From 4c43c7ad416f6a0b3b162ab68641939e8eb7cf49 Mon Sep 17 00:00:00 2001
From: Hitesh C <jainhitesh9998@gmail.com>
Date: Sun, 30 Apr 2023 19:36:49 +0000
Subject: [PATCH 1/2] Fix for 33021 changed string comparison from == to
 .equals().

---
 .../src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java
index 2b23b7609c4b9..0d5e48cc58f93 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java
@@ -334,7 +334,7 @@ private static Key readTokenDecryptionKey(OidcTenantConfig oidcConfig) {
                     List<JsonWebKey> keys = KeyUtils.loadJsonWebKeys(keyContent);
                     if (keys != null && keys.size() == 1 &&
                             (keys.get(0).getAlgorithm() == null
-                                    || keys.get(0).getAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP.getAlgorithm())
+                                    || keys.get(0).getAlgorithm().equals(KeyEncryptionAlgorithm.RSA_OAEP.getAlgorithm()))
                             && ("enc".equals(keys.get(0).getUse()) || keys.get(0).getUse() == null)) {
                         key = PublicJsonWebKey.class.cast(keys.get(0)).getPrivateKey();
                     }

From 9c7c84e96ef83e867bff56cafb0e8bae81e80626 Mon Sep 17 00:00:00 2001
From: Hitesh C <jainhitesh9998@gmail.com>
Date: Sun, 30 Apr 2023 20:35:45 +0000
Subject: [PATCH 2/2] [FIXED] Wiremock integrated tests after changing the
 privateKey for
 quarkus.oidc.code-flow-encrypted-id-token-jwk.token.decryption-key-location,
 the integration Tests fail for the older code and pass for the updated code,
 which is the expected behaviour

---
 .../src/main/resources/application.properties      |  2 +-
 .../main/resources/privateKeyEncryptedIdToken.jwk  | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 integration-tests/oidc-wiremock/src/main/resources/privateKeyEncryptedIdToken.jwk

diff --git a/integration-tests/oidc-wiremock/src/main/resources/application.properties b/integration-tests/oidc-wiremock/src/main/resources/application.properties
index e4b46e66fdb65..a549bdae45d0d 100644
--- a/integration-tests/oidc-wiremock/src/main/resources/application.properties
+++ b/integration-tests/oidc-wiremock/src/main/resources/application.properties
@@ -25,7 +25,7 @@ quarkus.oidc.code-flow-encrypted-id-token-jwk.client-id=quarkus-web-app
 quarkus.oidc.code-flow-encrypted-id-token-jwk.credentials.secret=secret
 quarkus.oidc.code-flow-encrypted-id-token-jwk.application-type=web-app
 quarkus.oidc.code-flow-encrypted-id-token-jwk.token-path=${keycloak.url}/realms/quarkus/encrypted-id-token
-quarkus.oidc.code-flow-encrypted-id-token-jwk.token.decryption-key-location=privateKey.jwk
+quarkus.oidc.code-flow-encrypted-id-token-jwk.token.decryption-key-location=privateKeyEncryptedIdToken.jwk
 
