Revert "refactored code to use the more generic JWT declaration."

This reverts commit e0b56bc72a.

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java

@@ -31,11 +31,8 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 import org.springframework.security.authentication.AuthenticationServiceException;
 
 import com.google.common.base.Joiner;
-import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.PlainJWT;
 import com.nimbusds.jwt.SignedJWT;
 
 /**
@@ -74,15 +71,9 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
             claims.setClaim(option.getKey(), option.getValue());
         }
 
-		JWSAlgorithm alg = signingAndValidationService.getDefaultSigningAlgorithm();
 		
-		JWT jwt;
-		
-		if (alg.equals(JWSAlgorithm.NONE)) { // alg:none
-			jwt = new PlainJWT(claims);
-		} else { // signature needed
-			jwt = new SignedJWT(new JWSHeader(alg), claims);
-		}
+
+		SignedJWT jwt = new SignedJWT(new JWSHeader(signingAndValidationService.getDefaultSigningAlgorithm()), claims);
 
 		signingAndValidationService.signJwt(jwt);
 

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java

@@ -22,7 +22,7 @@ import java.util.Map;
 
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.JWK;
-import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.SignedJWT;
 
 public interface JwtSigningAndValidationService {
 
@@ -32,16 +32,15 @@ public interface JwtSigningAndValidationService {
 	public Map<String, JWK> getAllPublicKeys();
 
 	/**
-	 * If alg:none is the default algorithm, verifies that the signature part is empty. 
-	 * Otherwise, checks the signature of the given JWT against all configured non-plain signers,
-	 * returns true if at least one of the non-plain signers validates it.
+	 * Checks the signature of the given JWT against all configured signers,
+	 * returns true if at least one of the signers validates it.
 	 * 
 	 * @param jwtString
 	 *            the string representation of the JWT as sent on the wire
 	 * @return true if the signature is valid, false if not
 	 * @throws NoSuchAlgorithmException
 	 */
-	public boolean validateSignature(JWT jwtString);
+	public boolean validateSignature(SignedJWT jwtString);
 
 	/**
 	 * Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
@@ -51,7 +50,7 @@ public interface JwtSigningAndValidationService {
 	 * @return the signed jwt
 	 * @throws NoSuchAlgorithmException
 	 */
-	public void signJwt(JWT jwt);
+	public void signJwt(SignedJWT jwt);
 
 	/**
 	 * Get the default signing algorithm for use when nothing else has been specified.
@@ -73,7 +72,7 @@ public interface JwtSigningAndValidationService {
 	 * @param alg the name of the algorithm to use, as specified in JWS s.6
 	 * @return the signed jwt
 	 */
-	public void signJwt(JWT jwt, JWSAlgorithm alg);
+	public void signJwt(SignedJWT jwt, JWSAlgorithm alg);
 
 	/**
 	 * TODO: method to sign a jwt using a specified algorithm and a key id

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -20,6 +20,8 @@ import java.util.Date;
 import java.util.Set;
 import java.util.UUID;
 
+import javax.servlet.http.HttpSession;
+
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
@@ -37,6 +39,8 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.token.TokenEnhancer;
 import org.springframework.stereotype.Service;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
@@ -44,9 +48,7 @@ import com.google.common.collect.Sets;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.util.Base64URL;
-import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.PlainJWT;
 import com.nimbusds.jwt.SignedJWT;
 
 @Service
@@ -92,17 +94,11 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			signingAlg = client.getIdTokenSignedResponseAlg().getAlgorithm();
 		}
 		
-		JWT jwt;
-		
-		if (signingAlg.equals(JWSAlgorithm.NONE)) { // alg:none
-			jwt = new PlainJWT(claims);
-		} else { // signature needed
-			jwt = new SignedJWT(new JWSHeader(signingAlg), claims);
-		}
+		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
 
-		jwtService.signJwt(jwt);
+		jwtService.signJwt(signed);
 
-		token.setJwt(jwt);
+		token.setJwt(signed);
 
 		/**
 		 * Authorization request scope MUST include "openid" in OIDC, but access token request

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -57,9 +57,7 @@ import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.PlainJWT;
 import com.nimbusds.jwt.SignedJWT;
 
 @Controller
@@ -365,18 +363,11 @@ public class ClientDynamicRegistrationEndpoint {
 
 		// TODO: use client's default signing algorithm
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
-		
-		JWT jwt;
-		
-		if (signingAlg.equals(JWSAlgorithm.NONE)) { // alg:none
-			jwt = new PlainJWT(claims);
-		} else { // signature needed
-			jwt = new SignedJWT(new JWSHeader(signingAlg), claims);
-		}
+		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
 
-		jwtService.signJwt(jwt);
+		jwtService.signJwt(signed);
 
-		token.setJwt(jwt);
+		token.setJwt(signed);
 
 		tokenService.saveAccessToken(token);