Examples with CertificateRepresentation org.keycloak.representations.idm.CertificateRepresentation used on opensource projects

Search in sources :

Example 1 with CertificateRepresentation

use of org.keycloak.representations.idm.CertificateRepresentation in project keycloak by keycloak.

the class KeycloakModelUtils method generateKeyPairCertificate.

public static CertificateRepresentation generateKeyPairCertificate(String subject) {
    KeyPair keyPair = KeyUtils.generateRsaKeyPair(2048);
    X509Certificate certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, subject);
    String privateKeyPem = PemUtils.encodeKey(keyPair.getPrivate());
    String certPem = PemUtils.encodeCertificate(certificate);
    CertificateRepresentation rep = new CertificateRepresentation();
    rep.setPrivateKey(privateKeyPem);
    rep.setCertificate(certPem);
    return rep;
}
Also used : KeyPair(java.security.KeyPair) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) X509Certificate(java.security.cert.X509Certificate)

Example 2 with CertificateRepresentation

use of org.keycloak.representations.idm.CertificateRepresentation in project keycloak by keycloak.

the class CredentialsTest method testUploadKeyAndCertificate.

@Test
public void testUploadKeyAndCertificate() throws Exception {
    String privateKey = "MIIEowIBAAKCAQEAhSOOC/5Xez3o75lr3TTYun+2u0a4cF5p5Uv10UowrM7Yw+p1GYcHg+o2UN13bxHB/lefqJZ0WnJQo6cj/JcMuF1y4WlHSww0r8L0u36FKk8Uu7MOqC0+AOi2UzGIchYM5nuD3+A9g1ds2+O/ydKLKqiC6gJCKJp9b3Rs8eyJUt0/tkhTAJx+LWpCbsWHFEnU2Jbl29SS4KedYR/RdH5bNzl4L0SAHS1osWI+xIQiVYybnGVqFjJeQ9006pmOJGetNablji6TxlywP8ps9N//u3txBeKlVqzCCN1iLWQrb/NHA6GDVDBYVf+qa91358vFXRHpWpEOGftB6nZzHAzEuwIDAQABAoIBAHb5IsJM8lfLJxCVBPKTeuiNn/kSZVbkx7SDgJMZvQ1vefz40tOQ+oJDFW6FuWijcbubCa1ZZXg9lxnnDh11zYQi3bnYnkDOE3bMvG2fzdfU+y4QABUA+NtPGT6WkNuCIN0Fmv7AH7fys/B7QLNVVc807me2xPALvfOPEpvNR5mnjquCTOfDzbh5U6hGFcuLnZdQbCK2hG5R8DXE2pLvoa0i1cMMgVaWQ5mVSg0N3G0Q5ZF8YJEasAeJUCGlPFgJ4ySfGsKSUcMODQzHmqvLzArJmFgW6Uah0CgqedBTujmzJ6FwfbzGR0wpk08cf5BPzs9Flwka10ITA4h4QzlBnuECgYEA8TFZWq42biHaZmo0NVVEoltIDl1ci5m2xr7yU6TMfrsGKFFiszCPWuKcK5J8Svm0P9H9vlVpCHZ+JVfEGnve1/wVB/6E0lY6cz4uJTV4t4F1QJN5j9nyRrS0i9zDEIRgO4mvD9Zlm/OvHEdTmtVg97cbS4nWvRAPdB2DaZ0w0V8CgYEAjVAAb5Q6Jqb5XT5ZM1Cc6S3PzBAA7GGc3Rqyugxts5WEReRXdNITocj/71c0VZ+qC9+EvV8im/7QPl5NbRiI2p3oPqqV5Brk/MVfDLhu/mkawW0mlPtuBkZIRE0/eXTGN9Dq6yvxo9d6kwka7RW1CBZxi1/M78hKGCHXM7umviUCgYEA4cLvgJHRIQVPCM4gUEugEtieedOp7IHVM/NHoEOBpp4pBVQortGlXcz/oUlcTlGtBo/ok2AfEGzZZtrgFGoeDM1IYlM6wCc2TujFCM8kT6A9wFRKVPwMa2J6HPBnJe7CpPgbhReJxJA0OKQK/cL9IOGkCvDar914mZeGijU4nMECgYAqZL7Muo47fEpBE+xUvbFlLu4xDPgJ8jrKBjFqKUJb5tYY1aj7De7/0Toexm2X5l9wUm0TFtBeNjKpE0dtHDgqRccfzbNMDFl4D4o1WbtKraNuNd2mQku+rCUQAJCzUjoJEq73QGasvX8zTz75s1JtC7ailmn34YGA/d3+0iPy1QKBgHXneWpJVcQ9Lk34DnSLZLK+W1sTK8xLTJSyy3U0F84r+ir8bvsP9EQpZI0Nx3DqvF4/ZHmK2cfSxGSKm4VhZfG0LYCqtSmaHErZJaLJA8xJELkkEKj/ZUqkZ+4zhY7RMwyZtmXcxvaR/pzRZZwbTQ4ueZKKUIsK2AaHTsSCGDMq";
    String certificate = "MIICnTCCAYUCBgFPPLDaTzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE3MjI0N1oXDTI1MDgxNzE3MjQyN1owEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIUjjgv+V3s96O+Za9002Lp/trtGuHBeaeVL9dFKMKzO2MPqdRmHB4PqNlDdd28Rwf5Xn6iWdFpyUKOnI/yXDLhdcuFpR0sMNK/C9Lt+hSpPFLuzDqgtPgDotlMxiHIWDOZ7g9/gPYNXbNvjv8nSiyqoguoCQiiafW90bPHsiVLdP7ZIUwCcfi1qQm7FhxRJ1NiW5dvUkuCnnWEf0XR+Wzc5eC9EgB0taLFiPsSEIlWMm5xlahYyXkPdNOqZjiRnrTWm5Y4uk8ZcsD/KbPTf/7t7cQXipVaswgjdYi1kK2/zRwOhg1QwWFX/qmvdd+fLxV0R6VqRDhn7Qep2cxwMxLsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKE6OA46sf20bz8LZPoiNsqRwBUDkaMGXfnob7s/hJZIIwDEx0IAQ3uKsG7q9wb+aA6s+v7S340zb2k3IxuhFaHaZpAd4CyR5cn1FHylbzoZ7rI/3ASqHDqpljdJaFqPH+m7nZWtyDvtZf+gkZ8OjsndwsSBK1d/jMZPp29qYbl1+XfO7RCp/jDqro/R3saYFaIFiEZPeKn1hUJn6BO48vxH1xspSu9FmlvDOEAOz4AuM58z4zRMP49GcFdCWr1wkonJUHaSptJaQwmBwLFUkCbE5I1ixGMb7mjEud6Y5jhfzJiZMo2U8RfcjNbrN0diZl3jB6LQIwESnhYSghaTjNQ==";
    String certificate2 = "MIICnTCCAYUCBgFPPQDGxTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE4NTAwNVoXDTI1MDgxNzE4NTE0NVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMw3PaBffWxgS2PYSDDBp6As+cNvv9kt2C4f/RDAGmvSIHPFev9kuQiKs3Oaws3ZsV4JG3qHEuYgnh9W4vfe3DwNwtD1bjL5FYBhPBFTw0lAQECYxaBHnkjHwUKp957FqdSPPICm3LjmTcEdlH+9dpp9xHCMbbiNiWDzWI1xSxC8Fs2d0hwz1sd+Q4QeTBPIBWcPM+ICZtNG5MN+ORfayu4X+Me5d0tXG2fQO//rAevk1i5IFjKZuOjTwyKB5SJIY4b8QTeg0g/50IU7Ht00Pxw6CK02dHS+FvXHasZlD3ckomqCDjStTBWdhJo5dST0CbOqalkkpLlCCbGA1yEQRsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUIMeJ+EAo8eNpCG/nXImacjrKakbFnZYBGD/gqeTGaZynkX+jgBSructTHR83zSH+yELEhsAy+3BfK4EEihp+PEcRnK2fASVkHste8AQ7rlzC+HGGirlwrVhWCdizNUCGK80DE537IZ7nmZw6LFG9P5/Q2MvCsOCYjRUvMkukq6TdXBXR9tETwZ+0gpSfsOxjj0ZF7ftTRUSzx4rFfcbM9fRNdVizdOuKGc8HJPA5lLOxV6CyaYIvi3y5RlQI1OHeS34lE4w9CNPRFa/vdxXvN7ClyzA0HMFNWxBN7pC/Ht/FbhSvaAagJBHg+vCrcY5C26Oli7lAglf/zZrwUPs0w==";
    ClientAttributeCertificateResource certRsc = accountClient.getCertficateResource("jwt.credential");
    // Upload privateKey and certificate as JKS store
    MultipartFormDataOutput keyCertForm = new MultipartFormDataOutput();
    keyCertForm.addFormData("keystoreFormat", "JKS", MediaType.TEXT_PLAIN_TYPE);
    keyCertForm.addFormData("keyAlias", "clientkey", MediaType.TEXT_PLAIN_TYPE);
    keyCertForm.addFormData("keyPassword", "keypass", MediaType.TEXT_PLAIN_TYPE);
    keyCertForm.addFormData("storePassword", "storepass", MediaType.TEXT_PLAIN_TYPE);
    URL idpMeta = getClass().getClassLoader().getResource("client-auth-test/keystore-client1.jks");
    byte[] content = Files.readAllBytes(Paths.get(idpMeta.toURI()));
    keyCertForm.addFormData("file", content, MediaType.APPLICATION_OCTET_STREAM_TYPE);
    CertificateRepresentation cert = certRsc.uploadJks(keyCertForm);
    // Returned cert is not the new state but rather what was extracted from inputs
    assertNotNull("cert not null", cert);
    assertEquals("cert properly extracted", certificate, cert.getCertificate());
    assertEquals("privateKey properly extracted", privateKey, cert.getPrivateKey());
    // Get the certificate - to make sure cert was properly updated
    cert = certRsc.getKeyInfo();
    assertEquals("cert properly set", certificate, cert.getCertificate());
    assertEquals("privateKey properly set", privateKey, cert.getPrivateKey());
    // Upload a different certificate via /upload-certificate, privateKey should be nullified
    MultipartFormDataOutput form = new MultipartFormDataOutput();
    form.addFormData("keystoreFormat", "Certificate PEM", MediaType.TEXT_PLAIN_TYPE);
    form.addFormData("file", certificate2.getBytes(Charset.forName("ASCII")), MediaType.APPLICATION_OCTET_STREAM_TYPE);
    cert = certRsc.uploadJksCertificate(form);
    assertNotNull("cert not null", cert);
    assertEquals("cert properly extracted", certificate2, cert.getCertificate());
    assertNull("privateKey not included", cert.getPrivateKey());
    // Get the certificate - to make sure cert was properly updated, and privateKey is null
    cert = certRsc.getKeyInfo();
    assertEquals("cert properly set", certificate2, cert.getCertificate());
    assertNull("privateKey nullified", cert.getPrivateKey());
    // Re-upload the private key
    certRsc.uploadJks(keyCertForm);
    // Upload certificate as PEM via /upload - nullifies the private key
    form = new MultipartFormDataOutput();
    form.addFormData("keystoreFormat", "Certificate PEM", MediaType.TEXT_PLAIN_TYPE);
    form.addFormData("file", certificate2.getBytes(Charset.forName("ASCII")), MediaType.APPLICATION_OCTET_STREAM_TYPE);
    cert = certRsc.uploadJks(form);
    assertNotNull("cert not null", cert);
    assertEquals("cert properly extracted", certificate2, cert.getCertificate());
    assertNull("privateKey not included", cert.getPrivateKey());
    // Get the certificate again - to make sure cert is set, and privateKey is null
    cert = certRsc.getKeyInfo();
    assertEquals("cert properly set", certificate2, cert.getCertificate());
    assertNull("privateKey nullified", cert.getPrivateKey());
    // Upload certificate with header - should be stored without header
    form = new MultipartFormDataOutput();
    form.addFormData("keystoreFormat", "Certificate PEM", MediaType.TEXT_PLAIN_TYPE);
    String certificate2WithHeaders = PemUtils.BEGIN_CERT + "\n" + certificate2 + "\n" + PemUtils.END_CERT;
    form.addFormData("file", certificate2WithHeaders.getBytes(Charset.forName("ASCII")), MediaType.APPLICATION_OCTET_STREAM_TYPE);
    cert = certRsc.uploadJks(form);
    assertNotNull("cert not null", cert);
    assertEquals("cert properly extracted", certificate2, cert.getCertificate());
    assertNull("privateKey not included", cert.getPrivateKey());
    // Get the certificate again - to make sure cert is set, and privateKey is null
    cert = certRsc.getKeyInfo();
    assertEquals("cert properly set", certificate2, cert.getCertificate());
    assertNull("privateKey nullified", cert.getPrivateKey());
}
Also used : ClientAttributeCertificateResource(org.keycloak.admin.client.resource.ClientAttributeCertificateResource) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) URL(java.net.URL) MultipartFormDataOutput(org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput) Test(org.junit.Test)

Example 3 with CertificateRepresentation

use of org.keycloak.representations.idm.CertificateRepresentation in project keycloak by keycloak.

the class CredentialsTest method testGetCertificateResource.

@Test
public void testGetCertificateResource() {
    ClientAttributeCertificateResource certRsc = accountClient.getCertficateResource("jwt.credential");
    CertificateRepresentation cert = certRsc.generate();
    CertificateRepresentation certFromGet = certRsc.getKeyInfo();
    assertEquals(cert.getCertificate(), certFromGet.getCertificate());
    assertEquals(cert.getPrivateKey(), certFromGet.getPrivateKey());
    assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientCertificateGenerateSecretPath(accountClientDbId, "jwt.credential"), cert, ResourceType.CLIENT);
}
Also used : ClientAttributeCertificateResource(org.keycloak.admin.client.resource.ClientAttributeCertificateResource) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) Test(org.junit.Test)

Example 4 with CertificateRepresentation

use of org.keycloak.representations.idm.CertificateRepresentation in project keycloak by keycloak.

the class CredentialsTest method testGenerateAndDownloadKeystore.

@Test
public void testGenerateAndDownloadKeystore() throws Exception {
    ClientAttributeCertificateResource certRsc = accountClient.getCertficateResource("jwt.credential");
    // generate a key pair first
    CertificateRepresentation firstcert = certRsc.generate();
    KeyStoreConfig config = new KeyStoreConfig();
    config.setFormat("JKS");
    config.setKeyAlias("alias");
    config.setKeyPassword("keyPass");
    config.setStorePassword("storePass");
    byte[] result = certRsc.generateAndGetKeystore(config);
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new ByteArrayInputStream(result), "storePass".toCharArray());
    Key key = keyStore.getKey("alias", "keyPass".toCharArray());
    Certificate cert = keyStore.getCertificate("alias");
    assertTrue("Certificat is X509", cert instanceof X509Certificate);
    String keyPem = KeycloakModelUtils.getPemFromKey(key);
    String certPem = KeycloakModelUtils.getPemFromCertificate((X509Certificate) cert);
    assertNotEquals("new key generated", firstcert.getPrivateKey(), keyPem);
    assertNotEquals("new cert generated", firstcert.getCertificate(), certPem);
}
Also used : ClientAttributeCertificateResource(org.keycloak.admin.client.resource.ClientAttributeCertificateResource) ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) KeyStore(java.security.KeyStore) Key(java.security.Key) X509Certificate(java.security.cert.X509Certificate) KeyStoreConfig(org.keycloak.representations.KeyStoreConfig) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 5 with CertificateRepresentation

