changed client defaults for JOSE bits

12 years ago · ad3a22e5d4
parent 3268726747
commit ad3a22e5d4
5 changed files with 17 additions and 7 deletions
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
@ -21,6 +21,8 @@ import com.nimbusds.jose.JWEAlgorithm;
@Embeddable
 public class JWEAlgorithmEmbed {

+	public static final JWEAlgorithmEmbed NONE = getForAlgorithmName("none");
+	
 	private JWEAlgorithm algorithm;

 	public JWEAlgorithmEmbed() {
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
@ -18,6 +18,8 @@ import com.nimbusds.jose.JWEAlgorithm;
@Embeddable
 public class JWEEncryptionMethodEmbed {

+	public static final JWEEncryptionMethodEmbed NONE  = getForAlgorithmName("none");
+	
 	private EncryptionMethod algorithm;

 	public JWEEncryptionMethodEmbed() {
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
@ -22,6 +22,8 @@ import com.nimbusds.jose.JWSAlgorithm;
@Embeddable
 public class JWSAlgorithmEmbed {

+	public static final JWSAlgorithmEmbed NONE = getForAlgorithmName("none");
+	
 	private JWSAlgorithm algorithm;
 	
 	public JWSAlgorithmEmbed() { 
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@ -89,15 +89,15 @@ public class ClientDetailsEntity implements ClientDetails {
 	private String sectorIdentifierUri; // sector_identifier_uri
 	private SubjectType subjectType; // subject_type
 	
-	private JWSAlgorithmEmbed requestObjectSigningAlg; // request_object_signing_alg
+	private JWSAlgorithmEmbed requestObjectSigningAlg = JWSAlgorithmEmbed.NONE; // request_object_signing_alg
 	
-	private JWSAlgorithmEmbed userInfoSignedResponseAlg; // user_info_signed_response_alg
-	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg; // user_info_encrypted_response_alg
-	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc; // user_info_encrypted_response_enc
+	private JWSAlgorithmEmbed userInfoSignedResponseAlg = JWSAlgorithmEmbed.NONE; // user_info_signed_response_alg
+	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // user_info_encrypted_response_alg
+	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // user_info_encrypted_response_enc
 	
-	private JWSAlgorithmEmbed idTokenSignedResponseAlg; // id_token_signed_response_alg
-	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg; // id_token_encrypted_response_alg
-	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc; // id_token_encrypted_response_enc
+	private JWSAlgorithmEmbed idTokenSignedResponseAlg = JWSAlgorithmEmbed.NONE; // id_token_signed_response_alg
+	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // id_token_encrypted_response_alg
+	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // id_token_encrypted_response_enc
 	
 	private Integer defaultMaxAge; // default_max_age
 	private Boolean requireAuthTime; // require_auth_time
--- a/openid-connect-server/src/main/webapp/resources/template/client.html
+++ b/openid-connect-server/src/main/webapp/resources/template/client.html
@ -491,6 +491,7 @@
                <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=userInfoEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="RSA1_5" <%=userInfoEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
 						<option value="RSA-OAEP" <%=userInfoEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
 						<option value="A128KW" <%=userInfoEncryptedResponseAlg == "A128KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 128 bit keys </option>
@ -508,6 +509,7 @@
                <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=userInfoEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="A128CBC+HS256" <%=userInfoEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
 						<option value="A256CBC+HS512" <%=userInfoEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
 						<option value="A128GCM" <%=userInfoEncryptedResponseEnc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>
@ -540,6 +542,7 @@
                <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=idTokenEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="RSA1_5" <%=idTokenEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
 						<option value="RSA-OAEP" <%=idTokenEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
 						<option value="A128KW" <%=idTokenEncryptedResponseAlg == "A128KW" ? 'selected' : ''%>>Advanced Encryption Standard (AES) Key Wrap Algorithm using 128 bit keys </option>
@ -557,6 +560,7 @@
                <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=idTokenEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="A128CBC+HS256" <%=idTokenEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
 						<option value="A256CBC+HS512" <%=idTokenEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
 						<option value="A128GCM" <%=idTokenEncryptedResponseEnc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>