From 82ee64c86ec696af2a37c43a8f1c71bcaf504d50 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Fri, 16 Sep 2022 11:51:44 +0300 Subject: [PATCH] feat(jans-auth-server): add access_token_singing_alg_values_supported to discovery #2372 docs: no docs https://github.com/JanssenProject/jans/issues/2372 --- .../as/client/OpenIdConfigurationClient.java | 61 +----- .../client/OpenIdConfigurationResponse.java | 12 ++ .../model/configuration/AppConfiguration.java | 9 + .../ConfigurationResponseClaim.java | 1 + .../main/java/io/jans/as/model/util/Util.java | 23 ++- .../java/io/jans/as/model/util/UtilTest.java | 20 +- .../registration/RegisterParamsValidator.java | 9 + .../ws/rs/action/RegisterCreateAction.java | 4 +- .../servlet/FapiOpenIdConfiguration.java | 57 +----- .../server/servlet/OpenIdConfiguration.java | 186 ++---------------- .../RegisterParamsValidatorTest.java | 57 ++++++ .../server/src/test/resources/testng.xml | 1 + .../jans_setup/setup_app/test_data_loader.py | 1 + .../templates/jans-auth/jans-auth-config.json | 16 ++ 14 files changed, 164 insertions(+), 293 deletions(-) create mode 100644 jans-auth-server/server/src/test/java/io/jans/as/server/model/registration/RegisterParamsValidatorTest.java diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationClient.java b/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationClient.java index 7fd60e48b3c..27331f83fe5 100644 --- a/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationClient.java +++ b/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationClient.java @@ -16,65 +16,7 @@ import jakarta.ws.rs.client.Invocation.Builder; import jakarta.ws.rs.core.MediaType; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ACR_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_AUTHENTICATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_LOGOUT_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_TOKEN_DELIVERY_MODES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_USER_CODE_PAREMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CHECK_SESSION_IFRAME; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_LOCALES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIM_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLIENT_INFO_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DEVICE_AUTHZ_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DISPLAY_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DPOP_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.END_SESSION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONTCHANNEL_LOGOUT_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.GRANT_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.INTROSPECTION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ISSUER; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.JWKS_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.MTLS_ENDPOINT_ALIASES; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.OP_POLICY_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.OP_TOS_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.PAR_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REGISTRATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_URI_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUIRE_PAR; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUIRE_REQUEST_URI_REGISTRATION; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.RESPONSE_MODES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.RESPONSE_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REVOCATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SCOPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SCOPE_TO_CLAIMS_MAPPING; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SERVICE_DOCUMENTATION; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SESSION_REVOCATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SUBJECT_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.UI_LOCALES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_SIGNING_ALG_VALUES_SUPPORTED; +import static io.jans.as.model.configuration.ConfigurationResponseClaim.*; /** * Encapsulates functionality to make OpenId Configuration request calls to an authorization server via REST Services. @@ -201,6 +143,7 @@ public static void parse(String json, OpenIdConfigurationResponse response) { Util.addToListIfHas(response.getIdTokenSigningAlgValuesSupported(), jsonObj, ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED); Util.addToListIfHas(response.getIdTokenEncryptionAlgValuesSupported(), jsonObj, ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED); Util.addToListIfHas(response.getIdTokenEncryptionEncValuesSupported(), jsonObj, ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED); + Util.addToListIfHas(response.getAccessTokenSigningAlgValuesSupported(), jsonObj, ACCESS_TOKEN_SIGNING_ALG_VALUES_SUPPORTED); Util.addToListIfHas(response.getRequestObjectSigningAlgValuesSupported(), jsonObj, REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED); Util.addToListIfHas(response.getRequestObjectEncryptionAlgValuesSupported(), jsonObj, REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED); Util.addToListIfHas(response.getRequestObjectEncryptionEncValuesSupported(), jsonObj, REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED); diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationResponse.java b/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationResponse.java index 5791d2c092f..37f31d6b6ac 100644 --- a/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationResponse.java +++ b/jans-auth-server/client/src/main/java/io/jans/as/client/OpenIdConfigurationResponse.java @@ -55,6 +55,7 @@ public class OpenIdConfigurationResponse extends BaseResponse implements Seriali private List idTokenSigningAlgValuesSupported; private List idTokenEncryptionAlgValuesSupported; private List idTokenEncryptionEncValuesSupported; + private List accessTokenSigningAlgValuesSupported; private List requestObjectSigningAlgValuesSupported; private List requestObjectEncryptionAlgValuesSupported; private List requestObjectEncryptionEncValuesSupported; @@ -114,6 +115,7 @@ public OpenIdConfigurationResponse(int status) { idTokenSigningAlgValuesSupported = new ArrayList<>(); idTokenEncryptionAlgValuesSupported = new ArrayList<>(); idTokenEncryptionEncValuesSupported = new ArrayList<>(); + accessTokenSigningAlgValuesSupported = new ArrayList<>(); requestObjectSigningAlgValuesSupported = new ArrayList<>(); requestObjectEncryptionAlgValuesSupported = new ArrayList<>(); requestObjectEncryptionEncValuesSupported = new ArrayList<>(); @@ -621,6 +623,15 @@ public void setUserInfoEncryptionEncValuesSupported(List userInfoEncrypt this.userInfoEncryptionEncValuesSupported = userInfoEncryptionEncValuesSupported; } + public List getAccessTokenSigningAlgValuesSupported() { + if (accessTokenSigningAlgValuesSupported == null) accessTokenSigningAlgValuesSupported = new ArrayList<>(); + return accessTokenSigningAlgValuesSupported; + } + + public void setAccessTokenSigningAlgValuesSupported(List accessTokenSigningAlgValuesSupported) { + this.accessTokenSigningAlgValuesSupported = accessTokenSigningAlgValuesSupported; + } + /** * Returns a list of the JWS signing algorithms (alg values) supported by * the Authorization Server for the ID Token to encode the claims in a JWT. @@ -1205,6 +1216,7 @@ public String toString() { ", idTokenSigningAlgValuesSupported=" + idTokenSigningAlgValuesSupported + ", idTokenEncryptionAlgValuesSupported=" + idTokenEncryptionAlgValuesSupported + ", idTokenEncryptionEncValuesSupported=" + idTokenEncryptionEncValuesSupported + + ", accessTokenSigningAlgValuesSupported=" + accessTokenSigningAlgValuesSupported + ", requestObjectSigningAlgValuesSupported=" + requestObjectSigningAlgValuesSupported + ", requestObjectEncryptionAlgValuesSupported=" + requestObjectEncryptionAlgValuesSupported + ", requestObjectEncryptionEncValuesSupported=" + requestObjectEncryptionEncValuesSupported + diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java index 89c11fb17e0..c0a223346dd 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java @@ -108,6 +108,7 @@ public class AppConfiguration implements Configuration { private List idTokenSigningAlgValuesSupported; private List idTokenEncryptionAlgValuesSupported; private List idTokenEncryptionEncValuesSupported; + private List accessTokenSigningAlgValuesSupported; private Boolean forceSignedRequestObject = false; private List requestObjectSigningAlgValuesSupported; private List requestObjectEncryptionAlgValuesSupported; @@ -1251,6 +1252,14 @@ public void setIdTokenEncryptionEncValuesSupported(List idTokenEncryptio this.idTokenEncryptionEncValuesSupported = idTokenEncryptionEncValuesSupported; } + public List getAccessTokenSigningAlgValuesSupported() { + return accessTokenSigningAlgValuesSupported; + } + + public void setAccessTokenSigningAlgValuesSupported(List accessTokenSigningAlgValuesSupported) { + this.accessTokenSigningAlgValuesSupported = accessTokenSigningAlgValuesSupported; + } + public Boolean getForceSignedRequestObject() { if (forceSignedRequestObject == null) { return false; diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/ConfigurationResponseClaim.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/ConfigurationResponseClaim.java index 0e158a12d7f..e18d8156fa2 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/ConfigurationResponseClaim.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/ConfigurationResponseClaim.java @@ -47,6 +47,7 @@ private ConfigurationResponseClaim() { public static final String ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED = "id_token_signing_alg_values_supported"; public static final String ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED = "id_token_encryption_alg_values_supported"; public static final String ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED = "id_token_encryption_enc_values_supported"; + public static final String ACCESS_TOKEN_SIGNING_ALG_VALUES_SUPPORTED = "access_token_signing_alg_values_supported"; public static final String REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED = "request_object_signing_alg_values_supported"; public static final String REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED = "request_object_encryption_alg_values_supported"; public static final String REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED = "request_object_encryption_enc_values_supported"; diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/util/Util.java b/jans-auth-server/model/src/main/java/io/jans/as/model/util/Util.java index fff05e2bd16..336a2b10bf4 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/util/Util.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/util/Util.java @@ -30,18 +30,7 @@ import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.time.Duration; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Calendar; -import java.util.Collection; -import java.util.Date; -import java.util.GregorianCalendar; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.TimeZone; +import java.util.