Skip to content

Commit f1e6ec1

Browse files
jgrandjajgrandja
committed
Use ClientAuthenticationMethod constants tls_client_auth and self_signed_tls_client_auth
Issue spring-projectsgh-1558, spring-projectsgh-1559, spring-projectsgh-1560
1 parent 64558fc commit f1e6ec1

File tree

11 files changed

+46
-65
lines changed

11 files changed

+46
-65
lines changed

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/X509ClientCertificateAuthenticationProvider.java

+3-7
Original file line numberDiff line numberDiff line change
@@ -50,10 +50,6 @@
5050
*/
5151
public final class X509ClientCertificateAuthenticationProvider implements AuthenticationProvider {
5252
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-3.2.1";
53-
private static final ClientAuthenticationMethod TLS_CLIENT_AUTH_AUTHENTICATION_METHOD =
54-
new ClientAuthenticationMethod("tls_client_auth");
55-
private static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD =
56-
new ClientAuthenticationMethod("self_signed_tls_client_auth");
5753
private final Log logger = LogFactory.getLog(getClass());
5854
private final RegisteredClientRepository registeredClientRepository;
5955
private final CodeVerifierAuthenticator codeVerifierAuthenticator;
@@ -80,8 +76,8 @@ public Authentication authenticate(Authentication authentication) throws Authent
8076
OAuth2ClientAuthenticationToken clientAuthentication =
8177
(OAuth2ClientAuthenticationToken) authentication;
8278

83-
if (!TLS_CLIENT_AUTH_AUTHENTICATION_METHOD.equals(clientAuthentication.getClientAuthenticationMethod()) &&
84-
!SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD.equals(clientAuthentication.getClientAuthenticationMethod())) {
79+
if (!ClientAuthenticationMethod.TLS_CLIENT_AUTH.equals(clientAuthentication.getClientAuthenticationMethod()) &&
80+
!ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH.equals(clientAuthentication.getClientAuthenticationMethod())) {
8581
return null;
8682
}
8783

@@ -148,7 +144,7 @@ public void setCertificateVerifier(Consumer<OAuth2ClientAuthenticationContext> c
148144

149145
private void verifyX509Certificate(OAuth2ClientAuthenticationContext clientAuthenticationContext) {
150146
OAuth2ClientAuthenticationToken clientAuthentication = clientAuthenticationContext.getAuthentication();
151-
if (SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD.equals(clientAuthentication.getClientAuthenticationMethod())) {
147+
if (ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH.equals(clientAuthentication.getClientAuthenticationMethod())) {
152148
this.selfSignedCertificateVerifier.accept(clientAuthenticationContext);
153149
} else {
154150
verifyX509CertificateSubjectDN(clientAuthenticationContext);

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -129,8 +129,8 @@ private static Consumer<List<String>> clientAuthenticationMethods() {
129129
authenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue());
130130
authenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue());
131131
authenticationMethods.add(ClientAuthenticationMethod.PRIVATE_KEY_JWT.getValue());
132-
authenticationMethods.add("tls_client_auth");
133-
authenticationMethods.add("self_signed_tls_client_auth");
132+
authenticationMethods.add(ClientAuthenticationMethod.TLS_CLIENT_AUTH.getValue());
133+
authenticationMethods.add(ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH.getValue());
134134
};
135135
}
136136

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/DefaultOAuth2TokenClaimsConsumer.java

+2-6
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,6 @@
3434
* @since 1.3
3535
*/
3636
final class DefaultOAuth2TokenClaimsConsumer implements Consumer<Map<String, Object>> {
37-
private static final ClientAuthenticationMethod TLS_CLIENT_AUTH_AUTHENTICATION_METHOD =
38-
new ClientAuthenticationMethod("tls_client_auth");
39-
private static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD =
40-
new ClientAuthenticationMethod("self_signed_tls_client_auth");
4137
private final OAuth2TokenContext context;
4238

4339
DefaultOAuth2TokenClaimsConsumer(OAuth2TokenContext context) {
@@ -51,8 +47,8 @@ public void accept(Map<String, Object> claims) {
5147
this.context.getAuthorizationGrant() != null &&
5248
this.context.getAuthorizationGrant().getPrincipal() instanceof OAuth2ClientAuthenticationToken clientAuthentication) {
5349

54-
if ((TLS_CLIENT_AUTH_AUTHENTICATION_METHOD.equals(clientAuthentication.getClientAuthenticationMethod()) ||
55-
SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD.equals(clientAuthentication.getClientAuthenticationMethod())) &&
50+
if ((ClientAuthenticationMethod.TLS_CLIENT_AUTH.equals(clientAuthentication.getClientAuthenticationMethod()) ||
51+
ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH.equals(clientAuthentication.getClientAuthenticationMethod())) &&
5652
this.context.getRegisteredClient().getTokenSettings().isX509CertificateBoundAccessTokens()) {
5753

5854
X509Certificate[] clientCertificateChain = (X509Certificate[]) clientAuthentication.getCredentials();

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -122,8 +122,8 @@ private static Consumer<List<String>> clientAuthenticationMethods() {
122122
authenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue());
123123
authenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue());
124124
authenticationMethods.add(ClientAuthenticationMethod.PRIVATE_KEY_JWT.getValue());
125-
authenticationMethods.add("tls_client_auth");
126-
authenticationMethods.add("self_signed_tls_client_auth");
125+
authenticationMethods.add(ClientAuthenticationMethod.TLS_CLIENT_AUTH.getValue());
126+
authenticationMethods.add(ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH.getValue());
127127
};
128128
}
129129

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/X509ClientCertificateAuthenticationConverter.java

+2-6
Original file line numberDiff line numberDiff line change
@@ -44,10 +44,6 @@
4444
* @see OAuth2ClientAuthenticationFilter
4545
*/
4646
public final class X509ClientCertificateAuthenticationConverter implements AuthenticationConverter {
47-
private static final ClientAuthenticationMethod TLS_CLIENT_AUTH_AUTHENTICATION_METHOD =
48-
new ClientAuthenticationMethod("tls_client_auth");
49-
private static final ClientAuthenticationMethod SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD =
50-
new ClientAuthenticationMethod("self_signed_tls_client_auth");
5147

5248
@Nullable
5349
@Override
@@ -72,8 +68,8 @@ public Authentication convert(HttpServletRequest request) {
7268

7369
ClientAuthenticationMethod clientAuthenticationMethod =
7470
clientCertificateChain.length == 1 ?
75-
SELF_SIGNED_TLS_CLIENT_AUTH_AUTHENTICATION_METHOD :
76-
TLS_CLIENT_AUTH_AUTHENTICATION_METHOD;
71+
ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH :
72+
ClientAuthenticationMethod.TLS_CLIENT_AUTH;
7773

7874
return new OAuth2ClientAuthenticationToken(clientId, clientAuthenticationMethod,
7975
clientCertificateChain, additionalParameters);

0 commit comments

Comments
 (0)