From e44697cef94e724f65dd00a7eed752695a855b2d Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Tue, 5 Jun 2012 16:07:19 -0400 Subject: [PATCH] updated JWK display to latest, closes #58 --- ...JwtSigningAndValidationServiceDefault.java | 16 ++-- .../openid/connect/view/JwkKeyListView.java | 82 ++++++++----------- .../connect/web/JsonWebKeyEndpoint.java | 16 ++-- 3 files changed, 52 insertions(+), 62 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java index 2237e19ac..3120b605a 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java @@ -89,20 +89,18 @@ public class JwtSigningAndValidationServiceDefault implements Map map = new HashMap(); - PublicKey publicKey; - - for (JwtSigner signer : signers.values()) { + for (String signerId : signers.keySet()) { + JwtSigner signer = signers.get(signerId); + if (signer instanceof RsaSigner) { - publicKey = ((RsaSigner) signer).getPublicKey(); + RsaSigner rsa = (RsaSigner)signer; + + PublicKey publicKey = rsa.getPublicKey(); if (publicKey != null) { - // what's the index of this map for? - map.put(((RSAPublicKey) publicKey).getModulus() - .toString(16).toUpperCase() - + ((RSAPublicKey) publicKey).getPublicExponent() - .toString(16).toUpperCase(), publicKey); + map.put(signerId, publicKey); } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java index 1900c301f..c8088f159 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java @@ -33,10 +33,12 @@ import org.apache.commons.codec.binary.Base64; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; +import com.google.common.collect.BiMap; import com.google.gson.ExclusionStrategy; import com.google.gson.FieldAttributes; import com.google.gson.Gson; import com.google.gson.GsonBuilder; +import com.google.gson.JsonArray; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonSerializationContext; @@ -67,50 +69,6 @@ public class JwkKeyListView extends AbstractView { return false; } - }) - .registerTypeHierarchyAdapter(PublicKey.class, new JsonSerializer() { - - @Override - public JsonElement serialize(PublicKey src, Type typeOfSrc, JsonSerializationContext context) { - - - if (src instanceof RSAPublicKey) { - - RSAPublicKey rsa = (RSAPublicKey)src; - - - BigInteger mod = rsa.getModulus(); - BigInteger exp = rsa.getPublicExponent(); - - String m64 = Base64.encodeBase64URLSafeString(mod.toByteArray()); - String e64 = Base64.encodeBase64URLSafeString(exp.toByteArray()); - - JsonObject o = new JsonObject(); - - o.addProperty("use", "sig"); - o.addProperty("alg", "RSA"); - o.addProperty("mod", m64); - o.addProperty("exp", e64); - // TODO: get the key ID from the map - return o; - } else if (src instanceof ECPublicKey) { - - @SuppressWarnings("unused") - ECPublicKey ec = (ECPublicKey)src; - - // TODO: serialize the EC - - return null; - - } else { - - // skip this class ... we shouldn't have any keys in here that aren't encodable by this serializer - return null; - } - - - } - }) .create(); @@ -119,10 +77,38 @@ public class JwkKeyListView extends AbstractView { Writer out = response.getWriter(); - Object obj = model.get("entity"); - if (obj == null) { - obj = model; - } + BiMap keyMap = (BiMap) model.get("keys"); + + JsonObject obj = new JsonObject(); + JsonArray keys = new JsonArray(); + obj.add("keys", keys); + + for (String keyId : keyMap.keySet()) { + + PublicKey src = keyMap.get(keyId); + + if (src instanceof RSAPublicKey) { + + RSAPublicKey rsa = (RSAPublicKey)src; + + + BigInteger mod = rsa.getModulus(); + BigInteger exp = rsa.getPublicExponent(); + + String m64 = Base64.encodeBase64URLSafeString(mod.toByteArray()); + String e64 = Base64.encodeBase64URLSafeString(exp.toByteArray()); + + JsonObject o = new JsonObject(); + + o.addProperty("use", "sig"); // since we don't do encryption yet + o.addProperty("alg", "RSA"); // we know this is RSA + o.addProperty("mod", m64); + o.addProperty("exp", e64); + o.addProperty("kid", keyId); + + keys.add(o); + } + } gson.toJson(obj, out); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java index 1fb1112f8..938c46858 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java @@ -27,6 +27,10 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; +import com.google.common.collect.BiMap; +import com.google.common.collect.HashBiMap; +import com.google.common.collect.Maps; + @Controller public class JsonWebKeyEndpoint { @@ -36,14 +40,16 @@ public class JsonWebKeyEndpoint { @RequestMapping("/jwk") public ModelAndView getJwk() { - Collection keys = jwtService.getAllPublicKeys().values(); + // get all public keys for display + // map from key id to public key for that signer + Map keys = jwtService.getAllPublicKeys(); + + // put them into a bidirectional map to get at key IDs + BiMap biKeys = HashBiMap.create(keys); // TODO: check if keys are empty, return a 404 here or just an empty list? - Map jwk = new HashMap(); - jwk.put("jwk", keys); - - return new ModelAndView("jwkKeyList", "entity", jwk); + return new ModelAndView("jwkKeyList", "keys", biKeys); } }