From f997049efff0052032e2d739d07d73759f4c2f87 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Sun, 20 Jul 2014 08:38:57 -0700
Subject: [PATCH] key service can now deal with missing 'kid' fields in JWKs

closes #639
---
 ...DefaultJwtSigningAndValidationService.java | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
index e9fc720d7..32a27bfcb 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
@@ -23,6 +23,7 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.UUID;
 
 import org.mitre.jose.keystore.JWKSetKeyStore;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
@@ -95,9 +96,13 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
 		if (keyStore!= null && keyStore.getJwkSet() != null) {
 			for (JWK key : keyStore.getKeys()) {
 				if (!Strings.isNullOrEmpty(key.getKeyID())) {
+					// use the key ID that's built into the key itself
+					// TODO (#641): deal with JWK thumbprints
 					this.keys.put(key.getKeyID(), key);
 				} else {
-					throw new IllegalArgumentException("Tried to load a key from a keystore without a 'kid' field: " + key);
+					// create a random key id
+					String fakeKid = UUID.randomUUID().toString();
+					this.keys.put(fakeKid, key);
 				}
 			}
 		}
@@ -109,14 +114,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
 	 * @return the defaultSignerKeyId
 	 */
 	public String getDefaultSignerKeyId() {
-		if (defaultSignerKeyId != null) {
 			return defaultSignerKeyId;
-		} else if (keys.size() == 1) {
-			// if there's only one key, it's the default
-			return keys.keySet().iterator().next();
-		} else {
-			return null;
-		}
 	}
 
 	/**
@@ -189,6 +187,11 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
 				logger.warn("Unknown key type: " + jwk);
 			}
 		}
+		
+		if (defaultSignerKeyId == null && keys.size() == 1) {
+			// if there's only one key, it's the default
+			setDefaultSignerKeyId(keys.keySet().iterator().next());
+		}
 	}
 
 	/**