From ad3a22e5d453a0af2ec0b309555340c09d15e349 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Wed, 6 Mar 2013 15:24:46 -0500
Subject: [PATCH] changed client defaults for JOSE bits

---
 .../java/org/mitre/jose/JWEAlgorithmEmbed.java     |  2 ++
 .../org/mitre/jose/JWEEncryptionMethodEmbed.java   |  2 ++
 .../java/org/mitre/jose/JWSAlgorithmEmbed.java     |  2 ++
 .../mitre/oauth2/model/ClientDetailsEntity.java    | 14 +++++++-------
 .../src/main/webapp/resources/template/client.html |  4 ++++
 5 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
index e0e06e497..4081d515b 100644
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
@@ -21,6 +21,8 @@ import com.nimbusds.jose.JWEAlgorithm;
 @Embeddable
 public class JWEAlgorithmEmbed {
 
+	public static final JWEAlgorithmEmbed NONE = getForAlgorithmName("none");
+	
 	private JWEAlgorithm algorithm;
 
 	public JWEAlgorithmEmbed() {
diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
index ba44bed31..bcd2f40b8 100644
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
@@ -18,6 +18,8 @@ import com.nimbusds.jose.JWEAlgorithm;
 @Embeddable
 public class JWEEncryptionMethodEmbed {
 
+	public static final JWEEncryptionMethodEmbed NONE  = getForAlgorithmName("none");
+	
 	private EncryptionMethod algorithm;
 
 	public JWEEncryptionMethodEmbed() {
diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
index f0ffa9255..e9aff0cc0 100644
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
+++ b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
@@ -22,6 +22,8 @@ import com.nimbusds.jose.JWSAlgorithm;
 @Embeddable
 public class JWSAlgorithmEmbed {
 
+	public static final JWSAlgorithmEmbed NONE = getForAlgorithmName("none");
+	
 	private JWSAlgorithm algorithm;
 	
 	public JWSAlgorithmEmbed() { 
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index d4b649a58..0f6eed0d2 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -89,15 +89,15 @@ public class ClientDetailsEntity implements ClientDetails {
 	private String sectorIdentifierUri; // sector_identifier_uri
 	private SubjectType subjectType; // subject_type
 	
-	private JWSAlgorithmEmbed requestObjectSigningAlg; // request_object_signing_alg
+	private JWSAlgorithmEmbed requestObjectSigningAlg = JWSAlgorithmEmbed.NONE; // request_object_signing_alg
 	
-	private JWSAlgorithmEmbed userInfoSignedResponseAlg; // user_info_signed_response_alg
-	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg; // user_info_encrypted_response_alg
-	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc; // user_info_encrypted_response_enc
+	private JWSAlgorithmEmbed userInfoSignedResponseAlg = JWSAlgorithmEmbed.NONE; // user_info_signed_response_alg
+	private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // user_info_encrypted_response_alg
+	private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // user_info_encrypted_response_enc
 	
-	private JWSAlgorithmEmbed idTokenSignedResponseAlg; // id_token_signed_response_alg
-	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg; // id_token_encrypted_response_alg
-	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc; // id_token_encrypted_response_enc
+	private JWSAlgorithmEmbed idTokenSignedResponseAlg = JWSAlgorithmEmbed.NONE; // id_token_signed_response_alg
+	private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = JWEAlgorithmEmbed.NONE; // id_token_encrypted_response_alg
+	private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = JWEEncryptionMethodEmbed.NONE; // id_token_encrypted_response_enc
 	
 	private Integer defaultMaxAge; // default_max_age
 	private Boolean requireAuthTime; // require_auth_time
diff --git a/openid-connect-server/src/main/webapp/resources/template/client.html b/openid-connect-server/src/main/webapp/resources/template/client.html
index 3cf602251..594a1e5fa 100644
--- a/openid-connect-server/src/main/webapp/resources/template/client.html
+++ b/openid-connect-server/src/main/webapp/resources/template/client.html
@@ -491,6 +491,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=userInfoEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="RSA1_5" <%=userInfoEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
 						<option value="RSA-OAEP" <%=userInfoEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
 						<option value="A128KW" <%=userInfoEncryptedResponseAlg == "A128KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 128 bit keys </option>
@@ -508,6 +509,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=userInfoEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="A128CBC+HS256" <%=userInfoEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
 						<option value="A256CBC+HS512" <%=userInfoEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
 						<option value="A128GCM" <%=userInfoEncryptedResponseEnc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>
@@ -540,6 +542,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=idTokenEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="RSA1_5" <%=idTokenEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
 						<option value="RSA-OAEP" <%=idTokenEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
 						<option value="A128KW" <%=idTokenEncryptedResponseAlg == "A128KW" ? 'selected' : ''%>>Advanced Encryption Standard (AES) Key Wrap Algorithm using 128 bit keys </option>
@@ -557,6 +560,7 @@
                 <div class="controls">
 					<select>
 						<!-- TODO: this should be filled out by the server, perhaps? -->
+						<option value="none" <%=idTokenEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
 						<option value="A128CBC+HS256" <%=idTokenEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
 						<option value="A256CBC+HS512" <%=idTokenEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
 						<option value="A128GCM" <%=idTokenEncryptedResponseEnc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>