From b8d2adcf315daf6a590b4ca46eba1aa5ddf5e697 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Fri, 15 Mar 2013 15:01:30 -0400
Subject: [PATCH] added fixme note to hardcoded JWS algorithm, cleaned up x509
 view

---
 .../openid/connect/view/JwkKeyListView.java   |   1 +
 .../connect/view/X509CertificateView.java     | 108 ------------------
 2 files changed, 1 insertion(+), 108 deletions(-)
 delete mode 100644 openid-connect-common/src/main/java/org/mitre/openid/connect/view/X509CertificateView.java

diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
index 5b22c8d4c..18408c159 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
@@ -81,6 +81,7 @@ public class JwkKeyListView extends AbstractView {
 				BigInteger mod = rsa.getModulus();
 				BigInteger exp = rsa.getPublicExponent();
 
+				// FIXME: this assumes RS256
 				RSAKey rsaKey = new RSAKey(Base64URL.encode(mod.toByteArray()), Base64URL.encode(exp.toByteArray()), Use.SIGNATURE, JWSAlgorithm.RS256, keyId);
 
 				jwks.add(rsaKey);
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/X509CertificateView.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/X509CertificateView.java
deleted file mode 100644
index 6881d02b9..000000000
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/X509CertificateView.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * 
- */
-package org.mitre.openid.connect.view;
-
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Date;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMWriter;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.view.AbstractView;
-
-/**
- * @author jricher
- *
- */
-@Component("x509certs")
-public class X509CertificateView extends AbstractView {
-	
-	private static Logger logger = LoggerFactory.getLogger(X509CertificateView.class);
-	
-	@Autowired
-	private ConfigurationPropertiesBean config;
-	private long daysNotValidBefore = 30;
-	private long daysNotValidAfter = 365;
-
-	@SuppressWarnings("deprecation")
-	@Override
-	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) throws IOException {
-
-		Security.addProvider(new BouncyCastleProvider());
-		
-		Map<String, PublicKey> keys = (Map<String, PublicKey>) model.get("keys");
-		
-		response.setContentType("application/x-pem-file");
-		
-        OutputStreamWriter writer = new OutputStreamWriter(response.getOutputStream());
-        PEMWriter pemWriter = new PEMWriter(writer);
-        
-		for (String keyId : keys.keySet()) {
-
-			PublicKey key = keys.get(keyId);
-
-			if (key instanceof RSAPublicKey) {
-				
-				RSAPublicKey rsa = (RSAPublicKey) key;
-				
-				X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
-
-				v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
-				v3CertGen.setIssuerDN(new X509Principal("CN=" + config.getIssuer() + ", OU=None, O=None L=None, C=None"));
-				v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * daysNotValidBefore )));
-				v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * daysNotValidAfter )));
-				v3CertGen.setSubjectDN(new X509Principal("CN=" + config.getIssuer() + ", OU=None, O=None L=None, C=None"));
-				
-				v3CertGen.setPublicKey(key);
-				v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-
-				// FIXME: need to get the private keys over here, too, or make one up
-				/*
-                try {
-                	X509Certificate cert = v3CertGen.generate(rsaSigner.getPrivateKey());
-	                pemWriter.writeObject(cert);
-                } catch (CertificateEncodingException e) {
-	                logger.error("CertificateEncodingException in X509CertificateView.java: ", e);
-                } catch (InvalidKeyException e) {
-		            logger.error("InvalidKeyException in X509CertificateView.java: ", e);
-                } catch (IllegalStateException e) {
-	                logger.error("IllegalStateException in X509CertificateView.java", e);
-                } catch (NoSuchAlgorithmException e) {
-                	logger.error("NoSuchAlgorithmException in X509CertificateView.java", e);
-                } catch (SignatureException e) {
-                	logger.error("SignatureException in X509CertificateView.java", e);
-                } finally {
-                	pemWriter.flush();
-                	writer.flush();
-                }
-				*/
-				
-			}
-			
-		}
-		
-		
-		
-	}
-
-}