diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java index ae9a8a2c1..7a369403f 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java @@ -17,7 +17,8 @@ import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMappi @Component public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping { - private String url; + private String jwkPublishUrl; + private String x509PublishUrl; /* (non-Javadoc) * @see org.springframework.web.servlet.handler.AbstractHandlerMethodMapping#isHandler(java.lang.Class) @@ -28,14 +29,24 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping } /** - * Map the "jwkKeyPublish" method to our given URL + * Map the "jwkKeyPublish" method to our jwkPublishUrl. + * Map the "x509KeyPublish" method to our x509PublishUrl. */ @Override protected RequestMappingInfo getMappingForMethod(Method method, Class handlerType) { - if (method.getName().equals("publishClientJwk")) { + if (method.getName().equals("publishClientJwk") && getJwkPublishUrl() != null) { return new RequestMappingInfo( - new PatternsRequestCondition(new String[] {url}, getUrlPathHelper(), getPathMatcher(), false, false), + new PatternsRequestCondition(new String[] {getJwkPublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false), + null, + null, + null, + null, + null, + null); + } else if (method.getName().equals("publishClientx509") && getX509PublishUrl() != null) { + return new RequestMappingInfo( + new PatternsRequestCondition(new String[] {getX509PublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false), null, null, null, @@ -49,18 +60,31 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping } /** - * @return the url + * @return the jwkPublishUrl */ - public String getUrl() { - return url; + public String getJwkPublishUrl() { + return jwkPublishUrl; } /** - * @param url the url to set + * @param jwkPublishUrl the jwkPublishUrl to set */ - public void setUrl(String url) { - this.url = url; + public void setJwkPublishUrl(String jwkPublishUrl) { + this.jwkPublishUrl = jwkPublishUrl; + } + + /** + * @return the x509PublishUrl + */ + public String getX509PublishUrl() { + return x509PublishUrl; + } + + /** + * @param x509PublishUrl the x509PublishUrl to set + */ + public void setX509PublishUrl(String x509PublishUrl) { + this.x509PublishUrl = x509PublishUrl; } - } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java index 8d404084a..320f12cd9 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java @@ -38,8 +38,11 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im private String jwkPublishUrl; + private String x509PublishUrl; + private BeanDefinitionRegistry registry; + protected OIDCSignedRequestFilter() { super(); @@ -258,7 +261,21 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im } /** - * Return a view to publish all keys in JWK format + * @return the x509PublishUrl + */ + public String getX509PublishUrl() { + return x509PublishUrl; + } + + /** + * @param x509PublishUrl the x509PublishUrl to set + */ + public void setX509PublishUrl(String x509PublishUrl) { + this.x509PublishUrl = x509PublishUrl; + } + + /** + * Return a view to publish all keys in JWK format. Only used if jwkPublishUrl is set. * @return */ public ModelAndView publishClientJwk() { @@ -270,13 +287,26 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im return new ModelAndView("jwkKeyList", "signers", signers); } - + + /** + * Return a view to publish all keys in x509 format. Only used if x509publishUrl is set. + * @return + */ + public ModelAndView publishClientx509() { + // map from key id to signer + Map signers = signingAndValidationService.getAllSigners(); + + // TODO: check if keys are empty, return a 404 here or just an empty list? + + return new ModelAndView("x509certs", "signers", signers); + } + /** - * If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys. + * If either the jwkPublishUrl or x509PublishUrl fields are set on this bean, set up a listener on that URL to publish keys. */ @Override public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { - if (!Strings.isNullOrEmpty(jwkPublishUrl)) { + if (!Strings.isNullOrEmpty(jwkPublishUrl) || !Strings.isNullOrEmpty(getX509PublishUrl())) { // standard endpoint /* @@ -287,7 +317,12 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im // add a mapping to this class BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class); - clientKeyMapping.addPropertyValue("url", jwkPublishUrl); + if (!Strings.isNullOrEmpty(jwkPublishUrl)) { + clientKeyMapping.addPropertyValue("jwkPublishUrl", jwkPublishUrl); + } + if (!Strings.isNullOrEmpty(getX509PublishUrl())) { + clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl()); + } registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition()); // add views for JWK and x509 formats