Examples with HttpClientAdapterException - org.keycloak.adapters.cloned.HttpClientAdapterException

Example 1 with HttpClientAdapterException

use of org.keycloak.adapters.cloned.HttpClientAdapterException in project keycloak by keycloak.

the class SamlDescriptorPublicKeyLocator method refreshCertificateCacheAndGet.

private synchronized PublicKey refreshCertificateCacheAndGet(String kid) {
    if (this.descriptorUrl == null) {
        return null;
    }
    this.lastRequestTime = Time.currentTime();
    LOG.debugf("Refreshing public key cache from %s", this.descriptorUrl);
    List<KeyInfo> signingCerts;
    try {
        MultivaluedHashMap<String, KeyInfo> certs = HttpAdapterUtils.downloadKeysFromSamlDescriptor(client, this.descriptorUrl);
        signingCerts = certs.get(KeyTypes.SIGNING.value());
    } catch (HttpClientAdapterException ex) {
        LOG.error("Could not refresh certificates from the server", ex);
        return null;
    }
    if (signingCerts == null) {
        return null;
    }
    LOG.debugf("Certificates retrieved from server, filling public key cache");
    // Only clear cache after it is certain that the SAML descriptor has been read successfully
    this.publicKeyCache.clear();
    for (KeyInfo ki : signingCerts) {
        KeyName keyName = KeyInfoTools.getKeyName(ki);
        X509Certificate x509certificate = KeyInfoTools.getX509Certificate(ki);
        if (x509certificate == null) {
            continue;
        }
        try {
            x509certificate.checkValidity();
        } catch (CertificateException ex) {
            continue;
        }
        if (keyName != null) {
            LOG.tracef("Registering signing certificate %s", keyName.getName());
            this.publicKeyCache.put(keyName.getName(), x509certificate.getPublicKey());
        } else {
            final X500Principal principal = x509certificate.getSubjectX500Principal();
            String name = (principal == null ? "unnamed" : principal.getName()) + "@" + x509certificate.getSerialNumber() + "$" + UUID.randomUUID();
            this.publicKeyCache.put(name, x509certificate.getPublicKey());
            LOG.tracef("Adding certificate %s without a specific key name: %s", name, x509certificate);
        }
    }
    return (kid == null ? null : this.publicKeyCache.get(kid));
}

Also used : KeyName(javax.xml.crypto.dsig.keyinfo.KeyName) KeyInfo(javax.xml.crypto.dsig.keyinfo.KeyInfo) X500Principal(javax.security.auth.x500.X500Principal) CertificateException(java.security.cert.CertificateException) HttpClientAdapterException(org.keycloak.adapters.cloned.HttpClientAdapterException) X509Certificate(java.security.cert.X509Certificate)

Aggregations

CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 X500Principal (javax.security.auth.x500.X500Principal)1 KeyInfo (javax.xml.crypto.dsig.keyinfo.KeyInfo)1 KeyName (javax.xml.crypto.dsig.keyinfo.KeyName)1 HttpClientAdapterException (org.keycloak.adapters.cloned.HttpClientAdapterException)1