encrypted request object wip. need to add header parameters to allow encryption. also need to get public key for encryption

2012-07-23 11:15:06 -04:00 · 2012-07-23 11:15:06 -04:00 · 8f22517c81
parent 70c4c25fa3
commit 8f22517c81
2 changed files with 9 additions and 102 deletions
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCEncryptedRequestFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCEncryptedRequestFilter.java
@ -86,43 +86,30 @@ public class OIDCEncryptedRequestFilter extends AbstractOIDCAuthenticationFilter
 		
 		if(StringUtils.isNotBlank(request.getParameter("token"))) {
 			
+			//TODO: encryption pull request needs to be accepted for these classes to be imported
 			Jwe jwe = new Jwe();
 			JweHeader header = jwe.getHeader();
 			JwtClaims claims = jwe.getClaims();
 			
-			//set parameters to JwtHeader
+			//set parameters to JweHeader
 			header.setAlgorithm(JwsAlgorithm.getByName(SIGNING_ALGORITHM).toString());
+			header.setIntegrity(/*TODO: put something here*/);
+			header.setKeyDerivationFunction(/*TODO: put something here*/);
+			header.setEncryptionMethod(/*TODO: put something here*/);
 			
-			//set parameters to JwtClaims
+			//set parameters to JweClaims
 			claims.setClaim("response_type", "token");
 			claims.setClaim("client_id", serverConfiguration.getClientId());
 			claims.setClaim("scope", scope);
 			claims.setClaim("redirect_uri", AbstractOIDCAuthenticationFilter.buildRedirectURI(request, null));
 			claims.setClaim("nonce", NONCE_SIGNATURE_COOKIE_NAME);
 			
-			if(header.getAlgorithm().equals("RS256") || header.getAlgorithm().equals("RS384") || header.getAlgorithm().equals("RS512")) {
-				RsaSigner jwtSigner = new RsaSigner();
-				try {
-					jwt = jwtSigner.sign(jwt);
-				} catch (NoSuchAlgorithmException e) {
-					// TODO Auto-generated catch block
-					e.printStackTrace();
-				}
-			} else if(header.getAlgorithm().equals("HS256") || header.getAlgorithm().equals("HS384") || header.getAlgorithm().equals("HS512")) {
-				HmacSigner jwtSigner = new HmacSigner();
-				try {
-					jwt = jwtSigner.sign(jwt);
-				} catch (NoSuchAlgorithmException e) {
-					// TODO Auto-generated catch block
-					e.printStackTrace();
-				}
-			} else {
-				throw new IllegalArgumentException(header.getAlgorithm() + " is not a valid signing algorithm.");
-			}
+			//encrypt and sign jwe
+			encryptAndSign(jwe, publicKey);
 			
 			Map<String, String> urlVariables = new HashMap<String, String>();
 			
-			urlVariables.put("request", jwt.toString());
+			urlVariables.put("request", jwe.toString());
 			
 			String authRequest = AbstractOIDCAuthenticationFilter.buildURL(serverConfiguration.getAuthorizationEndpointURI(), urlVariables);

@ -133,44 +120,4 @@ public class OIDCEncryptedRequestFilter extends AbstractOIDCAuthenticationFilter

 	}

-	public void setAuthorizationEndpointURI(String authorizationEndpointURI) {
-		oidcServerConfig.setAuthorizationEndpointURI(authorizationEndpointURI);
-	}
-
-	public void setClientId(String clientId) {
-		oidcServerConfig.setClientId(clientId);
-	}
-
-	public void setClientSecret(String clientSecret) {
-		oidcServerConfig.setClientSecret(clientSecret);
-	}
-
-	public void setErrorRedirectURI(String errorRedirectURI) {
-		this.errorRedirectURI = errorRedirectURI;
-	}
-
-	public void setTokenEndpointURI(String tokenEndpointURI) {
-		oidcServerConfig.setTokenEndpointURI(tokenEndpointURI);
-	}
-	
-	public void setX509EncryptUrl(String x509EncryptUrl) {
-		oidcServerConfig.setX509EncryptUrl(x509EncryptUrl);
-	}
-	
-	public void setX509SigningUrl(String x509SigningUrl) {
-		oidcServerConfig.setX509SigningUrl(x509SigningUrl);
-	}
-	
-	public void setJwkEncryptUrl(String jwkEncryptUrl) {
-		oidcServerConfig.setJwkEncryptUrl(jwkEncryptUrl);
-	}
-	
-	public void setJwkSigningUrl(String jwkSigningUrl) {
-		oidcServerConfig.setJwkSigningUrl(jwkSigningUrl);
-	}
-
-    public void setIssuer(String issuer) {
-	    oidcServerConfig.setIssuer(issuer);
-    }
-
 }
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
@ -134,44 +134,4 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {

 	}

-	public void setAuthorizationEndpointURI(String authorizationEndpointURI) {
-		oidcServerConfig.setAuthorizationEndpointURI(authorizationEndpointURI);
-	}
-
-	public void setClientId(String clientId) {
-		oidcServerConfig.setClientId(clientId);
-	}
-
-	public void setClientSecret(String clientSecret) {
-		oidcServerConfig.setClientSecret(clientSecret);
-	}
-
-	public void setErrorRedirectURI(String errorRedirectURI) {
-		this.errorRedirectURI = errorRedirectURI;
-	}
-
-	public void setTokenEndpointURI(String tokenEndpointURI) {
-		oidcServerConfig.setTokenEndpointURI(tokenEndpointURI);
-	}
-	
-	public void setX509EncryptUrl(String x509EncryptUrl) {
-		oidcServerConfig.setX509EncryptUrl(x509EncryptUrl);
-	}
-	
-	public void setX509SigningUrl(String x509SigningUrl) {
-		oidcServerConfig.setX509SigningUrl(x509SigningUrl);
-	}
-	
-	public void setJwkEncryptUrl(String jwkEncryptUrl) {
-		oidcServerConfig.setJwkEncryptUrl(jwkEncryptUrl);
-	}
-	
-	public void setJwkSigningUrl(String jwkSigningUrl) {
-		oidcServerConfig.setJwkSigningUrl(jwkSigningUrl);
-	}
-
-    public void setIssuer(String issuer) {
-	    oidcServerConfig.setIssuer(issuer);
-    }
-
 }