103 lines
3.1 KiB
Java
103 lines
3.1 KiB
Java
|
/*
|
||
|
|
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||
|
|
* and other contributors as indicated by the @author tags.
|
||
|
|
*
|
||
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
|
* you may not use this file except in compliance with the License.
|
||
|
|
* You may obtain a copy of the License at
|
||
|
|
*
|
||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
*
|
||
|
|
* Unless required by applicable law or agreed to in writing, software
|
||
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
|
* See the License for the specific language governing permissions and
|
||
|
|
* limitations under the License.
|
||
|
|
*/
|
||
|
|
|
||
|
|
package org.keycloak.keys;
|
||
|
|
|
||
|
|
import java.util.Collections;
|
||
|
|
import java.util.List;
|
||
|
|
|
||
|
|
import javax.crypto.SecretKey;
|
||
|
|
|
||
|
|
import org.keycloak.common.util.Base64Url;
|
||
|
|
import org.keycloak.common.util.KeyUtils;
|
||
|
|
import org.keycloak.component.ComponentModel;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||
|
|
*/
|
||
|
|
public abstract class GeneratedSecretKeyProvider implements SecretKeyProvider {
|
||
|
|
|
||
|
|
private final boolean enabled;
|
||
|
|
|
||
|
|
private final boolean active;
|
||
|
|
|
||
|
|
private final ComponentModel model;
|
||
|
|
private final String kid;
|
||
|
|
private final SecretKey secretKey;
|
||
|
|
|
||
|
|
public GeneratedSecretKeyProvider(ComponentModel model) {
|
||
|
|
this.enabled = model.get(Attributes.ENABLED_KEY, true);
|
||
|
|
this.active = model.get(Attributes.ACTIVE_KEY, true);
|
||
|
|
this.kid = model.get(Attributes.KID_KEY);
|
||
|
|
this.model = model;
|
||
|
|
|
||
|
|
if (model.hasNote(SecretKey.class.getName())) {
|
||
|
|
secretKey = model.getNote(SecretKey.class.getName());
|
||
|
|
} else {
|
||
|
|
secretKey = KeyUtils.loadSecretKey(Base64Url.decode(model.get(Attributes.SECRET_KEY)), getJavaAlgorithmName());
|
||
|
|
model.setNote(SecretKey.class.getName(), secretKey);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public SecretKey getSecretKey() {
|
||
|
|
return isActive() ? secretKey : null;
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public SecretKey getSecretKey(String kid) {
|
||
|
|
return isEnabled() && kid.equals(this.kid) ? secretKey : null;
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public String getKid() {
|
||
|
|
return isActive() ? kid : null;
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public List<SecretKeyMetadata> getKeyMetadata() {
|
||
|
|
if (kid != null && secretKey != null) {
|
||
|
|
SecretKeyMetadata k = new SecretKeyMetadata();
|
||
|
|
k.setProviderId(model.getId());
|
||
|
|
k.setProviderPriority(model.get(Attributes.PRIORITY_KEY, 0l));
|
||
|
|
k.setKid(kid);
|
||
|
|
if (isActive()) {
|
||
|
|
k.setStatus(KeyMetadata.Status.ACTIVE);
|
||
|
|
} else if (isEnabled()) {
|
||
|
|
k.setStatus(KeyMetadata.Status.PASSIVE);
|
||
|
|
} else {
|
||
|
|
k.setStatus(KeyMetadata.Status.DISABLED);
|
||
|
|
}
|
||
|
|
return Collections.singletonList(k);
|
||
|
|
} else {
|
||
|
|
return Collections.emptyList();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public void close() {
|
||
|
|
}
|
||
|
|
|
||
|
|
private boolean isEnabled() {
|
||
|
|
return secretKey != null && enabled;
|
||
|
|
}
|
||
|
|
|
||
|
|
private boolean isActive() {
|
||
|
|
return isEnabled() && active;
|
||
|
|
}
|
||
|
|
}
|