added x509 support
Justin Richer
parent
2d24435365
commit
d11005fc5f
|
|
@ -17,7 +17,8 @@ import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMappi
|
|||
@Component
|
||||
public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping {
|
||||
|
||||
private String url;
|
||||
private String jwkPublishUrl;
|
||||
private String x509PublishUrl;
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.web.servlet.handler.AbstractHandlerMethodMapping#isHandler(java.lang.Class)
|
||||
|
|
@ -28,14 +29,24 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping
|
|||
}
|
||||
|
||||
/**
|
||||
* Map the "jwkKeyPublish" method to our given URL
|
||||
* Map the "jwkKeyPublish" method to our jwkPublishUrl.
|
||||
* Map the "x509KeyPublish" method to our x509PublishUrl.
|
||||
*/
|
||||
@Override
|
||||
protected RequestMappingInfo getMappingForMethod(Method method, Class<?> handlerType) {
|
||||
|
||||
if (method.getName().equals("publishClientJwk")) {
|
||||
if (method.getName().equals("publishClientJwk") && getJwkPublishUrl() != null) {
|
||||
return new RequestMappingInfo(
|
||||
new PatternsRequestCondition(new String[] {url}, getUrlPathHelper(), getPathMatcher(), false, false),
|
||||
new PatternsRequestCondition(new String[] {getJwkPublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false),
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null);
|
||||
} else if (method.getName().equals("publishClientx509") && getX509PublishUrl() != null) {
|
||||
return new RequestMappingInfo(
|
||||
new PatternsRequestCondition(new String[] {getX509PublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false),
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
|
|
@ -49,18 +60,31 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping
|
|||
}
|
||||
|
||||
/**
|
||||
* @return the url
|
||||
* @return the jwkPublishUrl
|
||||
*/
|
||||
public String getUrl() {
|
||||
return url;
|
||||
public String getJwkPublishUrl() {
|
||||
return jwkPublishUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param url the url to set
|
||||
* @param jwkPublishUrl the jwkPublishUrl to set
|
||||
*/
|
||||
public void setUrl(String url) {
|
||||
this.url = url;
|
||||
public void setJwkPublishUrl(String jwkPublishUrl) {
|
||||
this.jwkPublishUrl = jwkPublishUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the x509PublishUrl
|
||||
*/
|
||||
public String getX509PublishUrl() {
|
||||
return x509PublishUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param x509PublishUrl the x509PublishUrl to set
|
||||
*/
|
||||
public void setX509PublishUrl(String x509PublishUrl) {
|
||||
this.x509PublishUrl = x509PublishUrl;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,8 +38,11 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
|
|||
|
||||
private String jwkPublishUrl;
|
||||
|
||||
private String x509PublishUrl;
|
||||
|
||||
private BeanDefinitionRegistry registry;
|
||||
|
||||
|
||||
protected OIDCSignedRequestFilter() {
|
||||
super();
|
||||
|
||||
|
|
@ -258,7 +261,21 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
|
|||
}
|
||||
|
||||
/**
|
||||
* Return a view to publish all keys in JWK format
|
||||
* @return the x509PublishUrl
|
||||
*/
|
||||
public String getX509PublishUrl() {
|
||||
return x509PublishUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param x509PublishUrl the x509PublishUrl to set
|
||||
*/
|
||||
public void setX509PublishUrl(String x509PublishUrl) {
|
||||
this.x509PublishUrl = x509PublishUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a view to publish all keys in JWK format. Only used if jwkPublishUrl is set.
|
||||
* @return
|
||||
*/
|
||||
public ModelAndView publishClientJwk() {
|
||||
|
|
@ -272,11 +289,24 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
|
|||
}
|
||||
|
||||
/**
|
||||
* If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
|
||||
* Return a view to publish all keys in x509 format. Only used if x509publishUrl is set.
|
||||
* @return
|
||||
*/
|
||||
public ModelAndView publishClientx509() {
|
||||
// map from key id to signer
|
||||
Map<String, JwtSigner> signers = signingAndValidationService.getAllSigners();
|
||||
|
||||
// TODO: check if keys are empty, return a 404 here or just an empty list?
|
||||
|
||||
return new ModelAndView("x509certs", "signers", signers);
|
||||
}
|
||||
|
||||
/**
|
||||
* If either the jwkPublishUrl or x509PublishUrl fields are set on this bean, set up a listener on that URL to publish keys.
|
||||
*/
|
||||
@Override
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
|
||||
if (!Strings.isNullOrEmpty(jwkPublishUrl) || !Strings.isNullOrEmpty(getX509PublishUrl())) {
|
||||
|
||||
// standard endpoint
|
||||
/*
|
||||
|
|
@ -287,7 +317,12 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
|
|||
|
||||
// add a mapping to this class
|
||||
BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class);
|
||||
clientKeyMapping.addPropertyValue("url", jwkPublishUrl);
|
||||
if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
|
||||
clientKeyMapping.addPropertyValue("jwkPublishUrl", jwkPublishUrl);
|
||||
}
|
||||
if (!Strings.isNullOrEmpty(getX509PublishUrl())) {
|
||||
clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl());
|
||||
}
|
||||
registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
|
||||
|
||||
// add views for JWK and x509 formats
|
||||
|
|
|
|||
Loading…
Reference in New Issue