From fd6d4881984cea7b725de1feb39b6257ca944bd2 Mon Sep 17 00:00:00 2001
From: Denny Verbeeck <dennyverbeeck@gmail.com>
Date: Tue, 12 Jun 2018 12:18:35 +0200
Subject: [PATCH] Add default behavior, if no checkingkey aliases are defined,
 use signingkey alias

---
 .../config/OAuth2ServerConfiguration.java     | 33 ++++++++++---------
 .../config/SecurityConfiguration.java         | 12 ++++++-
 src/main/resources/config/application.yml     |  3 --
 3 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/src/main/java/org/radarcns/management/config/OAuth2ServerConfiguration.java b/src/main/java/org/radarcns/management/config/OAuth2ServerConfiguration.java
index 211019c0e..c723e1888 100644
--- a/src/main/java/org/radarcns/management/config/OAuth2ServerConfiguration.java
+++ b/src/main/java/org/radarcns/management/config/OAuth2ServerConfiguration.java
@@ -212,21 +212,24 @@ public JwtAccessTokenConverter accessTokenConverter() {
             KeyPair keyPair = kf.getKeyPair(signKey);
             converter.setKeyPair(keyPair);
 
-            // get all public keys for verifying and set the converter's verifier to a MultiVerifier
-            List<SignatureVerifier> verifiers = managementPortalProperties.getOauth()
-                    .getCheckingKeyAliases().stream()
-                    .map(alias -> kf.getKeyPair(alias).getPublic())
-                    .filter(publicKey -> publicKey instanceof RSAPublicKey
-                            || publicKey instanceof ECPublicKey)
-                    .map(publicKey -> {
-                        if (publicKey instanceof RSAPublicKey) {
-                            return new RsaVerifier((RSAPublicKey) publicKey);
-                        } else {
-                            return new EcdsaVerifier((ECPublicKey) publicKey);
-                        }
-                    })
-                    .collect(Collectors.toList());
-            converter.setVerifier(new MultiVerifier(verifiers));
+            // if a list of checking keys is defined, use that for checking
+            if (managementPortalProperties.getOauth().getCheckingKeyAliases() != null
+                    && !managementPortalProperties.getOauth().getCheckingKeyAliases().isEmpty()) {
+                // get all public keys for verifying and set the converter's verifier
+                // to a MultiVerifier
+                List<SignatureVerifier> verifiers =
+                        managementPortalProperties.getOauth().getCheckingKeyAliases().stream()
+                                .map(alias -> kf.getKeyPair(alias).getPublic())
+                                .filter(publicKey -> publicKey instanceof RSAPublicKey
+                                        || publicKey instanceof ECPublicKey).map(publicKey -> {
+                            if (publicKey instanceof RSAPublicKey) {
+                                return new RsaVerifier((RSAPublicKey) publicKey);
+                            } else {
+                                return new EcdsaVerifier((ECPublicKey) publicKey);
+                            }
+                        }).collect(Collectors.toList());
+                converter.setVerifier(new MultiVerifier(verifiers));
+            }
 
             return converter;
         }
diff --git a/src/main/java/org/radarcns/management/config/SecurityConfiguration.java b/src/main/java/org/radarcns/management/config/SecurityConfiguration.java
index 033d7c7b5..fe8a059d4 100644
--- a/src/main/java/org/radarcns/management/config/SecurityConfiguration.java
+++ b/src/main/java/org/radarcns/management/config/SecurityConfiguration.java
@@ -28,6 +28,8 @@
 
 import javax.annotation.PostConstruct;
 import javax.servlet.Filter;
+import java.util.Collections;
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
@@ -138,8 +140,16 @@ public FilterRegistrationBean jwtAuthenticationFilterRegistration() {
     }
 
     public Filter jwtAuthenticationFilter() {
+        List<String> publicKeyAliases;
+        if (managementPortalProperties.getOauth().getCheckingKeyAliases() != null &&
+                !managementPortalProperties.getOauth().getCheckingKeyAliases().isEmpty()) {
+            publicKeyAliases = managementPortalProperties.getOauth().getCheckingKeyAliases();
+        } else {
+            publicKeyAliases = Collections.singletonList(managementPortalProperties.getOauth()
+                    .getSigningKeyAlias());
+        }
         return new JwtAuthenticationFilter(new TokenValidator(
                 new LocalKeystoreConfig(managementPortalProperties.getOauth().getKeyStorePassword(),
-                        managementPortalProperties.getOauth().getCheckingKeyAliases())));
+                        publicKeyAliases)));
     }
 }
diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml
index 11ba5fe49..389202dcd 100644
--- a/src/main/resources/config/application.yml
+++ b/src/main/resources/config/application.yml
@@ -94,9 +94,6 @@ managementportal:
     oauth:
         keyStorePassword: radarbase
         signingKeyAlias: radarbase-managementportal-ec
-        checkingKeyAliases:
-            - radarbase-managementportal-ec
-            - radarbase-managementportal-rsa
 
 # ===================================================================
 # JHipster specific properties