merged keystore changes

openid-connect-common/.settings/org.eclipse.wst.common.component

@@ -2,6 +2,5 @@
 <project-modules id="moduleCoreId" project-version="1.5.0">
     <wb-module deploy-name="openid-connect-common">
         <wb-resource deploy-path="/" source-path="/src/main/java"/>
-        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
     </wb-module>
 </project-modules>

openid-connect-server/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java

@@ -2,17 +2,18 @@ package org.mitre.jwt.signer.service;
 
 import java.security.PublicKey;
 import java.util.List;
+import java.util.Map;
 
 import org.mitre.jwt.model.Jwt;
 
 public interface JwtSigningAndValidationService {
 
 	/**
-	 * Returns all public keys this service is configured with.
+	 * Returns all public keys this service is configured with, indexed by key id
 	 * 
 	 * @return
 	 */
-	public List<PublicKey> getAllPublicKeys();
+	public Map<String, PublicKey> getAllPublicKeys();
 
 	/**
 	 * Check to see if this JWT has expired or not

openid-connect-server/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java

@@ -25,7 +25,8 @@ public class JwtSigningAndValidationServiceDefault implements
 	@Autowired
 	private ConfigurationPropertiesBean configBean;
 	
-	private List<? extends JwtSigner> signers = new ArrayList<JwtSigner>();
+	// map of identifier to signer
+	private Map<String, ? extends JwtSigner> signers = new HashMap<String, JwtSigner>();
 
 	private static Log logger = LogFactory
 			.getLog(JwtSigningAndValidationServiceDefault.class);
@@ -43,7 +44,7 @@ public class JwtSigningAndValidationServiceDefault implements
 	 *            List of JwtSigners to associate with this service
 	 */
 	public JwtSigningAndValidationServiceDefault(
-			List<? extends JwtSigner> signer) {
+			Map<String, ? extends JwtSigner> signer) {
 		setSigners(signer);
 	}
 	
@@ -72,23 +73,25 @@ public class JwtSigningAndValidationServiceDefault implements
 	 * ()
 	 */
 	@Override
-	public List<PublicKey> getAllPublicKeys() {
+	public Map<String, PublicKey> getAllPublicKeys() {
 
 		Map<String, PublicKey> map = new HashMap<String, PublicKey>();
 
 		PublicKey publicKey;
 
-		for (JwtSigner signer : signers) {
+		for (JwtSigner signer : signers.values()) {
 
 			if (signer instanceof RsaSigner) {
 
 				publicKey = ((RsaSigner) signer).getPublicKey();
 
-				if (publicKey != null)
+				if (publicKey != null) {
+					// what's the index of this map for?
 					map.put(((RSAPublicKey) publicKey).getModulus()
 							.toString(16).toUpperCase()
 							+ ((RSAPublicKey) publicKey).getPublicExponent()
 									.toString(16).toUpperCase(), publicKey);
+				}
 
 			} else if (signer instanceof EcdsaSigner) {
 
@@ -96,8 +99,7 @@ public class JwtSigningAndValidationServiceDefault implements
 			}
 		}
 
-		return new ArrayList<PublicKey>(map.values());
-
+		return map;
 	}
 
 	/**
@@ -105,7 +107,7 @@ public class JwtSigningAndValidationServiceDefault implements
 	 * 
 	 * @return
 	 */
-	public List<? extends JwtSigner> getSigners() {
+	public Map<String, ? extends JwtSigner> getSigners() {
 		return signers;
 	}
 
@@ -134,7 +136,7 @@ public class JwtSigningAndValidationServiceDefault implements
 	 * @param signers
 	 *            List of JwtSigners to associate with this service
 	 */
-	public void setSigners(List<? extends JwtSigner> signers) {
+	public void setSigners(Map<String, ? extends JwtSigner> signers) {
 		this.signers = signers;
 	}
 
@@ -175,7 +177,7 @@ public class JwtSigningAndValidationServiceDefault implements
 	@Override
 	public boolean validateSignature(String jwtString) {
 
-		for (JwtSigner signer : signers) {
+		for (JwtSigner signer : signers.values()) {
 			if (signer.verify(jwtString))
 				return true;
 		}

openid-connect-server/src/main/java/org/mitre/jwt/signer/service/impl/KeyStore.java