*; /** * @author Yuriy Zabrovarnyy @@ -367,4 +356,14 @@ public static Map toSerializableMap(Map ma } return result; } + + public static void putArray(JSONObject jsonObj, List list, String key) { + JSONArray jsonArray = new JSONArray(); + for (String alg : list) { + jsonArray.put(alg); + } + if (jsonArray.length() > 0) { + jsonObj.put(key, jsonArray); + } + } } diff --git a/jans-auth-server/model/src/test/java/io/jans/as/model/util/UtilTest.java b/jans-auth-server/model/src/test/java/io/jans/as/model/util/UtilTest.java index da8cf6b8827..c62cf9dee10 100644 --- a/jans-auth-server/model/src/test/java/io/jans/as/model/util/UtilTest.java +++ b/jans-auth-server/model/src/test/java/io/jans/as/model/util/UtilTest.java @@ -1,6 +1,7 @@ package io.jans.as.model.util; import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.Lists; import io.jans.as.model.BaseTest; import io.jans.as.model.common.Display; import io.jans.as.model.common.SubjectType; @@ -9,7 +10,6 @@ import org.json.JSONObject; import org.testng.annotations.Test; -import javax.swing.*; import java.io.IOException; import java.io.Serializable; import java.lang.reflect.InvocationTargetException; @@ -19,6 +19,24 @@ public class UtilTest extends BaseTest { + @Test + public void putArray_whenListIsNotEmpty_shouldAddArray() { + JSONObject json = new JSONObject(); + Util.putArray(json, Lists.newArrayList("a"), "key"); + + final JSONArray jsonArray = json.optJSONArray("key"); + assertNotNull(jsonArray); + assertEquals(jsonArray.get(0), "a"); + } + + @Test + public void putArray_whenListIsEmpty_shouldNotAddArray() { + JSONObject json = new JSONObject(); + Util.putArray(json, Lists.newArrayList(), "key"); + + assertNull(json.optJSONArray("key")); + } + @Test public void putNotBlank_keyNull_nothing() { showTitle("putNotBlank_keyNull_nothing"); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/registration/RegisterParamsValidator.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/registration/RegisterParamsValidator.java index caddad88ab3..f47bd2ae5c1 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/registration/RegisterParamsValidator.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/registration/RegisterParamsValidator.java @@ -111,6 +111,15 @@ public void validateAlgorithms(RegisterRequest registerRequest) { RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter id_token_signed_response_alg is not valid."); } + if (registerRequest.getAccessTokenSigningAlg() != null + && registerRequest.getAccessTokenSigningAlg() != SignatureAlgorithm.NONE && + !appConfiguration.getAccessTokenSigningAlgValuesSupported().contains( + registerRequest.getAccessTokenSigningAlg().toString())) { + log.debug("Parameter access_token_signed_alg is not valid."); + throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, + RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter access_token_signed_alg is not valid."); + } + if (registerRequest.getIdTokenEncryptedResponseAlg() != null && !appConfiguration.getIdTokenEncryptionAlgValuesSupported().contains( registerRequest.getIdTokenEncryptedResponseAlg().toString())) { diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java index 728acae8fcd..1532032640a 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java @@ -119,7 +119,7 @@ public Response createClient(String requestParams, HttpServletRequest httpReques setSubjectType(r); setIdTokenSignedResponseAlg(r); - setAccessTokenSigningAlg(r); + setAccessTokenSigningAlgFallback(r); registerParamsValidator.validateAlgorithms(r); @@ -236,7 +236,7 @@ private void setSubjectType(RegisterRequest r) { } } - private void setAccessTokenSigningAlg(RegisterRequest r) { + private void setAccessTokenSigningAlgFallback(RegisterRequest r) { if (r.getAccessTokenSigningAlg() == null) { r.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm())); } diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/FapiOpenIdConfiguration.java b/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/FapiOpenIdConfiguration.java index 1dd59565aae..3c14529f607 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/FapiOpenIdConfiguration.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/FapiOpenIdConfiguration.java @@ -50,60 +50,9 @@ import java.util.Map; import java.util.Set; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ACR_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTH_LEVEL_MAPPING; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_LOGOUT_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CHECK_SESSION_IFRAME; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_LOCALES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIM_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLIENT_INFO_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DISPLAY_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.END_SESSION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONTCHANNEL_LOGOUT_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.GRANT_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_GENERATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.INTROSPECTION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ISSUER; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.JWKS_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.OP_POLICY_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.OP_TOS_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