libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

filter oidc broker import keys

Browse source
This commit is contained in:
Bill Burke 2015-04-24 15:03:20 -04:00
parent b8d23829aa
commit 7395d6585c
2 changed files with 32 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderFactory.java
View file

@ -21,6 +21,7 @@ import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.AbstractIdentityProviderFactory; import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
import org.keycloak.jose.jwk.JWK; import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKParser; import org.keycloak.jose.jwk.JWKParser;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.representations.JSONWebKeySet; import org.keycloak.protocol.oidc.representations.JSONWebKeySet;
@ -80,7 +81,7 @@ public class OIDCIdentityProviderFactory extends AbstractIdentityProviderFactory
JSONWebKeySet keySet = JsonSerialization.readValue(keySetString, JSONWebKeySet.class); JSONWebKeySet keySet = JsonSerialization.readValue(keySetString, JSONWebKeySet.class);
for (JWK jwk : keySet.getKeys()) { for (JWK jwk : keySet.getKeys()) {
JWKParser parse = JWKParser.create(jwk); JWKParser parse = JWKParser.create(jwk);
if (parse.getJwk().getPublicKeyUse().equals(JWK.SIG_USE)) { if (parse.getJwk().getPublicKeyUse().equals(JWK.SIG_USE) && keyTypeSupported(jwk.getKeyType())) {
PublicKey key = parse.toPublicKey(); PublicKey key = parse.toPublicKey();
config.setPublicKeySignatureVerifier(KeycloakModelUtils.getPemFromKey(key)); config.setPublicKeySignatureVerifier(KeycloakModelUtils.getPemFromKey(key));
config.setValidateSignature(true); config.setValidateSignature(true);
@ -95,4 +96,8 @@ public class OIDCIdentityProviderFactory extends AbstractIdentityProviderFactory
} }
return config.getConfig(); return config.getConfig();
} }
protected static boolean keyTypeSupported(String type) {
return type != null && type.equals("RSA");
}
} }

26
broker/oidc/src/test/java/org/keycloak/broker/oidc/OIDCIdentityProviderTest.java Executable file
View file

@ -0,0 +1,26 @@
package org.keycloak.broker.oidc;
import org.junit.Test;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OIDCIdentityProviderTest {
@Test
public void testUnsupportedKeyInput() throws Exception {
String json = "{" +
"\"version\":\"3.0\"," +
"\"issuer\":\"https://server.com:443\"," +
"\"authorization_endpoint\":\"https://server.com:443/oauth2\"," +
"\"token_endpoint\":\"https://server.com:443/token\"," +
"\"revocation_endpoint\":\"https://server.com:443/revoke\"," +
"\"userinfo_endpoint\":\"https://server.com:443/userinfo\"," +
"\"jwks_uri\":\"https://server.com:443/JWKS\"," +
"\"scopes_supported\"[\"phone\",\"address\",\"email\",\"openid\",\"profile\"]," +
"\"response_types_supported\":[\"code\",\"token\",\"id_token\",\"code token\",\"code id_token\",\"token id_token\",\"code token id_token\"]," +
"\"subject_types_supported\":[\"public\"]," +
"\"id_token_signing_alg_values_supported\":[\"HS256\",\"HS384\",\"HS512\",\"RS256\",\"RS384\",\"RS512\",\"ES256\",\"ES84\",\"ES512\"]} ";
}
}