@@ -32,13 +32,6 @@ public class KeyStore implements InitializingBean {
 
 	private java.security.KeyStore keystore;
 
-	/**
-	 * default constructor
-	 */
-	public KeyStore() {
-		this(PASSWORD, null);
-	}
-
 	/**
 	 * KeyStore constructor
 	 * 

openid-connect-server/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java

@@ -76,7 +76,7 @@ public class JwkKeyListView extends AbstractView {
 					o.addProperty("alg", "RSA");
 					o.addProperty("mod", m64);
 					o.addProperty("exp", e64);
-					
+					// TODO: get the key ID from the map
 					return o;
 				} else if (src instanceof ECPublicKey) {
 					

openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java

@@ -1,6 +1,7 @@
 package org.mitre.openid.connect.web;
 
 import java.security.PublicKey;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -20,7 +21,7 @@ public class JsonWebKeyEndpoint {
 	@RequestMapping("/jwk")
 	public ModelAndView getJwk() {
 		
-		List<PublicKey> keys = jwtService.getAllPublicKeys();
+		Collection<PublicKey> keys = jwtService.getAllPublicKeys().values();
 		
 		// TODO: check if keys are empty, return a 404 here or just an empty list?
 		

openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml

@@ -119,12 +119,40 @@
 
 	<!-- TODO: working remove red X's see: http://forum.springsource.org/showthread.php?123193-STS-not-respecting-META-INF-spring-schemas-for-validation&p=401926#post401926 -->
 
-	<jwt-signer:keystore id="defaultKeystore" location="classpath:keystore.jks" password="changeit" />
 
-	<jwt-signer:service id="defaultSignerService">
-		<jwt-signer:rsa bits="256" keystore-ref="defaultKeystore" key-alias="rsa" password="changeit" /> 
-		<jwt-signer:hmac bits="256" passphrase="changeit" />		
-	</jwt-signer:service>
+	<bean id="defaultKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
+		<constructor-arg name="location" value="classpath:keystore.jks" />
+		<constructor-arg name="password" value="changeit" />
+	</bean>
+
+	<bean id="defaultsignerService" class="org.mitre.jwt.signer.service.impl.JwtSigningAndValidationServiceDefault">
+		<property name="signers">
+			<map>
+				<entry key="rsa1">
+					<bean id="rsaSigner" class="org.mitre.jwt.signer.impl.RsaSigner">
+						<property name="algorithm" value="RS256" />
+						<property name="keystore" ref="defaultKeystore" />
+						<property name="alias" value="rsa" />
+						<property name="password" value="changeit" />
+					</bean>
+				</entry>
+				<entry key="hmac1">
+					<bean id="hmacSigner" class="org.mitre.jwt.signer.impl.HmacSigner">
+						<property name="algorithm" value="HMACSHA256" />
+						<property name="passphrase" value="changeit" />
+					</bean>
+				</entry>
+			</map>
+		</property>	
+	</bean>	
+
+	
+<!-- 	<jwt-signer:keystore id="defaultKeystore" location="classpath:keystore.jks" password="changeit" /> -->
+
+<!-- 	<jwt-signer:service id="defaultSignerService"> -->
+<!-- 		<jwt-signer:rsa bits="256" keystore-ref="defaultKeystore" key-alias="rsa" password="changeit" />  -->
+<!-- 		<jwt-signer:hmac bits="256" passphrase="changeit" />		 -->
+<!-- 	</jwt-signer:service> -->
 	 
 	<!-- scheduled tasks -->
 <!-- 	<task:scheduler id="taskScheduler" pool-size="10" /> -->

openid-connect-server/src/test/resources/test-context.xml

@@ -37,6 +37,10 @@
         </property>
     </bean>
     
- 	<jwt-signer:keystore id="testKeystore" location="file:src/test/resources/keystore.jks" password="changeit" />
+
+	<bean id="testKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
+		<constructor-arg name="location" value="file:src/test/resources/keystore.jks" />
+		<constructor-arg name="password" value="changeit" />
+	</bean>
  
 </beans>