added x509 support

12 years ago · d11005fc5f
parent 2d24435365
commit d11005fc5f
2 changed files with 75 additions and 16 deletions
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/ClientKeyPublisherMapping.java
@ -17,7 +17,8 @@ import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMappi
@Component
 public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping {

-	private String url;
+	private String jwkPublishUrl;
+	private String x509PublishUrl;
 	
 	/* (non-Javadoc)
     * @see org.springframework.web.servlet.handler.AbstractHandlerMethodMapping#isHandler(java.lang.Class)
@ -28,14 +29,24 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping
    }

 	/**
-	 * Map the "jwkKeyPublish" method to our given URL
+	 * Map the "jwkKeyPublish" method to our jwkPublishUrl.
+	 * Map the "x509KeyPublish" method to our x509PublishUrl.
     */
    @Override
    protected RequestMappingInfo getMappingForMethod(Method method, Class<?> handlerType) {
    	
-    	if (method.getName().equals("publishClientJwk")) {
+    	if (method.getName().equals("publishClientJwk") && getJwkPublishUrl() != null) {
    		return new RequestMappingInfo(
-    				new PatternsRequestCondition(new String[] {url}, getUrlPathHelper(), getPathMatcher(), false, false),
+    				new PatternsRequestCondition(new String[] {getJwkPublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false),
+    				null,
+    				null,
+    				null,
+    				null,
+    				null, 
+    				null);
+    	} else if (method.getName().equals("publishClientx509") && getX509PublishUrl() != null) {
+    		return new RequestMappingInfo(
+    				new PatternsRequestCondition(new String[] {getX509PublishUrl()}, getUrlPathHelper(), getPathMatcher(), false, false),
    				null,
    				null,
    				null,
@ -49,18 +60,31 @@ public class ClientKeyPublisherMapping extends RequestMappingInfoHandlerMapping
    }

 	/**
-     * @return the url
+     * @return the jwkPublishUrl
     */
-    public String getUrl() {
-    	return url;
+    public String getJwkPublishUrl() {
+	    return jwkPublishUrl;
    }

 	/**
-     * @param url the url to set
+     * @param jwkPublishUrl the jwkPublishUrl to set
     */
-    public void setUrl(String url) {
-    	this.url = url;
+    public void setJwkPublishUrl(String jwkPublishUrl) {
+	    this.jwkPublishUrl = jwkPublishUrl;
    }

+	/**
+     * @return the x509PublishUrl
+     */
+    public String getX509PublishUrl() {
+	    return x509PublishUrl;
+    }
+
+	/**
+     * @param x509PublishUrl the x509PublishUrl to set
+     */
+    public void setX509PublishUrl(String x509PublishUrl) {
+	    this.x509PublishUrl = x509PublishUrl;
+    }

 }
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
@ -38,8 +38,11 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im

 	private String jwkPublishUrl;

+	private String x509PublishUrl;
+
 	private BeanDefinitionRegistry registry;

+
 	protected OIDCSignedRequestFilter() {
 		super();

@ -258,7 +261,21 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
    }

    /**
-     * Return a view to publish all keys in JWK format
+     * @return the x509PublishUrl
+     */
+    public String getX509PublishUrl() {
+	    return x509PublishUrl;
+    }
+
+	/**
+     * @param x509PublishUrl the x509PublishUrl to set
+     */
+    public void setX509PublishUrl(String x509PublishUrl) {
+	    this.x509PublishUrl = x509PublishUrl;
+    }
+
+	/**
+     * Return a view to publish all keys in JWK format. Only used if jwkPublishUrl is set.
     * @return
     */
 	public ModelAndView publishClientJwk() {
@ -272,11 +289,24 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
 	}

 	/**
-	 * If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
+	 * Return a view to publish all keys in x509 format. Only used if x509publishUrl is set.
+	 * @return
+	 */
+	public ModelAndView publishClientx509() {
+		// map from key id to signer
+		Map<String, JwtSigner> signers = signingAndValidationService.getAllSigners();
+		
+		// TODO: check if keys are empty, return a 404 here or just an empty list?
+		
+		return new ModelAndView("x509certs", "signers", signers);
+	}
+	
+	/**
+	 * If either the jwkPublishUrl or x509PublishUrl fields are set on this bean, set up a listener on that URL to publish keys.
     */
    @Override
    public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-		if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
+		if (!Strings.isNullOrEmpty(jwkPublishUrl) || !Strings.isNullOrEmpty(getX509PublishUrl())) {

 			// standard endpoint
 			/*
@ -287,7 +317,12 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
 			
 			// add a mapping to this class
 			BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class);
-			clientKeyMapping.addPropertyValue("url", jwkPublishUrl);
+			if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
+				clientKeyMapping.addPropertyValue("jwkPublishUrl", jwkPublishUrl);
+			}
+			if (!Strings.isNullOrEmpty(getX509PublishUrl())) {
+				clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl());
+			}
 			registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
 			
 			// add views for JWK and x509 formats