use of org.keycloak.representations.idm.CertificateRepresentation in project keycloak by keycloak.

the class DescriptionConverter method setPublicKey.

private static boolean setPublicKey(OIDCClientRepresentation clientOIDC, ClientRepresentation clientRep) {
    OIDCAdvancedConfigWrapper configWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep);
    if (clientOIDC.getJwks() != null) {
        if (clientOIDC.getJwksUri() != null) {
            throw new ClientRegistrationException("Illegal to use both jwks_uri and jwks");
        }
        JSONWebKeySet keySet = clientOIDC.getJwks();
        JWK publicKeyJWk = JWKSUtils.getKeyForUse(keySet, JWK.Use.SIG);
        try {
            configWrapper.setJwksString(JsonSerialization.writeValueAsPrettyString(clientOIDC.getJwks()));
        } catch (IOException e) {
            throw new ClientRegistrationException("Illegal jwks format");
        }
        configWrapper.setUseJwksString(true);
        configWrapper.setUseJwksUrl(false);
        if (publicKeyJWk == null) {
            return false;
        }
        PublicKey publicKey = JWKParser.create(publicKeyJWk).toPublicKey();
        String publicKeyPem = KeycloakModelUtils.getPemFromKey(publicKey);
        CertificateRepresentation rep = new CertificateRepresentation();
        rep.setPublicKey(publicKeyPem);
        rep.setKid(publicKeyJWk.getKeyId());
        CertificateInfoHelper.updateClientRepresentationCertificateInfo(clientRep, rep, JWTClientAuthenticator.ATTR_PREFIX);
        return true;
    } else if (clientOIDC.getJwksUri() != null) {
        configWrapper.setUseJwksUrl(true);
        configWrapper.setJwksUrl(clientOIDC.getJwksUri());
        configWrapper.setUseJwksString(false);
        return true;
    }
    return false;
}
Also used : OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) JSONWebKeySet(org.keycloak.jose.jwk.JSONWebKeySet) PublicKey(java.security.PublicKey) CertificateRepresentation(org.keycloak.representations.idm.CertificateRepresentation) ClientRegistrationException(org.keycloak.services.clientregistration.ClientRegistrationException) IOException(java.io.IOException) JWK(org.keycloak.jose.jwk.JWK)

Aggregations

CertificateRepresentation (org.keycloak.representations.idm.CertificateRepresentation)17 Produces (javax.ws.rs.Produces)6 POST (javax.ws.rs.POST)5 Path (javax.ws.rs.Path)5 Test (org.junit.Test)5 ErrorResponseException (org.keycloak.services.ErrorResponseException)5 X509Certificate (java.security.cert.X509Certificate)4 Consumes (javax.ws.rs.Consumes)4 NoCache (org.jboss.resteasy.annotations.cache.NoCache)4 ClientAttributeCertificateResource (org.keycloak.admin.client.resource.ClientAttributeCertificateResource)4 KeyStore (java.security.KeyStore)3 NotAcceptableException (javax.ws.rs.NotAcceptableException)3 JSONWebKeySet (org.keycloak.jose.jwk.JSONWebKeySet)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 Key (java.security.Key)2 PublicKey (java.security.PublicKey)2 Certificate (java.security.cert.Certificate)2 NotFoundException (javax.ws.rs.NotFoundException)2 JWK (org.keycloak.jose.jwk.JWK)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial