updated signed request filter to create jwt from parameters, sign it, create url for request, and send a redirect

openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java

@@ -426,7 +426,7 @@ public class AbstractOIDCAuthenticationFilter extends
 			logger.debug("tokenEndpointURI = " + serverConfig.getTokenEndpointURI());
 			logger.debug("form = " + form);
 		}
-;
+
 		String jsonString = null;
 
 		try {
@@ -716,7 +716,6 @@ public class AbstractOIDCAuthenticationFilter extends
 				return signingAndValidationService;
 				
 			} else {
-				// if we can't build a validation service, return null
 				return null;
 			}
 		}

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java

@@ -1,12 +1,21 @@
 package org.mitre.openid.connect.client;
 
 import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
+import org.mitre.jwt.model.Jwt;
+import org.mitre.jwt.model.JwtClaims;
+import org.mitre.jwt.model.JwtHeader;
+import org.mitre.jwt.signer.JwsAlgorithm;
+import org.mitre.jwt.signer.impl.HmacSigner;
+import org.mitre.jwt.signer.impl.RsaSigner;
 import org.mitre.openid.connect.config.OIDCServerConfiguration;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -16,21 +25,12 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 	
 	protected OIDCServerConfiguration oidcServerConfig;
 
-	/**
-	 * OpenIdConnectSignedRequestFilter constructor
-	 */
 	protected OIDCSignedRequestFilter() {
 		super();
 
 		oidcServerConfig = new OIDCServerConfiguration();
 	}
 
-	/*
-	 * (non-Javadoc)
-	 * 
-	 * @see org.mitre.openid.connect.client.AbstractOIDCAuthenticationFilter#
-	 * afterPropertiesSet()
-	 */
 	@Override
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
@@ -49,14 +49,9 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 		Assert.notNull(oidcServerConfig.getClientSecret(),
 				"A Client Secret must be supplied");
 	}
-
+	
-	/*
+	//SCREW WITH THIS...
-	 * (non-Javadoc)
+	//rather than sending over parameters, make request object and send that.
-	 * 
-	 * @see org.mitre.openid.connect.client.AbstractOIDCAuthenticationFilter#
-	 * attemptAuthentication(javax.servlet.http.HttpServletRequest,
-	 * javax.servlet.http.HttpServletResponse)
-	 */
 	@Override
 	public Authentication attemptAuthentication(HttpServletRequest request,
 			HttpServletResponse response) throws AuthenticationException,
@@ -79,13 +74,67 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 				e.printStackTrace();
 			}
 
-		} else {
+		} else if (StringUtils.isNotBlank(request.getParameter("token"))) {
-
+			
 			handleAuthorizationRequest(request, response, oidcServerConfig);
+		
 		}
 
 		return null;
 	}
+	
+	@Override
+	public void handleAuthorizationRequest(HttpServletRequest request, HttpServletResponse response, 
+			OIDCServerConfiguration serverConfiguration) throws IOException {
+		
+		if(StringUtils.isNotBlank(request.getParameter("token"))) {
+			
+			Jwt jwt = new Jwt();
+			JwtHeader header = jwt.getHeader();
+			JwtClaims claims = jwt.getClaims();
+			
+			//set parameters to JwtHeader
+			header.setAlgorithm(JwsAlgorithm.getByName(SIGNING_ALGORITHM).toString());
+			
+			//set parameters to JwtClaims
+			claims.setClaim("response_type", "token");
+			claims.setClaim("client_id", serverConfiguration.getClientId());
+			claims.setClaim("scope", scope);
+			claims.setClaim("redirect_uri", AbstractOIDCAuthenticationFilter.buildRedirectURI(request, null));
+			claims.setClaim("nonce", NONCE_SIGNATURE_COOKIE_NAME);
+			
+			if(header.getAlgorithm().equals("RS256") || header.getAlgorithm().equals("RS384") || header.getAlgorithm().equals("RS512")) {
+				RsaSigner jwtSigner = new RsaSigner();
+				try {
+					jwt = jwtSigner.sign(jwt);
+				} catch (NoSuchAlgorithmException e) {
+					// TODO Auto-generated catch block
+					e.printStackTrace();
+				}
+			} else if(header.getAlgorithm().equals("HS256") || header.getAlgorithm().equals("HS384") || header.getAlgorithm().equals("HS512")) {
+				HmacSigner jwtSigner = new HmacSigner();
+				try {
+					jwt = jwtSigner.sign(jwt);
+				} catch (NoSuchAlgorithmException e) {
+					// TODO Auto-generated catch block
+					e.printStackTrace();
+				}
+			} else {
+				throw new IllegalArgumentException(header.getAlgorithm() + " is not a valid signing algorithm.");
+			}
+			
+			Map<String, String> urlVariables = new HashMap<String, String>();
+			
+			urlVariables.put("request", jwt.toString());
+			
+			String authRequest = AbstractOIDCAuthenticationFilter.buildURL(serverConfiguration.getAuthorizationEndpointURI(), urlVariables);
+
+			logger.debug("Auth Request:  " + authRequest);
+
+			response.sendRedirect(authRequest);
+		}
+
+	}
 
 	public void setAuthorizationEndpointURI(String authorizationEndpointURI) {
 		oidcServerConfig.setAuthorizationEndpointURI(authorizationEndpointURI);
@@ -123,10 +172,6 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 		oidcServerConfig.setJwkSigningUrl(jwkSigningUrl);
 	}
 
-	/**
-     * @param issuer
-     * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setIssuer(java.lang.String)
-     */
     public void setIssuer(String issuer) {
 	    oidcServerConfig.setIssuer(issuer);
     }