From f1815f50120ed94164f62507f258f26c4115cca1 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Thu, 27 Jun 2024 16:24:32 +0530 Subject: [PATCH 1/4] Add the reuse pvt ket jwt config to oidc metadata. --- .../ApplicationManagementConstants.java | 2 ++ .../management/v1/OIDCMetaData.java | 29 +++++++++++++++++++ .../ServerApplicationMetadataService.java | 3 ++ 3 files changed, 34 insertions(+) diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java index e67b4663da..7214a8b712 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java @@ -57,6 +57,8 @@ private ApplicationManagementConstants() { public static final String RBAC = "RBAC"; public static final String NO_POLICY = "NO POLICY"; public static final String SELECT_OPTION = "Select Option"; + public static final String TOKEN_EP_ALLOW_REUSE_PVT_KEY_JWT_DEFAULT_VALUE = "OAuth.OpenIDConnect." + + "TokenEndpointAllowReusePrivateKeyJWT"; public static final String TOKEN_EP_SIGNATURE_ALGORITHMS_SUPPORTED = "OAuth.OpenIDConnect." + "SupportedTokenEndpointSigningAlgorithms.SupportedTokenEndpointSigningAlgorithm"; public static final String ID_TOKEN_SIGNATURE_ALGORITHMS_SUPPORTED = "OAuth.OpenIDConnect." + diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java index 49c39d7d2e..9dd2948f26 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java @@ -48,6 +48,7 @@ public class OIDCMetaData { private ClientAuthenticationMethodMetadata tokenEndpointAuthMethod; private MetadataProperty tokenEndpointSignatureAlgorithm; private MetadataProperty idTokenSignatureAlgorithm; + private Boolean tokenEndpointAllowReusePvtKeyJwt; private MetadataProperty requestObjectSignatureAlgorithm; private MetadataProperty requestObjectEncryptionAlgorithm; private MetadataProperty requestObjectEncryptionMethod; @@ -270,6 +271,31 @@ public void setTokenEndpointSignatureAlgorithm(MetadataProperty tokenEndpointSig this.tokenEndpointSignatureAlgorithm = tokenEndpointSignatureAlgorithm; } + /** + * Allow reuse of the private key for JWT generation at the token endpoint. + * + * @param tokenEndpointAllowReusePvtKeyJwt Allow reuse of the private key for JWT generation at the token endpoint. + * @return OIDCMetaData object. + **/ + public OIDCMetaData tokenEndpointAllowReusePvtKeyJwt(Boolean tokenEndpointAllowReusePvtKeyJwt) { + + this.tokenEndpointAllowReusePvtKeyJwt = tokenEndpointAllowReusePvtKeyJwt; + return this; + } + + @ApiModelProperty(example = "false", value = "") + @JsonProperty("tokenEndpointAllowReusePvtKeyJwt") + @Valid + public Boolean getTokenEndpointAllowReusePvtKeyJwt() { + + return tokenEndpointAllowReusePvtKeyJwt; + } + + public void setTokenEndpointAllowReusePvtKeyJwt(Boolean tokenEndpointAllowReusePvtKeyJwt) { + + this.tokenEndpointAllowReusePvtKeyJwt = tokenEndpointAllowReusePvtKeyJwt; + } + /** **/ public OIDCMetaData idTokenSignatureAlgorithm(MetadataProperty idTokenSignatureAlgorithm) { @@ -402,6 +428,7 @@ public boolean equals(java.lang.Object o) { Objects.equals(this.accessTokenBindingType, oiDCMetaData.accessTokenBindingType) && Objects.equals(this.tokenEndpointAuthMethod, oiDCMetaData.tokenEndpointAuthMethod) && Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.tokenEndpointSignatureAlgorithm) && + Objects.equals(this.tokenEndpointAllowReusePvtKeyJwt, oiDCMetaData.tokenEndpointAllowReusePvtKeyJwt) && Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.idTokenSignatureAlgorithm) && Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.requestObjectSignatureAlgorithm) && Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.requestObjectEncryptionAlgorithm) && @@ -433,6 +460,8 @@ public String toString() { sb.append(" accessTokenBindingType: ").append(toIndentedString(accessTokenBindingType)).append("\n"); sb.append(" tokenEndpointAuthMethod: ").append(toIndentedString(tokenEndpointAuthMethod)).append("\n"); sb.append(" tokenEndpointSignatureAlgorithm: ").append(toIndentedString(tokenEndpointSignatureAlgorithm)).append("\n"); + sb.append(" tokenEndpointAllowReusePvtKeyJwt: ").append(toIndentedString(tokenEndpointAllowReusePvtKeyJwt)) + .append("\n"); sb.append(" idTokenSignatureAlgorithm: ").append(toIndentedString(idTokenSignatureAlgorithm)).append("\n"); sb.append(" requestObjectSignatureAlgorithm: ").append(toIndentedString(requestObjectSignatureAlgorithm)).append("\n"); sb.append(" requestObjectEncryptionAlgorithm: ").append(toIndentedString(requestObjectEncryptionAlgorithm)).append("\n"); diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java