github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added 'use server default' to JOSE options, addresses #462

pull/650/head
Justin Richer 2013-08-19 13:53:04 -04:00
parent 143f1efafb
commit 682d9b9406
3 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -90,15 +90,15 @@ public class ClientDetailsEntity implements ClientDetails {
private String sectorIdentifierUri; // sector_identifier_uri private String sectorIdentifierUri; // sector_identifier_uri
private SubjectType subjectType; // subject_type private SubjectType subjectType; // subject_type
private JWSAlgorithmEmbed requestObjectSigningAlg = JWSAlgorithmEmbed.NONE; // request_object_signing_alg private JWSAlgorithmEmbed requestObjectSigningAlg = null; // request_object_signing_alg
private JWSAlgorithmEmbed userInfoSignedResponseAlg = JWSAlgorithmEmbed.NONE; // user_info_signed_response_alg private JWSAlgorithmEmbed userInfoSignedResponseAlg = null; // user_info_signed_response_alg
private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // user_info_encrypted_response_alg private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // user_info_encrypted_response_enc private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
private JWSAlgorithmEmbed idTokenSignedResponseAlg = JWSAlgorithmEmbed.NONE; // id_token_signed_response_alg private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg
private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // id_token_encrypted_response_alg private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // id_token_encrypted_response_enc private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
private Integer defaultMaxAge; // default_max_age private Integer defaultMaxAge; // default_max_age
private Boolean requireAuthTime; // require_auth_time private Boolean requireAuthTime; // require_auth_time

23
openid-connect-server/src/main/webapp/resources/js/client.js
View File

@ -371,6 +371,15 @@ var ClientFormView = Backbone.View.extend({
else return value; else return value;
}, },
// returns "null" if given the value "default" as a string, otherwise returns input value. useful for parsing the JOSE algorithm dropdowns
defaultToNull:function(value) {
if (value == 'default') {
return null;
} else {
return value;
}
},
// maps from a form-friendly name to the real grant parameter name // maps from a form-friendly name to the real grant parameter name
grantMap:{ grantMap:{
'authorization_code': 'authorization_code', 'authorization_code': 'authorization_code',
@ -484,13 +493,13 @@ var ClientFormView = Backbone.View.extend({
contacts: this.contactsCollection.pluck('item'), contacts: this.contactsCollection.pluck('item'),
requestUris: this.requestUrisCollection.pluck('item'), requestUris: this.requestUrisCollection.pluck('item'),
defaultAcrValues: this.defaultAcrValuesCollection.pluck('item'), defaultAcrValues: this.defaultAcrValuesCollection.pluck('item'),
requestObjectSigningAlg: $('#requestObjectSigningAlg select').val(), requestObjectSigningAlg: this.defaultToNull($('#requestObjectSigningAlg select').val()),
userInfoSignedResponseAlg: $('#userInfoSignedResponseAlg select').val(), userInfoSignedResponseAlg: this.defaultToNull($('#userInfoSignedResponseAlg select').val()),
userInfoEncryptedResponseAlg: $('#userInfoEncryptedResponseAlg select').val(), userInfoEncryptedResponseAlg: this.defaultToNull($('#userInfoEncryptedResponseAlg select').val()),
userInfoEncryptedResponseEnc: $('#userInfoEncryptedResponseEnc select').val(), userInfoEncryptedResponseEnc: this.defaultToNull($('#userInfoEncryptedResponseEnc select').val()),
idTokenSignedResponseAlg: $('#idTokenSignedResponseAlg select').val(), idTokenSignedResponseAlg: this.defaultToNull($('#idTokenSignedResponseAlg select').val()),
idTokenEncryptedResponseAlg: $('#idTokenEncryptedResponseAlg select').val(), idTokenEncryptedResponseAlg: this.defaultToNull($('#idTokenEncryptedResponseAlg select').val()),
idTokenEncryptedResponseEnc: $('#idTokenEncryptedResponseEnc select').val() idTokenEncryptedResponseEnc: this.defaultToNull($('#idTokenEncryptedResponseEnc select').val())
}; };
// post-validate // post-validate

7
openid-connect-server/src/main/webapp/resources/template/client.html
View File

@ -420,6 +420,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=requestObjectSigningAlg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=requestObjectSigningAlg == "none" ? 'selected' : ''%>>No digital signature</option> <option value="none" <%=requestObjectSigningAlg == "none" ? 'selected' : ''%>>No digital signature</option>
<option value="HS256" <%=requestObjectSigningAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option> <option value="HS256" <%=requestObjectSigningAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=requestObjectSigningAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option> <option value="HS384" <%=requestObjectSigningAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
@ -439,6 +440,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=userInfoSignedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=userInfoSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option> <option value="none" <%=userInfoSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option>
<option value="HS256" <%=userInfoSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option> <option value="HS256" <%=userInfoSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=userInfoSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option> <option value="HS384" <%=userInfoSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
@ -458,6 +460,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=userInfoEncryptedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=userInfoEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option> <option value="none" <%=userInfoEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
<option value="RSA1_5" <%=userInfoEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option> <option value="RSA1_5" <%=userInfoEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
<option value="RSA-OAEP" <%=userInfoEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option> <option value="RSA-OAEP" <%=userInfoEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
@ -476,6 +479,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=userInfoEncryptedResponseEnc == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=userInfoEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option> <option value="none" <%=userInfoEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
<option value="A128CBC+HS256" <%=userInfoEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option> <option value="A128CBC+HS256" <%=userInfoEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
<option value="A256CBC+HS512" <%=userInfoEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option> <option value="A256CBC+HS512" <%=userInfoEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
@ -490,6 +494,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=idTokenSignedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=idTokenSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option> <option value="none" <%=idTokenSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option>
<option value="HS256" <%=idTokenSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option> <option value="HS256" <%=idTokenSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=idTokenSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option> <option value="HS384" <%=idTokenSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
@ -509,6 +514,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=idTokenEncryptedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=idTokenEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option> <option value="none" <%=idTokenEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
<option value="RSA1_5" <%=idTokenEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option> <option value="RSA1_5" <%=idTokenEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
<option value="RSA-OAEP" <%=idTokenEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option> <option value="RSA-OAEP" <%=idTokenEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
@ -527,6 +533,7 @@
<div class="controls"> <div class="controls">
<select> <select>
<!-- TODO: this should be filled out by the server, perhaps? --> <!-- TODO: this should be filled out by the server, perhaps? -->
<option value="default" <%=idTokenEncryptedResponseEnc == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=idTokenEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option> <option value="none" <%=idTokenEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
<option value="A128CBC+HS256" <%=idTokenEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option> <option value="A128CBC+HS256" <%=idTokenEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
<option value="A256CBC+HS512" <%=idTokenEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option> <option value="A256CBC+HS512" <%=idTokenEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>