enforced https for jwks and token endpoints from oidc config

Author: hhund

dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/client/oidc/OidcClientJersey.java

@@ -144,7 +144,12 @@ public DecodedJWT getAccessTokenDecoded(OidcConfiguration configuration, Jwks jw
 					"OIDC provider does not support Client Credentials Grant, supported grant types: "
 							+ configuration.grantTypesSupported());
 
-		Response response = client.target(configuration.tokenEndpoint()).request(MediaType.APPLICATION_JSON_TYPE)
+		String tokenEndpoint = configuration.tokenEndpoint();
+		if (tokenEndpoint == null || !tokenEndpoint.startsWith("https://"))
+			throw new OidcClientException(
+					"Token endpoint URL from OIDC configuration resource is null or does not start with 'https://'");
+
+		Response response = client.target(tokenEndpoint).request(MediaType.APPLICATION_JSON_TYPE)
 				.header(HttpHeaders.AUTHORIZATION,
 						"Basic " + Base64.getEncoder()
 								.encodeToString(new StringBuilder().append(clientId).append(':').append(clientSecret)

dsf-common/dsf-common-oidc/src/main/java/dev/dsf/common/oidc/BaseOidcClientJersey.java

@@ -167,7 +167,12 @@ public Jwks getJwks(OidcConfiguration configuration) throws OidcClientException
 	{
 		Objects.requireNonNull(configuration, "configuration");
 
-		Response response = client.target(configuration.jwksUri()).request(MediaType.APPLICATION_JSON_TYPE).get();
+		String jwksUri = configuration.jwksUri();
+		if (jwksUri == null || !jwksUri.startsWith("https://"))
+			throw new OidcClientException(
+					"JWKS URL from OIDC configuration resource is null or does not start with 'https://'");
+
+		Response response = client.target(jwksUri).request(MediaType.APPLICATION_JSON_TYPE).get();
 
 		if (response.getStatus() == Status.OK.getStatusCode())
 		{