| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| import {AuthenticationProviderConfig} from './authentication-provider-config'; |
| import {ValidationUtils} from '../utils/validation-utils'; |
| |
| export class OIDCProviderConfig extends AuthenticationProviderConfig { |
| |
| static CALLBACK_URL = 'Callback URL'; |
| static PROVIDER_ID = 'Provider Identifier'; |
| static PROVIDER_SECRET = 'Provider Secret'; |
| static PROVIDER_DISCOVERY_URL = 'Provider Discovery URL'; |
| static USE_NONCE = 'Use Nonce'; |
| static PREF_JWS_ALGO = 'Preferred JWS Algorithm'; |
| static MAX_CLOCK_SKEW = 'Maximum Clock Skew'; |
| static COOKIE_DOMAIN_SUFFIX = 'Cookie Domain Suffix'; |
| |
| |
| private static displayPropertyNames = [OIDCProviderConfig.CALLBACK_URL, |
| OIDCProviderConfig.PROVIDER_ID, |
| OIDCProviderConfig.PROVIDER_SECRET, |
| OIDCProviderConfig.PROVIDER_DISCOVERY_URL, |
| OIDCProviderConfig.USE_NONCE, |
| OIDCProviderConfig.PREF_JWS_ALGO, |
| OIDCProviderConfig.MAX_CLOCK_SKEW, |
| OIDCProviderConfig.COOKIE_DOMAIN_SUFFIX |
| ]; |
| |
| private static displayPropertyNameBindings: Map<string, string> = |
| new Map([ |
| [OIDCProviderConfig.CALLBACK_URL, 'pac4j.callbackUrl'], |
| [OIDCProviderConfig.COOKIE_DOMAIN_SUFFIX, 'pac4j.cookie.domain.suffix'], |
| [OIDCProviderConfig.PROVIDER_ID, 'oidc.id'], |
| [OIDCProviderConfig.PROVIDER_SECRET, 'oidc.secret'], |
| [OIDCProviderConfig.PROVIDER_DISCOVERY_URL, 'oidc.discoveryUri'], |
| [OIDCProviderConfig.USE_NONCE, 'oidc.useNonce'], |
| [OIDCProviderConfig.PREF_JWS_ALGO, 'oidc.preferredJwsAlgorithm'], |
| [OIDCProviderConfig.MAX_CLOCK_SKEW, 'oidc.maxClockSkew'], |
| ]); |
| |
| |
| constructor() { |
| super('pac4j', AuthenticationProviderConfig.FEDERATION_ROLE); |
| } |
| |
| getDisplayPropertyNames(): string[] { |
| return OIDCProviderConfig.displayPropertyNames; |
| } |
| |
| getDisplayNamePropertyBinding(name: string) { |
| return OIDCProviderConfig.displayPropertyNameBindings.get(name); |
| } |
| |
| isPasswordParam(name: string): boolean { |
| return (name === OIDCProviderConfig.PROVIDER_SECRET); |
| } |
| |
| isValidParamValue(paramName: string): boolean { |
| let isValid: boolean; |
| |
| switch (paramName) { |
| case OIDCProviderConfig.CALLBACK_URL: |
| case OIDCProviderConfig.PROVIDER_DISCOVERY_URL: |
| isValid = this.isValidURL(paramName); |
| break; |
| case OIDCProviderConfig.USE_NONCE: |
| isValid = this.isValidUseNonce(); |
| break; |
| case OIDCProviderConfig.MAX_CLOCK_SKEW: |
| isValid = this.isValidClockSkew(); |
| break; |
| default: |
| isValid = true; |
| } |
| |
| return isValid; |
| } |
| |
| private isValidURL(param: string): boolean { |
| let isValid = true; |
| |
| let url = this.getParam(this.getDisplayNamePropertyBinding(param)); |
| if (url) { |
| isValid = ValidationUtils.isValidHttpURL(url); |
| if (!isValid) { |
| console.debug(param + ' value is not a valid URL.'); |
| } |
| } |
| |
| return isValid; |
| } |
| |
| |
| private isValidUseNonce(): boolean { |
| let isValid = true; |
| |
| let useNonce = this.getParam(this.getDisplayNamePropertyBinding(OIDCProviderConfig.USE_NONCE)); |
| if (useNonce) { |
| isValid = ValidationUtils.isValidBoolean(useNonce); |
| if (!isValid) { |
| console.debug(OIDCProviderConfig.USE_NONCE + ' value is not a valid boolean.'); |
| } |
| } |
| |
| return isValid; |
| } |
| |
| private isValidClockSkew(): boolean { |
| let isValid = true; |
| |
| let clockSkew = this.getParam(this.getDisplayNamePropertyBinding(OIDCProviderConfig.MAX_CLOCK_SKEW)); |
| if (clockSkew) { |
| isValid = ValidationUtils.isValidNumber(clockSkew); |
| if (!isValid) { |
| console.debug(OIDCProviderConfig.MAX_CLOCK_SKEW + ' value is not a valid number'); |
| } |
| } |
| |
| return isValid; |
| } |
| } |