use enum for OIDC client authentication methods

apache · Nov 15, 2023 · e5e13a2 · e5e13a2
1 parent 6e6bc20
commit e5e13a2
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 21 deletions.
diff --git a/...rc/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java b/...rc/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -61,6 +61,7 @@
 import org.apache.syncope.common.lib.to.RealmTO;
 import org.apache.syncope.common.lib.types.ClientAppType;
 import org.apache.syncope.common.lib.types.LogoutType;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethods;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -351,25 +352,46 @@ protected Iterator<String> getChoices(final String input) {
                     fields.add(logoutUri);
 
                     BinaryFieldPanel jwks = new BinaryFieldPanel(
-                            "field", "jwks", new PropertyModel<>(clientAppTO, "jwks"), MediaType.APPLICATION_JSON, "");
-                    if (clientAppTO instanceof OIDCRPClientAppTO
-                            && StringUtils.isNotBlank(((OIDCRPClientAppTO) clientAppTO).getJwks())) {
-                        ((OIDCRPClientAppTO) clientAppTO).setJwks(Base64.getEncoder().encodeToString(
-                                ((OIDCRPClientAppTO) clientAppTO).getJwks().getBytes(StandardCharsets.UTF_8)));
-                        jwks.setNewModel(new PropertyModel<>(clientAppTO, "jwks"));
-                    }
+                            "field",
+                            "jwks",
+                            new Model<>() {
+
+                                private static final long serialVersionUID = 7666049400663637482L;
+
+                                @Override
+                                public String getObject() {
+                                    return StringUtils.isBlank(((OIDCRPClientAppTO) clientAppTO).getJwks())
+                                            ? null
+                                            : Base64.getEncoder().encodeToString(((OIDCRPClientAppTO) clientAppTO)
+                                            .getJwks().getBytes(StandardCharsets.UTF_8));
+                                }
+
+                                @Override
+                                public void setObject(final String object) {
+                                    if (StringUtils.isNotBlank(object)) {
+                                        ((OIDCRPClientAppTO) clientAppTO).setJwks(
+                                                new String(Base64.getDecoder().decode(object), StandardCharsets.UTF_8));
+                                    } else {
+                                        ((OIDCRPClientAppTO) clientAppTO).setJwks("");
+                                    }
+                                }
+                            },
+                            MediaType.APPLICATION_JSON,
+                            "client-jwks");
                     fields.add(jwks);
 
                     AjaxTextFieldPanel jwksUri = new AjaxTextFieldPanel(
                             "field", "jwksUri", new PropertyModel<>(clientAppTO, "jwksUri"), false);
                     jwksUri.addValidator(new UrlValidator());
                     fields.add(jwksUri);
 
-                    AjaxTextFieldPanel tokenEndpointAuthenticationMethod = new AjaxTextFieldPanel(
+                    AjaxDropDownChoicePanel<OIDCClientAuthenticationMethods> tokenEndpointAuthenticationMethod =
+                            new AjaxDropDownChoicePanel<>(
                             "field",
                             "tokenEndpointAuthenticationMethod",
                             new PropertyModel<>(clientAppTO, "tokenEndpointAuthenticationMethod"),
                             false);
+                    tokenEndpointAuthenticationMethod.setChoices(List.of(OIDCClientAuthenticationMethods.values()));
                     fields.add(tokenEndpointAuthenticationMethod);
                     break;
 
@@ -482,10 +504,6 @@ protected void populateItem(final ListItem<Component> item) {
         @Override
         public void onSubmit(final AjaxRequestTarget target) {
             try {
-                if (clientAppTO instanceof OIDCRPClientAppTO) {
-                    ((OIDCRPClientAppTO) clientAppTO).setJwks(new String(Base64.getDecoder().decode(
-                            ((OIDCRPClientAppTO) clientAppTO).getJwks()), StandardCharsets.UTF_8));
-                }
                 if (clientAppTO.getKey() == null) {
                     clientAppRestClient.create(type, clientAppTO);
                 } else {

diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
@@ -26,6 +26,7 @@
 import java.util.List;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethods;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -61,7 +62,8 @@ public class OIDCRPClientAppTO extends ClientAppTO {
 
     private String jwksUri;
 
-    private String tokenEndpointAuthenticationMethod = "client_secret_basic";
+    private OIDCClientAuthenticationMethods tokenEndpointAuthenticationMethod =
+            OIDCClientAuthenticationMethods.CLIENT_SECRET_BASIC;
 
