Set client jwks value when create new consumer

obp-api/src/main/scala/bootstrap/liftweb/Boot.scala

@@ -678,7 +678,7 @@ class Boot extends MdcLoggable {
 
     Consumers.consumers.vend.getConsumersFuture().foreach{ consumers =>
       consumers.filter(consumer => consumer.isActive.get && !oAuth2ClientIds.contains(consumer.key.get))
-        .foreach(HydraUtil.createHydraClient)
+        .foreach(HydraUtil.createHydraClient(_))
     }
   }
 

obp-api/src/main/scala/code/model/OAuth.scala

@@ -177,9 +177,7 @@ object MappedConsumersProvider extends ConsumersProvider with MdcLoggable {
       clientCertificate.filter(StringUtils.isNotBlank).foreach(c.clientCertificate(_))
 
       if(c.validate.isEmpty) {
-        val consumer = c.saveMe()
-        if(mirrorConsumerInHydra) createHydraClient(consumer)
-        consumer
+        c.saveMe()
       }
       else
         throw new Error(c.validate.map(_.msg.toString()).mkString(";"))

obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala

@@ -102,7 +102,12 @@ class ConsumerRegistration extends MdcLoggable {
     def showResults(consumer : Consumer) = {
       val urlOAuthEndpoint = APIUtil.getPropsValue("hostname", "") + "/oauth/initiate"
       val urlDirectLoginEndpoint = APIUtil.getPropsValue("hostname", "") + "/my/logins/direct"
-
+      var jwkPrivateKey: String = ""
+      if(HydraUtil.mirrorConsumerInHydra) {
+        val(privateKey, publicKey) = HydraUtil.createJwk
+        jwkPrivateKey = privateKey
+        HydraUtil.createHydraClient(consumer, publicKey)
+      }
       val registerConsumerSuccessMessageWebpage = getWebUiPropsValue(
         "webui_register_consumer_success_message_webpage", 
         "Thanks for registering your consumer with the Open Bank Project API! Here is your developer information. Please save it in a secure location.")
@@ -145,10 +150,8 @@ class ConsumerRegistration extends MdcLoggable {
                     }
                   }
               }
-            }
-//          & "#base_url *" #> S.getRequestHeader("Referer")
-//              .map(StringUtils.substringBeforeLast(_, S.uri))
-//              .getOrElse("")
+            } &
+            "#jwk_private_key" #> Unparsed(jwkPrivateKey)
         } else {
           "#hydra-client-info-title *" #> "" &
             "#hydra-client-info *" #> ""
@@ -264,7 +267,8 @@ class ConsumerRegistration extends MdcLoggable {
           Some(clientCertificate))
         logger.debug("consumer: " + consumer)
         consumer match {
-          case Full(x) => showRegistrationResults(x)
+          case Full(x) =>
+            showRegistrationResults(x)
           case Failure(msg, _, _) => showValidationErrors(msg.split(";").toList)
           case _ => showUnknownErrors(List(ErrorMessages.UnknownError))
         }

obp-api/src/main/scala/code/util/HydraUtil.scala

@@ -1,13 +1,18 @@
 package code.util
 
+import java.util.UUID
+
 import code.api.util.APIUtil
 import code.model.Consumer
 import code.model.Consumer.redirectURLRegex
-import code.model.dataAccess.AuthUser
+import com.nimbusds.jose.{Algorithm, JWSAlgorithm}
+import com.nimbusds.jose.jwk.gen.ECKeyGenerator
+import com.nimbusds.jose.jwk.{Curve, ECKey, KeyUse}
 import org.apache.commons.lang3.StringUtils
-import sh.ory.hydra.{ApiClient, Configuration}
+import org.codehaus.jackson.map.ObjectMapper
 import sh.ory.hydra.api.{AdminApi, PublicApi}
 import sh.ory.hydra.model.OAuth2Client
+import sh.ory.hydra.{ApiClient, Configuration}
 
 import scala.collection.immutable.List
 import scala.jdk.CollectionConverters.{mapAsJavaMapConverter, seqAsJavaListConverter}
@@ -53,7 +58,7 @@ object HydraUtil {
    * @param consumer
    * @return created Hydra client or None
    */
-  def createHydraClient(consumer: Consumer): Option[OAuth2Client] = {
+  def createHydraClient(consumer: Consumer, jwkPublicKey: String = null): Option[OAuth2Client] = {
     val redirectUrl = consumer.redirectURL.get
     if (StringUtils.isBlank(redirectUrl) || redirectURLRegex.findFirstIn(redirectUrl).isEmpty) {
       return None
@@ -74,9 +79,30 @@ object HydraUtil {
       val clientMeta = Map("client_certificate" -> consumer.clientCertificate.get).asJava
       oAuth2Client.setMetadata(clientMeta)
     }
-
-    oAuth2Client.setTokenEndpointAuthMethod("client_secret_post")
-
+    if(StringUtils.isBlank(jwkPublicKey)) {
+      oAuth2Client.setTokenEndpointAuthMethod("client_secret_post")
+    } else {
+      oAuth2Client.setTokenEndpointAuthMethod("private_key_jwt")
+      val jwks = s"""{"keys": [$jwkPublicKey]}"""
+      val jwksMap = new ObjectMapper().readValue(jwks, classOf[java.util.Map[String, _]])
+      oAuth2Client.setJwks(jwksMap)
+      oAuth2Client.setTokenEndpointAuthSigningAlg(JWSAlgorithm.ES256.getName)
+    }
     Some(hydraAdmin.createOAuth2Client(oAuth2Client))
   }
+
+
+  /**
+   * create jwk
+   * @return private key json string to public key
+   */
+  def createJwk: (String, String) = {
+    val jwk:ECKey = new ECKeyGenerator(Curve.P_256)
+      .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
+      .keyID(UUID.randomUUID().toString()) // give the key a unique ID
+      .algorithm(new Algorithm("ES256"))
+      .generate()
+
+    jwk.toJSONString -> jwk.toPublicJWK().toJSONString
+  }
 }

obp-api/src/main/webapp/consumer-registration.html

@@ -175,6 +175,7 @@ Berlin 13359, Germany
 						  oauth2.client_secret=<span id="client_secret">secret</span><br>
 						  oauth2.redirect_uri=<span id="redirect_uri">http://127.0.0.1:8081/main.html</span><br>
 						  oauth2.client_scope=<span id="client_scope"><span class="client-scope-value">ReadAccountsBasic</span><br></span><br>
+						  oauth2.jwk_private_key=<span id="jwk_private_key" style="word-wrap: anywhere"></span><br>
 					</span>
 				</div>
 			</div>