index 00911d5457..0fdaebaf41 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java @@ -169,6 +169,9 @@ public OIDCMetaData getOIDCMetadata() { supportedClientAuthMethods.addAll(getClientAuthenticationMethods()); oidcMetaData.setTokenEndpointAuthMethod( new ClientAuthenticationMethodMetadata().options(supportedClientAuthMethods)); + boolean tokenEpAllowReusePvtKeyJwtDefaultValue = Boolean.parseBoolean(IdentityUtil + .getProperty(ApplicationManagementConstants.TOKEN_EP_ALLOW_REUSE_PVT_KEY_JWT_DEFAULT_VALUE)); + oidcMetaData.setTokenEndpointAllowReusePvtKeyJwt(tokenEpAllowReusePvtKeyJwtDefaultValue); List tokenEpSigningAlgorithms = IdentityUtil .getPropertyAsList(ApplicationManagementConstants.TOKEN_EP_SIGNATURE_ALGORITHMS_SUPPORTED); oidcMetaData.setTokenEndpointSignatureAlgorithm(new MetadataProperty() From cdc19b776c730983d4a708805c53e3022dd12cc9 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Thu, 27 Jun 2024 16:27:33 +0530 Subject: [PATCH 2/4] Add the pvt ket jwt config under ClientAuthenticationConfiguration. --- .../v1/ClientAuthenticationConfiguration.java | 41 +++++++++++++++++-- .../oauth2/ApiModelToOAuthConsumerApp.java | 1 + .../oauth2/OAuthConsumerAppToApiModel.java | 1 + .../src/main/resources/applications.yaml | 6 +++ 4 files changed, 45 insertions(+), 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java index bb93182817..6c1ceae745 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java @@ -28,6 +28,7 @@ public class ClientAuthenticationConfiguration { private String tokenEndpointAuthMethod; private String tokenEndpointAuthSigningAlg; + private Boolean tokenEndpointAllowReusePvtKeyJwt; private String tlsClientAuthSubjectDn; /** @@ -66,6 +67,30 @@ public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; } + /** + * Allow reuse of the private key for JWT generation at the token endpoint. + * + * @param tokenEndpointAllowReusePvtKeyJwt Allow reuse of the private key for JWT generation at the token endpoint. + * @return ClientAuthenticationConfiguration object. + **/ + public ClientAuthenticationConfiguration tokenEndpointAllowReusePvtKeyJwt( + Boolean tokenEndpointAllowReusePvtKeyJwt) { + + this.tokenEndpointAllowReusePvtKeyJwt = tokenEndpointAllowReusePvtKeyJwt; + return this; + } + + @ApiModelProperty(example = "false", value = "") + @JsonProperty("tokenEndpointAllowReusePvtKeyJwt") + @Valid + public Boolean isTokenEndpointAllowReusePvtKeyJwt() { + return tokenEndpointAllowReusePvtKeyJwt; + } + + public void setTokenEndpointAllowReusePvtKeyJwt(Boolean tokenEndpointAllowReusePvtKeyJwt) { + this.tokenEndpointAllowReusePvtKeyJwt = tokenEndpointAllowReusePvtKeyJwt; + } + /** **/ public ClientAuthenticationConfiguration tlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { @@ -94,14 +119,20 @@ public boolean equals(java.lang.Object o) { return false; } ClientAuthenticationConfiguration clientAuthenticationConfiguration = (ClientAuthenticationConfiguration) o; - return Objects.equals(this.tokenEndpointAuthMethod, clientAuthenticationConfiguration.tokenEndpointAuthMethod) && - Objects.equals(this.tokenEndpointAuthSigningAlg, clientAuthenticationConfiguration.tokenEndpointAuthSigningAlg) && - Objects.equals(this.tlsClientAuthSubjectDn, clientAuthenticationConfiguration.tlsClientAuthSubjectDn); + return Objects.equals(this.tokenEndpointAuthMethod, + clientAuthenticationConfiguration.tokenEndpointAuthMethod) && + Objects.equals(this.tokenEndpointAuthSigningAlg, + clientAuthenticationConfiguration.tokenEndpointAuthSigningAlg) && + Objects.equals(this.tlsClientAuthSubjectDn, clientAuthenticationConfiguration.tlsClientAuthSubjectDn) && + Objects.equals(this.tokenEndpointAllowReusePvtKeyJwt, + clientAuthenticationConfiguration.tokenEndpointAllowReusePvtKeyJwt); } @Override public int hashCode() { - return Objects.hash(tokenEndpointAuthMethod, tokenEndpointAuthSigningAlg, tlsClientAuthSubjectDn); + + return Objects.hash(tokenEndpointAuthMethod, tokenEndpointAuthSigningAlg, tokenEndpointAllowReusePvtKeyJwt, + tlsClientAuthSubjectDn); } @Override @@ -112,6 +143,8 @@ public String toString() { sb.append(" tokenEndpointAuthMethod: ").append(toIndentedString(tokenEndpointAuthMethod)).append("\n"); sb.append(" tokenEndpointAuthSigningAlg: ").append(toIndentedString(tokenEndpointAuthSigningAlg)).append("\n"); + sb.append(" tokenEndpointAllowReusePvtKeyJwt: ").append(toIndentedString(tokenEndpointAllowReusePvtKeyJwt)) + .append("\n"); sb.append(" tlsClientAuthSubjectDn: ").append(toIndentedString(tlsClientAuthSubjectDn)).append("\n"); sb.append("}"); return sb.toString(); diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java index 6d7b9abffb..32049fe115 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java @@ -249,6 +249,7 @@ private void updateClientAuthenticationConfigurations(OAuthConsumerAppDTO appDTO if (clientAuthentication != null) { appDTO.setTokenEndpointAuthMethod(clientAuthentication.getTokenEndpointAuthMethod()); appDTO.setTokenEndpointAuthSignatureAlgorithm(clientAuthentication.getTokenEndpointAuthSigningAlg()); + appDTO.setTokenEndpointAllowReusePvtKeyJwt(clientAuthentication.isTokenEndpointAllowReusePvtKeyJwt()); appDTO.setTlsClientAuthSubjectDN(clientAuthentication.getTlsClientAuthSubjectDn()); } } diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java index 1760e14f85..a2cb07cd73 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java @@ -174,6 +174,7 @@ private ClientAuthenticationConfiguration buildClientAuthenticationConfiguration return new ClientAuthenticationConfiguration() .tokenEndpointAuthMethod(appDTO.getTokenEndpointAuthMethod()) .tokenEndpointAuthSigningAlg(appDTO.getTokenEndpointAuthSignatureAlgorithm()) + .tokenEndpointAllowReusePvtKeyJwt(appDTO.isTokenEndpointAllowReusePvtKeyJwt()) .tlsClientAuthSubjectDn(appDTO.getTlsClientAuthSubjectDN()); } diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml index c7ab28afef..bff65444b8 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml @@ -3729,6 +3729,9 @@ components: tokenEndpointAuthMethod: type: string example: 'client_secret_basic' + tokenEndpointAllowReusePvtKeyJwt: + type: boolean + example: false tokenEndpointAuthSigningAlg: type: string example: 'PS256' @@ -3995,6 +3998,9 @@ components: $ref: '#/components/schemas/MetadataProperty' tokenEndpointAuthMethod: $ref: '#/components/schemas/ClientAuthenticationMethodMetadata' + tokenEndpointAllowReusePvtKeyJwt: + type: boolean + default: false tokenEndpointSignatureAlgorithm: $ref: '#/components/schemas/MetadataProperty' idTokenSignatureAlgorithm: From 6eb32042fe1175fb0e65e03d0844a4050b5fe34c Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Tue, 9 Jul 2024 22:33:36 +0530 Subject: [PATCH 3/4] Bump Oauth and addon versions. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index d294c55eaa..2aed61ce27 100644 --- a/pom.xml +++ b/pom.xml @@ -796,14 +796,14 @@ 1.12.0 **/gen/**/* 1.8.19 - 7.0.103 + 7.0.114 5.11.41 1.9.4 findbugs-exclude-filter.xml 4.9.17 4.9.10 0.7.12 - 2.4.21 + 2.5.13 4.10.7 5.2.15 1.1.1 From 7d709f43b8476bb0f07718e24d2d55d4798a963b Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri <47152272+mpmadhavig@users.noreply.github.com> Date: Wed, 10 Jul 2024 09:17:18 +0530 Subject: [PATCH 4/4] Fix javadoc comments. --- .../management/v1/ClientAuthenticationConfiguration.java | 4 ++-- .../api/server/application/management/v1/OIDCMetaData.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java index 6c1ceae745..03b4a25df4 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java @@ -68,9 +68,9 @@ public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { } /** - * Allow reuse of the private key for JWT generation at the token endpoint. + * Allow reuse of the private key JWT at the token endpoint. * - * @param tokenEndpointAllowReusePvtKeyJwt Allow reuse of the private key for JWT generation at the token endpoint. + * @param tokenEndpointAllowReusePvtKeyJwt Allow reuse of the private key JWT at the token endpoint. * @return ClientAuthenticationConfiguration object. **/ public ClientAuthenticationConfiguration tokenEndpointAllowReusePvtKeyJwt( diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java index 9dd2948f26..14cc952f39 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java @@ -272,9 +272,9 @@ public void setTokenEndpointSignatureAlgorithm(MetadataProperty tokenEndpointSig } /** - * Allow reuse of the private key for JWT generation at the token endpoint. + * Allow reuse of the private key JWT at the token endpoint. * - * @param tokenEndpointAllowReusePvtKeyJwt Allow reuse of the private key for JWT generation at the token endpoint. + * @param tokenEndpointAllowReusePvtKeyJwt Allow reuse of the private key JWT at the token endpoint. * @return OIDCMetaData object. **/ public OIDCMetaData tokenEndpointAllowReusePvtKeyJwt(Boolean tokenEndpointAllowReusePvtKeyJwt) {