 quarkus.oidc.code-flow-encrypted-id-token-pem.auth-server-url=${keycloak.url}/realms/quarkus/
 quarkus.oidc.code-flow-encrypted-id-token-pem.client-id=quarkus-web-app
diff --git a/integration-tests/oidc-wiremock/src/main/resources/privateKeyEncryptedIdToken.jwk b/integration-tests/oidc-wiremock/src/main/resources/privateKeyEncryptedIdToken.jwk
new file mode 100644
index 0000000000000..5f0a577eff87b
--- /dev/null
+++ b/integration-tests/oidc-wiremock/src/main/resources/privateKeyEncryptedIdToken.jwk
@@ -0,0 +1,14 @@
+{
+ "kty":"RSA",
+"alg":"RSA-OAEP",
+"use":"enc",
+ "kid":"1",
+ "n":"iJw33l1eVAsGoRlSyo-FCimeOc-AaZbzQ2iESA3Nkuo3TFb1zIkmt0kzlnWVGt48dkaIl13Vdefh9hqw_r9yNF8xZqX1fp0PnCWc5M_TX_ht5fm9y0TpbiVmsjeRMWZn4jr3DsFouxQ9aBXUJiu26V0vd2vrECeeAreFT4mtoHY13D2WVeJvboc5mEJcp50JNhxRCJ5UkY8jR_wfUk2Tzz4-fAj5xQaBccXnqJMu_1C6MjoCEiB7G1d13bVPReIeAGRKVJIF6ogoCN8JbrOhc_48lT4uyjbgnd24beatuKWodmWYhactFobRGYo5551cgMe8BoxpVQ4to30cGA0qjQ",
+ "e":"AQAB",
+ "d":"AvIDTlsK_priQLTwEQf5IVf2Xl638Q7dHdXyDC-oAAPmv1GcqRVH7Wm5oAPW_CZQfWhV55WRVaJzP8AhksyD5NcslH79hQZT4NT6xgApGYecrvmseuZ4dfR-e1cxXTRNBxaoXvwSiv4LuOPHmC8XGX712AhOoCGKiZp1WFqqkKwTpkgJEApJFVb-XRIKQa0YaRKpJsJ534pLMwTh7LoPLM4BCaBVbRfHzH2H5L3TSJP718kyCuxg3z2p9Y7zIOLTmgFdeR0_kd_xKUFZ2ByN3SKlC0IWlLUSiMPsGYExRpZTMZHKyD939gv-2_Z-bOYfKlYNIvAmQH_8CcX2I039LQ",
+ "p":"104AjPaxZoi_BiMBODlChnZOvRJT071PdkeZ283uyrdW8qqKD9q8FTMgUXzKoboHtUiHbJbLOobPmPDh93839rq7dTdCNzNVOuLmE-V3_bmaShdzvxEIazwPf6AvjbEZAc-zu2RS4SNkp1LbzgSl9nINSlF7t6Lkl6T28PYULys",
+ "q":"om5ooyzxa4ZJ-dU0ODsEb-Bmz6xwb27xF9aEhBYJprHeoNs2QM1D64_A39weD9MYwBux4-ivshCJ0dVKEbDujJRLnzf-ssrasA6CFyaaCT4DKtq1oWb9rcG-2LQd5Bm9PttrUrSUNqitr085IYikaLEz7UU6gtXPoC8UOcJ4cSc",
+ "dp":"DeWE95Q8oweUfMrpmz1m49LjBiUWsAX6CQJaFevWy9LFk-gZ_Sf7F8sy_M93LLUbJkJGK2YYO_DTmWWC0Dyv2gb3bntglLuFdsWKYCJhekjugnW9DMoGpxU7Utt99kFGAe3sBd5V0x47sukQMt3t8FgwL2nO-G1VH8yP-8GGT_0",
+ "dq":"TGBeE1wuqMCcSD1YMJiPnYuGzF_o_nzMIMldxj4Wi6tXY4uwFwhtx3Xw21JFUGuSV8KuAtyGwNPF-kSwb2Eiyjdw140c1jVMXzxzLy-XfoEKPDxa62niHrHba0pGQ9tWgRfrfxgqGQl3odc-peX6aL_qCsdim-KtnkSE3iPzPkE",
+ "qi":"Jzp5KnT24y0wOoPUn_11S3ZcYl0i03dkaH4c5zR02G1MJG9K017juurx2aXVTctOzrj7O226EUiL1Qbq3QtnWFDDGY6vNZuqzJM7AMXsvp1djq_6fEVhxCIOgfJbmhb3mkG82rxn4et9o_TNr6mvEmHzG15sHbvZbAnn4GeqToY"
+}