.PAR_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REGISTRATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_URI_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUIRE_PAR; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUIRE_REQUEST_URI_REGISTRATION; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.RESPONSE_MODES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.RESPONSE_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REVOCATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SCOPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SCOPE_TO_CLAIMS_MAPPING; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SERVICE_DOCUMENTATION; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SESSION_REVOCATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SUBJECT_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.UI_LOCALES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_SIGNING_ALG_VALUES_SUPPORTED; +import static io.jans.as.model.configuration.ConfigurationResponseClaim.*; import static io.jans.as.model.util.StringUtils.implode; +import static io.jans.as.model.util.Util.putArray; /** * @author Javier Rojas Blum @@ -354,6 +303,8 @@ protected void processRequest(HttpServletRequest servletRequest, HttpServletResp jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported); } + putArray(jsonObj, appConfiguration.getAccessTokenSigningAlgValuesSupported(), ACCESS_TOKEN_SIGNING_ALG_VALUES_SUPPORTED); + JSONArray requestObjectSigningAlgValuesSupported = new JSONArray(); for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) { requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/OpenIdConfiguration.java b/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/OpenIdConfiguration.java index ccf24cce888..58bb81bee18 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/OpenIdConfiguration.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/servlet/OpenIdConfiguration.java @@ -13,6 +13,7 @@ import io.jans.as.model.common.ResponseType; import io.jans.as.model.common.ScopeType; import io.jans.as.model.configuration.AppConfiguration; +import io.jans.as.model.util.Util; import io.jans.as.persistence.model.Scope; import io.jans.as.persistence.model.ScopeAttributes; import io.jans.as.server.ciba.CIBAConfigurationService; @@ -42,65 +43,7 @@ import java.util.Map; import java.util.Set; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ACR_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTHORIZATION_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.AUTH_LEVEL_MAPPING; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.BACKCHANNEL_LOGOUT_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CHECK_SESSION_IFRAME; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_LOCALES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIMS_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLAIM_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.CLIENT_INFO_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DEVICE_AUTHZ_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DISPLAY_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.DPOP_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.END_SESSION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONTCHANNEL_LOGOUT_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.GRANT_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_GENERATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.INTROSPECTION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.ISSUER; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.JWKS_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.MTLS_ENDPOINT_ALIASES; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.OP_POLICY_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.OP_TOS_URI; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.PAR_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REGISTRATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUEST_URI_PARAMETER_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUIRE_PAR; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REQUIRE_REQUEST_URI_REGISTRATION; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.RESPONSE_MODES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.RESPONSE_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.REVOCATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SCOPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SCOPE_TO_CLAIMS_MAPPING; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SERVICE_DOCUMENTATION; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SESSION_REVOCATION_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.SUBJECT_TYPES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.UI_LOCALES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_ENDPOINT; -import static io.jans.as.model.configuration.ConfigurationResponseClaim.USER_INFO_SIGNING_ALG_VALUES_SUPPORTED; +import static io.jans.as.model.configuration.ConfigurationResponseClaim.