From 30162f6baab876b9d076189492a2465110541914 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Fri, 29 May 2015 13:00:13 -0400
Subject: [PATCH] added direct JWK set to data model

---
 .../oauth2/model/ClientDetailsEntity.java     | 23 ++++++-
 .../model/convert/JWKSetStringConverter.java  | 67 +++++++++++++++++++
 .../db/tables/hsql_database_tables.sql        |  1 +
 3 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java

diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index 2a70139b3..ceecf0619 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -49,15 +49,16 @@ import javax.persistence.Transient;
 
 import org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter;
 import org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter;
+import org.mitre.oauth2.model.convert.JWKSetStringConverter;
 import org.mitre.oauth2.model.convert.JWSAlgorithmStringConverter;
 import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.provider.ClientDetails;
 
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.jwk.JWKSet;
 
 /**
  * @author jricher
@@ -96,7 +97,8 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Set<String> grantTypes = new HashSet<String>(); // grant_types
 	private Set<String> responseTypes = new HashSet<String>(); // response_types
 	private String policyUri;
-	private String jwksUri;
+	private String jwksUri; // URI pointer to keys
+	private JWKSet jwks; // public key stored by value
 
 	/** Fields from OIDC Client Registration Specification **/
 	private AppType applicationType; // application_type
@@ -691,6 +693,23 @@ public class ClientDetailsEntity implements ClientDetails {
 		this.jwksUri = jwksUri;
 	}
 
+	/**
+	 * @return the jwks
+	 */
+	@Basic
+	@Column(name="jwks")
+	@Convert(converter = JWKSetStringConverter.class)
+	public JWKSet getJwks() {
+		return jwks;
+	}
+
+	/**
+	 * @param jwks the jwks to set
+	 */
+	public void setJwks(JWKSet jwks) {
+		this.jwks = jwks;
+	}
+
 	@Basic
 	@Column(name="sector_identifier_uri")
 	public String getSectorIdentifierUri() {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java
new file mode 100644
index 000000000..94cb7f9ce
--- /dev/null
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java
@@ -0,0 +1,67 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.model.convert;
+
+import java.text.ParseException;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.nimbusds.jose.jwk.JWKSet;
+
+/**
+ * @author jricher
+ *
+ */
+@Converter
+public class JWKSetStringConverter implements AttributeConverter<JWKSet, String> {
+
+	private static Logger logger = LoggerFactory.getLogger(JWKSetStringConverter.class);
+
+	@Override
+	public String convertToDatabaseColumn(JWKSet attribute) {
+		if (attribute != null) {
+			return attribute.toString();
+		} else {
+			return null;
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
+	 */
+	@Override
+	public JWKSet convertToEntityAttribute(String dbData) {
+		if (dbData != null) {
+			try {
+				JWKSet jwks = JWKSet.parse(dbData);
+				return jwks;
+			} catch (ParseException e) {
+				logger.error("Unable to parse JWK Set", e);
+				return null;
+			}
+		} else {
+			return null;
+		}
+		
+	}
+
+}
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
index f9fd05eaf..220e0eaa5 100644
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@@ -149,6 +149,7 @@ CREATE TABLE IF NOT EXISTS client_details (
 	tos_uri VARCHAR(2048),
 
 	jwks_uri VARCHAR(2048),
+	jwks VARCHAR(8192),
 	sector_identifier_uri VARCHAR(2048),
 	
 	request_object_signing_alg VARCHAR(256),