From 22b89f50be72f6a3da0781855a88e9c4684d5235 Mon Sep 17 00:00:00 2001
From: William Kim <wkim@mitre.org>
Date: Wed, 3 Jul 2013 15:36:09 -0400
Subject: [PATCH] restored scheme choosing logic in webfinger service.

---
 .../client/service/impl/WebfingerIssuerService.java   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
index c6d693ae0..e562eaba7 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
@@ -248,9 +248,18 @@ public class WebfingerIssuerService implements IssuerService {
 
 			RestTemplate restTemplate = new RestTemplate(httpFactory);
 			// construct the URL to go to
+			
+			// preserving http scheme is strictly for demo system use only.
+			String scheme = key.getScheme();
+			if (!Strings.isNullOrEmpty(scheme) && scheme.equals("http")) {
+				scheme = "http://"; // add on colon and slashes.
+				logger.warn("Webfinger endpoint MUST use the https URI scheme.");
+			} else {
+				scheme = "https://";
+			}
 
 			// do a webfinger lookup
-			URIBuilder builder = new URIBuilder("https://" 
+			URIBuilder builder = new URIBuilder(scheme 
 												+ key.getHost()
 												+ (key.getPort() >= 0 ? ":" + key.getPort() : "")
 												+ Strings.nullToEmpty(key.getPath())