*; import static io.jans.as.model.util.StringUtils.implode; /** @@ -229,13 +172,7 @@ protected void processRequest(HttpServletRequest servletRequest, HttpServletResp jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported); jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping()); - JSONArray subjectTypesSupported = new JSONArray(); - for (String subjectType : appConfiguration.getSubjectTypesSupported()) { - subjectTypesSupported.put(subjectType); - } - if (subjectTypesSupported.length() > 0) { - jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported); - } + Util.putArray(jsonObj, appConfiguration.getSubjectTypesSupported(), SUBJECT_TYPES_SUPPORTED); JSONArray authorizationSigningAlgValuesSupported = new JSONArray(); for (String authorizationSigningAlg : appConfiguration.getAuthorizationSigningAlgValuesSupported()) { @@ -261,13 +198,7 @@ protected void processRequest(HttpServletRequest servletRequest, HttpServletResp jsonObj.put(AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED, authorizationEncryptionEncValuesSupported); } - JSONArray userInfoSigningAlgValuesSupported = new JSONArray(); - for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) { - userInfoSigningAlgValuesSupported.put(userInfoSigningAlg); - } - if (userInfoSigningAlgValuesSupported.length() > 0) { - jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getUserInfoSigningAlgValuesSupported(), USER_INFO_SIGNING_ALG_VALUES_SUPPORTED); JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray(); for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) { @@ -285,95 +216,30 @@ protected void processRequest(HttpServletRequest servletRequest, HttpServletResp jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported); } - JSONArray idTokenSigningAlgValuesSupported = new JSONArray(); - for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) { - idTokenSigningAlgValuesSupported.put(idTokenSigningAlg); - } - if (idTokenSigningAlgValuesSupported.length() > 0) { - jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getIdTokenSigningAlgValuesSupported(), ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED); - JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray(); - for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) { - idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg); - } - if (idTokenEncryptionAlgValuesSupported.length() > 0) { - jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getIdTokenEncryptionAlgValuesSupported(), ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED); - JSONArray idTokenEncryptionEncValuesSupported = new JSONArray(); - for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) { - idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc); - } - if (idTokenEncryptionEncValuesSupported.length() > 0) { - jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getIdTokenEncryptionEncValuesSupported(), ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED); - JSONArray requestObjectSigningAlgValuesSupported = new JSONArray(); - for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) { - requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg); - } - if (requestObjectSigningAlgValuesSupported.length() > 0) { - jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getAccessTokenSigningAlgValuesSupported(), ACCESS_TOKEN_SIGNING_ALG_VALUES_SUPPORTED); - JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray(); - for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) { - requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg); - } - if (requestObjectEncryptionAlgValuesSupported.length() > 0) { - jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getRequestObjectSigningAlgValuesSupported(), REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED); - JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray(); - for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) { - requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc); - } - if (requestObjectEncryptionEncValuesSupported.length() > 0) { - jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getRequestObjectEncryptionAlgValuesSupported(), REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED); - JSONArray tokenEndpointAuthMethodsSupported = new JSONArray(); - for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) { - tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod); - } - if (tokenEndpointAuthMethodsSupported.length() > 0) { - jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported); - } + Util.putArray(jsonObj, appConfiguration.getRequestObjectEncryptionEncValuesSupported(), REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED); - JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray(); - for (String tokenEndpointAuthSigningAlg : appConfiguration - .getTokenEndpointAuthSigningAlgValuesSupported()) { - tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg); - } - if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) { - jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, - tokenEndpointAuthSigningAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getTokenEndpointAuthMethodsSupported(), TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED); - JSONArray dpopSigningAlgValuesSupported = new JSONArray(); - for (String dpopSigningAlg : appConfiguration.getDpopSigningAlgValuesSupported()) { - dpopSigningAlgValuesSupported.put(dpopSigningAlg); - } - if (dpopSigningAlgValuesSupported.length() > 0) { - jsonObj.put(DPOP_SIGNING_ALG_VALUES_SUPPORTED, dpopSigningAlgValuesSupported); - } + Util.putArray(jsonObj, appConfiguration + .getTokenEndpointAuthSigningAlgValuesSupported(), TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED); - JSONArray displayValuesSupported = new JSONArray(); - for (String display : appConfiguration.getDisplayValuesSupported()) { - displayValuesSupported.put(display); - } - if (displayValuesSupported.length() > 0) { - jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported); - } + Util.putArray(jsonObj, appConfiguration.getDpopSigningAlgValuesSupported(), DPOP_SIGNING_ALG_VALUES_SUPPORTED); - JSONArray