From 6d7371ba1a201af729cc255b5d6bf808f4cc9bf2 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 14 Feb 2012 12:31:51 -0500
Subject: [PATCH] added spring aspect to project, tweaked configuration to
 point to keystore file correctly, added JWK endpoint views

---
 server/.project                               |   6 +++
 .../openid/connect/view/JwkKeyListView.java   |  43 +++++++++++++++---
 .../connect/web/JsonWebKeyEndpoint.java       |   4 +-
 .../spring/appServlet/servlet-context.xml     |   2 +
 .../WEB-INF/spring/application-context.xml    |   2 +-
 .../main/webapp/WEB-INF/spring/keystore.jks   | Bin 1318 -> 1393 bytes
 6 files changed, 48 insertions(+), 9 deletions(-)

diff --git a/server/.project b/server/.project
index 4c7c87524..f0808e7fa 100644
--- a/server/.project
+++ b/server/.project
@@ -31,8 +31,14 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.springframework.ide.eclipse.core.springbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
+		<nature>org.springframework.ide.eclipse.core.springnature</nature>
 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
diff --git a/server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java b/server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
index 175e63a34..ecbf2e57d 100644
--- a/server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
+++ b/server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
@@ -5,12 +5,17 @@ package org.mitre.openid.connect.view;
 
 import java.io.Writer;
 import java.lang.reflect.Type;
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.codec.binary.Base64;
 import org.springframework.validation.BeanPropertyBindingResult;
 import org.springframework.web.servlet.view.AbstractView;
 
@@ -49,21 +54,47 @@ public class JwkKeyListView extends AbstractView {
 			}
 							
 		})
-		.registerTypeAdapter(RSAPublicKey.class, new JsonSerializer<RSAPublicKey>() {
+		.registerTypeHierarchyAdapter(PublicKey.class, new JsonSerializer<PublicKey>() {
 
 			@Override
-            public JsonElement serialize(RSAPublicKey src, Type typeOfSrc, JsonSerializationContext context) {
+            public JsonElement serialize(PublicKey src, Type typeOfSrc, JsonSerializationContext context) {
 				
 				
+				if (src instanceof RSAPublicKey) {
 				
-				JsonObject o = new JsonObject();
-				o.addProperty("mod", src.getModulus().toString());
+					RSAPublicKey rsa = (RSAPublicKey)src;
+					
+					
+					BigInteger mod = rsa.getModulus();
+					BigInteger exp = rsa.getPublicExponent();
+					
+					String m64 = Base64.encodeBase64URLSafeString(mod.toByteArray());
+					String e64 = Base64.encodeBase64URLSafeString(exp.toByteArray());
+					
+					JsonObject o = new JsonObject();
+					
+					o.addProperty("mod", m64);
+					o.addProperty("exp", e64);
+					
+					return o;
+				} else if (src instanceof ECPublicKey) {
+					
+					ECPublicKey ec = (ECPublicKey)src;
+
+					// TODO: serialize the EC
+					
+					return null;
+					
+				} else {
+					
+					// skip this class ... we shouldn't have any keys in here that aren't encodable by this serializer
+					return null;
+				}
 				
-				return o;
 				
             }
 			
-		})		
+		})
 		.create();
 
 		
diff --git a/server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java b/server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java
index 582b42d29..e1a9abb0a 100644
--- a/server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java
+++ b/server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java
@@ -22,9 +22,9 @@ public class JsonWebKeyEndpoint {
 		
 		List<PublicKey> keys = jwtService.getAllPublicKeys();
 		
-		// TODO: check if keys are empty, return a 404 here?
+		// TODO: check if keys are empty, return a 404 here or just an empty list?
 		
-		return new ModelAndView("jwkKeyList", "keys", keys); // TODO: make a view
+		return new ModelAndView("jwkKeyList", "entity", keys);
 	}
 	
 }
diff --git a/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index edd1ff712..264f8641b 100644
--- a/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -34,6 +34,8 @@
 	<!-- JSON views for each type of model object -->
 	<beans:bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
 	<beans:bean id="jsonSwdResponseView" class="org.mitre.swd.view.SwdResponse" />
+	<beans:bean id="jwkKeyList" class="org.mitre.openid.connect.view.JwkKeyListView" />
+	
 <!-- 	<beans:bean id="jsonUserInfoView" class="org.mitre.openid.connect.view.JSONUserInfoView"/> -->
 <!-- 	<beans:bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView"/> -->
 	
diff --git a/server/src/main/webapp/WEB-INF/spring/application-context.xml b/server/src/main/webapp/WEB-INF/spring/application-context.xml
index f65789929..9d08351bf 100644
--- a/server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/server/src/main/webapp/WEB-INF/spring/application-context.xml
@@ -73,7 +73,7 @@
 		</property>
 	</bean>
 
