseAlg(application.getAuthorizationResponseEncryptionAlgorithm()); + applicationDTO.setAuthorizationEncryptedResponseEnc(application.getRequestObjectEncryptionMethod()); + applicationDTO.setRequireSignedRequestObject(application.isRequestObjectSignatureValidationEnabled()); + applicationDTO.setRequestObjectSigningAlg(application.getRequestObjectSignatureAlgorithm()); + applicationDTO.setTlsClientAuthSubjectDn(application.getTlsClientAuthSubjectDN()); + applicationDTO.setSubjectType(application.getSubjectType()); + applicationDTO.setRequestObjectEncryptionAlgorithm(application.getRequestObjectEncryptionAlgorithm()); + applicationDTO.setRequestObjectEncryptionMethod(application.getRequestObjectEncryptionMethod()); + applicationDTO.setRequirePushAuthorizationRequest(application.isRequirePushedAuthorizationRequests()); + applicationDTO.setTlsClientCertificateBoundAccessToken(application.isTlsClientCertificateBoundAccessTokens()); return applicationDTO; } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java index 7df68aa170..15f356bdaa 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java @@ -33,6 +33,7 @@ public class Application implements Serializable { private String clientSecret = null; private List redirectUris = null; private List grantTypes = null; + private String jwksURI = null; private String tokenEndpointAuthMethod = null; private String tokenEndpointAuthSignatureAlgorithm = null; private String sectorIdentifierURI = null; @@ -99,6 +100,13 @@ public void setGrantTypes(List grantTypes) { this.grantTypes = grantTypes; } + public String getJwksURI() { + return jwksURI; + } + + public void setJwksURI(String jwksURI) { + this.jwksURI = jwksURI; + } public String getTokenEndpointAuthMethod() { return tokenEndpointAuthMethod; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java index 76501e777e..43ca17cea8 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java @@ -47,6 +47,7 @@ public class ApplicationRegistrationRequest implements Serializable { private boolean extPkceMandatory = false; private boolean extPkceSupportPlain = false; private boolean extPublicClient = false; + private String jwksURI; private String softwareStatement; private String tokenEndpointAuthMethod; private String tokenEndpointAuthSignatureAlgorithm; @@ -66,6 +67,14 @@ public class ApplicationRegistrationRequest implements Serializable { private String requestObjectEncryptionAlgorithm; private String requestObjectEncryptionMethod; + public String getJwksURI() { + return jwksURI; + } + + public void setJwksURI(String jwksURI) { + this.jwksURI = jwksURI; + } + public List getRedirectUris() { return redirectUris; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java index 835379cdb6..82a66883fc 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java @@ -43,7 +43,7 @@ public class ApplicationUpdateRequest implements Serializable { private boolean extPkceMandatory = false; private boolean extPkceSupportPlain = false; private boolean extPublicClient = false; - + private String jwksURI = null; private String softwareStatement; private String tokenEndpointAuthMethod; private String tokenEndpointAuthSignatureAlgorithm; @@ -419,4 +419,12 @@ public void setSoftwareStatement(String softwareStatement) { this.softwareStatement = softwareStatement; } + public String getJwksURI() { + return jwksURI; + } + + public void setJwksURI(String jwksURI) { + this.jwksURI = jwksURI; + } + } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 62e3813a4e..bb35987536 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -53,6 +53,7 @@ import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.util.OAuth2Util; +import org.wso2.carbon.identity.openidconnect.model.Constants; import java.util.ArrayList; import java.util.Arrays; @@ -213,7 +214,12 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str } // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName()); - + //update jwksURI + if (StringUtils.isNotEmpty(updateRequest.getJwksURI())) { + sp.setJwksUri(updateRequest.getJwksURI()); + //setting the jwksURI to be sent in the response + appDTO.setJwksURi(updateRequest.getJwksURI()); + } // Need to create a deep clone, since modifying the fields of the original object, // will modify the cached SP object. ServiceProvider clonedSP = cloneServiceProvider(sp); @@ -307,10 +313,9 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str if (updateRequest.getRequestObjectEncryptionMethod() != null) { appDTO.setRequestObjectEncryptionMethod(updateRequest.getRequestObjectEncryptionMethod()); } - updateRequest.setRequireSignedRequestObject(updateRequest.isRequireSignedRequestObject()); - updateRequest.setRequirePushedAuthorizationRequests(updateRequest.isRequirePushedAuthorizationRequests()); - updateRequest.setTlsClientCertificateBoundAccessTokens( - updateRequest.isTlsClientCertificateBoundAccessTokens()); + appDTO.setRequestObjectSignatureValidationEnabled(updateRequest.isRequireSignedRequestObject()); + appDTO.setRequirePushedAuthorizationRequests(updateRequest.isRequirePushedAuthorizationRequests()); + appDTO.setTlsClientCertificateBoundAccessTokens(updateRequest.isTlsClientCertificateBoundAccessTokens()); appDTO.setPkceMandatory(updateRequest.isExtPkceMandatory()); appDTO.setPkceSupportPlain(updateRequest.isExtPkceSupportPlain()); appDTO.setBypassClientCredentials(updateRequest.isExtPublicClient()); @@ -432,9 +437,15 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(serviceProvider, registrationRequest.getExtApplicationDisplayName()); + //store jwksURI + if (StringUtils.isNotEmpty(registrationRequest.getJwksURI())) { + serviceProvider.setJwksUri(registrationRequest.getJwksURI()); + } try { updateServiceProviderWithOAuthAppDetails(serviceProvider, createdApp, applicationOwner, tenantDomain); + //setting the jwksURI to be sent in the response + createdApp.setJwksURi(registrationRequest.getJwksURI()); } catch (DCRMException ex) { // Delete the OAuth app created. This will also remove the registered SP for the OAuth app. deleteApplication(createdApp.getOauthConsumerKey()); @@ -458,6 +469,8 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp) { if (StringUtils.isNotEmpty(createdApp.getGrantTypes())) { grantTypesList = Arrays.asList(createdApp.getGrantTypes().split(" ")); } + application.setGrantTypes(grantTypesList); + application.setJwksURI(createdApp.getJwksURi()); application.setTokenEndpointAuthMethod(createdApp.getTokenEndpointAuthMethod()); application.setTokenEndpointAuthSignatureAlgorithm(createdApp.getTokenEndpointAuthSignatureAlgorithm()); application.setSectorIdentifierURI(createdApp.getSectorIdentifierURI()); @@ -577,8 +590,8 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist (registrationRequest.getRequestObjectEncryptionMethod()); } if (registrationRequest.getRequestObjectSignatureAlgorithm() != null) { - oAuthConsumerApp.setRequestObjectSignatureValidationEnabled - (registrationRequest.isRequireSignedRequestObject()); + oAuthConsumerApp.setRequestObjectSignatureAlgorithm( + (registrationRequest.getRequestObjectSignatureAlgorithm())); } if (registrationRequest.getTlsClientAuthSubjectDN() != null) { oAuthConsumerApp.setTlsClientAuthSubjectDN(registrationRequest.getTlsClientAuthSubjectDN()); @@ -594,10 +607,10 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist oAuthConsumerApp.setRequestObjectEncryptionMethod(registrationRequest.getRequestObjectEncryptionMethod()); } oAuthConsumerApp.setRequestObjectSignatureValidationEnabled(registrationRequest.isRequireSignedRequestObject()); - oAuthConsumerApp.setRequirePushedAuthorizationRequests - (registrationRequest.isRequirePushedAuthorizationRequests()); - oAuthConsumerApp.setTlsClientCertificateBoundAccessTokens - (registrationRequest.isTlsClientCertificateBoundAccessTokens()); + oAuthConsumerApp.setRequirePushedAuthorizationRequests( + registrationRequest.isRequirePushedAuthorizationRequests()); + oAuthConsumerApp.setTlsClientCertificateBoundAccessTokens( + registrationRequest.isTlsClientCertificateBoundAccessTokens()); oAuthConsumerApp.setPkceMandatory(registrationRequest.isExtPkceMandatory()); oAuthConsumerApp.setPkceSupportPlain(registrationRequest.isExtPkceSupportPlain()); oAuthConsumerApp.setBypassClientCredentials(registrationRequest.isExtPublicClient()); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 437d5e8e37..2acfa6bcd8 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -506,7 +506,7 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setRequestObjectSignatureAlgorithm(appDO.getRequestObjectSignatureAlgorithm()); dto.setTlsClientAuthSubjectDN(appDO.getTlsClientAuthSubjectDN()); dto.setSubjectType(appDO.getSubjectType()); - dto.setRequestObjectEncryptionAlgorithm(appDO.getAuthorizationResponseEncryptionAlgorithm()); + dto.setRequestObjectEncryptionAlgorithm(appDO.getRequestObjectEncryptionAlgorithm()); dto.setRequestObjectEncryptionMethod(appDO.getRequestObjectEncryptionMethod()); dto.setRequirePushedAuthorizationRequests(appDO.isRequirePushedAuthorizationRequests()); dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens()); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index e5e6c2a480..427b81a062 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -1344,7 +1344,7 @@ private void addServiceProviderOIDCProperties(Connection connection, REQUEST_OBJECT_ENCRYPTION_ALGORITHM, consumerAppDO.getRequestObjectEncryptionAlgorithm()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - REQUEST_OBJECT_ENCRYPTION_METHOD, consumerAppDO.getAuthorizationResponseEncryptionMethod()); + REQUEST_OBJECT_ENCRYPTION_METHOD, consumerAppDO.getRequestObjectEncryptionMethod()); addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, TLS_SUBJECT_DN, consumerAppDO.getTlsClientAuthSubjectDN()); @@ -1518,12 +1518,15 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu if (requestObjectEncryptionMethod != null) { oauthApp.setRequestObjectEncryptionMethod(requestObjectEncryptionMethod); } - boolean isRequirePAR = Boolean.parseBoolean(getFirstPropertyValue(spOIDCProperties, IS_PUSH_AUTH)); - oauthApp.setRequirePushedAuthorizationRequests(isRequirePAR); - boolean isCertificateBoundAccessToken = Boolean.parseBoolean(getFirstPropertyValue( - spOIDCProperties, IS_CERTIFICATE_BOUND_ACCESS_TOKEN)); - oauthApp.setTlsClientCertificateBoundAccessTokens(isCertificateBoundAccessToken); - + String isPAR = getFirstPropertyValue(spOIDCProperties, IS_PUSH_AUTH); + if (isPAR != null) { + oauthApp.setRequirePushedAuthorizationRequests(Boolean.parseBoolean(isPAR)); + } + String isCertificateBoundAccessToken = getFirstPropertyValue( + spOIDCProperties, IS_CERTIFICATE_BOUND_ACCESS_TOKEN); + if (isCertificateBoundAccessToken != null) { + oauthApp.setTlsClientCertificateBoundAccessTokens(Boolean.parseBoolean(isCertificateBoundAccessToken)); + } } private String getFirstPropertyValue(Map> propertyMap, String key) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index e980cfbcf0..e875f68417 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -41,6 +41,7 @@ public class OAuthConsumerAppDTO { private boolean bypassClientCredentials; private String renewRefreshTokenEnabled; // OIDC related properties + private String jwksURi; private boolean isRequestObjectSignatureValidationEnabled; private boolean isIdTokenEncryptionEnabled; private String idTokenEncryptionAlgorithm; @@ -67,6 +68,12 @@ public class OAuthConsumerAppDTO { private String requestObjectEncryptionAlgorithm; private String requestObjectEncryptionMethod; + public String getJwksURi() { + return jwksURi; + } + public void setJwksURi(String jwksURi) { + this.jwksURi = jwksURi; + } public long getUserAccessTokenExpiryTime() { return userAccessTokenExpiryTime; } From 0d79ac25842c758fa6ace773687da00ccd62dd02 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 2 Oct 2023 11:18:52 +0530 Subject: [PATCH 09/23] add support to store and retrieve jwksURI via DCR --- .../oauth/dcr/service/DCRMService.java | 25 +++++++++++++------ .../oauth/dcr/service/DCRMServiceTest.java | 6 +++++ .../oauth/dto/OAuthConsumerAppDTO.java | 10 ++++---- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index bb35987536..ec4dcd37b4 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -53,7 +53,6 @@ import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.util.OAuth2Util; -import org.wso2.carbon.identity.openidconnect.model.Constants; import java.util.ArrayList; import java.util.Arrays; @@ -86,7 +85,17 @@ public class DCRMService { public Application getApplication(String clientId) throws DCRMException { validateRequestTenantDomain(clientId); - return buildResponse(getApplicationById(clientId, DCRMUtils.isApplicationRolePermissionRequired())); + OAuthConsumerAppDTO consumerAppDTO = getApplicationById( + clientId, DCRMUtils.isApplicationRolePermissionRequired()); + //get the jwksURI from the service provider + String applicationName = consumerAppDTO.getApplicationName(); + String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); + ServiceProvider serviceProvider = getServiceProvider(applicationName, tenantDomain); + String jwksURI = serviceProvider.getJwksUri(); + if (StringUtils.isNotEmpty(jwksURI)) { + consumerAppDTO.setJwksURI(jwksURI); + } + return buildResponse(consumerAppDTO); } /** @@ -217,8 +226,6 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str //update jwksURI if (StringUtils.isNotEmpty(updateRequest.getJwksURI())) { sp.setJwksUri(updateRequest.getJwksURI()); - //setting the jwksURI to be sent in the response - appDTO.setJwksURi(updateRequest.getJwksURI()); } // Need to create a deep clone, since modifying the fields of the original object, // will modify the cached SP object. @@ -324,8 +331,10 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str