/** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getJwks() */ public JWKSet getJwks() { return client.getJwks(); }
/** * Make sure the client has only one type of key registered * @param client */ private void ensureKeyConsistency(ClientDetailsEntity client) { if (client.getJwksUri() != null && client.getJwks() != null) { // a client can only have one key type or the other, not both throw new IllegalArgumentException("A client cannot have both JWKS URI and JWKS value"); } }
public JWTEncryptionAndDecryptionService getEncrypter(ClientDetailsEntity client) { try { if (client.getJwks() != null) { return jwksEncrypters.get(client.getJwks()); } else if (!Strings.isNullOrEmpty(client.getJwksUri())) { return jwksUriCache.getEncrypter(client.getJwksUri()); } else { return null; } } catch (UncheckedExecutionException | ExecutionException e) { logger.error("Problem loading client encrypter", e); return null; } }
if (Strings.isNullOrEmpty(client.getJwksUri()) && client.getJwks() == null) { logger.error("tried to create client with private key auth but no private key"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
if (Strings.isNullOrEmpty(client.getJwksUri()) && client.getJwks() == null) { logger.error("tried to create client with private key auth but no private key"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
if (client.getJwks() == null && Strings.isNullOrEmpty(client.getJwksUri())) { throw new IllegalArgumentException("[HEART mode] All clients must have a key registered");
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
writer.name(POLICY_URI).value(client.getPolicyUri()); writer.name(JWKS_URI).value(client.getJwksUri()); writer.name(JWKS).value((client.getJwks() != null) ? client.getJwks().toString() : null); writer.name(APPLICATION_TYPE) .value((client.getApplicationType() != null) ? client.getApplicationType().getValue() : null);
&& (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) {
&& (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) {
/** * Make sure the client has only one type of key registered * @param client */ private void ensureKeyConsistency(ClientDetailsEntity client) { if (client.getJwksUri() != null && client.getJwks() != null) { // a client can only have one key type or the other, not both throw new IllegalArgumentException("A client cannot have both JWKS URI and JWKS value"); } }
if (Strings.isNullOrEmpty(client.getJwksUri()) && client.getJwks() == null) { logger.error("tried to create client with private key auth but no private key"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
writer.name(POLICY_URI).value(client.getPolicyUri()); writer.name(JWKS_URI).value(client.getJwksUri()); writer.name(JWKS).value((client.getJwks() != null) ? client.getJwks().toString() : null); writer.name(APPLICATION_TYPE) .value((client.getApplicationType() != null) ? client.getApplicationType().getValue() : null);
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
&& (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) {
&& client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE) && (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) {
&& (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) {