-	<jwt-signer:keystore id="defaultKeystore" location="file:src/main/webapp/WEB-INF/spring/keystore.jks" password="changeit" type="JKS" />
+	<jwt-signer:keystore id="defaultKeystore" location="WEB-INF/spring/keystore.jks" password="changeit" type="JKS" />
 	
 	<jwt-signer:service id="defaultSignerService">
 		 <jwt-signer:rsa bits="256" keystore-ref="defaultKeystore" key-alias="test" password="changeit" />
diff --git a/server/src/main/webapp/WEB-INF/spring/keystore.jks b/server/src/main/webapp/WEB-INF/spring/keystore.jks
index c2f6182ca301eded4f8b24a7ab6a2709b242b463..eeb6002e74e3080bc148f6692a2e44253cb7976f 100644
GIT binary patch
literal 1393
zcmezO_TO6u1_mY|W&~rFlGNf7Ajh=kp~Fm|#BPHortJoNY+TxGj4X^=OoEJztPCto
zOp84-&++ZI-rxDo^0ntv_JA+@)qjOQNvT;cnEl4&>64H9bh#y!4K7XCyTpa7P&<RO
zYr*VIalfuy=8iLzXMWFcOtjlVeM9|c?FITKM%$0Cu$=Sd!|B&0m)E4oo?I7He%5lA
zaOzXX|Gx?X-_~zfXp|Vy^3c54JU43pq`&?Rh60l&nhP}<Zr(O2#)30(fv{Qp<`d~k
zdtc7;nSSly6Z>%WAKJD7+hV&8&7L^h|8YdgwH%c)g`0K)TvzS3MZfddsddVTtJzQR
zd8Y05Gmp!QPL-*#9Evh7uI>6a*Lds0>|>TJf>ufinx+aq@qbVGek`_M5EHXdza^tR
z?CdhtwD$`Pnq*uIEu;-<Cw&gFs%vQZyu~H{ncAoGSsATw&t7WOTXN&sR?!aC<I|5g
z+q;FEr4@U!7@TYP{q;rBKik7UJp#H#ey1vyCHm)7T=;TmLXaTWx%+<YqW|KS99U7&
zTf?>PBHIof-&r?9^iI6^e&)V}(Q1Xi%{~U3{fwtY_V5}#eC=WNt)I6utGjtFLzAM9
zWRtCz#MJYZLiygQ^Z%XiI>8}v`e}N=yF-&anpb)^Z~wwO`~0fk-2u#sY{yehU3}Bw
zq_>q*R#U?3@bS5>_F3-zIiCLmx6Zm!cXV56QvmbtLnr>uv73BJWY^*RfP&Q*qC@t`
zwrSpVH{iQC@l%UXoA5-1z2@-~Ud`=sXaBe`_th@e##R|GL0e6R!!KN>IG+1-YQeg?
zx0@wQHg;^~@W21jJfwFC_m)@eJV$Pxc+9E!c3qjk%iB3Te{;k7-#&C*)bnLC>%P-+
z^LUi|Kd=;Ew)j!IUPIRH>Pe-SD{np69j(6hv_eST#9-C^-^$7-GBrI&oz9i9cqikw
z(>qP7X056`|8;WsLVXXmhYX&~#@(N`J_s#K5YrWH?E0|E5S*Y{BlJuSEP*Mx5SWs4
z4VoCQEnsG1WMX3Rx0-&}fR~L^tIebBJ1;O<voaV|8wvo^I&&xsn=pH5UUpu7c^*uJ
z14D!zA;M?C1JcDM%<AhI669(K<#WUM$_9!cd1hfL|AN#!PZtH}{Jgx><PwDtU~W?g
zPAw`+Ei#Z3=QT7kFfueTGzU_aQ9!P-fsug)lsmAFYn+c9R=_fVxv`hQps|ywv5{ee
zOy?54QwhB(kL>o!{k?wLY41jR-MBw&ANv#opU1at&M4zPDZKrPcuJ1&<}Gm&QTP9@
zV_%xQ`Sgre<;BbwHuS&GJ6(8r<_Wu}Ty+mG35(|Kx_4iz%)6k4VJm}9@ZW6$3;yaY
z?>|?YBHX-TlfT@w_D^Lj{0rtauUpO({>f_T!s$%Rj0}v(&I3jzGtgc0Lgy@4zol?0
zcV=+W@ATE{46Ls$;s|DW!S}m<mq2ku&~7KQlK=M1<~7IM_-c>*PW`VazGt@7@!R*L
zl>cyio@eRvwB%s%Z8N4FcKtt7OL~NQpRjiQzw?;+%9buO>2?F1xw2eEGiFM3q}pF(
vlAmWh`SPai@8$UK8vW6`C4R4Ah6#)DJC2C(D~c<crzT4;wlZm-v0N1Z>1{Eg

