[squash] added changes for community stability level deployment

http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java

@@ -250,5 +250,9 @@ interface ElytronMessages extends BasicLogger {
     @LogMessage(level = INFO)
     @Message(id = 23061, value = "The OpenID provider does not support request parameters. Sending the request using OAuth2 format.")
     void requestParameterNotSupported();
+
+    @Message(id = 23062, value = "Attribute '%s' is not supported")
+    IOException unsupportedAttribute(String error);
+
 }
 

http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java

@@ -45,6 +45,7 @@
 public class Oidc {
 
     public static final String ACCEPT = "Accept";
+    public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format";
     public static final String OIDC_NAME = "OIDC";
     public static final String JSON_CONTENT_TYPE = "application/json";
     public static final String HTML_CONTENT_TYPE = "text/html";
@@ -53,6 +54,7 @@ public class Oidc {
     public static final String DISCOVERY_PATH = ".well-known/openid-configuration";
     public static final String KEYCLOAK_REALMS_PATH = "realms/";
     public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config";
+    public static final String JSON_CONFIG_UNSUPPORTED_ATTRIBUTE_PARAM = "unsupported-attribute";
     static final String ACCOUNT_PATH = "account";
     public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node";
     public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node";
@@ -74,6 +76,14 @@ public class Oidc {
     public static final String PASSWORD = "password";
     public static final String PROMPT = "prompt";
     public static final String REQUEST = "request";
+    public static final String REQUEST_OBJECT_CONTENT_ENCRYPTION_ALGORITHM = "request-object-content-encryption-algorithm";
+    public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHM = "request-object-encryption-algorithm";
+    public static final String REQUEST_OBJECT_SIGNING_ALGORITHM = "request-object-signing-algorithm";
+    public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_FILE = "request-object-signing-keystore-file";
+    public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD = "request-object-signing-keystore-password";
+    public static final String REQUEST_OBJECT_SIGNING_KEY_PASSWORD = "request-object-signing-key-password";
+    public static final String REQUEST_OBJECT_SIGNING_KEY_ALIAS = "request-object-signing-key-alias";
+    public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE = "request-object-signing-keystore-type";
     public static final String REQUEST_URI = "request_uri";
     public static final String SCOPE = "scope";
     public static final String UI_LOCALES = "ui_locales";

http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java

@@ -21,6 +21,15 @@
 import static org.wildfly.security.http.oidc.ElytronMessages.log;
 import static org.jose4j.jws.AlgorithmIdentifiers.NONE;
 import static org.wildfly.security.http.oidc.Oidc.AuthenticationFormat.REQUEST_TYPE_OAUTH2;
+import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_CONTENT_ENCRYPTION_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE;
 import static org.wildfly.security.http.oidc.Oidc.SSLRequired;
 import static org.wildfly.security.http.oidc.Oidc.TokenStore;
 
@@ -201,6 +210,16 @@ public HttpClient call() {
         };
     }
 
+    public static OidcClientConfiguration buildWithoutUnsupportedAttributes(String unsupportedAttributesParam, InputStream is) {
+        OidcJsonConfiguration oidcJsonConfiguration = loadOidcJsonConfiguration(is);
+        try {
+            failIfUnsupportedAttribute(unsupportedAttributesParam, oidcJsonConfiguration);
+            return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     public static OidcClientConfiguration build(InputStream is) {
         OidcJsonConfiguration oidcJsonConfiguration = loadOidcJsonConfiguration(is);
         return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration);
@@ -221,4 +240,60 @@ public static OidcJsonConfiguration loadOidcJsonConfiguration(InputStream is) {
     public static OidcClientConfiguration build(OidcJsonConfiguration oidcJsonConfiguration) {
         return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration);
     }
+
+    private static void failIfUnsupportedAttribute(String unsupportedAttributesParameter, OidcJsonConfiguration config) throws IOException {
+        if (unsupportedAttributesParameter == null) {
+            return;
+        }
+        String[] unsupportedAttributes = unsupportedAttributesParameter.split(" ");
+        for (String attributeName : unsupportedAttributes) {
+            switch(attributeName) {
+                case AUTHENTICATION_REQUEST_FORMAT:
+                    if (config.getAuthenticationRequestFormat()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_CONTENT_ENCRYPTION_ALGORITHM:
+                    if (config.getRequestContentEncryptionMethod()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_ENCRYPTION_ALGORITHM:
+                    if (config.getRequestEncryptAlgorithm()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_SIGNING_ALGORITHM:
+                    if (config.getRequestSignatureAlgorithm()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_SIGNING_KEY_ALIAS:
+                    if (config.getRequestObjectSigningKeyAlias()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_SIGNING_KEY_PASSWORD:
+                    if (config.getRequestObjectSigningKeyPassword()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_SIGNING_KEYSTORE_FILE:
+                    if (config.getRequestObjectSigningKeyStoreFile()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD:
+                    if (config.getRequestObjectSigningKeystorePassword()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+                case REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE:
+                    if (config.getRequestObjectSigningKeystoreType()!= null) {
+                        throw log.unsupportedAttribute(attributeName);
+                    }
+                    break;
+            }
+        }
+    }
 }

http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcConfigurationServletListener.java

@@ -20,6 +20,7 @@
 
 import static org.wildfly.security.http.oidc.ElytronMessages.log;
 import static org.wildfly.security.http.oidc.Oidc.JSON_CONFIG_CONTEXT_PARAM;
+import static org.wildfly.security.http.oidc.Oidc.JSON_CONFIG_UNSUPPORTED_ATTRIBUTE_PARAM;
 import static org.wildfly.security.http.oidc.Oidc.OIDC_CLIENT_CONFIG_RESOLVER;
 import static org.wildfly.security.http.oidc.Oidc.OIDC_CLIENT_CONTEXT_KEY;
 import static org.wildfly.security.http.oidc.Oidc.OIDC_CONFIG_FILE_LOCATION;
@@ -66,7 +67,7 @@ public void contextInitialized(ServletContextEvent sce) {
                 if (is == null) {
                     oidcClientConfiguration = new OidcClientConfiguration();
                 } else {
-                    oidcClientConfiguration = OidcClientConfigurationBuilder.build(is);
+                    oidcClientConfiguration = OidcClientConfigurationBuilder.buildWithoutUnsupportedAttributes(servletContext.getInitParameter(JSON_CONFIG_UNSUPPORTED_ATTRIBUTE_PARAM), is);
                 }
                 clientContext = new OidcClientContext(oidcClientConfiguration);
             }