Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
KEYCLOAK-7701 Refactor key providers to support additional algorithms
  • Loading branch information
stianst committed Jun 29, 2018
1 parent a5d155a commit 3c5027d
Show file tree
Hide file tree
Showing 53 changed files with 813 additions and 796 deletions.
27 changes: 12 additions & 15 deletions ...va/org/keycloak/keys/HmacKeyProvider.java → ...n/java/org/keycloak/crypto/Algorithm.java 100644 → 100755
Expand Up @@ -14,22 +14,19 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.crypto;


package org.keycloak.keys; public interface Algorithm {


import org.keycloak.jose.jws.AlgorithmType; String HS256 = "HS256";

String HS384 = "HS384";
/** String HS512 = "HS512";
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> String RS256 = "RS256";
*/ String RS384 = "RS384";
public interface HmacKeyProvider extends SecretKeyProvider { String RS512 = "RS512";

String ES256 = "ES256";
default AlgorithmType getType() { String ES384 = "ES384";
return AlgorithmType.HMAC; String ES512 = "ES512";
}

default String getJavaAlgorithmName() {
return "HmacSHA256";
}


String AES = "AES";
} }
42 changes: 42 additions & 0 deletions core/src/main/java/org/keycloak/crypto/JavaAlgorithm.java
@@ -0,0 +1,42 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.crypto;

public class JavaAlgorithm {

public static String getJavaAlgorithm(String algorithm) {
switch (algorithm) {
case Algorithm.RS256:
return "SHA256withRSA";
case Algorithm.RS384:
return "SHA384withRSA";
case Algorithm.RS512:
return "SHA512withRSA";
case Algorithm.HS256:
return "HMACSHA256";
case Algorithm.HS384:
return "HMACSHA384";
case Algorithm.HS512:
return "HMACSHA512";
case Algorithm.AES:
return "AES";
default:
throw new IllegalArgumentException("Unkown algorithm " + algorithm);
}
}

}
@@ -1,5 +1,5 @@
/* /*
* Copyright 2017 Red Hat, Inc. and/or its affiliates * Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags. * and other contributors as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
Expand All @@ -14,21 +14,26 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.crypto;


package org.keycloak.keys; public enum KeyStatus {


import org.keycloak.jose.jws.AlgorithmType; ACTIVE, PASSIVE, DISABLED;


/** public static KeyStatus from(boolean active, boolean enabled) {
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> if (!enabled) {
*/ return KeyStatus.DISABLED;
public interface AesKeyProvider extends SecretKeyProvider { } else {
return active ? KeyStatus.ACTIVE : KeyStatus.PASSIVE;
}
}


default AlgorithmType getType() { public boolean isActive() {
return AlgorithmType.AES; return this.equals(ACTIVE);
} }


default String getJavaAlgorithmName() { public boolean isEnabled() {
return "AES"; return this.equals(ACTIVE) || this.equals(PASSIVE);
} }

} }
Expand Up @@ -14,22 +14,12 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.crypto;


package org.keycloak.keys; public interface KeyType {


import org.keycloak.jose.jws.AlgorithmType; String EC = "EC";

String RSA = "RSA";
import java.util.Collections; String OCT = "OCT";
import java.util.Map;

/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public interface RsaKeyProviderFactory extends KeyProviderFactory {

@Override
default Map<String, Object> getTypeMetadata() {
return Collections.singletonMap("algorithmType", AlgorithmType.RSA);
}


} }
Expand Up @@ -14,22 +14,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.crypto;


package org.keycloak.keys; public enum KeyUse {


import org.keycloak.jose.jws.AlgorithmType; SIG,

ENC
import java.util.Collections;
import java.util.Map;

/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public interface HmacKeyProviderFactory extends KeyProviderFactory<HmacKeyProvider> {

@Override
default Map<String, Object> getTypeMetadata() {
return Collections.singletonMap("algorithmType", AlgorithmType.HMAC);
}


} }
135 changes: 135 additions & 0 deletions core/src/main/java/org/keycloak/crypto/KeyWrapper.java
@@ -0,0 +1,135 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.crypto;

import javax.crypto.SecretKey;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

public class KeyWrapper {

private String providerId;
private long providerPriority;
private String kid;
private Set<String> algorithms;
private String type;
private KeyUse use;
private KeyStatus status;
private SecretKey secretKey;
private Key signKey;
private Key verifyKey;
private X509Certificate certificate;

public String getProviderId() {
return providerId;
}

public void setProviderId(String providerId) {
this.providerId = providerId;
}

public long getProviderPriority() {
return providerPriority;
}

public void setProviderPriority(long providerPriority) {
this.providerPriority = providerPriority;
}

public String getKid() {
return kid;
}

public void setKid(String kid) {
this.kid = kid;
}

public Set<String> getAlgorithms() {
return algorithms;
}

public void setAlgorithms(String... algorithms) {
this.algorithms = new HashSet<>();
for (String a : algorithms) {
this.algorithms.add(a);
}
}

public void setAlgorithms(Set<String> algorithms) {
this.algorithms = algorithms;
}

public String getType() {
return type;
}

public void setType(String type) {
this.type = type;
}

public KeyUse getUse() {
return use;
}

public void setUse(KeyUse use) {
this.use = use;
}

public KeyStatus getStatus() {
return status;
}

public void setStatus(KeyStatus status) {
this.status = status;
}

public SecretKey getSecretKey() {
return secretKey;
}

public void setSecretKey(SecretKey secretKey) {
this.secretKey = secretKey;
}

public Key getSignKey() {
return signKey;
}

public void setSignKey(Key signKey) {
this.signKey = signKey;
}

public Key getVerifyKey() {
return verifyKey;
}

public void setVerifyKey(Key verifyKey) {
this.verifyKey = verifyKey;
}

public X509Certificate getCertificate() {
return certificate;
}

public void setCertificate(X509Certificate certificate) {
this.certificate = certificate;
}
}
Expand Up @@ -19,6 +19,7 @@


import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;


/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
Expand Down Expand Up @@ -54,6 +55,7 @@ public static class KeyMetadataRepresentation {
private String status; private String status;


private String type; private String type;
private Set<String> algorithms;


private String publicKey; private String publicKey;
private String certificate; private String certificate;
Expand Down Expand Up @@ -98,6 +100,14 @@ public void setType(String type) {
this.type = type; this.type = type;
} }


public Set<String> getAlgorithms() {
return algorithms;
}

public void setAlgorithms(Set<String> algorithms) {
this.algorithms = algorithms;
}

public String getPublicKey() { public String getPublicKey() {
return publicKey; return publicKey;
} }
Expand Down

This file was deleted.

0 comments on commit 3c5027d

Please sign in to comment.