github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Implemented signing. Works, but validation does not fail if you remove the signature.

pull/59/head
Amanda Anganes 2012-03-22 14:49:02 -04:00
parent 68c8d1a9d2
commit 27fe3c9eca
5 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-server/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
View File

@ -48,13 +48,13 @@ public interface JwtSigningAndValidationService {
public boolean validateSignature(String jwtString);
/**
* Called to sign a jwt for a client that hasn't registered a preferred signing algorithm.
* Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
* Use the default algorithm to sign.
*
* @param jwt the jwt to sign
* @return the signed jwt
*/
public Jwt signJwt(Jwt jwt);
public void signJwt(Jwt jwt);
/**
* Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified

12
openid-connect-server/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java
View File

@ -185,15 +185,17 @@ public class JwtSigningAndValidationServiceDefault implements
return false;
}
/**
* Sign a jwt in place using the configured default signer.
*/
@Override
public Jwt signJwt(Jwt jwt) {
public void signJwt(Jwt jwt) {
String signerId = configBean.getDefaultJwtSigner();
//JwtSigner signer = map.get(signerId);
JwtSigner signer = signers.get(signerId);
//signer.sign(jwt);
return null;
signer.sign(jwt);
}
/**

4
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
View File

@ -153,6 +153,8 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
// handle expiration
token.getJwt().getClaims().setExpiration(token.getExpiration());
jwtService.signJwt(token.getJwt());
/**
* Authorization request scope MUST include "openid", but access token request
* may or may not include the scope parameter. As long as the AuthorizationRequest
@ -173,7 +175,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
//TODO: check client to see if they have a preferred alg, attempt to use that
//TODO: uncomment line below once RsaSigner bean has been set up and added to the configBean
//idToken = (IdToken) jwtService.signJwt(idToken);
jwtService.signJwt(idToken);
token.setIdToken(idToken);
}

7
openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
View File

@ -80,15 +80,10 @@
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.MySQLPlatform" />
<property name="showSql" value="true" />
</bean>
<!-- TODO: get signer set up -->
<!-- <bean id="rsaSigner1" class="org.mitre.jwt.signer.impl.RsaSigner"/> -->
<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
<property name="issuer" value="http://localhost/" />
<!-- TODO: plug in default signer -->
<!-- <property name="defaultJwtSigner" value="rsaSigner1"/> -->
<property name="defaultJwtSigner" value="rsa1"/>
</bean>
<!-- Map our custom exception classes to named views -->

4
openid-connect-server/src/main/webapp/db/tables/accesstoken.sql
View File

@ -1,9 +1,9 @@
CREATE TABLE accesstoken (
id VARCHAR(256),
id VARCHAR(4096),
expiration TIMESTAMP,
tokenType VARCHAR(256),
refresh_token_id VARCHAR(256),
client_id VARCHAR(256),
authentication LONGBLOB,
idTokenString VARCHAR(256)
idTokenString VARCHAR(4096)
);