KEYCLOAK-7701 Refactor key providers to support additional algorithms

server-spi-private/src/main/java/org/keycloak/keys/HmacKeyProvider.java → core/src/main/java/org/keycloak/crypto/Algorithm.java

@@ -14,22 +14,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+package org.keycloak.crypto;
 
-package org.keycloak.keys;
+public interface Algorithm {
 
-import org.keycloak.jose.jws.AlgorithmType;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public interface HmacKeyProvider extends SecretKeyProvider {
-
-    default AlgorithmType getType() {
-        return AlgorithmType.HMAC;
-    }
-
-    default String getJavaAlgorithmName() {
-        return "HmacSHA256";
-    }
+    String HS256 = "HS256";
+    String HS384 = "HS384";
+    String HS512 = "HS512";
+    String RS256 = "RS256";
+    String RS384 = "RS384";
+    String RS512 = "RS512";
+    String ES256 = "ES256";
+    String ES384 = "ES384";
+    String ES512 = "ES512";
 
+    String AES = "AES";
 }

core/src/main/java/org/keycloak/crypto/JavaAlgorithm.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.crypto;
+
+public class JavaAlgorithm {
+
+    public static String getJavaAlgorithm(String algorithm) {
+        switch (algorithm) {
+            case Algorithm.RS256:
+                return "SHA256withRSA";
+            case Algorithm.RS384:
+                return "SHA384withRSA";
+            case Algorithm.RS512:
+                return "SHA512withRSA";
+            case Algorithm.HS256:
+                return "HMACSHA256";
+            case Algorithm.HS384:
+                return "HMACSHA384";
+            case Algorithm.HS512:
+                return "HMACSHA512";
+            case Algorithm.AES:
+                return "AES";
+            default:
+                throw new IllegalArgumentException("Unkown algorithm " + algorithm);
+        }
+    }
+
+}

server-spi-private/src/main/java/org/keycloak/keys/AesKeyProvider.java → core/src/main/java/org/keycloak/crypto/KeyStatus.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
  * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,21 +14,26 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+package org.keycloak.crypto;
 
-package org.keycloak.keys;
+public enum KeyStatus {
 
-import org.keycloak.jose.jws.AlgorithmType;
+    ACTIVE, PASSIVE, DISABLED;
 
-/**
- * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
- */
-public interface AesKeyProvider extends SecretKeyProvider {
+    public static KeyStatus from(boolean active, boolean enabled) {
+        if (!enabled) {
+            return KeyStatus.DISABLED;
+        } else {
+            return active ? KeyStatus.ACTIVE : KeyStatus.PASSIVE;
+        }
+    }
 
-    default AlgorithmType getType() {
-        return AlgorithmType.AES;
+    public boolean isActive() {
+        return this.equals(ACTIVE);
     }
 
-    default String getJavaAlgorithmName() {
-        return "AES";
+    public boolean isEnabled() {
+        return this.equals(ACTIVE) || this.equals(PASSIVE);
     }
+
 }

server-spi-private/src/main/java/org/keycloak/keys/RsaKeyProviderFactory.java → core/src/main/java/org/keycloak/crypto/KeyType.java

@@ -14,22 +14,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+package org.keycloak.crypto;
 
-package org.keycloak.keys;
+public interface KeyType {
 
-import org.keycloak.jose.jws.AlgorithmType;
-
-import java.util.Collections;
-import java.util.Map;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public interface RsaKeyProviderFactory extends KeyProviderFactory {
-
-    @Override
-    default Map<String, Object> getTypeMetadata() {
-        return Collections.singletonMap("algorithmType", AlgorithmType.RSA);
-    }
+    String EC = "EC";
+    String RSA = "RSA";
+    String OCT = "OCT";
 
 }

server-spi-private/src/main/java/org/keycloak/keys/HmacKeyProviderFactory.java → core/src/main/java/org/keycloak/crypto/KeyUse.java

@@ -14,22 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+package org.keycloak.crypto;
 
-package org.keycloak.keys;
+public enum KeyUse {
 
-import org.keycloak.jose.jws.AlgorithmType;
-
-import java.util.Collections;
-import java.util.Map;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public interface HmacKeyProviderFactory extends KeyProviderFactory<HmacKeyProvider> {
-
-    @Override
-    default Map<String, Object> getTypeMetadata() {
-        return Collections.singletonMap("algorithmType", AlgorithmType.HMAC);
-    }
+    SIG,
+    ENC
 
 }

core/src/main/java/org/keycloak/crypto/KeyWrapper.java

@@ -0,0 +1,135 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.crypto;
+
+import javax.crypto.SecretKey;
+import java.security.Key;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+public class KeyWrapper {
+
+    private String providerId;
+    private long providerPriority;
+    private String kid;
+    private Set<String> algorithms;
+    private String type;
+    private KeyUse use;
+    private KeyStatus status;
+    private SecretKey secretKey;
+    private Key signKey;
+    private Key verifyKey;
+    private X509Certificate certificate;
+
+    public String getProviderId() {
+        return providerId;
+    }
+
+    public void setProviderId(String providerId) {
+        this.providerId = providerId;
+    }
+
+    public long getProviderPriority() {
+        return providerPriority;
+    }
+
+    public void setProviderPriority(long providerPriority) {
+        this.providerPriority = providerPriority;
+    }
+
+    public String getKid() {
+        return kid;
+    }
+
+    public void setKid(String kid) {
+        this.kid = kid;
+    }
+
+    public Set<String> getAlgorithms() {
+        return algorithms;
+    }
+
+    public void setAlgorithms(String... algorithms) {
+        this.algorithms = new HashSet<>();
+        for (String a : algorithms) {
+            this.algorithms.add(a);
+        }
+    }
+
+    public void setAlgorithms(Set<String> algorithms) {
+        this.algorithms = algorithms;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public KeyUse getUse() {
+        return use;
+    }
+
+    public void setUse(KeyUse use) {
+        this.use = use;
+    }
+
+    public KeyStatus getStatus() {
+        return status;
+    }
+
+    public void setStatus(KeyStatus status) {
+        this.status = status;
+    }
+
+    public SecretKey getSecretKey() {
+        return secretKey;
+    }
+
+    public void setSecretKey(SecretKey secretKey) {
+        this.secretKey = secretKey;
+    }
+
+    public Key getSignKey() {
+        return signKey;
+    }
+
+    public void setSignKey(Key signKey) {
+        this.signKey = signKey;
+    }
+
+    public Key getVerifyKey() {
+        return verifyKey;
+    }
+
+    public void setVerifyKey(Key verifyKey) {
+        this.verifyKey = verifyKey;
+    }
+
+    public X509Certificate getCertificate() {
+        return certificate;
+    }
+
+    public void setCertificate(X509Certificate certificate) {
+        this.certificate = certificate;
+    }
+}

core/src/main/java/org/keycloak/representations/idm/KeysMetadataRepresentation.java

@@ -19,6 +19,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -54,6 +55,7 @@ public static class KeyMetadataRepresentation {
         private String status;
 
         private String type;
+        private Set<String> algorithms;
 
         private String publicKey;
         private String certificate;
@@ -98,6 +100,14 @@ public void setType(String type) {
             this.type = type;
         }
 
+        public Set<String> getAlgorithms() {
+            return algorithms;
+        }
+
+        public void setAlgorithms(Set<String> algorithms) {
+            this.algorithms = algorithms;
+        }
+
         public String getPublicKey() {
             return publicKey;
         }