     @JacksonXmlProperty(localName = "_class", isAttribute = true)
     @JsonProperty("_class")
@@ -168,11 +170,12 @@ public void setJwksUri(final String jwksUri) {
         this.jwksUri = jwksUri;
     }
 
-    public String getTokenEndpointAuthenticationMethod() {
+    public OIDCClientAuthenticationMethods getTokenEndpointAuthenticationMethod() {
         return tokenEndpointAuthenticationMethod;
     }
 
-    public void setTokenEndpointAuthenticationMethod(final String tokenEndpointAuthenticationMethod) {
+    public void setTokenEndpointAuthenticationMethod(
+            final OIDCClientAuthenticationMethods tokenEndpointAuthenticationMethod) {
         this.tokenEndpointAuthenticationMethod = tokenEndpointAuthenticationMethod;
     }
 

diff --git a/...ib/src/main/java/org/apache/syncope/common/lib/types/OIDCClientAuthenticationMethods.java b/...ib/src/main/java/org/apache/syncope/common/lib/types/OIDCClientAuthenticationMethods.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+public enum OIDCClientAuthenticationMethods {
+    CLIENT_SECRET_BASIC("client_secret_basic"),
+    CLIENT_SECRET_POST("client_secret_post"),
+    CLIENT_SECRET_JWT("client_secret_jwt"),
+    PRIVATE_KEY_JWT("private_key_jwt"),
+    TLS_CLIENT_AUTH("tls_client_auth");
+
+    private final String authenticationMethod;
+
+    OIDCClientAuthenticationMethods(final String authenticationMethod) {
+        this.authenticationMethod = authenticationMethod;
+    }
+
+    public String getAuthenticationMethod() {
+        return authenticationMethod;
+    }
+}
diff --git a/...-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java b/...-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
@@ -19,6 +19,7 @@
 package org.apache.syncope.core.persistence.api.entity.am;
 
 import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethods;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -69,7 +70,7 @@ public interface OIDCRPClientApp extends ClientApp {
 
     void setJwksUri(String jwksUri);
 
-    String getTokenEndpointAuthenticationMethod();
+    OIDCClientAuthenticationMethods getTokenEndpointAuthenticationMethod();
 
-    void setTokenEndpointAuthenticationMethod(String tokenEndpointAuthenticationMethod);
+    void setTokenEndpointAuthenticationMethod(OIDCClientAuthenticationMethods tokenEndpointAuthenticationMethod);
 }
diff --git a/...a/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java b/...a/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
@@ -33,6 +33,7 @@
 import javax.persistence.PreUpdate;
 import javax.persistence.Table;
 import javax.persistence.Transient;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethods;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -107,7 +108,7 @@ public class JPAOIDCRPClientApp extends AbstractClientApp implements OIDCRPClien
 
     private String jwksUri;
 
-    private String tokenEndpointAuthenticationMethod;
+    private OIDCClientAuthenticationMethods tokenEndpointAuthenticationMethod;
 
     @Override
     public Set<String> getRedirectUris() {
@@ -220,12 +221,13 @@ public void setJwksUri(final String jwksUri) {
     }
 
     @Override
-    public String getTokenEndpointAuthenticationMethod() {
+    public OIDCClientAuthenticationMethods getTokenEndpointAuthenticationMethod() {
         return tokenEndpointAuthenticationMethod;
     }
 
     @Override
-    public void setTokenEndpointAuthenticationMethod(final String tokenEndpointAuthenticationMethod) {
+    public void setTokenEndpointAuthenticationMethod(
+            final OIDCClientAuthenticationMethods tokenEndpointAuthenticationMethod) {
         this.tokenEndpointAuthenticationMethod = tokenEndpointAuthenticationMethod;
     }
 

diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -95,7 +95,8 @@ public RegisteredService map(
                 map(OIDCResponseType::getExternalForm).collect(Collectors.toSet()));
         Optional.ofNullable(rp.getSubjectType()).ifPresent(st -> service.setSubjectType(st.name()));
         service.setLogoutUrl(rp.getLogoutUri());
-        service.setTokenEndpointAuthenticationMethod(rp.getTokenEndpointAuthenticationMethod());
+        service.setTokenEndpointAuthenticationMethod(
+                rp.getTokenEndpointAuthenticationMethod().getAuthenticationMethod());
 
         service.setScopes(new HashSet<>(rp.getScopes()));