add signing alg: ES, RS, PS

2026-02-06 15:56:57 +00:00 · 2020-11-11 22:32:43 +08:00 · 2020-11-11 22:32:43 +08:00 · 7ad60111f7
commit 7ad60111f7
parent 6ee383f3ed
3 changed files with 17 additions and 19 deletions
--- a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
+++ b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
@ -82,20 +82,9 @@ class ConsumerRegistration extends MdcLoggable {

    val appTypes = List((AppType.Web.toString, AppType.Web.toString), (AppType.Mobile.toString, AppType.Mobile.toString))
    val signingAlgs = List(
-      "ES256",
-      "ES256K",
-      "ES512",
-      "ES384",
-      "EdDSA",
-      "RS256",
-      "RS512",
-      "RS38",
-      "HS256",
-      "HS384",
-      "HS512",
-      "PS256",
-      "PS384",
-      "PS512"
+      "ES256", "ES384", "ES512",
+      //Hydra support alg: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384 and ES512
+      "RS256", "RS384", "RS512", "PS256", "PS384", "PS512"
      ).map(it => it -> it)

    def submitButtonDefense: Unit = {
@ -137,6 +126,7 @@ class ConsumerRegistration extends MdcLoggable {
      val urlDirectLoginEndpoint = APIUtil.getPropsValue("hostname", "") + "/my/logins/direct"
      val jwksUri = jwksUriVar.is
      val jwks = jwksVar.is
+      val jwsAlg = signingAlgVar.is
      var jwkPrivateKey: String = s"Please change this value to ${if(StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key"
      if(HydraUtil.mirrorConsumerInHydra) {
        HydraUtil.createHydraClient(consumer, oAuth2Client => {
@ -216,6 +206,7 @@ class ConsumerRegistration extends MdcLoggable {
                  }
              }
            } &
+            "#client_jws_alg" #> Unparsed(jwsAlg) &
            "#jwk_private_key" #> Unparsed(jwkPrivateKey)
        } else {
          "#hydra-client-info-title *" #> "" &
--- a/obp-api/src/main/scala/code/util/HydraUtil.scala
+++ b/obp-api/src/main/scala/code/util/HydraUtil.scala
@ -5,9 +5,9 @@ import java.util.UUID
 import code.api.util.APIUtil
 import code.model.Consumer
 import code.model.Consumer.redirectURLRegex
-import com.nimbusds.jose.Algorithm
-import com.nimbusds.jose.jwk.gen.ECKeyGenerator
-import com.nimbusds.jose.jwk.{Curve, ECKey, KeyUse}
+import com.nimbusds.jose.jwk.gen.{ECKeyGenerator, JWKGenerator, RSAKeyGenerator}
+import com.nimbusds.jose.jwk.{AsymmetricJWK, Curve, ECKey, JWK, KeyUse, RSAKey}
+import com.nimbusds.jose.{Algorithm, JWSAlgorithm}
 import org.apache.commons.lang3.StringUtils
 import sh.ory.hydra.api.{AdminApi, PublicApi}
 import sh.ory.hydra.model.OAuth2Client
@ -91,8 +91,14 @@ object HydraUtil {
   * @return private key json string to public key
   */
  def createJwk(signingAlg: String): (String, String) = {
-    val jwk:ECKey = new ECKeyGenerator(Curve.P_256)
-      .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
+    val keyGenerator = if(signingAlg.startsWith("ES")) {
+      val curves = Curve.forJWSAlgorithm(JWSAlgorithm.parse(signingAlg))
+      val curve:Curve = curves.iterator().next()
+      new ECKeyGenerator(curve)
+    } else {
+      new RSAKeyGenerator(RSAKeyGenerator.MIN_KEY_SIZE_BITS)
+    }
+    val jwk: JWK = keyGenerator.keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
      .keyID(UUID.randomUUID().toString()) // give the key a unique ID
      .algorithm(new Algorithm(signingAlg))
      .generate()
--- a/obp-api/src/main/webapp/consumer-registration.html
+++ b/obp-api/src/main/webapp/consumer-registration.html
@ -236,6 +236,7 @@ Berlin 13359, Germany
 							  oauth2.request_uri=<span id="request_uri_value">http://127.0.0.1:8081/request_object.json</span><br>
 						  </span>
 						  oauth2.client_scope=<span id="client_scope"><span class="client-scope-value">ReadAccountsBasic</span><br></span><br>
+						  oauth2.jws_alg=<span id="client_jws_alg"></span><br>
 						  oauth2.jwk_private_key=<span id="jwk_private_key">content of jwk key</span><br>
 					</span>
 				</div>