throw DCRMUtils.generateServerException( DCRMConstants.ErrorMessages.FAILED_TO_UPDATE_APPLICATION, clientId, e); } - - return buildResponse(getApplicationById(clientId)); + OAuthConsumerAppDTO oAuthConsumerAppDTO = getApplicationById(clientId); + //setting the jwksURI to be sent in the response + oAuthConsumerAppDTO.setJwksURI(updateRequest.getJwksURI()); + return buildResponse(oAuthConsumerAppDTO); } /** @@ -445,7 +454,7 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist try { updateServiceProviderWithOAuthAppDetails(serviceProvider, createdApp, applicationOwner, tenantDomain); //setting the jwksURI to be sent in the response - createdApp.setJwksURi(registrationRequest.getJwksURI()); + createdApp.setJwksURI(registrationRequest.getJwksURI()); } catch (DCRMException ex) { // Delete the OAuth app created. This will also remove the registered SP for the OAuth app. deleteApplication(createdApp.getOauthConsumerKey()); @@ -470,7 +479,7 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp) { grantTypesList = Arrays.asList(createdApp.getGrantTypes().split(" ")); } application.setGrantTypes(grantTypesList); - application.setJwksURI(createdApp.getJwksURi()); + application.setJwksURI(createdApp.getJwksURI()); application.setTokenEndpointAuthMethod(createdApp.getTokenEndpointAuthMethod()); application.setTokenEndpointAuthSignatureAlgorithm(createdApp.getTokenEndpointAuthSignatureAlgorithm()); application.setSectorIdentifierURI(createdApp.getSectorIdentifierURI()); diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index 67c7153702..43db249301 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -286,6 +286,12 @@ public void getApplicationDTOTest() throws Exception { PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(mockedUserRealm); when(mockedUserRealm.getUserStoreManager()).thenReturn(mockedUserStoreManager); when(mockedUserStoreManager.isUserInRole(anyString(), anyString())).thenReturn(true); + ServiceProvider serviceProvider = new ServiceProvider(); + serviceProvider.setJwksUri("dummyJwksUri"); + when(mockApplicationManagementService.getServiceProvider(anyString(), anyString())) + .thenReturn(serviceProvider); + when(mockApplicationManagementService.getServiceProvider(anyString(), anyString())) + .thenReturn(new ServiceProvider()); Application application = dcrmService.getApplication(dummyConsumerKey); assertEquals(application.getClientId(), dummyConsumerKey); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index e875f68417..55f6deea7e 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -41,7 +41,7 @@ public class OAuthConsumerAppDTO { private boolean bypassClientCredentials; private String renewRefreshTokenEnabled; // OIDC related properties - private String jwksURi; + private String jwksURI; private boolean isRequestObjectSignatureValidationEnabled; private boolean isIdTokenEncryptionEnabled; private String idTokenEncryptionAlgorithm; @@ -68,11 +68,11 @@ public class OAuthConsumerAppDTO { private String requestObjectEncryptionAlgorithm; private String requestObjectEncryptionMethod; - public String getJwksURi() { - return jwksURi; + public String getJwksURI() { + return jwksURI; } - public void setJwksURi(String jwksURi) { - this.jwksURi = jwksURi; + public void setJwksURI(String jwksURi) { + this.jwksURI = jwksURi; } public long getUserAccessTokenExpiryTime() { return userAccessTokenExpiryTime; From 204234b3fc7675005bc8b4a8d4c8a5fe66de4810 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 6 Oct 2023 14:17:33 +0530 Subject: [PATCH 10/23] store service provider property to indicate fapi compliant and third party application --- .../identity/oauth/common/OAuthConstants.java | 2 ++ .../oauth/dcr/service/DCRMService.java | 31 ++++++++++++++++++ .../oauth/dcr/service/DCRMServiceTest.java | 32 +++++++++++++++++++ 3 files changed, 65 insertions(+) diff --git a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java index e65323e75e..a6e5a12c06 100644 --- a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java +++ b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java @@ -187,6 +187,8 @@ public final class OAuthConstants { public static final String REQUEST_BINDING_TYPE = "request"; public static final String ORG_ID = "org_id"; public static final String IS_FAPI_CONFORMANT_APP = "isFAPIConformant"; + public static final String IS_THIRD_PARTY_APP = "isThirdPartyApp"; + private OAuthConstants() { diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index ec4dcd37b4..7c1698f20e 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -56,7 +56,9 @@ import java.util.ArrayList; import java.util.Arrays; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.regex.Pattern; import static org.wso2.carbon.identity.oauth.Error.INVALID_OAUTH_CLIENT; @@ -657,6 +659,12 @@ private ServiceProvider createServiceProvider(String applicationOwner, String te sp.setDescription("Service Provider for application " + spName); sp.setManagementApp(isManagementApp); + //add FAPI conformant application nad isThirdParty property to the service provider + Map spProperties = new HashMap<>(); + spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); + spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); + addSPProperties(spProperties, sp); + createServiceProvider(sp, tenantDomain, applicationOwner, templateName); // Get created service provider. @@ -952,4 +960,27 @@ private ServiceProvider cloneServiceProvider(ServiceProvider serviceProvider) { ServiceProvider clonedServiceProvider = gson.fromJson(gson.toJson(serviceProvider), ServiceProvider.class); return clonedServiceProvider; } + + /** + * Add the properties to the service provider. + * @param spProperties Map of property name and values to be added. + * @param serviceProvider ServiceProvider object. + */ + private void addSPProperties(Map spProperties, ServiceProvider serviceProvider) + throws DCRMException { + + ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); + for (Map.Entry entry : spProperties.entrySet()) { + boolean propertyExists = Arrays.stream(serviceProviderProperties) + .anyMatch(property -> property.getName().equals(entry.getKey())); + if (!propertyExists) { + ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty(); + serviceProviderProperty.setName(entry.getKey()); + serviceProviderProperty.setValue(entry.getValue().toString()); + serviceProviderProperties = (ServiceProviderProperty[]) ArrayUtils.add(serviceProviderProperties, + serviceProviderProperty); + } + } + serviceProvider.setSpProperties(serviceProviderProperties); + } } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index 43db249301..2c6adede47 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -32,6 +32,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.model.ServiceProvider; +import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty; import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.base.IdentityException; @@ -59,7 +60,9 @@ import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; +import java.util.HashMap; import java.util.List; +import java.util.Map; import static org.mockito.Matchers.any; import static org.mockito.Matchers.anyString; @@ -68,6 +71,7 @@ import static org.powermock.api.mockito.PowerMockito.mockStatic; import static org.powermock.api.mockito.PowerMockito.when; import static org.powermock.api.mockito.PowerMockito.whenNew; +import static org.powermock.reflect.Whitebox.invokeMethod; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; import static org.testng.Assert.assertNotNull; @@ -904,6 +908,20 @@ public void deleteOAuthApplicationWithoutAssociatedSPwithError(List redi PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(mockedUserRealm); when(mockedUserRealm.getUserStoreManager()).thenReturn(mockedUserStoreManager); when(mockedUserStoreManager.isUserInRole(anyString(), anyString())).thenReturn(true); + + + /*ServiceProvider serviceProvider = new ServiceProvider(); + ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); + ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty(); + serviceProviderProperty.setName("isFAPIConformant"); + serviceProviderProperty.setValue("true"); + serviceProviderProperties = (ServiceProviderProperty[]) ArrayUtils.add(serviceProviderProperties, + serviceProviderProperty); + serviceProvider.setSpProperties(serviceProviderProperties); + whenNew(ServiceProvider.class).withNoArguments().thenReturn(serviceProvider); + doNothing().when(mockApplicationManagementService).updateApplication + (serviceProvider , dummyTenantDomain, dummyUserName);*/ + dcrmService.registerApplication(applicationRegistrationRequest); } catch (IdentityException ex) { assertEquals(ex.getMessage(), "Error while deleting the OAuth application with consumer key: " + @@ -1152,4 +1170,18 @@ public void registerApplicationTestWithRedirectURls(List redirectUri, Li assertFalse(invalidCallback.matches(regexp)); } } + @Test(description = "Test to store service provider properties when defined in a map") + public void testAddSPProperties() throws Exception { + + ServiceProvider serviceProvider = new ServiceProvider(); + Map spProperties = new HashMap<>(); + spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); + spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); + invokeMethod(dcrmService, "addSPProperties", spProperties, serviceProvider); + ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); + boolean propertyExists = Arrays.stream(serviceProviderProperties) + .anyMatch(property -> property.getName().equals(OAuthConstants.IS_FAPI_CONFORMANT_APP)); + assertTrue(propertyExists); + + } } From d2caa0cf1e61446265197460eab21fc1bd921988 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 7 Oct 2023 11:09:23 +0530 Subject: [PATCH 11/23] address pr comments and remove authorization response encryption --- .../endpoint/dto/RegistrationRequestDTO.java | 47 +++-------- .../dcr/endpoint/dto/UpdateRequestDTO.java | 81 +++++++------------ .../oauth2/dcr/endpoint/util/DCRMUtils.java | 8 -- .../api.identity.oauth.dcr.endpoint.yaml | 32 ++++++-- .../identity/oauth/dcr/bean/Application.java | 67 ++++++++++----- .../bean/ApplicationRegistrationRequest.java | 51 +++++++----- .../dcr/bean/ApplicationUpdateRequest.java | 53 +++++++----- .../oauth/dcr/service/DCRMService.java | 12 +-- .../oauth/dcr/service/DCRMServiceTest.java | 15 +--- .../identity/oauth/OAuthAdminServiceImpl.java | 12 +-- .../wso2/carbon/identity/oauth/OAuthUtil.java | 2 - .../identity/oauth/dao/OAuthAppDAO.java | 25 +----- .../carbon/identity/oauth/dao/OAuthAppDO.java | 44 +++++----- .../oauth/dto/OAuthConsumerAppDTO.java | 40 ++++----- 14 files changed, 236 insertions(+), 253 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java index 3b8474fbfb..afecc65764 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java @@ -3,8 +3,9 @@ import java.util.ArrayList; import java.util.List; -import io.swagger.annotations.*; -import com.fasterxml.jackson.annotation.*; +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; import javax.validation.constraints.NotNull; @@ -46,9 +47,7 @@ public class RegistrationRequestDTO { private String idTokenSignedResponseAlg = null; private String idTokenEncryptedResponseAlg = null; private String idTokenEncryptedResponseEnc = null; - private String authorizationEncryptedResponseAlg = null; private String authorizationSignedResponseAlg = null; - private String authorizationEncryptedResponseEnc = null; private String requestObjectSigningAlg = null; private String tlsClientAuthSubjectDn = null; private boolean requirePushAuthorizationRequest; @@ -362,16 +361,6 @@ public String getIdTokenEncryptedResponseEnc() { public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } - - @ApiModelProperty(value = "") - @JsonProperty("authorization_encrypted_response_alg") - public String getAuthorizationEncryptedResponseAlg() { - return authorizationEncryptedResponseAlg; - } - public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { - this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; - } - @ApiModelProperty(value = "") @JsonProperty("authorization_signed_response_alg") public String getAuthorizationSignedResponseAlg() { @@ -380,16 +369,6 @@ public String getAuthorizationSignedResponseAlg() { public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; } - - @ApiModelProperty(value = "") - @JsonProperty("authorization_encrypted_response_enc") - public String getAuthorizationEncryptedResponseEnc() { - return authorizationEncryptedResponseEnc; - } - public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { - this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; - } - @ApiModelProperty(value = "") @JsonProperty("request_object_signing_alg") public String getRequestObjectSigningAlg() { @@ -509,17 +488,15 @@ public String toString() { sb.append(" ext_pkce_mandatory: ").append(extPkceMandatory).append("\n"); sb.append(" ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n"); sb.append(" ext_public_client: ").append(extPublicClient).append("\n"); - sb.append(" tokenEndpointAuthMethod: ").append(tokenEndpointAuthMethod).append("\n"); - sb.append(" tokenEndpointAuthSigningAlg: ").append(tokenEndpointAuthSigningAlg).append("\n"); - sb.append(" sectorIdentifierUri: ").append(sectorIdentifierUri).append("\n"); - sb.append(" idTokenSignedResponseAlg: ").append(idTokenSignedResponseAlg).append("\n"); - sb.append(" idTokenEncryptedResponseAlg: ").append(idTokenEncryptedResponseAlg).append("\n"); - sb.append(" idTokenEncryptedResponseEnc: ").append(idTokenEncryptedResponseEnc).append("\n"); - sb.append(" authorizationEncryptedResponseAlg: ").append(authorizationEncryptedResponseAlg).append("\n"); - sb.append(" authorizationSignedResponseAlg: ").append(authorizationSignedResponseAlg).append("\n"); - sb.append(" authorizationEncryptedResponseEnc: ").append(authorizationEncryptedResponseEnc).append("\n"); - sb.append(" requestObjectSigningAlg: ").append(requestObjectSigningAlg).append("\n"); - sb.append(" tlsClientAuthSubjectDn: ").append(tlsClientAuthSubjectDn).append("\n"); + sb.append(" token_endpoint_auth_method: ").append(tokenEndpointAuthMethod).append("\n"); + sb.append(" token_endpoint_auth_signing_alg: ").append(tokenEndpointAuthSigningAlg).append("\n"); + sb.append(" sector_identifier_uri: ").append(sectorIdentifierUri).append("\n"); + sb.append(" id_token_signed_response_alg: ").append(idTokenSignedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_alg: ").append(idTokenEncryptedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_enc: ").append(idTokenEncryptedResponseEnc).append("\n"); + sb.append(" authorization_signed_response_alg: ").append(authorizationSignedResponseAlg).append("\n"); + sb.append(" request_object_signing_alg: ").append(requestObjectSigningAlg).append("\n"); + sb.append(" tls_client_auth_subject_dn: ").append(tlsClientAuthSubjectDn).append("\n"); sb.append(" require_signed_request_object: ").append(requireSignedRequestObject).append("\n"); sb.append(" require_pushed_authorization_requests: ").append(requirePushAuthorizationRequest).append("\n"); sb.append(" tls_client_certificate_bound_access_tokens: ") diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java index ca2f16ce83..477f9936f4 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java @@ -3,8 +3,9 @@ import java.util.ArrayList; import java.util.List; -import io.swagger.annotations.