protected boolean isConfidenatialClientSecretValid(Client client, String providedClientSecret) { if (clientSecretVerifier != null) { return clientSecretVerifier.validateClientSecret(client, providedClientSecret); } return client.getClientSecret() != null && providedClientSecret != null && client.getClientSecret().equals(providedClientSecret); } protected boolean isValidPublicClient(Client client, String clientId) {
protected boolean isConfidenatialClientSecretValid(Client client, String providedClientSecret) { if (clientSecretVerifier != null) { return clientSecretVerifier.validateClientSecret(client, providedClientSecret); } return client.getClientSecret() != null && providedClientSecret != null && client.getClientSecret().equals(providedClientSecret); } protected boolean isValidPublicClient(Client client, String clientId) {
protected boolean isValidPublicClient(Client client, String clientId) { return canSupportPublicClients && !client.isConfidential() && client.getClientSecret() == null; }
protected JweDecryptionProvider getInitializedDecryptionProvider(Client c) { if (c == null) { return null; } return super.getInitializedDecryptionProvider(c.getClientSecret()); }
@Override protected boolean canSupportPublicClient(Client c) { return canSupportPublicClients && !c.isConfidential() && c.getClientSecret() == null; }
protected JwsSignatureProvider getInitializedSignatureProvider(Client c) { if (c == null) { return null; } return super.getInitializedSignatureProvider(c.getClientSecret()); }
protected boolean isValidPublicClient(Client client, String clientId) { return canSupportPublicClients && !client.isConfidential() && client.getClientSecret() == null; }
protected JweDecryptionProvider getInitializedDecryptionProvider(Client c) { if (c == null) { return null; } return super.getInitializedDecryptionProvider(c.getClientSecret()); }
protected JwsSignatureProvider getInitializedSignatureProvider(Client c) { if (c == null) { return null; } return super.getInitializedSignatureProvider(c.getClientSecret()); }
@Override protected boolean canSupportPublicClient(Client c) { return canSupportPublicClients && !c.isConfidential() && c.getClientSecret() == null; }
public boolean validateClientSecret(Client client, String clientSecret) { String hash = MessageDigestUtils.generate(StringUtils.toBytesUTF8(clientSecret), hashAlgorithm); return hash.equals(client.getClientSecret()); } public void setHashAlgorithm(String hashAlgorithm) {
public boolean validateClientSecret(Client client, String clientSecret) { String hash = MessageDigestUtils.generate(StringUtils.toBytesUTF8(clientSecret), hashAlgorithm); return hash.equals(client.getClientSecret()); } public void setHashAlgorithm(String hashAlgorithm) {
protected JwsSignatureVerifier getInitializedSignatureVerifier(Client c) { JwsSignatureVerifier theSignatureVerifier = null; if (verifyWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theSignatureVerifier = JwsUtils.getPublicKeySignatureVerifier(cert.getPublicKey(), SignatureAlgorithm.RS256); } if (theSignatureVerifier == null && c != null && c.getClientSecret() != null) { theSignatureVerifier = super.getInitializedSignatureVerifier(c.getClientSecret()); } return theSignatureVerifier; }
protected JwsSignatureVerifier getInitializedSignatureVerifier(Client c) { JwsSignatureVerifier theSignatureVerifier = null; if (verifyWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theSignatureVerifier = JwsUtils.getPublicKeySignatureVerifier(cert.getPublicKey(), SignatureAlgorithm.RS256); } if (theSignatureVerifier == null && c != null && c.getClientSecret() != null) { theSignatureVerifier = super.getInitializedSignatureVerifier(c.getClientSecret()); } return theSignatureVerifier; }
protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { JweEncryptionProvider theEncryptionProvider = null; if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(), KeyAlgorithm.RSA_OAEP, ContentAlgorithm.A128GCM, null); } if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) { theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret()); } return theEncryptionProvider; }
protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { JweEncryptionProvider theEncryptionProvider = null; if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(), KeyAlgorithm.RSA_OAEP, ContentAlgorithm.A128GCM, null); } if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) { theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret()); } return theEncryptionProvider; }
protected JwsSignatureVerifier getInitializedSigVerifier(Client c) { if (verifyWithClientCertificates) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); return JwsUtils.getPublicKeySignatureVerifier(cert, SignatureAlgorithm.RS256); } return super.getInitializedSignatureVerifier(c.getClientSecret()); } public void setIssuer(String issuer) {
protected JwsSignatureVerifier getInitializedSigVerifier(Client c) { if (verifyWithClientCertificates) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); return JwsUtils.getPublicKeySignatureVerifier(cert, SignatureAlgorithm.RS256); } return super.getInitializedSignatureVerifier(c.getClientSecret()); } public void setIssuer(String issuer) {
protected ClientRegistrationResponse fromClientToRegistrationResponse(Client client) { ClientRegistrationResponse response = new ClientRegistrationResponse(); response.setClientId(client.getClientId()); if (client.getClientSecret() != null) { response.setClientSecret(client.getClientSecret()); // TODO: consider making Client secret time limited response.setClientSecretExpiresAt(Long.valueOf(0)); } response.setClientIdIssuedAt(client.getRegisteredAt()); UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder(); if (supportRegistrationAccessTokens) { // both registration access token and uri are either included or excluded response.setRegistrationClientUri( ub.path(client.getClientId()).build().toString()); response.setRegistrationAccessToken( client.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN)); } return response; }
protected ClientRegistrationResponse fromClientToRegistrationResponse(Client client) { ClientRegistrationResponse response = new ClientRegistrationResponse(); response.setClientId(client.getClientId()); if (client.getClientSecret() != null) { response.setClientSecret(client.getClientSecret()); // TODO: consider making Client secret time limited response.setClientSecretExpiresAt(Long.valueOf(0)); } response.setClientIdIssuedAt(client.getRegisteredAt()); UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder(); if (supportRegistrationAccessTokens) { // both registration access token and uri are either included or excluded response.setRegistrationClientUri( ub.path(client.getClientId()).build().toString()); response.setRegistrationAccessToken( client.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN)); } return response; }