Skip to content

Commit f997049

Browse files
author
Justin Richer
committed
key service can now deal with missing 'kid' fields in JWKs
closes mitreid-connect#639
1 parent 8768188 commit f997049

File tree

1 file changed

+11
-8
lines changed

1 file changed

+11
-8
lines changed

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import java.util.HashSet;
2424
import java.util.Map;
2525
import java.util.Set;
26+
import java.util.UUID;
2627

2728
import org.mitre.jose.keystore.JWKSetKeyStore;
2829
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
@@ -95,9 +96,13 @@ public DefaultJwtSigningAndValidationService(JWKSetKeyStore keyStore) throws NoS
9596
if (keyStore!= null && keyStore.getJwkSet() != null) {
9697
for (JWK key : keyStore.getKeys()) {
9798
if (!Strings.isNullOrEmpty(key.getKeyID())) {
99+
// use the key ID that's built into the key itself
100+
// TODO (#641): deal with JWK thumbprints
98101
this.keys.put(key.getKeyID(), key);
99102
} else {
100-
throw new IllegalArgumentException("Tried to load a key from a keystore without a 'kid' field: " + key);
103+
// create a random key id
104+
String fakeKid = UUID.randomUUID().toString();
105+
this.keys.put(fakeKid, key);
101106
}
102107
}
103108
}
@@ -109,14 +114,7 @@ public DefaultJwtSigningAndValidationService(JWKSetKeyStore keyStore) throws NoS
109114
* @return the defaultSignerKeyId
110115
*/
111116
public String getDefaultSignerKeyId() {
112-
if (defaultSignerKeyId != null) {
113117
return defaultSignerKeyId;
114-
} else if (keys.size() == 1) {
115-
// if there's only one key, it's the default
116-
return keys.keySet().iterator().next();
117-
} else {
118-
return null;
119-
}
120118
}
121119

122120
/**
@@ -189,6 +187,11 @@ private void buildSignersAndVerifiers() throws NoSuchAlgorithmException, Invalid
189187
logger.warn("Unknown key type: " + jwk);
190188
}
191189
}
190+
191+
if (defaultSignerKeyId == null && keys.size() == 1) {
192+
// if there's only one key, it's the default
193+
setDefaultSignerKeyId(keys.keySet().iterator().next());
194+
}
192195
}
193196

194197
/**

0 commit comments

Comments
 (0)