github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed backported 'kid' injection

pull/948/head
Justin Richer 2015-10-02 18:43:58 -04:00
parent 9fac632024
commit d03bebe5bf
4 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
View File

@ -27,6 +27,7 @@ import java.security.SecureRandom;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@ -375,6 +376,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
claimsSet.setIssuer(clientConfig.getClientId());
claimsSet.setSubject(clientConfig.getClientId());
claimsSet.setAudience(Lists.newArrayList(serverConfig.getTokenEndpointUri()));
claimsSet.setJWTID(UUID.randomUUID().toString());
// TODO: make this configurable
Date exp = new Date(System.currentTimeMillis() + (60 * 1000)); // auth good for 60 seconds
@ -384,9 +386,8 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
claimsSet.setIssueTime(now);
claimsSet.setNotBeforeTime(now);
JWSHeader header = new JWSHeader(alg, null, null, null, null, null, null, null, null, null,
signer.getDefaultSignerKeyId(),
null, null);
JWSHeader header = new JWSHeader(alg);
header.setKeyID(signer.getDefaultSignerKeyId());
SignedJWT jwt = new SignedJWT(header, claimsSet);
signer.signJwt(jwt, alg);

10
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -172,9 +172,8 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|| signingAlg.equals(JWSAlgorithm.HS384)
|| signingAlg.equals(JWSAlgorithm.HS512)) {
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
jwtService.getDefaultSignerKeyId(),
null, null);
JWSHeader header = new JWSHeader(signingAlg);
header.setKeyID(jwtService.getDefaultSignerKeyId());
idToken = new SignedJWT(header, idClaims);
JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
@ -282,9 +281,8 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
jwtService.getDefaultSignerKeyId(),
null, null);
JWSHeader header = new JWSHeader(signingAlg);
header.setKeyID(jwtService.getDefaultSignerKeyId());
SignedJWT signed = new SignedJWT(header, claims);
jwtService.signJwt(signed);

5
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
View File

@ -97,9 +97,8 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
jwtService.getDefaultSignerKeyId(),
null, null);
JWSHeader header = new JWSHeader(signingAlg);
header.setKeyID(jwtService.getDefaultSignerKeyId());
SignedJWT signed = new SignedJWT(header, claims);
jwtService.signJwt(signed);

5
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java
View File

@ -126,9 +126,8 @@ public class UserInfoJwtView extends UserInfoView {
if (client.getUserInfoSignedResponseAlg() != null) {
signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available
}
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
jwtService.getDefaultSignerKeyId(),
null, null);
JWSHeader header = new JWSHeader(signingAlg);
header.setKeyID(jwtService.getDefaultSignerKeyId());
SignedJWT signed = new SignedJWT(header, claims);
if (signingAlg.equals(JWSAlgorithm.HS256)