Search in sources :

Example 6 with SignatureSignerContext

use of org.keycloak.crypto.SignatureSignerContext in project keycloak by keycloak.

the class ClientRegistrationTokenUtils method updateTokenSignature.

public static String updateTokenSignature(KeycloakSession session, ClientRegistrationAuth auth) {
    String algorithm = session.tokens().signatureAlgorithm(TokenCategory.INTERNAL);
    SignatureSignerContext signer = session.getProvider(SignatureProvider.class, algorithm).signer();
    if (signer.getKid().equals(auth.getKid())) {
        return auth.getToken();
    } else {
        RegistrationAccessToken regToken = new RegistrationAccessToken();
        regToken.setRegistrationAuth(auth.getRegistrationAuth().toString().toLowerCase());
        regToken.type(auth.getJwt().getType());
        regToken.id(auth.getJwt().getId());
        regToken.issuedAt(Time.currentTime());
        regToken.expiration(0);
        regToken.issuer(auth.getJwt().getIssuer());
        regToken.audience(auth.getJwt().getIssuer());
        String token = new JWSBuilder().jsonContent(regToken).sign(signer);
        return token;
    }
}
Also used : SignatureProvider(org.keycloak.crypto.SignatureProvider) SignatureSignerContext(org.keycloak.crypto.SignatureSignerContext) JWSBuilder(org.keycloak.jose.jws.JWSBuilder)

Example 7 with SignatureSignerContext

use of org.keycloak.crypto.SignatureSignerContext in project keycloak by keycloak.

the class OAuthClient method createSigner.

public SignatureSignerContext createSigner(PrivateKey privateKey, String kid, String algorithm) {
    KeyWrapper keyWrapper = new KeyWrapper();
    keyWrapper.setAlgorithm(algorithm);
    keyWrapper.setKid(kid);
    keyWrapper.setPrivateKey(privateKey);
    SignatureSignerContext signer;
    switch(algorithm) {
        case Algorithm.ES256:
        case Algorithm.ES384:
        case Algorithm.ES512:
            signer = new ServerECDSASignatureSignerContext(keyWrapper);
            break;
        default:
            signer = new AsymmetricSignatureSignerContext(keyWrapper);
    }
    return signer;
}
Also used : KeyWrapper(org.keycloak.crypto.KeyWrapper) ServerECDSASignatureSignerContext(org.keycloak.crypto.ServerECDSASignatureSignerContext) AsymmetricSignatureSignerContext(org.keycloak.crypto.AsymmetricSignatureSignerContext) SignatureSignerContext(org.keycloak.crypto.SignatureSignerContext) ServerECDSASignatureSignerContext(org.keycloak.crypto.ServerECDSASignatureSignerContext) AsymmetricSignatureSignerContext(org.keycloak.crypto.AsymmetricSignatureSignerContext)

Example 8 with SignatureSignerContext

use of org.keycloak.crypto.SignatureSignerContext in project keycloak by keycloak.

the class ClientAuthSignedJWTTest method createSignledRequestToken.

private String createSignledRequestToken(PrivateKey privateKey, PublicKey publicKey, String algorithm, JsonWebToken jwt) {
    String kid = KeyUtils.createKeyId(publicKey);
    SignatureSignerContext signer = oauth.createSigner(privateKey, kid, algorithm);
    String ret = new JWSBuilder().kid(kid).jsonContent(jwt).sign(signer);
    return ret;
}
Also used : SignatureSignerContext(org.keycloak.crypto.SignatureSignerContext) JWSBuilder(org.keycloak.jose.jws.JWSBuilder)

Aggregations

SignatureSignerContext (org.keycloak.crypto.SignatureSignerContext)8 JWSBuilder (org.keycloak.jose.jws.JWSBuilder)6 SignatureProvider (org.keycloak.crypto.SignatureProvider)4 SecretKey (javax.crypto.SecretKey)2 AsymmetricSignatureSignerContext (org.keycloak.crypto.AsymmetricSignatureSignerContext)2 KeyWrapper (org.keycloak.crypto.KeyWrapper)2 ServerECDSASignatureSignerContext (org.keycloak.crypto.ServerECDSASignatureSignerContext)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 BadRequestException (javax.ws.rs.BadRequestException)1 Response (javax.ws.rs.core.Response)1 HttpResponse (org.jboss.resteasy.spi.HttpResponse)1 VerificationException (org.keycloak.common.VerificationException)1 MacSignatureSignerContext (org.keycloak.crypto.MacSignatureSignerContext)1 SignatureVerifierContext (org.keycloak.crypto.SignatureVerifierContext)1 EventBuilder (org.keycloak.events.EventBuilder)1 JWEException (org.keycloak.jose.jwe.JWEException)1 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)1 ClientModel (org.keycloak.models.ClientModel)1 ClientSessionContext (org.keycloak.models.ClientSessionContext)1