/** * @param algorithm the encryption algorithm * @param numberDigits the number of digits for tokens * @param timeIntervalInSeconds the number of seconds a token is valid * @param lookAheadWindow the number of previous intervals that should be used to validate tokens. */ public TimeBasedOTP(String algorithm, int numberDigits, int timeIntervalInSeconds, int lookAheadWindow) { super(numberDigits, algorithm, lookAheadWindow); this.clock = new Clock(timeIntervalInSeconds); }
@Override public String getKey() { return KeycloakModelUtils.generateId(); } }
public static String generateSecret() { return generateSecret(32); }
@Override public boolean hasRole(RoleModel role) { Set<RoleModel> roles = getRoleMappings(); return RoleUtils.hasRole(roles, role) || RoleUtils.hasRoleFromGroup(getGroups(), role, true); }
public static void addFlows(RealmModel realm) { if (realm.getFlowByAlias(BROWSER_FLOW) == null) browserFlow(realm); if (realm.getFlowByAlias(DIRECT_GRANT_FLOW) == null) directGrantFlow(realm, false); if (realm.getFlowByAlias(REGISTRATION_FLOW) == null) registrationFlow(realm); if (realm.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) resetCredentialsFlow(realm); if (realm.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) clientAuthFlow(realm); if (realm.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) firstBrokerLoginFlow(realm, false); if (realm.getFlowByAlias(SAML_ECP_FLOW) == null) samlEcpProfile(realm); } public static void migrateFlows(RealmModel realm) {
public static String buildGroupPath(GroupModel group) { StringBuilder sb = new StringBuilder(); buildGroupPath(sb, group); return sb.toString(); }
@Override public boolean isMemberOf(GroupModel group) { Set<GroupModel> roles = getGroups(); return RoleUtils.isMember(roles, group); }
/** * <p>Generates a token.</p> * * @param secretKey the secret key to derive the token from. */ public String generateTOTP(String secretKey) { long T = this.clock.getCurrentInterval(); String steps = Long.toHexString(T).toUpperCase(); // Just get a 16 digit string while (steps.length() < 16) steps = "0" + steps; return generateOTP(secretKey, steps, this.numberDigits, this.algorithm); }
@Override public AuthUser getUser(RealmModel currentRealm, Map<String, String> config, String username) throws AuthenticationProviderException { RealmModel realm = getRealm(currentRealm, config); UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username); return user == null ? null : createAuthenticatedUserInstance(user); }
/** * Must validate all credentials. FYI, password hashes may be rehashed and updated based on realm hash password policies. * * @param realm * @param user * @param credentials * @return */ public static boolean validCredentials(KeycloakSession session, RealmModel realm, UserModel user, UserCredentialModel... credentials) { for (UserCredentialModel credential : credentials) { if (!validCredential(session, realm, user, credential)) return false; } return true; }
public void setCalendar(Calendar calendar) { this.clock.setCalendar(calendar); }
public static void browserFlow(RealmModel realm) { browserFlow(realm, false); }
@Override public void setName(String name) { name = KeycloakModelUtils.convertClientScopeName(name); entity.setName(name); }
public static void addDefaultRoles(RealmModel realm, UserModel userModel) { for (RoleModel role : getDefaultRoles(realm)) { userModel.grantRole(role); } } }
public static void createCredentials(UserRepresentation userRep, UserModel user) { if (userRep.getCredentials() != null) { for (CredentialRepresentation cred : userRep.getCredentials()) { updateCredential(user, cred); } } }
public void setEmail(String email, boolean allowDuplicate) { this.email = email; this.emailConstraint = email == null || allowDuplicate ? KeycloakModelUtils.generateId() : email; }
@Override public boolean hasRole(RoleModel role) { Set<RoleModel> roles = getRoleMappings(); return RoleUtils.hasRole(roles, role) || RoleUtils.hasRoleFromGroup(getGroups(), role, true); }
/** * Must validate all credentials. FYI, password hashes may be rehashed and updated based on realm hash password policies. * * @param realm * @param user * @param credentials * @return */ public static boolean validCredentials(KeycloakSession session, RealmModel realm, UserModel user, List<UserCredentialModel> credentials) { for (UserCredentialModel credential : credentials) { if (!validCredential(session, realm, user, credential)) return false; } return true; }
@Override public GroupModel createGroup(RealmModel realm, String name) { String id = KeycloakModelUtils.generateId(); return createGroup(realm, id, name); }
@Override public boolean hasRole(RoleModel role) { Set<RoleModel> roles = getRoleMappings(); return RoleUtils.hasRole(roles, role) || RoleUtils.hasRoleFromGroup(getGroups(), role, true); }