public static JWK getKeyForUse(JSONWebKeySet keySet, JWK.Use requestedUse) { for (JWK jwk : keySet.getKeys()) { JWKParser parser = JWKParser.create(jwk); if (parser.getJwk().getPublicKeyUse().equals(requestedUse.asString()) && parser.isKeyTypeSupported(jwk.getKeyType())) { return jwk; } } return null; } }
public static Map<String, PublicKey> getKeysForUse(JSONWebKeySet keySet, JWK.Use requestedUse) { Map<String, PublicKey> result = new HashMap<>(); for (JWK jwk : keySet.getKeys()) { JWKParser parser = JWKParser.create(jwk); if (jwk.getPublicKeyUse().equals(requestedUse.asString()) && parser.isKeyTypeSupported(jwk.getKeyType())) { result.put(jwk.getKeyId(), parser.toPublicKey()); } } return result; }
JSONWebKeySet keySet = JsonSerialization.readValue(keySetString, JSONWebKeySet.class); for (JWK jwk : keySet.getKeys()) { JWKParser parse = JWKParser.create(jwk); if (parse.getJwk().getPublicKeyUse().equals(JWK.SIG_USE) && keyTypeSupported(jwk.getKeyType())) { PublicKey key = parse.toPublicKey(); config.setPublicKeySignatureVerifier(KeycloakModelUtils.getPemFromKey(key)); config.setValidateSignature(true);
public JWK rsa(Key key) { RSAPublicKey rsaKey = (RSAPublicKey) key; RSAPublicJWK k = new RSAPublicJWK(); String kid = this.kid != null ? this.kid : KeyUtils.createKeyId(key); k.setKeyId(kid); k.setKeyType(KeyType.RSA); k.setAlgorithm(algorithm); k.setPublicKeyUse(DEFAULT_PUBLIC_KEY_USE); k.setModulus(Base64Url.encode(toIntegerBytes(rsaKey.getModulus()))); k.setPublicExponent(Base64Url.encode(toIntegerBytes(rsaKey.getPublicExponent()))); return k; }
public JWK ec(Key key) { ECPublicKey ecKey = (ECPublicKey) key; ECPublicJWK k = new ECPublicJWK(); String kid = this.kid != null ? this.kid : KeyUtils.createKeyId(key); k.setKeyId(kid); k.setKeyType(KeyType.EC); k.setAlgorithm(algorithm); k.setPublicKeyUse(DEFAULT_PUBLIC_KEY_USE); k.setCrv("P-" + ecKey.getParams().getCurve().getField().getFieldSize()); k.setX(Base64Url.encode(ecKey.getW().getAffineX().toByteArray())); k.setY(Base64Url.encode(ecKey.getW().getAffineY().toByteArray())); return k; }
public PublicKey toPublicKey() { String keyType = jwk.getKeyType(); if (keyType.equals(KeyType.RSA)) { return createRSAPublicKey(); } else if (keyType.equals(KeyType.EC)) { return createECPublicKey(); } else { throw new RuntimeException("Unsupported keyType " + keyType); } }
protected void handleJwksRequest() { try { JSONWebKeySet jwks = new JSONWebKeySet(); ClientCredentialsProvider clientCredentialsProvider = deployment.getClientAuthenticator(); // For now, just get signature key from JWT provider. We can add more if we support encryption etc. if (clientCredentialsProvider instanceof JWTClientCredentialsProvider) { PublicKey publicKey = ((JWTClientCredentialsProvider) clientCredentialsProvider).getPublicKey(); JWK jwk = JWKBuilder.create().rs256(publicKey); jwks.setKeys(new JWK[] { jwk }); } else { jwks.setKeys(new JWK[] {}); } facade.getResponse().setStatus(200); facade.getResponse().setHeader("Content-Type", "application/json"); JsonSerialization.writeValueToStream(facade.getResponse().getOutputStream(), jwks); } catch (Exception e) { throw new RuntimeException(e); } }
public String createSignedRequestToken(String clientId, String realmInfoUrl) { JsonWebToken jwt = createRequestToken(clientId, realmInfoUrl); return new JWSBuilder() .kid(publicKeyJwk.getKeyId()) .jsonContent(jwt) .rsa256(keyPair.getPrivate()); }
public static JWKParser create() { return new JWKParser(); }
private PublicKey createRSAPublicKey() { BigInteger modulus = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.MODULUS).toString())); BigInteger publicExponent = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.PUBLIC_EXPONENT).toString())); try { KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePublic(new RSAPublicKeySpec(modulus, publicExponent)); } catch (Exception e) { throw new RuntimeException(e); } }
public static JWKBuilder create() { return new JWKBuilder(); }
public static Map<String, KeyWrapper> getKeyWrappersForUse(JSONWebKeySet keySet, JWK.Use requestedUse) { Map<String, KeyWrapper> result = new HashMap<>(); for (JWK jwk : keySet.getKeys()) { JWKParser parser = JWKParser.create(jwk); if (jwk.getPublicKeyUse().equals(requestedUse.asString()) && parser.isKeyTypeSupported(jwk.getKeyType())) { KeyWrapper keyWrapper = new KeyWrapper(); keyWrapper.setKid(jwk.getKeyId()); keyWrapper.setAlgorithm(jwk.getAlgorithm()); keyWrapper.setType(jwk.getKeyType()); keyWrapper.setUse(getKeyUse(jwk.getPublicKeyUse())); keyWrapper.setVerifyKey(parser.toPublicKey()); result.put(keyWrapper.getKid(), keyWrapper); } } return result; }
public static JWKParser create(JWK jwk) { return new JWKParser(jwk); }
private PublicKey createECPublicKey() { String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV); BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X))); BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y))); String name; switch (crv) { case "P-256" : name = "secp256r1"; break; case "P-384" : name = "secp384r1"; break; case "P-521" : name = "secp521r1"; break; default : throw new RuntimeException("Unsupported curve"); } try { ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(name); ECNamedCurveSpec params = new ECNamedCurveSpec("prime256v1", spec.getCurve(), spec.getG(), spec.getN()); ECPoint point = new ECPoint(x, y); ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params); KeyFactory kf = KeyFactory.getInstance("ECDSA"); return kf.generatePublic(pubKeySpec); } catch (Exception e) { throw new RuntimeException(e); } }