Examples with KeyStoreConfig org.keycloak.representations.KeyStoreConfig used on opensource projects

Search in sources :

Example 1 with KeyStoreConfig

use of org.keycloak.representations.KeyStoreConfig in project keycloak by keycloak.

the class CredentialsTest method testGenerateAndDownloadKeystore.

@Test
public void testGenerateAndDownloadKeystore() throws Exception {
    ClientAttributeCertificateResource certRsc = accountClient.getCertficateResource("jwt.credential");
    // generate a key pair first
    CertificateRepresentation firstcert = certRsc.generate();
    KeyStoreConfig config = new KeyStoreConfig();
    config.setFormat("JKS");
    config.setKeyAlias("alias");
    config.setKeyPassword("keyPass");
    config.setStorePassword("storePass");
    byte[] result = certRsc.generateAndGetKeystore(config);
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new ByteArrayInputStream(result), "storePass".toCharArray());
    Key key = keyStore.getKey("alias", "keyPass".toCharArray());
    Certificate cert = keyStore.getCertificate("alias");
    assertTrue("Certificat is X509", cert instanceof X509Certificate);
    String keyPem = KeycloakModelUtils.getPemFromKey(key);
    String certPem = KeycloakModelUtils.getPemFromCertificate((X509Certificate) cert);
    assertNotEquals("new key generated", firstcert.getPrivateKey(), keyPem);
    assertNotEquals("new cert generated", firstcert.getCertificate(), certPem);
}
Also used : ClientAttributeCertificateResource(org.keycloak.admin.client.resource.ClientAttributeCertificateResource) ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) KeyStore(java.security.KeyStore) Key(java.security.Key) X509Certificate(java.security.cert.X509Certificate) KeyStoreConfig(org.keycloak.representations.KeyStoreConfig) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 2 with KeyStoreConfig

use of org.keycloak.representations.KeyStoreConfig in project keycloak by keycloak.

the class ClientAuthSignedJWTTest method testClientWithGeneratedKeys.

private void testClientWithGeneratedKeys(String format) throws Exception {
    ClientRepresentation client = app3;
    UserRepresentation user = defaultUser;
    final String keyAlias = "somekey";
    final String keyPassword = "pwd1";
    final String storePassword = "pwd2";
    // Generate new keystore (which is intended for sending to the user and store in a client app)
    // with public/private keys; in KC, store the certificate itself
    KeyStoreConfig keyStoreConfig = new KeyStoreConfig();
    keyStoreConfig.setFormat(format);
    keyStoreConfig.setKeyPassword(keyPassword);
    keyStoreConfig.setStorePassword(storePassword);
    keyStoreConfig.setKeyAlias(keyAlias);
    client = getClient(testRealm.getRealm(), client.getId()).toRepresentation();
    final String certOld = client.getAttributes().get(JWTClientAuthenticator.CERTIFICATE_ATTR);
    // Generate the keystore and save the new certificate in client (in KC)
    byte[] keyStoreBytes = getClientAttributeCertificateResource(testRealm.getRealm(), client.getId()).generateAndGetKeystore(keyStoreConfig);
    ByteArrayInputStream keyStoreIs = new ByteArrayInputStream(keyStoreBytes);
    KeyStore keyStore = getKeystore(keyStoreIs, storePassword, format);
    keyStoreIs.close();
    client = getClient(testRealm.getRealm(), client.getId()).toRepresentation();
    X509Certificate x509Cert = (X509Certificate) keyStore.getCertificate(keyAlias);
    assertCertificate(client, certOld, KeycloakModelUtils.getPemFromCertificate(x509Cert));
    // Try to login with the new keys
    oauth.clientId(client.getClientId());
    PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray());
    KeyPair keyPair = new KeyPair(x509Cert.getPublicKey(), privateKey);
    OAuthClient.AccessTokenResponse response = doGrantAccessTokenRequest(user.getUsername(), user.getCredentials().get(0).getValue(), getClientSignedJWT(keyPair, client.getClientId()));
    assertEquals(200, response.getStatusCode());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    events.expectLogin().client(client.getClientId()).session(accessToken.getSessionState()).detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD).detail(Details.TOKEN_ID, accessToken.getId()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()).detail(Details.USERNAME, user.getUsername()).detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID).removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent();
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) OAuthClient(org.keycloak.testsuite.util.OAuthClient) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) RefreshToken(org.keycloak.representations.RefreshToken) ByteArrayInputStream(java.io.ByteArrayInputStream) AccessToken(org.keycloak.representations.AccessToken) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) KeyStoreConfig(org.keycloak.representations.KeyStoreConfig)

Example 3 with KeyStoreConfig

use of org.keycloak.representations.KeyStoreConfig in project keycloak by keycloak.

the class CredentialsTest method testDownloadKeystore.

