libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Enhancement: Add support for RSA encryption key imports in JavaKeystoreKeyProvider (#29853)

Browse source 
closes #29852 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
This commit is contained in:
Francis Pouatcha 2024-05-28 12:56:20 +01:00 committed by GitHub
parent 694ffaf289
commit 583054b929
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProvider.java
View file

@ -93,7 +93,8 @@ public class JavaKeystoreKeyProvider implements KeyProvider {
String keyAlias = model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY); String keyAlias = model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY);
return switch (algorithm) { return switch (algorithm) {
case Algorithm.PS256, Algorithm.PS384, Algorithm.PS512, Algorithm.RS256, Algorithm.RS384, Algorithm.RS512 -> case Algorithm.PS256, Algorithm.PS384, Algorithm.PS512, Algorithm.RS256, Algorithm.RS384, Algorithm.RS512,
Algorithm.RSA_OAEP, Algorithm.RSA1_5, Algorithm.RSA_OAEP_256 ->
loadRSAKey(realm, model, keyStore, keyAlias); loadRSAKey(realm, model, keyStore, keyAlias);
case Algorithm.ES256, Algorithm.ES384, Algorithm.ES512 -> loadECKey(realm, model, keyStore, keyAlias); case Algorithm.ES256, Algorithm.ES384, Algorithm.ES512 -> loadECKey(realm, model, keyStore, keyAlias);
default -> default ->

6
services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProviderFactory.java
View file

@ -30,6 +30,7 @@ import org.keycloak.provider.ConfigurationValidationHelper;
import org.keycloak.provider.ProviderConfigProperty; import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder; import org.keycloak.provider.ProviderConfigurationBuilder;
import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.stream.Stream; import java.util.stream.Stream;
@ -118,7 +119,10 @@ public class JavaKeystoreKeyProviderFactory implements KeyProviderFactory {
// merge the algorithms supported for RSA and EC keys and provide them as one configuration property // merge the algorithms supported for RSA and EC keys and provide them as one configuration property
private static ProviderConfigProperty mergedAlgorithmProperties() { private static ProviderConfigProperty mergedAlgorithmProperties() {
List<String> ecAlgorithms = List.of(Algorithm.ES256, Algorithm.ES384, Algorithm.ES512); List<String> ecAlgorithms = List.of(Algorithm.ES256, Algorithm.ES384, Algorithm.ES512);
List<String> algorithms = Stream.concat(Attributes.RS_ALGORITHM_PROPERTY.getOptions().stream(), ecAlgorithms.stream()).toList(); List<String> algorithms = Stream.of(Attributes.RS_ALGORITHM_PROPERTY.getOptions(),
ecAlgorithms, Attributes.RS_ENC_ALGORITHM_PROPERTY.getOptions())
.flatMap(Collection::stream)
.toList();
return new ProviderConfigProperty(Attributes.RS_ALGORITHM_PROPERTY.getName(), Attributes.RS_ALGORITHM_PROPERTY.getLabel(), return new ProviderConfigProperty(Attributes.RS_ALGORITHM_PROPERTY.getName(), Attributes.RS_ALGORITHM_PROPERTY.getLabel(),
Attributes.RS_ALGORITHM_PROPERTY.getHelpText(), Attributes.RS_ALGORITHM_PROPERTY.getType(), Attributes.RS_ALGORITHM_PROPERTY.getHelpText(), Attributes.RS_ALGORITHM_PROPERTY.getType(),
Attributes.RS_ALGORITHM_PROPERTY.getDefaultValue(), algorithms.toArray(String[]::new)); Attributes.RS_ALGORITHM_PROPERTY.getDefaultValue(), algorithms.toArray(String[]::new));