diff --git a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
index c8d1ad7ee..2c149651f 100644
--- a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
+++ b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
@@ -82,20 +82,9 @@ class ConsumerRegistration extends MdcLoggable {
val appTypes = List((AppType.Web.toString, AppType.Web.toString), (AppType.Mobile.toString, AppType.Mobile.toString))
val signingAlgs = List(
- "ES256",
- "ES256K",
- "ES512",
- "ES384",
- "EdDSA",
- "RS256",
- "RS512",
- "RS38",
- "HS256",
- "HS384",
- "HS512",
- "PS256",
- "PS384",
- "PS512"
+ "ES256", "ES384", "ES512",
+ //Hydra support alg: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384 and ES512
+ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512"
).map(it => it -> it)
def submitButtonDefense: Unit = {
@@ -137,6 +126,7 @@ class ConsumerRegistration extends MdcLoggable {
val urlDirectLoginEndpoint = APIUtil.getPropsValue("hostname", "") + "/my/logins/direct"
val jwksUri = jwksUriVar.is
val jwks = jwksVar.is
+ val jwsAlg = signingAlgVar.is
var jwkPrivateKey: String = s"Please change this value to ${if(StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key"
if(HydraUtil.mirrorConsumerInHydra) {
HydraUtil.createHydraClient(consumer, oAuth2Client => {
@@ -216,6 +206,7 @@ class ConsumerRegistration extends MdcLoggable {
}
}
} &
+ "#client_jws_alg" #> Unparsed(jwsAlg) &
"#jwk_private_key" #> Unparsed(jwkPrivateKey)
} else {
"#hydra-client-info-title *" #> "" &
diff --git a/obp-api/src/main/scala/code/util/HydraUtil.scala b/obp-api/src/main/scala/code/util/HydraUtil.scala
index 25ceb4ac8..9423771c8 100644
--- a/obp-api/src/main/scala/code/util/HydraUtil.scala
+++ b/obp-api/src/main/scala/code/util/HydraUtil.scala
@@ -5,9 +5,9 @@ import java.util.UUID
import code.api.util.APIUtil
import code.model.Consumer
import code.model.Consumer.redirectURLRegex
-import com.nimbusds.jose.Algorithm
-import com.nimbusds.jose.jwk.gen.ECKeyGenerator
-import com.nimbusds.jose.jwk.{Curve, ECKey, KeyUse}
+import com.nimbusds.jose.jwk.gen.{ECKeyGenerator, JWKGenerator, RSAKeyGenerator}
+import com.nimbusds.jose.jwk.{AsymmetricJWK, Curve, ECKey, JWK, KeyUse, RSAKey}
+import com.nimbusds.jose.{Algorithm, JWSAlgorithm}
import org.apache.commons.lang3.StringUtils
import sh.ory.hydra.api.{AdminApi, PublicApi}
import sh.ory.hydra.model.OAuth2Client
@@ -91,8 +91,14 @@ object HydraUtil {
* @return private key json string to public key
*/
def createJwk(signingAlg: String): (String, String) = {
- val jwk:ECKey = new ECKeyGenerator(Curve.P_256)
- .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
+ val keyGenerator = if(signingAlg.startsWith("ES")) {
+ val curves = Curve.forJWSAlgorithm(JWSAlgorithm.parse(signingAlg))
+ val curve:Curve = curves.iterator().next()
+ new ECKeyGenerator(curve)
+ } else {
+ new RSAKeyGenerator(RSAKeyGenerator.MIN_KEY_SIZE_BITS)
+ }
+ val jwk: JWK = keyGenerator.keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
.keyID(UUID.randomUUID().toString()) // give the key a unique ID
.algorithm(new Algorithm(signingAlg))
.generate()
diff --git a/obp-api/src/main/webapp/consumer-registration.html b/obp-api/src/main/webapp/consumer-registration.html
index 9abd329f8..4c9d6ac2e 100644
--- a/obp-api/src/main/webapp/consumer-registration.html
+++ b/obp-api/src/main/webapp/consumer-registration.html
@@ -236,6 +236,7 @@ Berlin 13359, Germany
oauth2.request_uri=http://127.0.0.1:8081/request_object.json
oauth2.client_scope=ReadAccountsBasic
+ oauth2.jws_alg=
oauth2.jwk_private_key=content of jwk key