@Test
public void testDownloadKeystore() throws Exception {
    ClientAttributeCertificateResource certRsc = accountClient.getCertficateResource("jwt.credential");
    // generate a key pair first
    CertificateRepresentation certrep = certRsc.generate();
    // download the key and certificate
    KeyStoreConfig config = new KeyStoreConfig();
    config.setFormat("JKS");
    config.setKeyAlias("alias");
    config.setKeyPassword("keyPass");
    config.setStorePassword("storePass");
    byte[] result = certRsc.getKeystore(config);
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new ByteArrayInputStream(result), "storePass".toCharArray());
    Key key = keyStore.getKey("alias", "keyPass".toCharArray());
    Certificate cert = keyStore.getCertificate("alias");
    assertTrue("Certificat is X509", cert instanceof X509Certificate);
    String keyPem = KeycloakModelUtils.getPemFromKey(key);
    String certPem = KeycloakModelUtils.getPemFromCertificate((X509Certificate) cert);
    assertEquals("key match", certrep.getPrivateKey(), keyPem);
    assertEquals("cert match", certrep.getCertificate(), certPem);
}
Also used : ClientAttributeCertificateResource(org.keycloak.admin.client.resource.ClientAttributeCertificateResource) ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) KeyStore(java.security.KeyStore) Key(java.security.Key) X509Certificate(java.security.cert.X509Certificate) KeyStoreConfig(org.keycloak.representations.KeyStoreConfig) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 4 with KeyStoreConfig

use of org.keycloak.representations.KeyStoreConfig in project keycloak by keycloak.

the class PermissionsTest method clients.

@Test
public void clients() {
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().findAll();
        }
    }, Resource.CLIENT, false, true);
    List<ClientRepresentation> l = clients.get(AdminRoles.QUERY_CLIENTS).realm(REALM_NAME).clients().findAll();
    Assert.assertThat(l, Matchers.empty());
    l = clients.get(AdminRoles.VIEW_CLIENTS).realm(REALM_NAME).clients().findAll();
    Assert.assertThat(l, Matchers.not(Matchers.empty()));
    ClientRepresentation client = l.get(0);
    invoke(new InvocationWithResponse() {

