github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added null checks to endpoint auth method switches, closes #652

pull/653/head
Justin Richer 2014-07-31 23:05:17 -04:00
parent 863dbd17b8
commit 39c50b76f4
2 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
View File

@ -97,7 +97,15 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")");
}
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) &&
if (client.getTokenEndpointAuthMethod() == null ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)) {
// this client doesn't support this type of authentication
throw new AuthenticationServiceException("Client does not support this authentication method.");
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) &&
(alg.equals(JWSAlgorithm.RS256)
|| alg.equals(JWSAlgorithm.RS384)
|| alg.equals(JWSAlgorithm.RS512))) {

26
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -161,7 +161,13 @@ public class ClientAPI {
client = clientService.generateClientId(client);
}
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
if (client.getTokenEndpointAuthMethod() == null ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
client.setClientSecret(null);
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
@ -183,11 +189,6 @@ public class ClientAPI {
// otherwise we shouldn't have a secret for this client
client.setClientSecret(null);
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
client.setClientSecret(null);
} else {
logger.error("unknown auth method");
@ -256,7 +257,13 @@ public class ClientAPI {
client = clientService.generateClientId(client);
}
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
if (client.getTokenEndpointAuthMethod() == null ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
client.setClientSecret(null);
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
@ -278,11 +285,6 @@ public class ClientAPI {
// otherwise we shouldn't have a secret for this client
client.setClientSecret(null);
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
client.setClientSecret(null);
} else {
logger.error("unknown auth method");