*; -import com.fasterxml.jackson.annotation.*; +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; import javax.validation.constraints.NotNull; @@ -36,9 +37,7 @@ public class UpdateRequestDTO { private String idTokenSignedResponseAlg = null; private String idTokenEncryptedResponseAlg = null; private String idTokenEncryptedResponseEnc = null; - private String authorizationEncryptedResponseAlg = null; private String authorizationSignedResponseAlg = null; - private String authorizationEncryptedResponseEnc = null; private String requestObjectSigningAlg = null; private String tlsClientAuthSubjectDn = null; private boolean requirePushAuthorizationRequest; @@ -277,17 +276,6 @@ public String getIdTokenEncryptedResponseEnc() { public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } - - @ApiModelProperty(value = "") - @JsonProperty("authorization_encrypted_response_alg") - public String getAuthorizationEncryptedResponseAlg() { - return authorizationEncryptedResponseAlg; - } - - public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { - this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; - } - @ApiModelProperty(value = "") @JsonProperty("authorization_signed_response_alg") public String getAuthorizationSignedResponseAlg() { @@ -297,17 +285,6 @@ public String getAuthorizationSignedResponseAlg() { public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; } - - @ApiModelProperty(value = "") - @JsonProperty("authorization_encrypted_response_enc") - public String getAuthorizationEncryptedResponseEnc() { - return authorizationEncryptedResponseEnc; - } - - public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { - this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; - } - @ApiModelProperty(value = "") @JsonProperty("request_object_signing_alg") public String getRequestObjectSigningAlg() { @@ -413,34 +390,32 @@ public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class UpdateRequestDTO {\n"); - sb.append(" redirectUris: ").append(redirectUris).append("\n"); - sb.append(" clientName: ").append(clientName).append("\n"); - sb.append(" clientId: ").append(clientId).append("\n"); - sb.append(" clientSecret: ").append(clientSecret).append("\n"); - sb.append(" grantTypes: ").append(grantTypes).append("\n"); - sb.append(" backchannelLogoutUri: ").append(backchannelLogoutUri).append("\n"); - sb.append(" backchannelLogoutSessionRequired: ").append(backchannelLogoutSessionRequired).append("\n"); - sb.append(" extApplicationDisplayName: ").append(extApplicationDisplayName).append("\n"); + sb.append(" redirect_uris: ").append(redirectUris).append("\n"); + sb.append(" client_name: ").append(clientName).append("\n"); + sb.append(" grant_types: ").append(clientId).append("\n"); + sb.append(" client_secret: ").append(clientSecret).append("\n"); + sb.append(" grant_types: ").append(grantTypes).append("\n"); + sb.append(" backchannel_logout_uri: ").append(backchannelLogoutUri).append("\n"); + sb.append(" backchannel_logout_session_required: ").append(backchannelLogoutSessionRequired).append("\n"); + sb.append(" ext_application_display_name: ").append(extApplicationDisplayName).append("\n"); sb.append(" tokenTypeExtension: ").append(tokenType).append("\n"); - sb.append(" extApplicationOwner: ").append(extApplicationOwner).append("\n"); - sb.append(" extApplicationTokenLifetime: ").append(extApplicationTokenLifetime).append("\n"); - sb.append(" extUserTokenLifetime: ").append(extUserTokenLifetime).append("\n"); - sb.append(" extRefreshTokenLifetime: ").append(extRefreshTokenLifetime).append("\n"); - sb.append(" extIdTokenLifetime: ").append(extIdTokenLifetime).append("\n"); - sb.append(" extPkceMandatory: ").append(extPkceMandatory).append("\n"); - sb.append(" extPkceSupportPlain: ").append(extPkceSupportPlain).append("\n"); - sb.append(" extPublicClient: ").append(extPublicClient).append("\n"); - sb.append(" tokenEndpointAuthMethod: ").append(tokenEndpointAuthMethod).append("\n"); - sb.append(" tokenEndpointAuthSigningAlg: ").append(tokenEndpointAuthSigningAlg).append("\n"); - sb.append(" sectorIdentifierUri: ").append(sectorIdentifierUri).append("\n"); - sb.append(" idTokenSignedResponseAlg: ").append(idTokenSignedResponseAlg).append("\n"); - sb.append(" idTokenEncryptedResponseAlg: ").append(idTokenEncryptedResponseAlg).append("\n"); - sb.append(" idTokenEncryptedResponseEnc: ").append(idTokenEncryptedResponseEnc).append("\n"); - sb.append(" authorizationEncryptedResponseAlg: ").append(authorizationEncryptedResponseAlg).append("\n"); - sb.append(" authorizationSignedResponseAlg: ").append(authorizationSignedResponseAlg).append("\n"); - sb.append(" authorizationEncryptedResponseEnc: ").append(authorizationEncryptedResponseEnc).append("\n"); - sb.append(" requestObjectSigningAlg: ").append(requestObjectSigningAlg).append("\n"); - sb.append(" tlsClientAuthSubjectDn: ").append(tlsClientAuthSubjectDn).append("\n"); + sb.append(" ext_application_owner: ").append(extApplicationOwner).append("\n"); + sb.append(" ext_application_token_lifetime: ").append(extApplicationTokenLifetime).append("\n"); + sb.append(" ext_user_token_lifetime: ").append(extUserTokenLifetime).append("\n"); + sb.append(" ext_refresh_token_lifetime: ").append(extRefreshTokenLifetime).append("\n"); + sb.append(" ext_id_token_lifetime: ").append(extIdTokenLifetime).append("\n"); + sb.append(" ext_pkce_mandatory: ").append(extPkceMandatory).append("\n"); + sb.append(" ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n"); + sb.append(" ext_public_client: ").append(extPublicClient).append("\n"); + sb.append(" token_endpoint_auth_method: ").append(tokenEndpointAuthMethod).append("\n"); + sb.append(" token_endpoint_auth_signing_alg: ").append(tokenEndpointAuthSigningAlg).append("\n"); + sb.append(" sector_identifier_uri: ").append(sectorIdentifierUri).append("\n"); + sb.append(" id_token_signed_response_alg: ").append(idTokenSignedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_alg: ").append(idTokenEncryptedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_enc: ").append(idTokenEncryptedResponseEnc).append("\n"); + sb.append(" authorization_signed_response_alg: ").append(authorizationSignedResponseAlg).append("\n"); + sb.append(" request_object_signing_alg: ").append(requestObjectSigningAlg).append("\n"); + sb.append(" tls_client_auth_subject_dn: ").append(tlsClientAuthSubjectDn).append("\n"); sb.append("}\n"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index 556f0308b3..39a70873bc 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -86,10 +86,6 @@ public static ApplicationRegistrationRequest getApplicationRegistrationRequest( appRegistrationRequest.setIdTokenSignatureAlgorithm(registrationRequestDTO.getIdTokenSignedResponseAlg()); appRegistrationRequest.setIdTokenEncryptionAlgorithm(registrationRequestDTO.getIdTokenEncryptedResponseAlg()); appRegistrationRequest.setIdTokenEncryptionMethod(registrationRequestDTO.getIdTokenEncryptedResponseEnc()); - appRegistrationRequest.setAuthorizationResponseEncryptionAlgorithm - (registrationRequestDTO.getAuthorizationEncryptedResponseAlg()); - appRegistrationRequest.setAuthorizationResponseEncryptionMethod - (registrationRequestDTO.getAuthorizationEncryptedResponseEnc()); appRegistrationRequest.setAuthorizationResponseSignatureAlgorithm (registrationRequestDTO.getAuthorizationSignedResponseAlg()); appRegistrationRequest.setRequestObjectSignatureAlgorithm(registrationRequestDTO.getRequestObjectSigningAlg()); @@ -134,10 +130,6 @@ public static ApplicationUpdateRequest getApplicationUpdateRequest(UpdateRequest applicationUpdateRequest.setIdTokenSignatureAlgorithm(updateRequestDTO.getIdTokenSignedResponseAlg()); applicationUpdateRequest.setIdTokenEncryptionAlgorithm(updateRequestDTO.getIdTokenEncryptedResponseAlg()); applicationUpdateRequest.setIdTokenEncryptionMethod(updateRequestDTO.getIdTokenEncryptedResponseEnc()); - applicationUpdateRequest.setAuthorizationResponseEncryptionAlgorithm( - updateRequestDTO.getAuthorizationEncryptedResponseAlg()); - applicationUpdateRequest.setAuthorizationResponseEncryptionMethod( - updateRequestDTO.getAuthorizationEncryptedResponseEnc()); applicationUpdateRequest.setAuthorizationResponseSignatureAlgorithm( updateRequestDTO.getAuthorizationSignedResponseAlg()); applicationUpdateRequest.setRequestObjectSignatureAlgorithm( diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml b/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml index cd3264e720..b88df48270 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml @@ -344,16 +344,24 @@ definitions: type: string id_token_encrypted_response_enc: type: string - authorization_encrypted_response_alg: - type: string authorization_signed_response_alg: type: string - authorization_encrypted_response_enc: - type: string request_object_signing_alg: type: string tls_client_auth_subject_dn: type: string + require_signed_request_object: + type: boolean + require_pushed_authorization_requests: + type: boolean + tls_client_certificate_bound_access_tokens: + type: boolean + subject_type: + type: string + request_object_encryption_alg: + type: string + request_object_encryption_enc: + type: string #----------------------------------------------------- # The Application Update Request Object #----------------------------------------------------- @@ -414,16 +422,24 @@ definitions: type: string id_token_encrypted_response_enc: type: string - authorization_encrypted_response_alg: - type: string authorization_signed_response_alg: type: string - authorization_encrypted_response_enc: - type: string request_object_signing_alg: type: string tls_client_auth_subject_dn: type: string + require_signed_request_object: + type: boolean + require_pushed_authorization_requests: + type: boolean + tls_client_certificate_bound_access_tokens: + type: boolean + subject_type: + type: string + request_object_encryption_alg: + type: string + request_object_encryption_enc: + type: string #----------------------------------------------------- # The OAuth2 Application Object #----------------------------------------------------- diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java index 15f356bdaa..b4205dd066 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java @@ -38,9 +38,7 @@ public class Application implements Serializable { private String tokenEndpointAuthSignatureAlgorithm = null; private String sectorIdentifierURI = null; private String idTokenSignatureAlgorithm = null; - private String authorizationResponseEncryptionAlgorithm = null; private String authorizationResponseSignatureAlgorithm = null; - private String authorizationResponseEncryptionMethod = null; private String requestObjectSignatureAlgorithm = null; private String tlsClientAuthSubjectDN = null; private boolean requirePushedAuthorizationRequests; @@ -51,6 +49,7 @@ public class Application implements Serializable { private boolean isRequestObjectSignatureValidationEnabled; private String idTokenEncryptionAlgorithm = null; private String idTokenEncryptionMethod = null; + public String getClientName() { return clientName; @@ -101,146 +100,162 @@ public void setGrantTypes(List grantTypes) { this.grantTypes = grantTypes; } public String getJwksURI() { + return jwksURI; } public void setJwksURI(String jwksURI) { + this.jwksURI = jwksURI; } public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; } public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; } public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; } public String getSectorIdentifierURI() { + return sectorIdentifierURI; } public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; } public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; } public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { - this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; - } - - public String getAuthorizationResponseEncryptionAlgorithm() { - return authorizationResponseEncryptionAlgorithm; - } - public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { - this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; } public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getAuthorizationResponseEncryptionMethod() { - return authorizationResponseEncryptionMethod; - } - - public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { - this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; } public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; } public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; } public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; } public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; } public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; } public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; } public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; } public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; } public String getSubjectType() { + return subjectType; } public void setSubjectType(String subjectType) { + this.subjectType = subjectType; } public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; } public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; } public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; } public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; } public boolean isRequestObjectSignatureValidationEnabled() { + return isRequestObjectSignatureValidationEnabled; } public void setRequestObjectSignatureValidationEnabled(boolean requestObjectSignatureValidationEnabled) { + isRequestObjectSignatureValidationEnabled = requestObjectSignatureValidationEnabled; } public String getIdTokenEncryptionAlgorithm() { + return idTokenEncryptionAlgorithm; } public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; } public String getIdTokenEncryptionMethod() { + return idTokenEncryptionMethod; } public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + this.idTokenEncryptionMethod = idTokenEncryptionMethod; } @Override @@ -252,6 +267,22 @@ public String toString() { " clientSecret: " + this.clientSecret + "\n" + " redirectUris: " + this.redirectUris + "\n" + " grantTypes: " + this.grantTypes + "\n" + + " jwksURI: " + this.jwksURI + "\n" + + " tokenEndpointAuthMethod: " + this.tokenEndpointAuthMethod + "\n" + + " tokenEndpointAuthSignatureAlgorithm: " + this.tokenEndpointAuthSignatureAlgorithm + "\n" + + " sectorIdentifierURI: " + this.sectorIdentifierURI + "\n" + + " idTokenSignatureAlgorithm: " + this.idTokenSignatureAlgorithm + "\n" + + " authorizationResponseSignatureAlgorithm: " + this.authorizationResponseSignatureAlgorithm + "\n" + + " requestObjectSignatureAlgorithm: " + this.requestObjectSignatureAlgorithm + "\n" + + " tlsClientAuthSubjectDN: " + this.tlsClientAuthSubjectDN + "\n" + + " requirePushedAuthorizationRequests: " + this.requirePushedAuthorizationRequests + "\n" + + " tlsClientCertificateBoundAccessTokens: " + this.tlsClientCertificateBoundAccessTokens + "\n" + + " subjectType: " + this.subjectType + "\n" + + " requestObjectEncryptionAlgorithm: " + this.requestObjectEncryptionAlgorithm + "\n" + + " requestObjectEncryptionMethod: " + this.requestObjectEncryptionMethod + "\n" + + " isRequestObjectSignatureValidationEnabled: " + this.isRequestObjectSignatureValidationEnabled + "\n" + + " idTokenEncryptionAlgorithm: " + this.idTokenEncryptionAlgorithm + "\n" + + " idTokenEncryptionMethod: " + this.idTokenEncryptionMethod + "\n" + "}\n"; } } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java index 43ca17cea8..86efd0e35c 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java @@ -55,9 +55,7 @@ public class ApplicationRegistrationRequest implements Serializable { private String idTokenSignatureAlgorithm; private String idTokenEncryptionAlgorithm; private String idTokenEncryptionMethod; - private String authorizationResponseEncryptionAlgorithm; private String authorizationResponseSignatureAlgorithm; - private String authorizationResponseEncryptionMethod; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -349,146 +347,161 @@ public void setExtPublicClient(boolean extPublicClient) { } public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; } public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; } public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; } public String getSectorIdentifierURI() { + return sectorIdentifierURI; } public void setSectorIdentifierURI(String sectorIdentifierURI) { - this.sectorIdentifierURI = sectorIdentifierURI; - } - - public String getAuthorizationResponseEncryptionAlgorithm() { - return authorizationResponseEncryptionAlgorithm; - } - - public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { - this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + this.sectorIdentifierURI = sectorIdentifierURI; } public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; } public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - - public String getAuthorizationResponseEncryptionMethod() { - return authorizationResponseEncryptionMethod; - } - public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { - this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; } public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; } public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; } public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; } public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; } public String getSubjectType() { + return subjectType; } public void setSubjectType(String subjectType) { + this.subjectType = subjectType; } public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; } public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; } public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; } public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; } public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; } public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } public String getIdTokenEncryptionAlgorithm() { + return idTokenEncryptionAlgorithm; } public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; } public String getIdTokenEncryptionMethod() { + return idTokenEncryptionMethod; } public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + this.idTokenEncryptionMethod = idTokenEncryptionMethod; } public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; } public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; } public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; } public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; } public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; } public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; } public String getSoftwareStatement() { + return softwareStatement; } public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java index 82a66883fc..385b3fc488 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java @@ -51,9 +51,7 @@ public class ApplicationUpdateRequest implements Serializable { private String idTokenSignatureAlgorithm; private String idTokenEncryptionAlgorithm; private String idTokenEncryptionMethod; - private String authorizationResponseEncryptionAlgorithm; private String authorizationResponseSignatureAlgorithm; - private String authorizationResponseEncryptionMethod; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -276,154 +274,171 @@ public void setExtPublicClient(boolean extPublicClient) { } public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; } public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; } public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; } public String getSectorIdentifierURI() { + return sectorIdentifierURI; } public void setSectorIdentifierURI(String sectorIdentifierURI) { - this.sectorIdentifierURI = sectorIdentifierURI; - } - - public String getAuthorizationResponseEncryptionAlgorithm() { - return authorizationResponseEncryptionAlgorithm; - } - - public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { - this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + this.sectorIdentifierURI = sectorIdentifierURI; } public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; } public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getAuthorizationResponseEncryptionMethod() { - return authorizationResponseEncryptionMethod; - } - - public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { - this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; } public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; } public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; } public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; } public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; } public String getSubjectType() { + return subjectType; } public void setSubjectType(String subjectType) { + this.subjectType = subjectType; } public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; } public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; } public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; } public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; } public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; } public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } public String getIdTokenEncryptionAlgorithm() { + return idTokenEncryptionAlgorithm; } public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; } public String getIdTokenEncryptionMethod() { + return idTokenEncryptionMethod; } public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + this.idTokenEncryptionMethod = idTokenEncryptionMethod; } public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; } public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; } public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; } public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; } public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; } public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; } public String getSoftwareStatement() { + return softwareStatement; } public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; } public String getJwksURI() { + return jwksURI; } public void setJwksURI(String jwksURI) { + this.jwksURI = jwksURI; } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 7c1698f20e..d593ff6edb 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -89,7 +89,7 @@ public Application getApplication(String clientId) throws DCRMException { validateRequestTenantDomain(clientId); OAuthConsumerAppDTO consumerAppDTO = getApplicationById( clientId, DCRMUtils.isApplicationRolePermissionRequired()); - //get the jwksURI from the service provider + // Get the jwksURI from the service provider. String applicationName = consumerAppDTO.getApplicationName(); String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); ServiceProvider serviceProvider = getServiceProvider(applicationName, tenantDomain); @@ -225,7 +225,7 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str } // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName()); - //update jwksURI + // Update jwksURI. if (StringUtils.isNotEmpty(updateRequest.getJwksURI())) { sp.setJwksUri(updateRequest.getJwksURI()); } @@ -334,7 +334,7 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str DCRMConstants.ErrorMessages.FAILED_TO_UPDATE_APPLICATION, clientId, e); } OAuthConsumerAppDTO oAuthConsumerAppDTO = getApplicationById(clientId); - //setting the jwksURI to be sent in the response + // Setting the jwksURI to be sent in the response. oAuthConsumerAppDTO.setJwksURI(updateRequest.getJwksURI()); return buildResponse(oAuthConsumerAppDTO); } @@ -448,14 +448,14 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(serviceProvider, registrationRequest.getExtApplicationDisplayName()); - //store jwksURI + // Store jwksURI. if (StringUtils.isNotEmpty(registrationRequest.getJwksURI())) { serviceProvider.setJwksUri(registrationRequest.getJwksURI()); } try { updateServiceProviderWithOAuthAppDetails(serviceProvider, createdApp, applicationOwner, tenantDomain); - //setting the jwksURI to be sent in the response + // Setting the jwksURI to be sent in the response. createdApp.setJwksURI(registrationRequest.getJwksURI()); } catch (DCRMException ex) { // Delete the OAuth app created. This will also remove the registered SP for the OAuth app. @@ -659,7 +659,7 @@ private ServiceProvider createServiceProvider(String applicationOwner, String te sp.setDescription("Service Provider for application " + spName); sp.setManagementApp(isManagementApp); - //add FAPI conformant application nad isThirdParty property to the service provider + // Add FAPI conformant application nad isThirdParty property to the service provider. Map spProperties = new HashMap<>(); spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index 2c6adede47..a763618cce 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -908,20 +908,6 @@ public void deleteOAuthApplicationWithoutAssociatedSPwithError(List redi PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(mockedUserRealm); when(mockedUserRealm.getUserStoreManager()).thenReturn(mockedUserStoreManager); when(mockedUserStoreManager.isUserInRole(anyString(), anyString())).thenReturn(true); - - - /*ServiceProvider serviceProvider = new ServiceProvider(); - ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); - ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty(); - serviceProviderProperty.setName("isFAPIConformant"); - serviceProviderProperty.setValue("true"); - serviceProviderProperties = (ServiceProviderProperty[]) ArrayUtils.add(serviceProviderProperties, - serviceProviderProperty); - serviceProvider.setSpProperties(serviceProviderProperties); - whenNew(ServiceProvider.class).withNoArguments().thenReturn(serviceProvider); - doNothing().when(mockApplicationManagementService).updateApplication - (serviceProvider , dummyTenantDomain, dummyUserName);*/ - dcrmService.registerApplication(applicationRegistrationRequest); } catch (IdentityException ex) { assertEquals(ex.getMessage(), "Error while deleting the OAuth application with consumer key: " + @@ -1170,6 +1156,7 @@ public void registerApplicationTestWithRedirectURls(List redirectUri, Li assertFalse(invalidCallback.matches(regexp)); } } + @Test(description = "Test to store service provider properties when defined in a map") public void testAddSPProperties() throws Exception { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 283695bee0..01653a1b9a 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -352,10 +352,6 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer app.setIdTokenSignatureAlgorithm(application.getIdTokenSignatureAlgorithm()); app.setAuthorizationResponseSignatureAlgorithm( application.getAuthorizationResponseSignatureAlgorithm()); - app.setAuthorizationResponseEncryptionAlgorithm( - application.getAuthorizationResponseEncryptionAlgorithm()); - app.setAuthorizationResponseEncryptionMethod( - application.getAuthorizationResponseEncryptionMethod()); app.setRequestObjectSignatureAlgorithm(application.getRequestObjectSignatureAlgorithm()); app.setTlsClientAuthSubjectDN(application.getTlsClientAuthSubjectDN()); app.setSubjectType(application.getSubjectType()); @@ -649,10 +645,6 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws oauthappdo.setIdTokenSignatureAlgorithm(consumerAppDTO.getIdTokenSignatureAlgorithm()); oauthappdo.setAuthorizationResponseSignatureAlgorithm( consumerAppDTO.getAuthorizationResponseSignatureAlgorithm()); - oauthappdo.setAuthorizationResponseEncryptionAlgorithm( - consumerAppDTO.getAuthorizationResponseEncryptionAlgorithm()); - oauthappdo.setAuthorizationResponseEncryptionMethod( - consumerAppDTO.getAuthorizationResponseEncryptionMethod()); oauthappdo.setRequestObjectSignatureAlgorithm(consumerAppDTO.getRequestObjectSignatureAlgorithm()); oauthappdo.setTlsClientAuthSubjectDN(consumerAppDTO.getTlsClientAuthSubjectDN()); oauthappdo.setSubjectType(consumerAppDTO.getSubjectType()); @@ -972,8 +964,8 @@ public void updateConsumerAppState(String consumerKey, String newState) throws I if (initiatorId.isPresent()) { AuditLog.AuditLogBuilder auditLogBuilder = new AuditLog.AuditLogBuilder( initiatorId.get(), USER, consumerKey, TARGET_APPLICATION, - OAuthConstants.LogConstants.UPDATE_APP_STATE) - .data(Map.of("state", newState)); + OAuthConstants.LogConstants.UPDATE_APP_STATE); + triggerAuditLogEvent(auditLogBuilder, true); } else { LOG.error("Error getting the logged in userId"); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 2acfa6bcd8..0130ab43d9 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -501,8 +501,6 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setSectorIdentifierURI(appDO.getSectorIdentifierURI()); dto.setIdTokenSignatureAlgorithm(appDO.getIdTokenSignatureAlgorithm()); dto.setAuthorizationResponseSignatureAlgorithm(appDO.getAuthorizationResponseSignatureAlgorithm()); - dto.setAuthorizationResponseEncryptionAlgorithm(appDO.getAuthorizationResponseEncryptionAlgorithm()); - dto.setAuthorizationResponseEncryptionMethod(appDO.getAuthorizationResponseEncryptionMethod()); dto.setRequestObjectSignatureAlgorithm(appDO.getRequestObjectSignatureAlgorithm()); dto.setTlsClientAuthSubjectDN(appDO.getTlsClientAuthSubjectDN()); dto.setSubjectType(appDO.getSubjectType()); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index 958eacf8fb..07dfaff375 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -882,14 +882,6 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, ID_TOKEN_SIGNATURE_ALGORITHM, oauthAppDO.getIdTokenSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - AUTH_RESPONSE_ENCRYPTION_ALGORITHM, oauthAppDO.getAuthorizationResponseEncryptionAlgorithm(), - prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - AUTH_RESPONSE_ENCRYPTION_METHOD, oauthAppDO.getAuthorizationResponseEncryptionMethod(), - prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, AUTH_RESPONSE_SIGNATURE_ALGORITHM, oauthAppDO.getAuthorizationResponseSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); @@ -903,7 +895,7 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - REQUEST_OBJECT_ENCRYPTION_METHOD, oauthAppDO.getAuthorizationResponseEncryptionMethod(), + REQUEST_OBJECT_ENCRYPTION_METHOD, oauthAppDO.getRequestObjectEncryptionMethod(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, @@ -1518,12 +1510,6 @@ private void addServiceProviderOIDCProperties(Connection connection, addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, ID_TOKEN_SIGNATURE_ALGORITHM, consumerAppDO.getIdTokenSignatureAlgorithm()); - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - AUTH_RESPONSE_ENCRYPTION_ALGORITHM, consumerAppDO.getAuthorizationResponseEncryptionAlgorithm()); - - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - AUTH_RESPONSE_ENCRYPTION_METHOD, consumerAppDO.getAuthorizationResponseEncryptionMethod()); - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, AUTH_RESPONSE_SIGNATURE_ALGORITHM, consumerAppDO.getAuthorizationResponseSignatureAlgorithm()); @@ -1676,14 +1662,7 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu } String authResponseEncryptionAlgorithm = getFirstPropertyValue( spOIDCProperties, AUTH_RESPONSE_ENCRYPTION_ALGORITHM); - if (authResponseEncryptionAlgorithm != null) { - oauthApp.setAuthorizationResponseEncryptionAlgorithm(authResponseEncryptionAlgorithm); - } - String authResponseEncryptionMethod = getFirstPropertyValue( - spOIDCProperties, AUTH_RESPONSE_ENCRYPTION_METHOD); - if (authResponseEncryptionMethod != null) { - oauthApp.setAuthorizationResponseEncryptionMethod(authResponseEncryptionMethod); - } + String requestObjectSignatureAlgorithm = getFirstPropertyValue( spOIDCProperties, REQUEST_OBJECT_SIGNATURE_ALGORITHM); if (requestObjectSignatureAlgorithm != null) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java index a4baf117c4..b4a8396de5 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java @@ -82,9 +82,7 @@ public class OAuthAppDO extends InboundConfigurationProtocol implements Serializ private String tokenEndpointAuthSignatureAlgorithm; private String sectorIdentifierURI; private String idTokenSignatureAlgorithm; - private String authorizationResponseEncryptionAlgorithm; private String authorizationResponseSignatureAlgorithm; - private String authorizationResponseEncryptionMethod; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -356,114 +354,120 @@ public void setTokenBindingValidationEnabled(boolean tokenBindingValidationEnabl this.tokenBindingValidationEnabled = tokenBindingValidationEnabled; } public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; } public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; } public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; } public String getSectorIdentifierURI() { + return sectorIdentifierURI; } public void setSectorIdentifierURI(String sectorIdentifierURI) { + this.sectorIdentifierURI = sectorIdentifierURI; } public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; } public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { - this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; - } - public String getAuthorizationResponseEncryptionAlgorithm() { - return authorizationResponseEncryptionAlgorithm; - } - - public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { - this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } - public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; } public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - - public String getAuthorizationResponseEncryptionMethod() { - return authorizationResponseEncryptionMethod; - } - public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { - this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; } - public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; } public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; } public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; } public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; } public boolean isRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; } public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; } public boolean isTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; } public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; } public String getSubjectType() { + return subjectType; } public void setSubjectType(String subjectType) { + this.subjectType = subjectType; } public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; } public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; } public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; } public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index 55f6deea7e..7c42a0143c 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -57,9 +57,7 @@ public class OAuthConsumerAppDTO { private String tokenEndpointAuthSignatureAlgorithm; private String sectorIdentifierURI; private String idTokenSignatureAlgorithm; - private String authorizationResponseEncryptionAlgorithm; private String authorizationResponseSignatureAlgorithm; - private String authorizationResponseEncryptionMethod; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -331,104 +329,110 @@ public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { } public String getTokenEndpointAuthSignatureAlgorithm() { + return tokenEndpointAuthSignatureAlgorithm; } public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; } public String getSectorIdentifierURI() { + return sectorIdentifierURI; } public void setSectorIdentifierURI(String sectorIdentifierURI) { - this.sectorIdentifierURI = sectorIdentifierURI; - } - public String getAuthorizationResponseEncryptionAlgorithm() { - return authorizationResponseEncryptionAlgorithm; - } - public void setAuthorizationResponseEncryptionAlgorithm(String authorizationResponseEncryptionAlgorithm) { - this.authorizationResponseEncryptionAlgorithm = authorizationResponseEncryptionAlgorithm; + this.sectorIdentifierURI = sectorIdentifierURI; } - public String getAuthorizationResponseSignatureAlgorithm() { + return authorizationResponseSignatureAlgorithm; } public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getAuthorizationResponseEncryptionMethod() { - return authorizationResponseEncryptionMethod; - } - - public void setAuthorizationResponseEncryptionMethod(String authorizationResponseEncryptionMethod) { - this.authorizationResponseEncryptionMethod = authorizationResponseEncryptionMethod; + this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; } public String getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; } public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; } public String getTlsClientAuthSubjectDN() { + return tlsClientAuthSubjectDN; } public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; } public boolean getRequirePushedAuthorizationRequests() { + return requirePushedAuthorizationRequests; } public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; } public boolean getTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens; } public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; } public String getSubjectType() { + return subjectType; } public void setSubjectType(String subjectType) { + this.subjectType = subjectType; } public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; } public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; } public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; } public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; } public String getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; } public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } From de99a788d2f6e23d59337876abbdab9a92649f31 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 7 Oct 2023 12:59:32 +0530 Subject: [PATCH 12/23] fix test failures and refactor code --- .../identity/oauth/common/OAuthConstants.java | 2 -- .../identity/oauth/dcr/bean/Application.java | 16 ---------------- .../oauth/dcr/service/DCRMService.java | 19 ------------------- .../oauth/dcr/service/DCRMServiceTest.java | 1 + .../identity/oauth/dao/OAuthAppDAO.java | 5 ----- 5 files changed, 1 insertion(+), 42 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java index a6e5a12c06..23b2bb8a8b 100644 --- a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java +++ b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java @@ -523,9 +523,7 @@ public static class OIDCConfigProperties { public static final String TOKEN_AUTH_SIGNATURE_ALGORITHM = "tokenEndpointAuthSigningAlg"; public static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri"; public static final String ID_TOKEN_SIGNATURE_ALGORITHM = "idTokenSignedResponseAlg"; - public static final String AUTH_RESPONSE_ENCRYPTION_ALGORITHM = "authorizationEncryptedResponseAlg"; public static final String AUTH_RESPONSE_SIGNATURE_ALGORITHM = "authorizationSignedResponseAlg"; - public static final String AUTH_RESPONSE_ENCRYPTION_METHOD = "authorizationEncryptedResponseEnc"; public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHM = "requestObjectSigningAlg"; public static final String TLS_SUBJECT_DN = "tlsClientAuthSubjectDn"; public static final String IS_PUSH_AUTH = "requirePushAuthorizationRequest"; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java index b4205dd066..d1dccbf8b7 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java @@ -267,22 +267,6 @@ public String toString() { " clientSecret: " + this.clientSecret + "\n" + " redirectUris: " + this.redirectUris + "\n" + " grantTypes: " + this.grantTypes + "\n" + - " jwksURI: " + this.jwksURI + "\n" + - " tokenEndpointAuthMethod: " + this.tokenEndpointAuthMethod + "\n" + - " tokenEndpointAuthSignatureAlgorithm: " + this.tokenEndpointAuthSignatureAlgorithm + "\n" + - " sectorIdentifierURI: " + this.sectorIdentifierURI + "\n" + - " idTokenSignatureAlgorithm: " + this.idTokenSignatureAlgorithm + "\n" + - " authorizationResponseSignatureAlgorithm: " + this.authorizationResponseSignatureAlgorithm + "\n" + - " requestObjectSignatureAlgorithm: " + this.requestObjectSignatureAlgorithm + "\n" + - " tlsClientAuthSubjectDN: " + this.tlsClientAuthSubjectDN + "\n" + - " requirePushedAuthorizationRequests: " + this.requirePushedAuthorizationRequests + "\n" + - " tlsClientCertificateBoundAccessTokens: " + this.tlsClientCertificateBoundAccessTokens + "\n" + - " subjectType: " + this.subjectType + "\n" + - " requestObjectEncryptionAlgorithm: " + this.requestObjectEncryptionAlgorithm + "\n" + - " requestObjectEncryptionMethod: " + this.requestObjectEncryptionMethod + "\n" + - " isRequestObjectSignatureValidationEnabled: " + this.isRequestObjectSignatureValidationEnabled + "\n" + - " idTokenEncryptionAlgorithm: " + this.idTokenEncryptionAlgorithm + "\n" + - " idTokenEncryptionMethod: " + this.idTokenEncryptionMethod + "\n" + "}\n"; } } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index d593ff6edb..c6a3a34e14 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -297,14 +297,6 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str appDTO.setAuthorizationResponseSignatureAlgorithm( updateRequest.getAuthorizationResponseSignatureAlgorithm()); } - if (updateRequest.getAuthorizationResponseEncryptionAlgorithm() != null) { - appDTO.setAuthorizationResponseEncryptionAlgorithm - (updateRequest.getAuthorizationResponseEncryptionAlgorithm()); - } - if (updateRequest.getAuthorizationResponseEncryptionMethod() != null) { - appDTO.setAuthorizationResponseEncryptionMethod - (updateRequest.getRequestObjectEncryptionMethod()); - } if (updateRequest.getRequestObjectSignatureAlgorithm() != null) { appDTO.setRequestObjectSignatureValidationEnabled (updateRequest.isRequireSignedRequestObject()); @@ -489,9 +481,6 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp) { application.setIdTokenEncryptionAlgorithm(createdApp.getIdTokenEncryptionAlgorithm()); application.setIdTokenEncryptionMethod(createdApp.getIdTokenEncryptionMethod()); application.setAuthorizationResponseSignatureAlgorithm(createdApp.getAuthorizationResponseSignatureAlgorithm()); - application.setAuthorizationResponseEncryptionAlgorithm( - createdApp.getAuthorizationResponseEncryptionAlgorithm()); - application.setAuthorizationResponseEncryptionMethod(createdApp.getRequestObjectEncryptionMethod()); application.setRequestObjectSignatureValidationEnabled(createdApp.isRequestObjectSignatureValidationEnabled()); application.setRequestObjectSignatureAlgorithm(createdApp.getRequestObjectSignatureAlgorithm()); application.setTlsClientAuthSubjectDN(createdApp.getTlsClientAuthSubjectDN()); @@ -592,14 +581,6 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist oAuthConsumerApp.setAuthorizationResponseSignatureAlgorithm (registrationRequest.getAuthorizationResponseSignatureAlgorithm()); } - if (registrationRequest.getAuthorizationResponseEncryptionAlgorithm() != null) { - oAuthConsumerApp.setAuthorizationResponseEncryptionAlgorithm - (registrationRequest.getAuthorizationResponseEncryptionAlgorithm()); - } - if (registrationRequest.getAuthorizationResponseEncryptionMethod() != null) { - oAuthConsumerApp.setAuthorizationResponseEncryptionMethod - (registrationRequest.getRequestObjectEncryptionMethod()); - } if (registrationRequest.getRequestObjectSignatureAlgorithm() != null) { oAuthConsumerApp.setRequestObjectSignatureAlgorithm( (registrationRequest.getRequestObjectSignatureAlgorithm())); diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index a763618cce..38361337a7 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -98,6 +98,7 @@ public class DCRMServiceTest extends PowerMockTestCase { private String dummyCallbackUrl = "dummyCallbackUrl"; private final String dummyTemplateName = "dummyTemplateName"; private final String dummyBackchannelLogoutUri = "http://backchannel.com/"; + private final String dummyJwskUri = "http://localhost.com/jwks"; @Mock private OAuthConsumerAppDTO dto; diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index 07dfaff375..e78531acc7 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -67,8 +67,6 @@ import java.util.Set; import static org.wso2.carbon.identity.oauth.OAuthUtil.handleError; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_ENCRYPTION_ALGORITHM; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_ENCRYPTION_METHOD; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_SIGNATURE_ALGORITHM; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BACK_CHANNEL_LOGOUT_URL; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BYPASS_CLIENT_CREDENTIALS; @@ -1660,9 +1658,6 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu if (authResponseSignatureAlgorithm != null) { oauthApp.setAuthorizationResponseSignatureAlgorithm(authResponseSignatureAlgorithm); } - String authResponseEncryptionAlgorithm = getFirstPropertyValue( - spOIDCProperties, AUTH_RESPONSE_ENCRYPTION_ALGORITHM); - String requestObjectSignatureAlgorithm = getFirstPropertyValue( spOIDCProperties, REQUEST_OBJECT_SIGNATURE_ALGORITHM); if (requestObjectSignatureAlgorithm != null) { From b1602a7376c4e0d03da79751bd24c2d0cf60e60c Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 7 Oct 2023 15:45:34 +0530 Subject: [PATCH 13/23] fix error --- .../wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java | 1 - 1 file changed, 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index 39a70873bc..c9150a3d6f 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -226,7 +226,6 @@ public static ApplicationDTO getApplicationDTOFromApplication(Application applic applicationDTO.setIdTokenEncryptedResponseAlg(application.getIdTokenEncryptionAlgorithm()); applicationDTO.setIdTokenEncryptedResponseEnc(application.getIdTokenEncryptionMethod()); applicationDTO.setAuthorizationSignedResponseAlg(application.getAuthorizationResponseSignatureAlgorithm()); - applicationDTO.setAuthorizationEncryptedResponseAlg(application.getAuthorizationResponseEncryptionAlgorithm()); applicationDTO.setAuthorizationEncryptedResponseEnc(application.getRequestObjectEncryptionMethod()); applicationDTO.setRequireSignedRequestObject(application.isRequestObjectSignatureValidationEnabled()); applicationDTO.setRequestObjectSigningAlg(application.getRequestObjectSignatureAlgorithm()); From 01a651191a31bdc8c93dff43333c0e1cf6310143 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 7 Oct 2023 20:27:32 +0530 Subject: [PATCH 14/23] check FAPI enabled --- .../identity/oauth/dcr/service/DCRMService.java | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index c6a3a34e14..7c59ac7b14 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -640,11 +640,13 @@ private ServiceProvider createServiceProvider(String applicationOwner, String te sp.setDescription("Service Provider for application " + spName); sp.setManagementApp(isManagementApp); - // Add FAPI conformant application nad isThirdParty property to the service provider. - Map spProperties = new HashMap<>(); - spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); - spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); - addSPProperties(spProperties, sp); + if (OAuthServerConfiguration.getInstance().isFapiSecurity()) { + // Add FAPI conformant application nad isThirdParty property to the service provider. + Map spProperties = new HashMap<>(); + spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); + spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); + addSPProperties(spProperties, sp); + } createServiceProvider(sp, tenantDomain, applicationOwner, templateName); @@ -947,8 +949,7 @@ private ServiceProvider cloneServiceProvider(ServiceProvider serviceProvider) { * @param spProperties Map of property name and values to be added. * @param serviceProvider ServiceProvider object. */ - private void addSPProperties(Map spProperties, ServiceProvider serviceProvider) - throws DCRMException { + private void addSPProperties(Map spProperties, ServiceProvider serviceProvider) { ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); for (Map.Entry entry : spProperties.entrySet()) { From 8bc0d35183c90baf1e3a173d8a6d9e78ddc189f9 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 9 Oct 2023 15:22:09 +0530 Subject: [PATCH 15/23] remove FAPI related changes --- .../oauth/dcr/service/DCRMService.java | 30 ------------------- .../oauth/dcr/service/DCRMServiceTest.java | 15 ---------- 2 files changed, 45 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 7c59ac7b14..76a7ccc3d6 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -640,14 +640,6 @@ private ServiceProvider createServiceProvider(String applicationOwner, String te sp.setDescription("Service Provider for application " + spName); sp.setManagementApp(isManagementApp); - if (OAuthServerConfiguration.getInstance().isFapiSecurity()) { - // Add FAPI conformant application nad isThirdParty property to the service provider. - Map spProperties = new HashMap<>(); - spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); - spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); - addSPProperties(spProperties, sp); - } - createServiceProvider(sp, tenantDomain, applicationOwner, templateName); // Get created service provider. @@ -943,26 +935,4 @@ private ServiceProvider cloneServiceProvider(ServiceProvider serviceProvider) { ServiceProvider clonedServiceProvider = gson.fromJson(gson.toJson(serviceProvider), ServiceProvider.class); return clonedServiceProvider; } - - /** - * Add the properties to the service provider. - * @param spProperties Map of property name and values to be added. - * @param serviceProvider ServiceProvider object. - */ - private void addSPProperties(Map spProperties, ServiceProvider serviceProvider) { - - ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); - for (Map.Entry entry : spProperties.entrySet()) { - boolean propertyExists = Arrays.stream(serviceProviderProperties) - .anyMatch(property -> property.getName().equals(entry.getKey())); - if (!propertyExists) { - ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty(); - serviceProviderProperty.setName(entry.getKey()); - serviceProviderProperty.setValue(entry.getValue().toString()); - serviceProviderProperties = (ServiceProviderProperty[]) ArrayUtils.add(serviceProviderProperties, - serviceProviderProperty); - } - } - serviceProvider.setSpProperties(serviceProviderProperties); - } } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index 38361337a7..98c34c9f0a 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -1157,19 +1157,4 @@ public void registerApplicationTestWithRedirectURls(List redirectUri, Li assertFalse(invalidCallback.matches(regexp)); } } - - @Test(description = "Test to store service provider properties when defined in a map") - public void testAddSPProperties() throws Exception { - - ServiceProvider serviceProvider = new ServiceProvider(); - Map spProperties = new HashMap<>(); - spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true); - spProperties.put(OAuthConstants.IS_THIRD_PARTY_APP, true); - invokeMethod(dcrmService, "addSPProperties", spProperties, serviceProvider); - ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties(); - boolean propertyExists = Arrays.stream(serviceProviderProperties) - .anyMatch(property -> property.getName().equals(OAuthConstants.IS_FAPI_CONFORMANT_APP)); - assertTrue(propertyExists); - - } } From e169906902c3a7d526ad79bf4ae0fe6a6eda62bb Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 9 Oct 2023 16:11:43 +0530 Subject: [PATCH 16/23] remove unused imports --- .../wso2/carbon/identity/oauth/dcr/service/DCRMService.java | 2 -- .../carbon/identity/oauth/dcr/service/DCRMServiceTest.java | 4 ---- 2 files changed, 6 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 76a7ccc3d6..73c22d7251 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -56,9 +56,7 @@ import java.util.ArrayList; import java.util.Arrays; -import java.util.HashMap; import java.util.List; -import java.util.Map; import java.util.regex.Pattern; import static org.wso2.carbon.identity.oauth.Error.INVALID_OAUTH_CLIENT; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index 98c34c9f0a..04bd2a8edb 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -32,7 +32,6 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.model.ServiceProvider; -import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty; import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.base.IdentityException; @@ -60,9 +59,7 @@ import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; -import java.util.HashMap; import java.util.List; -import java.util.Map; import static org.mockito.Matchers.any; import static org.mockito.Matchers.anyString; @@ -71,7 +68,6 @@ import static org.powermock.api.mockito.PowerMockito.mockStatic; import static org.powermock.api.mockito.PowerMockito.when; import static org.powermock.api.mockito.PowerMockito.whenNew; -import static org.powermock.reflect.Whitebox.invokeMethod; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; import static org.testng.Assert.assertNotNull; From f407f26a90e8117f69887dafa623d4f40a699ff3 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Tue, 10 Oct 2023 15:34:16 +0530 Subject: [PATCH 17/23] add new line --- .../org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index 7c42a0143c..4b6d7bbe5e 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -67,9 +67,11 @@ public class OAuthConsumerAppDTO { private String requestObjectEncryptionMethod; public String getJwksURI() { + return jwksURI; } public void setJwksURI(String jwksURi) { + this.jwksURI = jwksURi; } public long getUserAccessTokenExpiryTime() { From 7b52232f71727a0fcb2633ded1cd37ad7c5901ab Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 11 Oct 2023 15:29:55 +0530 Subject: [PATCH 18/23] add attributes to wsdl --- .../src/main/resources/OAuthAdminService.wsdl | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl index f4a605afda..b1fd7f9610 100644 --- a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl +++ b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl @@ -421,6 +421,18 @@ + + + + + + + + + + + + From cd62202cea80908c177cd1344d3565de122f954f Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 12 Oct 2023 08:46:18 +0530 Subject: [PATCH 19/23] remove additional attributes --- .../main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 0130ab43d9..d6b56febe4 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -496,7 +496,7 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setTokenRevocationWithIDPSessionTerminationEnabled(appDO .isTokenRevocationWithIDPSessionTerminationEnabled()); dto.setTokenBindingValidationEnabled(appDO.isTokenBindingValidationEnabled()); - dto.setTokenEndpointAuthMethod(appDO.getTokenEndpointAuthMethod()); + /*dto.setTokenEndpointAuthMethod(appDO.getTokenEndpointAuthMethod()); dto.setTokenEndpointAuthSignatureAlgorithm(appDO.getTokenEndpointAuthSignatureAlgorithm()); dto.setSectorIdentifierURI(appDO.getSectorIdentifierURI()); dto.setIdTokenSignatureAlgorithm(appDO.getIdTokenSignatureAlgorithm()); @@ -507,7 +507,7 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setRequestObjectEncryptionAlgorithm(appDO.getRequestObjectEncryptionAlgorithm()); dto.setRequestObjectEncryptionMethod(appDO.getRequestObjectEncryptionMethod()); dto.setRequirePushedAuthorizationRequests(appDO.isRequirePushedAuthorizationRequests()); - dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens()); + dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens());*/ return dto; } From 50f765464fff1c29b61df02b1a7a252bb115467c Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 13 Oct 2023 09:50:26 +0530 Subject: [PATCH 20/23] change order of wsdl elements --- .../src/main/resources/OAuthAdminService.wsdl | 25 ++++++++++--------- .../wso2/carbon/identity/oauth/OAuthUtil.java | 4 +-- .../oauth/dto/OAuthConsumerAppDTO.java | 2 +- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl index b1fd7f9610..fcba65ab1c 100644 --- a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl +++ b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl @@ -397,6 +397,7 @@ + @@ -406,33 +407,33 @@ + + + + + + + + + + + + - - - - - - - - - - - - diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index d6b56febe4..0130ab43d9 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -496,7 +496,7 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setTokenRevocationWithIDPSessionTerminationEnabled(appDO .isTokenRevocationWithIDPSessionTerminationEnabled()); dto.setTokenBindingValidationEnabled(appDO.isTokenBindingValidationEnabled()); - /*dto.setTokenEndpointAuthMethod(appDO.getTokenEndpointAuthMethod()); + dto.setTokenEndpointAuthMethod(appDO.getTokenEndpointAuthMethod()); dto.setTokenEndpointAuthSignatureAlgorithm(appDO.getTokenEndpointAuthSignatureAlgorithm()); dto.setSectorIdentifierURI(appDO.getSectorIdentifierURI()); dto.setIdTokenSignatureAlgorithm(appDO.getIdTokenSignatureAlgorithm()); @@ -507,7 +507,7 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setRequestObjectEncryptionAlgorithm(appDO.getRequestObjectEncryptionAlgorithm()); dto.setRequestObjectEncryptionMethod(appDO.getRequestObjectEncryptionMethod()); dto.setRequirePushedAuthorizationRequests(appDO.isRequirePushedAuthorizationRequests()); - dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens());*/ + dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens()); return dto; } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index 4b6d7bbe5e..f5ab472e94 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -41,7 +41,6 @@ public class OAuthConsumerAppDTO { private boolean bypassClientCredentials; private String renewRefreshTokenEnabled; // OIDC related properties - private String jwksURI; private boolean isRequestObjectSignatureValidationEnabled; private boolean isIdTokenEncryptionEnabled; private String idTokenEncryptionAlgorithm; @@ -65,6 +64,7 @@ public class OAuthConsumerAppDTO { private String subjectType; private String requestObjectEncryptionAlgorithm; private String requestObjectEncryptionMethod; + private String jwksURI; public String getJwksURI() { From 09663afe2ad1ce64005f2a7014f7904ea8b22f14 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 13 Oct 2023 13:50:16 +0530 Subject: [PATCH 21/23] resolve merge conflicts --- .../wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index f5ab472e94..3833662483 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -323,10 +323,12 @@ public void setTokenBindingValidationEnabled(boolean tokenBindingValidationEnabl } public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; } public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } @@ -437,6 +439,5 @@ public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } - } From 4a8e806b0328bed21ad1a86cba2f40dd4af086d9 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 13 Oct 2023 17:31:21 +0530 Subject: [PATCH 22/23] remove authorization signing algorithm support --- .../dcr/endpoint/dto/ApplicationDTO.java | 30 ------------------- .../endpoint/dto/RegistrationRequestDTO.java | 10 ------- .../dcr/endpoint/dto/UpdateRequestDTO.java | 10 ------- .../oauth2/dcr/endpoint/util/DCRMUtils.java | 6 ---- .../identity/oauth/common/OAuthConstants.java | 1 - .../identity/oauth/dcr/bean/Application.java | 12 -------- .../bean/ApplicationRegistrationRequest.java | 13 ++------ .../dcr/bean/ApplicationUpdateRequest.java | 11 ------- .../oauth/dcr/service/DCRMService.java | 9 ------ .../identity/oauth/OAuthAdminServiceImpl.java | 4 --- .../wso2/carbon/identity/oauth/OAuthUtil.java | 1 - .../identity/oauth/dao/OAuthAppDAO.java | 13 -------- .../carbon/identity/oauth/dao/OAuthAppDO.java | 10 ------- .../oauth/dto/OAuthConsumerAppDTO.java | 11 ------- 14 files changed, 2 insertions(+), 139 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java index 54c5143d88..060dbdc90e 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java @@ -40,9 +40,6 @@ public class ApplicationDTO { private String idTokenSignedResponseAlg = null; private String idTokenEncryptedResponseAlg = null; private String idTokenEncryptedResponseEnc = null; - private String authorizationEncryptedResponseAlg = null; - private String authorizationSignedResponseAlg = null; - private String authorizationEncryptedResponseEnc = null; private String requestObjectSigningAlg = null; private String tlsClientAuthSubjectDn = null; private boolean requirePushAuthorizationRequest; @@ -189,33 +186,6 @@ public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } - @ApiModelProperty(value = "") - @JsonProperty("authorization_encrypted_response_alg") - public String getAuthorizationEncryptedResponseAlg() { - return authorizationEncryptedResponseAlg; - } - public void setAuthorizationEncryptedResponseAlg(String authorizationEncryptedResponseAlg) { - this.authorizationEncryptedResponseAlg = authorizationEncryptedResponseAlg; - } - - @ApiModelProperty(value = "") - @JsonProperty("authorization_signed_response_alg") - public String getAuthorizationSignedResponseAlg() { - return authorizationSignedResponseAlg; - } - public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { - this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; - } - - @ApiModelProperty(value = "") - @JsonProperty("authorization_encrypted_response_enc") - public String getAuthorizationEncryptedResponseEnc() { - return authorizationEncryptedResponseEnc; - } - public void setAuthorizationEncryptedResponseEnc(String authorizationEncryptedResponseEnc) { - this.authorizationEncryptedResponseEnc = authorizationEncryptedResponseEnc; - } - @ApiModelProperty(value = "") @JsonProperty("request_object_signing_alg") public String getRequestObjectSigningAlg() { diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java index afecc65764..7b607649ee 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java @@ -47,7 +47,6 @@ public class RegistrationRequestDTO { private String idTokenSignedResponseAlg = null; private String idTokenEncryptedResponseAlg = null; private String idTokenEncryptedResponseEnc = null; - private String authorizationSignedResponseAlg = null; private String requestObjectSigningAlg = null; private String tlsClientAuthSubjectDn = null; private boolean requirePushAuthorizationRequest; @@ -362,14 +361,6 @@ public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } @ApiModelProperty(value = "") - @JsonProperty("authorization_signed_response_alg") - public String getAuthorizationSignedResponseAlg() { - return authorizationSignedResponseAlg; - } - public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { - this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; - } - @ApiModelProperty(value = "") @JsonProperty("request_object_signing_alg") public String getRequestObjectSigningAlg() { return requestObjectSigningAlg; @@ -494,7 +485,6 @@ public String toString() { sb.append(" id_token_signed_response_alg: ").append(idTokenSignedResponseAlg).append("\n"); sb.append(" id_token_encrypted_response_alg: ").append(idTokenEncryptedResponseAlg).append("\n"); sb.append(" id_token_encrypted_response_enc: ").append(idTokenEncryptedResponseEnc).append("\n"); - sb.append(" authorization_signed_response_alg: ").append(authorizationSignedResponseAlg).append("\n"); sb.append(" request_object_signing_alg: ").append(requestObjectSigningAlg).append("\n"); sb.append(" tls_client_auth_subject_dn: ").append(tlsClientAuthSubjectDn).append("\n"); sb.append(" require_signed_request_object: ").append(requireSignedRequestObject).append("\n"); diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java index 477f9936f4..58fa01db1f 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java @@ -37,7 +37,6 @@ public class UpdateRequestDTO { private String idTokenSignedResponseAlg = null; private String idTokenEncryptedResponseAlg = null; private String idTokenEncryptedResponseEnc = null; - private String authorizationSignedResponseAlg = null; private String requestObjectSigningAlg = null; private String tlsClientAuthSubjectDn = null; private boolean requirePushAuthorizationRequest; @@ -276,15 +275,7 @@ public String getIdTokenEncryptedResponseEnc() { public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } - @ApiModelProperty(value = "") - @JsonProperty("authorization_signed_response_alg") - public String getAuthorizationSignedResponseAlg() { - return authorizationSignedResponseAlg; - } - public void setAuthorizationSignedResponseAlg(String authorizationSignedResponseAlg) { - this.authorizationSignedResponseAlg = authorizationSignedResponseAlg; - } @ApiModelProperty(value = "") @JsonProperty("request_object_signing_alg") public String getRequestObjectSigningAlg() { @@ -413,7 +404,6 @@ public String toString() { sb.append(" id_token_signed_response_alg: ").append(idTokenSignedResponseAlg).append("\n"); sb.append(" id_token_encrypted_response_alg: ").append(idTokenEncryptedResponseAlg).append("\n"); sb.append(" id_token_encrypted_response_enc: ").append(idTokenEncryptedResponseEnc).append("\n"); - sb.append(" authorization_signed_response_alg: ").append(authorizationSignedResponseAlg).append("\n"); sb.append(" request_object_signing_alg: ").append(requestObjectSigningAlg).append("\n"); sb.append(" tls_client_auth_subject_dn: ").append(tlsClientAuthSubjectDn).append("\n"); sb.append("}\n"); diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index c9150a3d6f..5671679652 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -86,8 +86,6 @@ public static ApplicationRegistrationRequest getApplicationRegistrationRequest( appRegistrationRequest.setIdTokenSignatureAlgorithm(registrationRequestDTO.getIdTokenSignedResponseAlg()); appRegistrationRequest.setIdTokenEncryptionAlgorithm(registrationRequestDTO.getIdTokenEncryptedResponseAlg()); appRegistrationRequest.setIdTokenEncryptionMethod(registrationRequestDTO.getIdTokenEncryptedResponseEnc()); - appRegistrationRequest.setAuthorizationResponseSignatureAlgorithm - (registrationRequestDTO.getAuthorizationSignedResponseAlg()); appRegistrationRequest.setRequestObjectSignatureAlgorithm(registrationRequestDTO.getRequestObjectSigningAlg()); appRegistrationRequest.setRequestObjectEncryptionAlgorithm (registrationRequestDTO.getRequestObjectEncryptionAlgorithm()); @@ -130,8 +128,6 @@ public static ApplicationUpdateRequest getApplicationUpdateRequest(UpdateRequest applicationUpdateRequest.setIdTokenSignatureAlgorithm(updateRequestDTO.getIdTokenSignedResponseAlg()); applicationUpdateRequest.setIdTokenEncryptionAlgorithm(updateRequestDTO.getIdTokenEncryptedResponseAlg()); applicationUpdateRequest.setIdTokenEncryptionMethod(updateRequestDTO.getIdTokenEncryptedResponseEnc()); - applicationUpdateRequest.setAuthorizationResponseSignatureAlgorithm( - updateRequestDTO.getAuthorizationSignedResponseAlg()); applicationUpdateRequest.setRequestObjectSignatureAlgorithm( updateRequestDTO.getRequestObjectSigningAlg()); applicationUpdateRequest.setRequestObjectEncryptionAlgorithm( @@ -225,8 +221,6 @@ public static ApplicationDTO getApplicationDTOFromApplication(Application applic