null
if no active key is available.
- *
- * @return
- */
- String getKid();
-
- /**
- * Return metadata about all keypairs held by the provider
- * @return
- */
- Listnull
if no active key is available.
- *
- * @return
- */
- PrivateKey getPrivateKey();
-
- /**
- * Return the public key for the specified kid, or null
if the kid is unknown.
- *
- * @param kid
- * @return
- */
- PublicKey getPublicKey(String kid);
-
- /**
- * Return the certificate for the specified kid, or null
if the kid is unknown.
- *
- * @param kid
- * @return
- */
- X509Certificate getCertificate(String kid);
-
-}
diff --git a/server-spi-private/src/main/java/org/keycloak/keys/SecretKeyProvider.java b/server-spi-private/src/main/java/org/keycloak/keys/SecretKeyProvider.java
deleted file mode 100644
index a2b25a1c232f..000000000000
--- a/server-spi-private/src/main/java/org/keycloak/keys/SecretKeyProvider.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2017 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.keys;
-
-import javax.crypto.SecretKey;
-
-/**
- * Base for secret key providers (HMAC, AES)
- *
- * @author Marek Posolda
- */
-public interface SecretKeyProvider extends KeyProvidernull
if no active key is available.
- *
- * @return
- */
- SecretKey getSecretKey();
-
- /**
- * Return the secret key for the specified kid, or null
if the kid is unknown.
- *
- * @param kid
- * @return
- */
- SecretKey getSecretKey(String kid);
-
-
- /**
- * Return name of Java (JCA) algorithm of the key. For example: HmacSHA256
- * @return
- */
- String getJavaAlgorithmName();
-}
diff --git a/server-spi/src/main/java/org/keycloak/keys/KeyMetadata.java b/server-spi/src/main/java/org/keycloak/keys/KeyMetadata.java
index c9adebd80b5c..296a41324496 100644
--- a/server-spi/src/main/java/org/keycloak/keys/KeyMetadata.java
+++ b/server-spi/src/main/java/org/keycloak/keys/KeyMetadata.java
@@ -17,21 +17,19 @@
package org.keycloak.keys;
+import org.keycloak.crypto.KeyStatus;
+
/**
* @author Stian Thorgersen
*/
public abstract class KeyMetadata {
- public enum Status {
- ACTIVE, PASSIVE, DISABLED
- }
-
private String providerId;
private long providerPriority;
private String kid;
- private Status status;
+ private KeyStatus status;
public String getProviderId() {
return providerId;
@@ -57,11 +55,11 @@ public void setKid(String kid) {
this.kid = kid;
}
- public Status getStatus() {
+ public KeyStatus getStatus() {
return status;
}
- public void setStatus(Status status) {
+ public void setStatus(KeyStatus status) {
this.status = status;
}
diff --git a/server-spi/src/main/java/org/keycloak/models/KeyManager.java b/server-spi/src/main/java/org/keycloak/models/KeyManager.java
index bc47dcbb4923..f7a9b407e74f 100644
--- a/server-spi/src/main/java/org/keycloak/models/KeyManager.java
+++ b/server-spi/src/main/java/org/keycloak/models/KeyManager.java
@@ -17,6 +17,8 @@
package org.keycloak.models;
+import org.keycloak.crypto.KeyUse;
+import org.keycloak.crypto.KeyWrapper;
import org.keycloak.keys.SecretKeyMetadata;
import org.keycloak.keys.RsaKeyMetadata;
@@ -32,25 +34,43 @@
*/
public interface KeyManager {
+ KeyWrapper getActiveKey(RealmModel realm, KeyUse use, String algorithm);
+
+ KeyWrapper getKey(RealmModel realm, String kid, KeyUse use, String algorithm);
+
+ List
+
+
+
+
+
+
+
+
+
+
+ |
+ ||||||||
---|---|---|---|---|---|---|---|---|
{{:: 'algorithms' | translate}} | +{{:: 'type' | translate}} | +{{:: 'kid' | translate}} | +{{:: 'priority' | translate}} | +{{:: 'provider' | translate}} | +{{:: 'publicKeys' | translate}} | +|||
{{key.algorithm.sort().join(', ')}} | +{{key.type}} | +{{key.kid}} | +{{key.providerPriority}} | +{{key.provider.name}} | + +{{:: 'publicKey' | translate}} | +{{:: 'certificate' | translate}} | + ++ |
+
+
+
+
+
+
+
+
+
+
+ |
+ ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
{{:: 'algorithms' | translate}} | {{:: 'type' | translate}} | -{{:: 'status' | translate}} | {{:: 'kid' | translate}} | {{:: 'priority' | translate}} | {{:: 'provider' | translate}} | @@ -36,9 +51,9 @@|||||||||||||||||||||||||||||||||||||||||||||||||||
{{key.algorithm.sort().join(', ')}} | {{key.type}} | -{{key.status}} | {{key.kid}} | {{key.providerPriority}} | {{key.provider.name}} | diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html index fceea49b791b..c303a38bc298 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys-providers.html @@ -20,16 +20,26 @@
-
-
+
+ |
+
+
+
+
+
+
+
+
+
+ {{:: 'type' | translate}} |
{{:: 'name' | translate}} |
- {{:: 'id' | translate}} |
{{:: 'provider' | translate}} |
+ {{:: 'providerHelpText' | translate}} |
{{:: 'priority' | translate}} |
{{:: 'actions' | translate}} |
| |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
{{instance.provider.metadata.algorithmType}} | -{{instance.name}} | -{{instance.id}} | +|||||||||||||||||||||||
{{instance.name}} | {{instance.providerId}} | +{{instance.provider.helpText}} | {{instance.config['priority'][0]}} | {{:: 'edit' | translate}} | {{:: 'delete' | translate}} | diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html index 81215d063c5a..2bc75a8a5cce 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html @@ -1,25 +1,61 @@ + +
+
+
+
+
+
+
+
+
+
+
+ |
+ ||||||
---|---|---|---|---|---|---|
{{:: 'algorithms' | translate}} | {{:: 'type' | translate}} | {{:: 'kid' | translate}} | +{{:: 'priority' | translate}} | {{:: 'provider' | translate}} | {{:: 'publicKeys' | translate}} | |
{{key.algorithm.sort().join(', ')}} | {{key.type}} | {{key.kid}} | +{{key.providerPriority}} | {{key.provider.name}} | {{:: 'publicKey' | translate}} |