Example 11 with KeysMetadataRepresentation
use of org.keycloak.representations.idm.KeysMetadataRepresentation in project keycloak by keycloak.
the class TokenSignatureUtil method getRealmPublicKey.
private static PublicKey getRealmPublicKey(String realm, String sigAlgName, Keycloak adminClient) {
KeysMetadataRepresentation keyMetadata = adminClient.realms().realm(realm).keys().getKeyMetadata();
String activeKid = keyMetadata.getActive().get(sigAlgName);
PublicKey publicKey = null;
for (KeysMetadataRepresentation.KeyMetadataRepresentation rep : keyMetadata.getKeys()) {
if (rep.getKid().equals(activeKid)) {
X509EncodedKeySpec publicKeySpec = null;
try {
publicKeySpec = new X509EncodedKeySpec(Base64.decode(rep.getPublicKey()));
} catch (IOException e1) {
e1.printStackTrace();
}
KeyFactory kf = null;
try {
kf = KeyFactory.getInstance(rep.getType());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
publicKey = kf.generatePublic(publicKeySpec);
} catch (InvalidKeySpecException e) {
e.printStackTrace();
}
}
}
return publicKey;
}
Also used :
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
PublicKey(java.security.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
KeyFactory(java.security.KeyFactory)
Example 12 with KeysMetadataRepresentation
use of org.keycloak.representations.idm.KeysMetadataRepresentation in project keycloak by keycloak.
the class GeneratedEcdsaKeyProviderTest method changeCurve.
private void changeCurve(String FromEcInNistRep, String ToEcInNistRep) throws Exception {
String keyComponentId = supportedEc(FromEcInNistRep);
KeysMetadataRepresentation keys = adminClient.realm(TEST_REALM_NAME).keys().getKeyMetadata();
KeysMetadataRepresentation.KeyMetadataRepresentation originalKey = null;
for (KeyMetadataRepresentation k : keys.getKeys()) {
if (KeyType.EC.equals(k.getType()) && keyComponentId.equals(k.getProviderId())) {
originalKey = k;
break;
}
}
ComponentRepresentation createdRep = adminClient.realm(TEST_REALM_NAME).components().component(keyComponentId).toRepresentation();
createdRep.getConfig().putSingle(ECDSA_ELLIPTIC_CURVE_KEY, ToEcInNistRep);
adminClient.realm(TEST_REALM_NAME).components().component(keyComponentId).update(createdRep);
createdRep = adminClient.realm(TEST_REALM_NAME).components().component(keyComponentId).toRepresentation();
// stands for the number of properties in the key provider config
assertEquals(2, createdRep.getConfig().size());
assertEquals(ToEcInNistRep, createdRep.getConfig().getFirst(ECDSA_ELLIPTIC_CURVE_KEY));
keys = adminClient.realm(TEST_REALM_NAME).keys().getKeyMetadata();
KeysMetadataRepresentation.KeyMetadataRepresentation key = null;
for (KeyMetadataRepresentation k : keys.getKeys()) {
if (KeyType.EC.equals(k.getType()) && keyComponentId.equals(k.getProviderId())) {
key = k;
break;
}
}
assertNotNull(key);
assertEquals(keyComponentId, key.getProviderId());
// kid is changed if key was regenerated
assertNotEquals(originalKey.getKid(), key.getKid());
assertEquals(KeyType.EC, key.getType());
assertNotEquals(originalKey.getAlgorithm(), key.getAlgorithm());
assertEquals(ToEcInNistRep, AbstractEcdsaKeyProviderFactory.convertAlgorithmToECDomainParmNistRep(key.getAlgorithm()));
assertEquals(ToEcInNistRep, getCurveFromPublicKey(key.getPublicKey()));
}
Also used :
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
KeyMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation.KeyMetadataRepresentation)
KeyMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation.KeyMetadataRepresentation)
Example 13 with KeysMetadataRepresentation
use of org.keycloak.representations.idm.KeysMetadataRepresentation in project keycloak by keycloak.
the class GeneratedRsaKeyProviderTest method largeKeysize.
private void largeKeysize(String providerId, KeyUse keyUse) throws Exception {
long priority = System.currentTimeMillis();
ComponentRepresentation rep = createRep("valid", providerId);
rep.setConfig(new MultivaluedHashMap<>());
rep.getConfig().putSingle("priority", Long.toString(priority));
rep.getConfig().putSingle("keySize", "4096");
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
getCleanup().addComponentId(id);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(2, createdRep.getConfig().size());
assertEquals("4096", createdRep.getConfig().getFirst("keySize"));
KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
KeysMetadataRepresentation.KeyMetadataRepresentation key = keys.getKeys().get(0);
assertEquals(id, key.getProviderId());
assertEquals(AlgorithmType.RSA.name(), key.getType());
assertEquals(priority, key.getProviderPriority());
assertEquals(4096, ((RSAPublicKey) PemUtils.decodePublicKey(keys.getKeys().get(0).getPublicKey())).getModulus().bitLength());
assertEquals(keyUse, key.getUse());
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
Response(javax.ws.rs.core.Response)
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Example 14 with KeysMetadataRepresentation
use of org.keycloak.representations.idm.KeysMetadataRepresentation in project keycloak by keycloak.
the class GeneratedHmacKeyProviderTest method defaultKeysize.
@Test
public void defaultKeysize() throws Exception {
long priority = System.currentTimeMillis();
ComponentRepresentation rep = createRep("valid", GeneratedHmacKeyProviderFactory.ID);
rep.setConfig(new MultivaluedHashMap<>());
rep.getConfig().putSingle("priority", Long.toString(priority));
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(1, createdRep.getConfig().size());
assertEquals(Long.toString(priority), createdRep.getConfig().getFirst("priority"));
KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
KeysMetadataRepresentation.KeyMetadataRepresentation key = null;
for (KeysMetadataRepresentation.KeyMetadataRepresentation k : keys.getKeys()) {
if (k.getAlgorithm().equals(Algorithm.HS256)) {
key = k;
break;
}
}
assertEquals(id, key.getProviderId());
assertEquals(KeyType.OCT, key.getType());
assertEquals(priority, key.getProviderPriority());
ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
assertEquals(64, Base64Url.decode(component.getConfig().getFirst("secret")).length);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
Response(javax.ws.rs.core.Response)
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Example 15 with KeysMetadataRepresentation
use of org.keycloak.representations.idm.KeysMetadataRepresentation in project keycloak by keycloak.
the class ExportImportTest method testRealmExportImport.
private void testRealmExportImport() throws LifecycleException {
testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_EXPORT);
testingClient.testing().exportImport().setRealmName("test");
testingClient.testing().exportImport().runExport();
List<ComponentRepresentation> components = adminClient.realm("test").components().query();
KeysMetadataRepresentation keyMetadata = adminClient.realm("test").keys().getKeyMetadata();
String sampleRealmRoleId = adminClient.realm("test").roles().get("sample-realm-role").toRepresentation().getId();
Map<String, List<String>> roleAttributes = adminClient.realm("test").roles().get("attribute-role").toRepresentation().getAttributes();
String testAppId = adminClient.realm("test").clients().findByClientId("test-app").get(0).getId();
String sampleClientRoleId = adminClient.realm("test").clients().get(testAppId).roles().get("sample-client-role").toRepresentation().getId();
String sampleClientRoleAttribute = adminClient.realm("test").clients().get(testAppId).roles().get("sample-client-role").toRepresentation().getAttributes().get("sample-client-role-attribute").get(0);
// Delete some realm (and some data in admin realm)
adminClient.realm("test").remove();
Assert.assertNames(adminClient.realms().findAll(), "test-realm", "master");
assertNotAuthenticated("test", "test-user@localhost", "password");
assertNotAuthenticated("test", "user1", "password");
assertNotAuthenticated("test", "user2", "password");
assertNotAuthenticated("test", "user3", "password");
assertNotAuthenticated("test", "user-requiredOTP", "password");
assertNotAuthenticated("test", "user-requiredWebAuthn", "password");
// Configure import
testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_IMPORT);
testingClient.testing().exportImport().runImport();
// Ensure data are imported back, but just for "test" realm
Assert.assertNames(adminClient.realms().findAll(), "master", "test", "test-realm");
assertAuthenticated("test", "test-user@localhost", "password");
assertAuthenticated("test", "user1", "password");
assertAuthenticated("test", "user2", "password");
assertAuthenticated("test", "user3", "password");
assertAuthenticated("test", "user-requiredOTP", "password");
assertAuthenticated("test", "user-requiredWebAuthn", "password");
RealmResource testRealmRealm = adminClient.realm("test");
assertTrue(testRealmRealm.users().search("user-requiredOTP").get(0).getRequiredActions().get(0).equals(UserModel.RequiredAction.CONFIGURE_TOTP.name()));
assertTrue(testRealmRealm.users().search("user-requiredWebAuthn").get(0).getRequiredActions().get(0).equals(WebAuthnRegisterFactory.PROVIDER_ID));
List<ComponentRepresentation> componentsImported = adminClient.realm("test").components().query();
assertComponents(components, componentsImported);
KeysMetadataRepresentation keyMetadataImported = adminClient.realm("test").keys().getKeyMetadata();
assertEquals(keyMetadata.getActive(), keyMetadataImported.getActive());
String importedSampleRealmRoleId = adminClient.realm("test").roles().get("sample-realm-role").toRepresentation().getId();
assertEquals(sampleRealmRoleId, importedSampleRealmRoleId);
Map<String, List<String>> importedRoleAttributes = adminClient.realm("test").roles().get("attribute-role").toRepresentation().getAttributes();
Assert.assertRoleAttributes(roleAttributes, importedRoleAttributes);
String importedSampleClientRoleId = adminClient.realm("test").clients().get(testAppId).roles().get("sample-client-role").toRepresentation().getId();
assertEquals(sampleClientRoleId, importedSampleClientRoleId);
String importedSampleClientRoleAttribute = adminClient.realm("test").clients().get(testAppId).roles().get("sample-client-role").toRepresentation().getAttributes().get("sample-client-role-attribute").get(0);
assertEquals(sampleClientRoleAttribute, importedSampleClientRoleAttribute);
checkEventsConfig(adminClient.realm("test").getRealmEventsConfig());
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
List(java.util.List)
Aggregations
KeysMetadataRepresentation (org.keycloak.representations.idm.KeysMetadataRepresentation)15
ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12
Response (javax.ws.rs.core.Response)10
RSAPublicKey (java.security.interfaces.RSAPublicKey)3
Test (org.junit.Test)3
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)3
KeyPair (java.security.KeyPair)2
List (java.util.List)2
KeyMetadataRepresentation (org.keycloak.representations.idm.KeysMetadataRepresentation.KeyMetadataRepresentation)2
IOException (java.io.IOException)1
KeyFactory (java.security.KeyFactory)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PublicKey (java.security.PublicKey)1
Certificate (java.security.cert.Certificate)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)1
HashMap (java.util.HashMap)1
Collectors (java.util.stream.Collectors)1
GET (javax.ws.rs.GET)1
Produces (javax.ws.rs.Produces)1