applicationDTO.setIdTokenSignedResponseAlg(application.getIdTokenSignatureAlgorithm()); applicationDTO.setIdTokenEncryptedResponseAlg(application.getIdTokenEncryptionAlgorithm()); applicationDTO.setIdTokenEncryptedResponseEnc(application.getIdTokenEncryptionMethod()); - applicationDTO.setAuthorizationSignedResponseAlg(application.getAuthorizationResponseSignatureAlgorithm()); - applicationDTO.setAuthorizationEncryptedResponseEnc(application.getRequestObjectEncryptionMethod()); applicationDTO.setRequireSignedRequestObject(application.isRequestObjectSignatureValidationEnabled()); applicationDTO.setRequestObjectSigningAlg(application.getRequestObjectSignatureAlgorithm()); applicationDTO.setTlsClientAuthSubjectDn(application.getTlsClientAuthSubjectDN()); diff --git a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java index c2f06d5afc..c9af8e9692 100644 --- a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java +++ b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java @@ -526,7 +526,6 @@ public static class OIDCConfigProperties { public static final String TOKEN_AUTH_SIGNATURE_ALGORITHM = "tokenEndpointAuthSigningAlg"; public static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri"; public static final String ID_TOKEN_SIGNATURE_ALGORITHM = "idTokenSignedResponseAlg"; - public static final String AUTH_RESPONSE_SIGNATURE_ALGORITHM = "authorizationSignedResponseAlg"; public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHM = "requestObjectSigningAlg"; public static final String TLS_SUBJECT_DN = "tlsClientAuthSubjectDn"; public static final String IS_PUSH_AUTH = "requirePushAuthorizationRequest"; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java index d1dccbf8b7..61c5c06965 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java @@ -38,7 +38,6 @@ public class Application implements Serializable { private String tokenEndpointAuthSignatureAlgorithm = null; private String sectorIdentifierURI = null; private String idTokenSignatureAlgorithm = null; - private String authorizationResponseSignatureAlgorithm = null; private String requestObjectSignatureAlgorithm = null; private String tlsClientAuthSubjectDN = null; private boolean requirePushedAuthorizationRequests; @@ -148,17 +147,6 @@ public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } - - public String getAuthorizationResponseSignatureAlgorithm() { - - return authorizationResponseSignatureAlgorithm; - } - - public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getRequestObjectSignatureAlgorithm() { return requestObjectSignatureAlgorithm; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java index 86efd0e35c..5d8a07ec75 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java @@ -55,7 +55,6 @@ public class ApplicationRegistrationRequest implements Serializable { private String idTokenSignatureAlgorithm; private String idTokenEncryptionAlgorithm; private String idTokenEncryptionMethod; - private String authorizationResponseSignatureAlgorithm; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -66,10 +65,12 @@ public class ApplicationRegistrationRequest implements Serializable { private String requestObjectEncryptionMethod; public String getJwksURI() { + return jwksURI; } public void setJwksURI(String jwksURI) { + this.jwksURI = jwksURI; } @@ -376,16 +377,6 @@ public void setSectorIdentifierURI(String sectorIdentifierURI) { this.sectorIdentifierURI = sectorIdentifierURI; } - public String getAuthorizationResponseSignatureAlgorithm() { - - return authorizationResponseSignatureAlgorithm; - } - - public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getRequestObjectSignatureAlgorithm() { return requestObjectSignatureAlgorithm; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java index 385b3fc488..c103508542 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java @@ -51,7 +51,6 @@ public class ApplicationUpdateRequest implements Serializable { private String idTokenSignatureAlgorithm; private String idTokenEncryptionAlgorithm; private String idTokenEncryptionMethod; - private String authorizationResponseSignatureAlgorithm; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -303,16 +302,6 @@ public void setSectorIdentifierURI(String sectorIdentifierURI) { this.sectorIdentifierURI = sectorIdentifierURI; } - public String getAuthorizationResponseSignatureAlgorithm() { - - return authorizationResponseSignatureAlgorithm; - } - - public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getRequestObjectSignatureAlgorithm() { return requestObjectSignatureAlgorithm; diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 73c22d7251..8586ffd13d 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -291,10 +291,6 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str if (updateRequest.getIdTokenEncryptionMethod() != null) { appDTO.setIdTokenEncryptionMethod(updateRequest.getIdTokenEncryptionMethod()); } - if (updateRequest.getAuthorizationResponseSignatureAlgorithm() != null) { - appDTO.setAuthorizationResponseSignatureAlgorithm( - updateRequest.getAuthorizationResponseSignatureAlgorithm()); - } if (updateRequest.getRequestObjectSignatureAlgorithm() != null) { appDTO.setRequestObjectSignatureValidationEnabled (updateRequest.isRequireSignedRequestObject()); @@ -478,7 +474,6 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp) { application.setIdTokenSignatureAlgorithm(createdApp.getIdTokenSignatureAlgorithm()); application.setIdTokenEncryptionAlgorithm(createdApp.getIdTokenEncryptionAlgorithm()); application.setIdTokenEncryptionMethod(createdApp.getIdTokenEncryptionMethod()); - application.setAuthorizationResponseSignatureAlgorithm(createdApp.getAuthorizationResponseSignatureAlgorithm()); application.setRequestObjectSignatureValidationEnabled(createdApp.isRequestObjectSignatureValidationEnabled()); application.setRequestObjectSignatureAlgorithm(createdApp.getRequestObjectSignatureAlgorithm()); application.setTlsClientAuthSubjectDN(createdApp.getTlsClientAuthSubjectDN()); @@ -575,10 +570,6 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist if (registrationRequest.getIdTokenEncryptionMethod() != null) { oAuthConsumerApp.setIdTokenEncryptionMethod(registrationRequest.getIdTokenEncryptionMethod()); } - if (registrationRequest.getAuthorizationResponseSignatureAlgorithm() != null) { - oAuthConsumerApp.setAuthorizationResponseSignatureAlgorithm - (registrationRequest.getAuthorizationResponseSignatureAlgorithm()); - } if (registrationRequest.getRequestObjectSignatureAlgorithm() != null) { oAuthConsumerApp.setRequestObjectSignatureAlgorithm( (registrationRequest.getRequestObjectSignatureAlgorithm())); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 01653a1b9a..5db97b8685 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -350,8 +350,6 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer application.getTokenEndpointAuthSignatureAlgorithm()); app.setSectorIdentifierURI(application.getSectorIdentifierURI()); app.setIdTokenSignatureAlgorithm(application.getIdTokenSignatureAlgorithm()); - app.setAuthorizationResponseSignatureAlgorithm( - application.getAuthorizationResponseSignatureAlgorithm()); app.setRequestObjectSignatureAlgorithm(application.getRequestObjectSignatureAlgorithm()); app.setTlsClientAuthSubjectDN(application.getTlsClientAuthSubjectDN()); app.setSubjectType(application.getSubjectType()); @@ -643,8 +641,6 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws consumerAppDTO.getTokenEndpointAuthSignatureAlgorithm()); oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI()); oauthappdo.setIdTokenSignatureAlgorithm(consumerAppDTO.getIdTokenSignatureAlgorithm()); - oauthappdo.setAuthorizationResponseSignatureAlgorithm( - consumerAppDTO.getAuthorizationResponseSignatureAlgorithm()); oauthappdo.setRequestObjectSignatureAlgorithm(consumerAppDTO.getRequestObjectSignatureAlgorithm()); oauthappdo.setTlsClientAuthSubjectDN(consumerAppDTO.getTlsClientAuthSubjectDN()); oauthappdo.setSubjectType(consumerAppDTO.getSubjectType()); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 0130ab43d9..6721b11f2d 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -500,7 +500,6 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setTokenEndpointAuthSignatureAlgorithm(appDO.getTokenEndpointAuthSignatureAlgorithm()); dto.setSectorIdentifierURI(appDO.getSectorIdentifierURI()); dto.setIdTokenSignatureAlgorithm(appDO.getIdTokenSignatureAlgorithm()); - dto.setAuthorizationResponseSignatureAlgorithm(appDO.getAuthorizationResponseSignatureAlgorithm()); dto.setRequestObjectSignatureAlgorithm(appDO.getRequestObjectSignatureAlgorithm()); dto.setTlsClientAuthSubjectDN(appDO.getTlsClientAuthSubjectDN()); dto.setSubjectType(appDO.getSubjectType()); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index e78531acc7..9844d78602 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -67,7 +67,6 @@ import java.util.Set; import static org.wso2.carbon.identity.oauth.OAuthUtil.handleError; -import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.AUTH_RESPONSE_SIGNATURE_ALGORITHM; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BACK_CHANNEL_LOGOUT_URL; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.BYPASS_CLIENT_CREDENTIALS; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.FRONT_CHANNEL_LOGOUT_URL; @@ -880,10 +879,6 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, ID_TOKEN_SIGNATURE_ALGORITHM, oauthAppDO.getIdTokenSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, - AUTH_RESPONSE_SIGNATURE_ALGORITHM, oauthAppDO.getAuthorizationResponseSignatureAlgorithm(), - prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); - addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, REQUEST_OBJECT_SIGNATURE_ALGORITHM, oauthAppDO.getRequestObjectSignatureAlgorithm(), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); @@ -1508,9 +1503,6 @@ private void addServiceProviderOIDCProperties(Connection connection, addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, ID_TOKEN_SIGNATURE_ALGORITHM, consumerAppDO.getIdTokenSignatureAlgorithm()); - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, - AUTH_RESPONSE_SIGNATURE_ALGORITHM, consumerAppDO.getAuthorizationResponseSignatureAlgorithm()); - addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, REQUEST_OBJECT_SIGNATURE_ALGORITHM, consumerAppDO.getRequestObjectSignatureAlgorithm()); @@ -1653,11 +1645,6 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu if (idTokenSignatureAlgorithm != null) { oauthApp.setIdTokenSignatureAlgorithm(idTokenSignatureAlgorithm); } - String authResponseSignatureAlgorithm = getFirstPropertyValue( - spOIDCProperties, AUTH_RESPONSE_SIGNATURE_ALGORITHM); - if (authResponseSignatureAlgorithm != null) { - oauthApp.setAuthorizationResponseSignatureAlgorithm(authResponseSignatureAlgorithm); - } String requestObjectSignatureAlgorithm = getFirstPropertyValue( spOIDCProperties, REQUEST_OBJECT_SIGNATURE_ALGORITHM); if (requestObjectSignatureAlgorithm != null) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java index b4a8396de5..365921ac17 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java @@ -82,7 +82,6 @@ public class OAuthAppDO extends InboundConfigurationProtocol implements Serializ private String tokenEndpointAuthSignatureAlgorithm; private String sectorIdentifierURI; private String idTokenSignatureAlgorithm; - private String authorizationResponseSignatureAlgorithm; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -392,15 +391,6 @@ public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; } - public String getAuthorizationResponseSignatureAlgorithm() { - - return authorizationResponseSignatureAlgorithm; - } - - public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } public String getRequestObjectSignatureAlgorithm() { return requestObjectSignatureAlgorithm; diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index 3833662483..c28154e78a 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -56,7 +56,6 @@ public class OAuthConsumerAppDTO { private String tokenEndpointAuthSignatureAlgorithm; private String sectorIdentifierURI; private String idTokenSignatureAlgorithm; - private String authorizationResponseSignatureAlgorithm; private String requestObjectSignatureAlgorithm; private String tlsClientAuthSubjectDN; private boolean requirePushedAuthorizationRequests; @@ -351,16 +350,6 @@ public void setSectorIdentifierURI(String sectorIdentifierURI) { this.sectorIdentifierURI = sectorIdentifierURI; } - public String getAuthorizationResponseSignatureAlgorithm() { - - return authorizationResponseSignatureAlgorithm; - } - - public void setAuthorizationResponseSignatureAlgorithm(String authorizationResponseSignatureAlgorithm) { - - this.authorizationResponseSignatureAlgorithm = authorizationResponseSignatureAlgorithm; - } - public String getRequestObjectSignatureAlgorithm() { return requestObjectSignatureAlgorithm; From fdf95f191e4620cdbdd88cf7351e0617806f985f Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 14 Oct 2023 10:40:18 +0530 Subject: [PATCH 23/23] enable Id token encryption --- .../org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java | 1 + 1 file changed, 1 insertion(+) diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 8586ffd13d..f26fe2bfb3 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -566,6 +566,7 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist } if (registrationRequest.getIdTokenEncryptionAlgorithm() != null) { oAuthConsumerApp.setIdTokenEncryptionAlgorithm(registrationRequest.getIdTokenEncryptionAlgorithm()); + oAuthConsumerApp.setIdTokenEncryptionEnabled(true); } if (registrationRequest.getIdTokenEncryptionMethod() != null) { oAuthConsumerApp.setIdTokenEncryptionMethod(registrationRequest.getIdTokenEncryptionMethod());