        @Override
        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(clients.get(AdminRoles.QUERY_USERS).realm(REALM_NAME).clients().create(client));
        }
    }, clients.get(AdminRoles.QUERY_USERS), false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.QUERY_USERS).realm(REALM_NAME).clients().get(client.getId()).toRepresentation();
        }
    }, clients.get(AdminRoles.QUERY_USERS), false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.QUERY_USERS).realm(REALM_NAME).clients().get(client.getId()).update(client);
        }
    }, clients.get(AdminRoles.QUERY_USERS), false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.QUERY_USERS).realm(REALM_NAME).clients().get(client.getId()).remove();
        }
    }, clients.get(AdminRoles.QUERY_USERS), false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.convertClientDescription("blahblah");
        }
    }, Resource.CLIENT, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.clients().create(ClientBuilder.create().clientId("foo").build()));
        }
    }, Resource.CLIENT, true);
    ClientRepresentation foo = adminClient.realms().realm(REALM_NAME).clients().findByClientId("foo").get(0);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).toRepresentation();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getInstallationProvider("nosuch");
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).update(foo);
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).remove();
            realm.clients().create(foo);
            ClientRepresentation temp = realm.clients().findByClientId("foo").get(0);
            foo.setId(temp.getId());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).generateNewSecret();
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).regenerateRegistrationAccessToken();
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getSecret();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getServiceAccountUser();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).pushRevocation();
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getApplicationSessionCount();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getUserSessions(0, 100);
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getOfflineSessionCount();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getOfflineUserSessions(0, 100);
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).registerNode(Collections.<String, String>emptyMap());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).unregisterNode("nosuch");
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).testNodesAvailable();
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getCertficateResource("nosuch").generate();
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getCertficateResource("nosuch").generateAndGetKeystore(new KeyStoreConfig());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getCertficateResource("nosuch").getKeyInfo();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getCertficateResource("nosuch").getKeystore(new KeyStoreConfig());
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getCertficateResource("nosuch").uploadJks(new MultipartFormDataOutput());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getCertficateResource("nosuch").uploadJksCertificate(new MultipartFormDataOutput());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getProtocolMappers().createMapper(Collections.EMPTY_LIST);
        }
    }, Resource.CLIENT, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.clients().get(foo.getId()).getProtocolMappers().createMapper(new ProtocolMapperRepresentation()));
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getProtocolMappers().getMapperById("nosuch");
        }
    }, Resource.CLIENT, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getProtocolMappers().getMappers();
        }
    }, Resource.CLIENT, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getProtocolMappers().getMappersPerProtocol("nosuch");
        }
    }, Resource.CLIENT, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getProtocolMappers().update("nosuch", new ProtocolMapperRepresentation());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getProtocolMappers().delete("nosuch");
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getScopeMappings().getAll();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getScopeMappings().realmLevel().listAll();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getScopeMappings().realmLevel().listEffective();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getScopeMappings().realmLevel().listAvailable();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getScopeMappings().realmLevel().add(Collections.<RoleRepresentation>emptyList());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).getScopeMappings().realmLevel().remove(Collections.<RoleRepresentation>emptyList());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(UUID.randomUUID().toString()).roles().list();
        }
    }, Resource.CLIENT, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().create(new RoleRepresentation());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").toRepresentation();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().deleteRole("nosuch");
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").update(new RoleRepresentation());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").addComposites(Collections.<RoleRepresentation>emptyList());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").deleteComposites(Collections.<RoleRepresentation>emptyList());
        }
    }, Resource.CLIENT, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").getRoleComposites();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").getRealmRoleComposites();
        }
    }, Resource.CLIENT, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.clients().get(foo.getId()).roles().get("nosuch").getClientRoleComposites("nosuch");
        }
    }, Resource.CLIENT, false);
    // users with query-client role should be able to query flows so the client detail page can be rendered successfully when fine-grained permissions are enabled.
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getFlows();
        }
    }, clients.get(AdminRoles.QUERY_CLIENTS), true);
    // the same for ClientAuthenticatorProviders and PerClientConfigDescription
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getClientAuthenticatorProviders();
        }
    }, clients.get(AdminRoles.QUERY_CLIENTS), true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getClientAuthenticatorProviders();
        }
    }, clients.get(AdminRoles.VIEW_CLIENTS), true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getClientAuthenticatorProviders();
        }
    }, clients.get(AdminRoles.MANAGE_CLIENTS), true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getClientAuthenticatorProviders();
        }
    }, clients.get(AdminRoles.QUERY_USERS), false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getPerClientConfigDescription();
        }
    }, clients.get(AdminRoles.QUERY_CLIENTS), true);
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) MultipartFormDataOutput(org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput) Response(javax.ws.rs.core.Response) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) KeyStoreConfig(org.keycloak.representations.KeyStoreConfig) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

KeyStoreConfig (org.keycloak.representations.KeyStoreConfig)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 KeyStore (java.security.KeyStore)3 X509Certificate (java.security.cert.X509Certificate)3 Test (org.junit.Test)3 Key (java.security.Key)2 Certificate (java.security.cert.Certificate)2 ClientAttributeCertificateResource (org.keycloak.admin.client.resource.ClientAttributeCertificateResource)2 CertificateRepresentation (org.keycloak.representations.idm.CertificateRepresentation)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 KeyPair (java.security.KeyPair)1 PrivateKey (java.security.PrivateKey)1 Response (javax.ws.rs.core.Response)1 MultipartFormDataOutput (org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 AccessToken (org.keycloak.representations.AccessToken)1 RefreshToken (org.keycloak.representations.RefreshToken)1 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)1 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)1 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial