Search in sources :

Example 1 with ContentEncryptionProvider

use of org.keycloak.crypto.ContentEncryptionProvider in project keycloak by keycloak.

the class DefaultTokenManager method getEncryptedToken.

private String getEncryptedToken(TokenCategory category, String encodedToken) {
    String encryptedToken = null;
    String algAlgorithm = cekManagementAlgorithm(category);
    String encAlgorithm = encryptAlgorithm(category);
    CekManagementProvider cekManagementProvider = session.getProvider(CekManagementProvider.class, algAlgorithm);
    JWEAlgorithmProvider jweAlgorithmProvider = cekManagementProvider.jweAlgorithmProvider();
    ContentEncryptionProvider contentEncryptionProvider = session.getProvider(ContentEncryptionProvider.class, encAlgorithm);
    JWEEncryptionProvider jweEncryptionProvider = contentEncryptionProvider.jweEncryptionProvider();
    ClientModel client = session.getContext().getClient();
    KeyWrapper keyWrapper = PublicKeyStorageManager.getClientPublicKeyWrapper(session, client, JWK.Use.ENCRYPTION, algAlgorithm);
    if (keyWrapper == null) {
        throw new RuntimeException("can not get encryption KEK");
    }
    Key encryptionKek = keyWrapper.getPublicKey();
    String encryptionKekId = keyWrapper.getKid();
    try {
        encryptedToken = TokenUtil.jweKeyEncryptionEncode(encryptionKek, encodedToken.getBytes("UTF-8"), algAlgorithm, encAlgorithm, encryptionKekId, jweAlgorithmProvider, jweEncryptionProvider);
    } catch (JWEException | UnsupportedEncodingException e) {
        throw new RuntimeException(e);
    }
    return encryptedToken;
}
Also used : KeyWrapper(org.keycloak.crypto.KeyWrapper) ClientModel(org.keycloak.models.ClientModel) ContentEncryptionProvider(org.keycloak.crypto.ContentEncryptionProvider) JWEAlgorithmProvider(org.keycloak.jose.jwe.alg.JWEAlgorithmProvider) JWEException(org.keycloak.jose.jwe.JWEException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) JWEEncryptionProvider(org.keycloak.jose.jwe.enc.JWEEncryptionProvider) Key(java.security.Key) PrivateKey(java.security.PrivateKey) CekManagementProvider(org.keycloak.crypto.CekManagementProvider)

Aggregations

UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 Key (java.security.Key)1 PrivateKey (java.security.PrivateKey)1 CekManagementProvider (org.keycloak.crypto.CekManagementProvider)1 ContentEncryptionProvider (org.keycloak.crypto.ContentEncryptionProvider)1 KeyWrapper (org.keycloak.crypto.KeyWrapper)1 JWEException (org.keycloak.jose.jwe.JWEException)1 JWEAlgorithmProvider (org.keycloak.jose.jwe.alg.JWEAlgorithmProvider)1 JWEEncryptionProvider (org.keycloak.jose.jwe.enc.JWEEncryptionProvider)1 ClientModel (org.keycloak.models.ClientModel)1