claimTypesSupported = new JSONArray(); - for (String claimType : appConfiguration.getClaimTypesSupported()) { - claimTypesSupported.put(claimType); - } - if (claimTypesSupported.length() > 0) { - jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported); - } + Util.putArray(jsonObj, appConfiguration.getDisplayValuesSupported(), DISPLAY_VALUES_SUPPORTED); + + Util.putArray(jsonObj, appConfiguration.getClaimTypesSupported(), CLAIM_TYPES_SUPPORTED); jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation()); @@ -383,21 +249,9 @@ protected void processRequest(HttpServletRequest servletRequest, HttpServletResp } jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported); - JSONArray claimsLocalesSupported = new JSONArray(); - for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) { - claimsLocalesSupported.put(claimLocale); - } - if (claimsLocalesSupported.length() > 0) { - jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported); - } + Util.putArray(jsonObj, appConfiguration.getClaimsLocalesSupported(), CLAIMS_LOCALES_SUPPORTED); - JSONArray uiLocalesSupported = new JSONArray(); - for (String uiLocale : appConfiguration.getUiLocalesSupported()) { - uiLocalesSupported.put(uiLocale); - } - if (uiLocalesSupported.length() > 0) { - jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported); - } + Util.putArray(jsonObj, appConfiguration.getUiLocalesSupported(), UI_LOCALES_SUPPORTED); JSONArray scopesSupported = new JSONArray(); JSONArray claimsSupported = new JSONArray(); diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/model/registration/RegisterParamsValidatorTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/model/registration/RegisterParamsValidatorTest.java new file mode 100644 index 00000000000..c8e36e0cf56 --- /dev/null +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/model/registration/RegisterParamsValidatorTest.java @@ -0,0 +1,57 @@ +package io.jans.as.server.model.registration; + +import com.beust.jcommander.internal.Lists; +import io.jans.as.client.RegisterRequest; +import io.jans.as.model.configuration.AppConfiguration; +import io.jans.as.model.crypto.signature.SignatureAlgorithm; +import io.jans.as.model.error.ErrorResponseFactory; +import jakarta.ws.rs.WebApplicationException; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.testng.MockitoTestNGListener; +import org.slf4j.Logger; +import org.testng.annotations.Listeners; +import org.testng.annotations.Test; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +/** + * @author Yuriy Z + */ +@Listeners(MockitoTestNGListener.class) +public class RegisterParamsValidatorTest { + + @InjectMocks + private RegisterParamsValidator registerParamsValidator; + + @Mock + private Logger log; + + @Mock + private AppConfiguration appConfiguration; + + @Mock + private ErrorResponseFactory errorResponseFactory; + + @Test + public void validateAlgorithms_whenAlgIsAmoungSupported_shouldNotRaiseException() { + RegisterRequest request = new RegisterRequest(); + request.setAccessTokenSigningAlg(SignatureAlgorithm.RS256); + + when(appConfiguration.getAccessTokenSigningAlgValuesSupported()).thenReturn(Lists.newArrayList("RS256")); + + registerParamsValidator.validateAlgorithms(request); + } + + @Test(expectedExceptions = WebApplicationException.class) + public void validateAlgorithms_whenAlgThatIsNotAmoungSupported_shouldRaiseException() { + RegisterRequest request = new RegisterRequest(); + request.setAccessTokenSigningAlg(SignatureAlgorithm.RS256); + + when(appConfiguration.getAccessTokenSigningAlgValuesSupported()).thenReturn(Lists.newArrayList("RS512")); + when(errorResponseFactory.createWebApplicationException(any(), any(), any())).thenCallRealMethod(); + + registerParamsValidator.validateAlgorithms(request); + } +} diff --git a/jans-auth-server/server/src/test/resources/testng.xml b/jans-auth-server/server/src/test/resources/testng.xml index 5ed415c3230..9583a84c6a9 100644 --- a/jans-auth-server/server/src/test/resources/testng.xml +++ b/jans-auth-server/server/src/test/resources/testng.xml @@ -10,6 +10,7 @@ + diff --git a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py index a159fcb8433..ff36a4a9a2e 100644 --- a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py +++ b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py @@ -229,6 +229,7 @@ def load_test_data(self): 'claimsParameterSupported': True, 'grantTypesSupported': [ 'urn:openid:params:grant-type:ciba', 'authorization_code', 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:ietf:params:oauth:grant-type:device_code', 'client_credentials', 'implicit', 'refresh_token', 'password' ], 'idTokenSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], + 'accessTokenSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], 'requestObjectSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], 'softwareStatementValidationClaimName': 'jwks_uri', 'softwareStatementValidationType': 'jwks_uri', diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json index 8742dba3c8d..f6b2ac867e3 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json +++ b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json @@ -139,6 +139,22 @@ "PS384", "PS512" ], + "accessTokenSigningAlgValuesSupported":[ + "none", + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "ES512", + "ES512", + "PS256", + "PS384", + "PS512" + ], "idTokenEncryptionAlgValuesSupported":[ "RSA1_5", "RSA-OAEP",