added x509 support

openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java

@@ -17,7 +17,8 @@ import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMappi
 @Component
 public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping {
 
-	private String url;
+	private String jwkPublishUrl;
+	private String x509PublishUrl;
 	
 	/* (non-Javadoc)
      * @see org.springframework.web.servlet.handler.AbstractHandlerMethodMapping#isHandler(java.lang.Class)
@@ -28,14 +29,24 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping
     }
 
 	/**
-	 * Map the "jwkKeyPublish" method to our given URL
+	 * Map the "jwkKeyPublish" method to our jwkPublishUrl.
+	 * Map the "x509KeyPublish" method to our x509PublishUrl.
      */
     @Override
     protected RequestMappingInfo getMappingForMethod(Method method, Class<?> handlerType) {
     	
-    	if (method.getName().equals("publishClientJwk")) {
+    	if (method.getName().equals("publishClientJwk") && getJwkPublishUrl() != null) {
     		return new RequestMappingInfo(
-    				new PatternsRequestCondition(new String[] {url}, getUrlPathHelper(), getPathMatcher(), false, false),
+    				new PatternsRequestCondition(new String[] {getJwkPublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false),
+    				null,
+    				null,
+    				null,
+    				null,
+    				null, 
+    				null);
+    	} else if (method.getName().equals("publishClientx509") && getX509PublishUrl() != null) {
+    		return new RequestMappingInfo(
+    				new PatternsRequestCondition(new String[] {getX509PublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false),
     				null,
     				null,
     				null,
@@ -49,18 +60,31 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping
     }
 
 	/**
-     * @return the url
+     * @return the jwkPublishUrl
      */
-    public String getUrl() {
+    public String getJwkPublishUrl() {
-    	return url;
+	    return jwkPublishUrl;
     }
 
 	/**
-     * @param url the url to set
+     * @param jwkPublishUrl the jwkPublishUrl to set
      */
-    public void setUrl(String url) {
+    public void setJwkPublishUrl(String jwkPublishUrl) {
-    	this.url = url;
+	    this.jwkPublishUrl = jwkPublishUrl;
+    }
+
+	/**
+     * @return the x509PublishUrl
+     */
+    public String getX509PublishUrl() {
+	    return x509PublishUrl;
+    }
+
+	/**
+     * @param x509PublishUrl the x509PublishUrl to set
+     */
+    public void setX509PublishUrl(String x509PublishUrl) {
+	    this.x509PublishUrl = x509PublishUrl;
     }
 
-	
 }

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java

@@ -38,8 +38,11 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
 
 	private String jwkPublishUrl;
 
+	private String x509PublishUrl;
+
 	private BeanDefinitionRegistry registry;
 
+
 	protected OIDCSignedRequestFilter() {
 		super();
 
@@ -258,7 +261,21 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
     }
 
     /**
-     * Return a view to publish all keys in JWK format
+     * @return the x509PublishUrl
+     */
+    public String getX509PublishUrl() {
+	    return x509PublishUrl;
+    }
+
+	/**
+     * @param x509PublishUrl the x509PublishUrl to set
+     */
+    public void setX509PublishUrl(String x509PublishUrl) {
+	    this.x509PublishUrl = x509PublishUrl;
+    }
+
+	/**
+     * Return a view to publish all keys in JWK format. Only used if jwkPublishUrl is set.
      * @return
      */
 	public ModelAndView publishClientJwk() {
@@ -270,13 +287,26 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
 		
 		return new ModelAndView("jwkKeyList", "signers", signers);
 	}
-    
+
 	/**
-	 * If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
+	 * Return a view to publish all keys in x509 format. Only used if x509publishUrl is set.
+	 * @return
+	 */
+	public ModelAndView publishClientx509() {
+		// map from key id to signer
+		Map<String, JwtSigner> signers = signingAndValidationService.getAllSigners();
+		
+		// TODO: check if keys are empty, return a 404 here or just an empty list?
+		
+		return new ModelAndView("x509certs", "signers", signers);
+	}
+	
+	/**
+	 * If either the jwkPublishUrl or x509PublishUrl fields are set on this bean, set up a listener on that URL to publish keys.
      */
     @Override
     public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-		if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
+		if (!Strings.isNullOrEmpty(jwkPublishUrl) || !Strings.isNullOrEmpty(getX509PublishUrl())) {
 
 			// standard endpoint
 			/*
@@ -287,7 +317,12 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
 			
 			// add a mapping to this class
 			BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class);
-			clientKeyMapping.addPropertyValue("url", jwkPublishUrl);
+			if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
+				clientKeyMapping.addPropertyValue("jwkPublishUrl", jwkPublishUrl);
+			}
+			if (!Strings.isNullOrEmpty(getX509PublishUrl())) {
+				clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl());
+			}
 			registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
 			
 			// add views for JWK and x509 formats