JWT claims can now have nulls in them without barfing

openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java

@@ -86,7 +86,10 @@ public class ClaimSet {
      * Set a primitive claim
      */
     public void setClaim(String key, JsonPrimitive prim) {
-    	if (prim.isBoolean()) {
+    	if (prim == null) {
+    		// in case we get here with a primitive null
+    		claims.put(key, prim);
+    	} else if (prim.isBoolean()) {
     		claims.put(key, prim.getAsBoolean());
     	} else if (prim.isNumber()) {
     		claims.put(key, prim.getAsNumber());
@@ -160,7 +163,10 @@ public class ClaimSet {
 	 */
 	public void loadFromJsonObject(JsonObject json) {
 		for (Entry<String, JsonElement> element : json.entrySet()) {
-        	if (element.getValue().isJsonPrimitive()){
+			if (element.getValue().isJsonNull()) {
+				// nulls get stored as java nulls
+				setClaim(element.getKey(), null);
+			} else if (element.getValue().isJsonPrimitive()){
 	        	// we handle all primitives in here
 	        	JsonPrimitive prim = element.getValue().getAsJsonPrimitive();
 	        	setClaim(element.getKey(), prim);

openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java

@@ -45,7 +45,9 @@ public class JwtClaims extends ClaimSet {
 		JsonObject pass = new JsonObject();
 		
 		for (Entry<String, JsonElement> element : json.entrySet()) {
-	        if (element.getKey().equals(EXPIRATION)) {
+			if (element.getValue().isJsonNull()) {
+				pass.add(element.getKey(), element.getValue());
+			} else if (element.getKey().equals(EXPIRATION)) {
                 setExpiration(new Date(element.getValue().getAsLong() * 1000L));
 	        } else if (element.getKey().equals(NOT_BEFORE)) {
                 setNotBefore(new Date(element.getValue().getAsLong() * 1000L));

openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java

@@ -43,7 +43,9 @@ public class JwtHeader extends ClaimSet {
     	JsonObject pass = new JsonObject();
     	
 		for (Entry<String, JsonElement> element : json.entrySet()) {
-	        if (element.getKey().equals(TYPE)) {
+			if (element.getValue().isJsonNull()) {
+				pass.add(element.getKey(), element.getValue());
+			} else if (element.getKey().equals(TYPE)) {
 	        	this.setType(json.get(TYPE).getAsString());
 	        } else if (element.getKey().equals(ALGORITHM)) {
 	        	this.setAlgorithm(json.get(ALGORITHM).getAsString());
@@ -54,7 +56,7 @@ public class JwtHeader extends ClaimSet {
 	        }
         }
 		
-		// now load all the ones we didn't handly specially
+		// now load all the ones we didn't handle specially
 		super.loadFromJsonObject(pass);
 	}
 

openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java

@@ -134,7 +134,9 @@ public class IdTokenClaims extends JwtClaims {
     	JsonObject pass = new JsonObject();
     	
 		for (Entry<String, JsonElement> element : json.entrySet()) {
-			if (element.getKey().equals(USER_ID)) {
+			if (element.getValue().isJsonNull()) {
+				pass.add(element.getKey(), element.getValue());
+			} else if (element.getKey().equals(USER_ID)) {
 				setUserId(element.getValue().getAsString());
 			} else if (element.getKey().equals(AUTHENTICATION_CONTEXT_CLASS_REFERENCE)) {
 				setAuthContext(element.getValue().getAsString());

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java

@@ -145,7 +145,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 
 		token.getJwt().getClaims().setIssuedAt(new Date());
 		// handle expiration
-		//token.getJwt().getClaims().setExpiration(token.getExpiration());
+		token.getJwt().getClaims().setExpiration(token.getExpiration());
 		
 		/**
 		 * Authorization request scope MUST include "openid", but access token request