libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-9116: Fixes JWK serialization of ECDSA public key coordinates.

Browse source 
Signed-off-by: Lars Wilhelmsen <lars@sral.org>
This commit is contained in:
Lars Wilhelmsen 2018-12-17 15:58:50 +01:00 committed by Pedro Igor
parent b64f30c9d7
commit 9b1ab0f992
2 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
core/src/main/java/org/keycloak/jose/jwk/JWKBuilder.java
View file

@ -77,20 +77,23 @@ public class JWKBuilder {
return k; return k;
} }
public JWK ec(Key key) { public JWK ec(Key key) {
ECPublicKey ecKey = (ECPublicKey) key; ECPublicKey ecKey = (ECPublicKey) key;
ECPublicJWK k = new ECPublicJWK(); ECPublicJWK k = new ECPublicJWK();
String kid = this.kid != null ? this.kid : KeyUtils.createKeyId(key); String kid = this.kid != null ? this.kid : KeyUtils.createKeyId(key);
int fieldSize = ecKey.getParams().getCurve().getField().getFieldSize();
BigInteger affineX = ecKey.getW().getAffineX();
BigInteger affineY = ecKey.getW().getAffineY();
k.setKeyId(kid); k.setKeyId(kid);
k.setKeyType(KeyType.EC); k.setKeyType(KeyType.EC);
k.setAlgorithm(algorithm); k.setAlgorithm(algorithm);
k.setPublicKeyUse(DEFAULT_PUBLIC_KEY_USE); k.setPublicKeyUse(DEFAULT_PUBLIC_KEY_USE);
k.setCrv("P-" + ecKey.getParams().getCurve().getField().getFieldSize()); k.setCrv("P-" + fieldSize);
k.setX(Base64Url.encode(ecKey.getW().getAffineX().toByteArray())); k.setX(Base64Url.encode(toIntegerBytes(ecKey.getW().getAffineX())));
k.setY(Base64Url.encode(ecKey.getW().getAffineY().toByteArray())); k.setY(Base64Url.encode(toIntegerBytes(ecKey.getW().getAffineY())));
return k; return k;
} }

15
core/src/test/java/org/keycloak/jose/jwk/JWKTest.java
View file

@ -18,6 +18,7 @@
package org.keycloak.jose.jwk; package org.keycloak.jose.jwk;
import org.junit.Test; import org.junit.Test;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils; import org.keycloak.common.util.KeyUtils;
import org.keycloak.crypto.JavaAlgorithm; import org.keycloak.crypto.JavaAlgorithm;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -86,9 +87,17 @@ public class JWKTest {
assertTrue(jwk instanceof ECPublicJWK); assertTrue(jwk instanceof ECPublicJWK);
assertNotNull(((ECPublicJWK) jwk).getCrv()); ECPublicJWK ecJwk = (ECPublicJWK) jwk;
assertNotNull(((ECPublicJWK) jwk).getX());
assertNotNull(((ECPublicJWK) jwk).getY()); assertNotNull(ecJwk.getCrv());
assertNotNull(ecJwk.getX());
assertNotNull(ecJwk.getY());
byte[] xBytes = Base64Url.decode(ecJwk.getX());
byte[] yBytes = Base64Url.decode(ecJwk.getY());
assertEquals(256/8, xBytes.length);
assertEquals(256/8, yBytes.length);
String jwkJson = JsonSerialization.writeValueAsString(jwk); String jwkJson = JsonSerialization.writeValueAsString(jwk);