literal 1318
zcmezO_TO6u1_mY|W&~rFlGNf7AjdRsvWyUr?l)*+>^9(I<I-khWMR}|5@cj#WngJy
zEU%w)rz<-0*yjTAt#hZ>Z<z9U)l6xX>*?#ODp%%SpPH~Zd&5G<A6fUFr(N<;V`$HC
zsl6~gO2n=HbM;CuJH7i)EEu-gBtF>i@6t5W>C8d57CnnA&8;|W$I#<^_TLL%$@L6H
zJK{Xp?<QQ5=)3%HlDUSj;JQ$L_le2E?tfW&q<gFMF5BxIoB1`Of3{q$fcdZWN<|gV
z4jt?XDE!Z;Z?SLhRsJc-t5?}Zi}5i=O35T%=vi^etabUG9;56VN~$sPJC{G2D5`Kz
z|J0Ox@ndPSQ6hie70&VfY{aLX7{9T)WG1`xj%_Nd`5kl?Z!?Pi_P+hu1&2G1S3|?O
z*ZZV()@PT0%-DS>;)+<ck4^lECjmQVOPMdeJ1_Wgc;?#ETz}V07QHXMYL7VooF!c9
zEBdv?b{+1kn*ILGw1_!d=NaFht)>&XS4Q6GzlB$-@MSH>)emeeYZfLoZtBme&3NON
zF>6w{rD|7E$Ny*Xg3;famHqB{fBGizFXNf6V}z9{IFeW+^h^yb85o#@44RnzfS7v$
zGZP~d6N|suyI2EmHg>Hxk8>6*%&ZIsjh%+v2Apinp)72|OrgPsf(HB`4u>#DSY}ar
zW?p8Zp#U&?fkN!U?0)%0Y56(XhEfI+AQ3KML0`|1AXf$F{Gx*VqQsKS{5(TB0~wGU
zx3H*xL290-3s5pIFEzPDAvm?DEVal`(m)&}&nzt9o0*)En3|*DrKb>{m{Xi#AScdi
zXk=hyXlP_)Vqjz$1?HN<xr55BO^n-tDPIQ`l#D=*JX2#M!{7SgM%hv!&7k{UbM)Rk
zdHzjsdyvh07ly-f_6^$t)iPaU9h3rpN80vA{Mvu?>n?+Dr)P)eTyL~)kTuEwl$NkP
zduG7WCG+RMV5t^RI^@55<@JBtk4gWq4u5`Z#WGQTmfy|aE+3UU%w!rO93?i<=v(RM
zb=ry7wcdYHVwRkH(Sz|glPJUVgn)igW$rVZChcrm^ty%nLxjv%kkh_DT+n)Lw(Y&s
zdsfGo?FiplIc5FsUskW0eun#S+p;&M2S$eX?Ya`_|E!Q*ps`_#r&yu#3m*+J;qB)+
zje1TjduSt8)g4mPtMOp*Iyvpl%StEaEw1POrD&S;@pn=cql)#JB_H>#2%ONlqWS*A
zsHgMUCUvL9HB^VHrZD<g|2yxg#oXA!z|`1Kbs>N0?H(?t)&`~}R^PV15qcTg6#GYh
zVT(s`RQ`MUjTYQp@7D?m3C-Q{?$$A<vvD7u&-^ED>9A@4uZvE-p8GbZa^0$1(LEtK
zC-I4!?)yWD9185)gr6H5y}EVWfANl@jZeA1Zho-$u#)rAxs}W3n!Nb)?Bu5m<B7W-
z&6f0DoNR85lKz<u7z}ioMAFOFO+BeuJlVtHxBL6ZY=&DRKlT7aauWab)A8?rnBG`-
kOXP+F%a4E$FNN7Jh-bS0Gnh2<<f#iUx7#|3hSYup0R9jOlK=n!