Example 1 with MacSignatureSignerContext
use of org.keycloak.crypto.MacSignatureSignerContext in project keycloak by keycloak.
the class TestingOIDCEndpointsApplicationResource method setOidcRequest.
private void setOidcRequest(Object oidcRequest, String jwaAlgorithm, String clientSecret) {
if (!isSupportedAlgorithm(jwaAlgorithm))
throw new BadRequestException("Unknown argument: " + jwaAlgorithm);
if ("none".equals(jwaAlgorithm)) {
clientData.setOidcRequest(new JWSBuilder().jsonContent(oidcRequest).none());
} else {
SignatureSignerContext signer;
switch(jwaAlgorithm) {
case Algorithm.HS256:
case Algorithm.HS384:
case Algorithm.HS512:
KeyWrapper keyWrapper = new KeyWrapper();
SecretKey secretKey = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8), JavaAlgorithm.getJavaAlgorithm(jwaAlgorithm));
keyWrapper.setSecretKey(secretKey);
String kid = KeyUtils.createKeyId(secretKey);
keyWrapper.setKid(kid);
keyWrapper.setAlgorithm(jwaAlgorithm);
keyWrapper.setUse(KeyUse.SIG);
keyWrapper.setType(KeyType.OCT);
signer = new MacSignatureSignerContext(keyWrapper);
clientData.setOidcRequest(new JWSBuilder().kid(kid).jsonContent(oidcRequest).sign(signer));
break;
default:
throw new BadRequestException("Unknown jwaAlgorithm: " + jwaAlgorithm);
}
}
}
Also used :
KeyWrapper(org.keycloak.crypto.KeyWrapper)
SecretKey(javax.crypto.SecretKey)
ServerECDSASignatureSignerContext(org.keycloak.crypto.ServerECDSASignatureSignerContext)
MacSignatureSignerContext(org.keycloak.crypto.MacSignatureSignerContext)
AsymmetricSignatureSignerContext(org.keycloak.crypto.AsymmetricSignatureSignerContext)
SignatureSignerContext(org.keycloak.crypto.SignatureSignerContext)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
BadRequestException(javax.ws.rs.BadRequestException)
MacSignatureSignerContext(org.keycloak.crypto.MacSignatureSignerContext)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Example 2 with MacSignatureSignerContext
use of org.keycloak.crypto.MacSignatureSignerContext in project keycloak by keycloak.
the class AbstractOAuth2IdentityProvider method getSignatureContext.
protected SignatureSignerContext getSignatureContext() {
if (getConfig().getClientAuthMethod().equals(OIDCLoginProtocol.CLIENT_SECRET_JWT)) {
try (VaultStringSecret vaultStringSecret = session.vault().getStringSecret(getConfig().getClientSecret())) {
KeyWrapper key = new KeyWrapper();
String alg = getConfig().getClientAssertionSigningAlg() != null ? getConfig().getClientAssertionSigningAlg() : Algorithm.HS256;
key.setAlgorithm(alg);
byte[] decodedSecret = vaultStringSecret.get().orElse(getConfig().getClientSecret()).getBytes();
SecretKey secret = new SecretKeySpec(decodedSecret, 0, decodedSecret.length, alg);
key.setSecretKey(secret);
return new MacSignatureSignerContext(key);
}
}
String alg = getConfig().getClientAssertionSigningAlg() != null ? getConfig().getClientAssertionSigningAlg() : Algorithm.RS256;
return new AsymmetricSignatureProvider(session, alg).signer();
}
Also used :
KeyWrapper(org.keycloak.crypto.KeyWrapper)
SecretKey(javax.crypto.SecretKey)
VaultStringSecret(org.keycloak.vault.VaultStringSecret)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
AsymmetricSignatureProvider(org.keycloak.crypto.AsymmetricSignatureProvider)
MacSignatureSignerContext(org.keycloak.crypto.MacSignatureSignerContext)
Aggregations
SecretKey (javax.crypto.SecretKey)2
SecretKeySpec (javax.crypto.spec.SecretKeySpec)2
KeyWrapper (org.keycloak.crypto.KeyWrapper)2
MacSignatureSignerContext (org.keycloak.crypto.MacSignatureSignerContext)2
BadRequestException (javax.ws.rs.BadRequestException)1
AsymmetricSignatureProvider (org.keycloak.crypto.AsymmetricSignatureProvider)1
AsymmetricSignatureSignerContext (org.keycloak.crypto.AsymmetricSignatureSignerContext)1
ServerECDSASignatureSignerContext (org.keycloak.crypto.ServerECDSASignatureSignerContext)1
SignatureSignerContext (org.keycloak.crypto.SignatureSignerContext)1
JWSBuilder (org.keycloak.jose.jws.JWSBuilder)1
VaultStringSecret (org.keycloak.vault.VaultStringSecret)1
