Issue #4138 - Changes from review

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

jetty-openid/src/main/config/etc/jetty-openid.xml

@@ -5,8 +5,7 @@
   <New id="HttpClient" class="org.eclipse.jetty.client.HttpClient">
     <Arg>
       <New class="org.eclipse.jetty.util.ssl.SslContextFactory$Client">
-        <Set name="trustAll" type="boolean">false</Set>
-        <Set name="endpointIdentificationAlgorithm">https</Set>
+        <Set name="trustAll" type="boolean"><Property name="jetty.openid.sslContextFactory.trustAll" default="false"/></Set>
       </New>
     </Arg>
     <Set name="executor"><Ref refid="ThreadPool"/></Set>

jetty-openid/src/main/config/modules/openid.mod

@@ -38,4 +38,7 @@ etc/jetty-openid.xml
 # jetty.openid.scopes=email,profile
 
 ## Whether to Authenticate users not found by base LoginService
-# jetty.openid.authenticateNewUsers=false
+# jetty.openid.authenticateNewUsers=false
+
+## True if all certificates should be trusted by the default SslContextFactory
+# jetty.openid.sslContextFactory.trustAll=false

jetty-openid/src/main/config/modules/openid/openid-baseloginservice.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
-<Configure id="BaseLoginService">
+<Configure>
   <!-- Optional code to configure the base LoginService used by the OpenIdLoginService
   <New id="BaseLoginService" class="org.eclipse.jetty.security.HashLoginService">
     <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>

jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdConfiguration.java

@@ -18,7 +18,6 @@
 
 package org.eclipse.jetty.security.openid;
 
-import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -39,10 +38,9 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
  * This uses the OpenID Provider URL with the path {@link #CONFIG_PATH} to discover
  * the required information about the OIDC service.
  */
-public class OpenIdConfiguration extends ContainerLifeCycle implements Serializable
+public class OpenIdConfiguration extends ContainerLifeCycle
 {
     private static final Logger LOG = Log.getLogger(OpenIdConfiguration.class);
-    private static final long serialVersionUID = 2227941990601349102L;
     private static final String CONFIG_PATH = "/.well-known/openid-configuration";
 
     private final HttpClient httpClient;
@@ -61,7 +59,7 @@ public class OpenIdConfiguration extends ContainerLifeCycle implements Serializa
      */
     public OpenIdConfiguration(String provider, String clientId, String clientSecret)
     {
-        this(provider, null, null, clientId, clientSecret, newHttpClient());
+        this(provider, null, null, clientId, clientSecret, null);
     }
 
     /**
@@ -81,7 +79,7 @@ public class OpenIdConfiguration extends ContainerLifeCycle implements Serializa
         this.clientSecret = clientSecret;
         this.authEndpoint = authorizationEndpoint;
         this.tokenEndpoint = tokenEndpoint;
-        this.httpClient = httpClient;
+        this.httpClient = httpClient != null ? httpClient : newHttpClient();
 
         if (this.issuer == null)
             throw new IllegalArgumentException("Issuer was not configured");
@@ -114,7 +112,6 @@ public class OpenIdConfiguration extends ContainerLifeCycle implements Serializa
     private static HttpClient newHttpClient()
     {
         SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(false);
-        sslContextFactory.setEndpointIdentificationAlgorithm("https");
         return new HttpClient(sslContextFactory);
     }