From e49e8335e0e4d1b740a9309aa287741504b04488 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Tue, 7 Jun 2022 09:02:00 +0200 Subject: [PATCH] Refactor BouncyIntegration (#12244) Closes #12243 --- .../common/util/BouncyIntegration.java | 40 +++++++++++++--- .../common/util/CertificateUtils.java | 7 +-- .../org/keycloak/common/util/DerUtils.java | 11 ++--- .../org/keycloak/common/util/KeyUtils.java | 2 +- .../keycloak/common/util/KeystoreUtil.java | 5 +- .../org/keycloak/common/util/PemUtils.java | 11 ++--- .../main/java/org/keycloak/jose/jwe/JWE.java | 14 ++---- .../enc/AesCbcHmacShaEncryptionProvider.java | 5 +- .../jwe/enc/AesGcmEncryptionProvider.java | 5 +- .../test/java/org/keycloak/AtHashTest.java | 7 --- .../java/org/keycloak/RSAVerifierTest.java | 4 -- .../java/org/keycloak/jose/jwk/JWKTest.java | 5 +- .../processing/core/util/ProvidersUtil.java | 2 +- .../hash/Pbkdf2PasswordHashProvider.java | 6 ++- .../x509/CertificateValidator.java | 5 +- .../authenticators/x509/OCSPUtils.java | 11 ++--- .../ClientAttributeCertificateResource.java | 6 ++- .../NginxProxySslClientCertificateLookup.java | 5 +- .../java/org/keycloak/utils/CRLUtils.java | 5 -- .../org/keycloak/test/RealmKeyGenerator.java | 47 ------------------- .../org/keycloak/testsuite/util/KeyUtils.java | 13 ++--- .../testsuite/util/TokenSignatureUtil.java | 3 +- .../client/AbstractClientPoliciesTest.java | 9 +--- .../testsuite/oauth/AccessTokenTest.java | 23 +++------ .../oauth/ClientAuthSignedJWTTest.java | 18 ++----- .../testsuite/oauth/RefreshTokenTest.java | 12 +---- ...urceOwnerPasswordCredentialsGrantTest.java | 12 ++--- .../testsuite/oidc/OIDCPublicClientTest.java | 13 ++--- .../flows/AbstractOIDCResponseTypeTest.java | 14 ++---- 29 files changed, 108 insertions(+), 212 deletions(-) delete mode 100755 services/src/test/java/org/keycloak/test/RealmKeyGenerator.java diff --git a/common/src/main/java/org/keycloak/common/util/BouncyIntegration.java b/common/src/main/java/org/keycloak/common/util/BouncyIntegration.java index 54ac6df693..b3f32d25cf 100755 --- a/common/src/main/java/org/keycloak/common/util/BouncyIntegration.java +++ b/common/src/main/java/org/keycloak/common/util/BouncyIntegration.java @@ -17,8 +17,10 @@ package org.keycloak.common.util; -import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.jboss.logging.Logger; +import java.lang.reflect.Constructor; +import java.security.Provider; import java.security.Security; /** @@ -26,11 +28,37 @@ import java.security.Security; * @version $Revision: 1 $ */ public class BouncyIntegration { - static { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); + + private static final Logger log = Logger.getLogger(BouncyIntegration.class); + + private static final String[] providerClassNames = { + "org.bouncycastle.jce.provider.BouncyCastleProvider", + "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider" + }; + + public static final String PROVIDER = loadProvider(); + + private static String loadProvider() { + for (String providerClassName : providerClassNames) { + try { + Class providerClass = Class.forName(providerClassName, true, BouncyIntegration.class.getClassLoader()); + Constructor constructor = (Constructor) providerClass.getConstructor(); + Provider provider = constructor.newInstance(); + + if (Security.getProvider(provider.getName()) == null) { + Security.addProvider(provider); + log.debugv("Loaded {0} security provider", providerClassName); + } else { + log.debugv("Security provider {0} already loaded", providerClassName); + } + + return provider.getName(); + } catch (Exception e) { + log.debugv("Failed to load {0}", e, providerClassName); + } + } + + throw new RuntimeException("Failed to load required security provider: BouncyCastleProvider or BouncyCastleFipsProvider"); } - public static void init() { - // empty, the static class does it - } } diff --git a/common/src/main/java/org/keycloak/common/util/CertificateUtils.java b/common/src/main/java/org/keycloak/common/util/CertificateUtils.java index 573d0efc46..f72ea90633 100755 --- a/common/src/main/java/org/keycloak/common/util/CertificateUtils.java +++ b/common/src/main/java/org/keycloak/common/util/CertificateUtils.java @@ -57,9 +57,6 @@ import java.util.Date; * @version $Revision: 2 $ */ public class CertificateUtils { - static { - BouncyIntegration.init(); - } /** * Generates version 3 {@link java.security.cert.X509Certificate}. @@ -119,10 +116,10 @@ public class CertificateUtils { certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); // Content Signer - ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey); + ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BouncyIntegration.PROVIDER).build(caPrivateKey); // Certificate - return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen)); + return new JcaX509CertificateConverter().setProvider(BouncyIntegration.PROVIDER).getCertificate(certGen.build(sigGen)); } catch (Exception e) { throw new RuntimeException("Error creating X509v3Certificate.", e); } diff --git a/common/src/main/java/org/keycloak/common/util/DerUtils.java b/common/src/main/java/org/keycloak/common/util/DerUtils.java index d19a0c3f30..8075b1b5f3 100755 --- a/common/src/main/java/org/keycloak/common/util/DerUtils.java +++ b/common/src/main/java/org/keycloak/common/util/DerUtils.java @@ -38,9 +38,6 @@ import java.security.spec.X509EncodedKeySpec; * @version $Revision: 1 $ */ public final class DerUtils { - static { - BouncyIntegration.init(); - } private DerUtils() { } @@ -55,19 +52,19 @@ public final class DerUtils { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes); - KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); + KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER); return kf.generatePrivate(spec); } public static PublicKey decodePublicKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { X509EncodedKeySpec spec = new X509EncodedKeySpec(der); - KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); + KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER); return kf.generatePublic(spec); } public static X509Certificate decodeCertificate(InputStream is) throws Exception { - CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", BouncyIntegration.PROVIDER); X509Certificate cert = (X509Certificate) cf.generateCertificate(is); is.close(); return cert; @@ -76,7 +73,7 @@ public final class DerUtils { public static PrivateKey decodePrivateKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der); - KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); + KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER); return kf.generatePrivate(spec); } } diff --git a/common/src/main/java/org/keycloak/common/util/KeyUtils.java b/common/src/main/java/org/keycloak/common/util/KeyUtils.java index 932417e9d9..362f2245ea 100644 --- a/common/src/main/java/org/keycloak/common/util/KeyUtils.java +++ b/common/src/main/java/org/keycloak/common/util/KeyUtils.java @@ -46,7 +46,7 @@ public class KeyUtils { public static KeyPair generateRsaKeyPair(int keysize) { try { - KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", BouncyIntegration.PROVIDER); generator.initialize(keysize); KeyPair keyPair = generator.generateKeyPair(); return keyPair; diff --git a/common/src/main/java/org/keycloak/common/util/KeystoreUtil.java b/common/src/main/java/org/keycloak/common/util/KeystoreUtil.java index 2402f10fdb..406e6f9903 100755 --- a/common/src/main/java/org/keycloak/common/util/KeystoreUtil.java +++ b/common/src/main/java/org/keycloak/common/util/KeystoreUtil.java @@ -32,9 +32,6 @@ import java.security.PublicKey; * @version $Revision: 1 $ */ public class KeystoreUtil { - static { - BouncyIntegration.init(); - } public enum KeystoreFormat { JKS, @@ -72,7 +69,7 @@ public class KeystoreUtil { if (format == KeystoreFormat.JKS) { keyStore = KeyStore.getInstance(format.toString()); } else { - keyStore = KeyStore.getInstance(format.toString(), "BC"); + keyStore = KeyStore.getInstance(format.toString(), BouncyIntegration.PROVIDER); } keyStore.load(stream, storePassword.toCharArray()); diff --git a/common/src/main/java/org/keycloak/common/util/PemUtils.java b/common/src/main/java/org/keycloak/common/util/PemUtils.java index 5728050c5e..1a577483d0 100755 --- a/common/src/main/java/org/keycloak/common/util/PemUtils.java +++ b/common/src/main/java/org/keycloak/common/util/PemUtils.java @@ -17,13 +17,16 @@ package org.keycloak.common.util; - import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; -import java.security.*; +import java.security.Key; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; @@ -38,10 +41,6 @@ public final class PemUtils { public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; public static final String END_CERT = "-----END CERTIFICATE-----"; - static { - BouncyIntegration.init(); - } - private PemUtils() { } diff --git a/core/src/main/java/org/keycloak/jose/jwe/JWE.java b/core/src/main/java/org/keycloak/jose/jwe/JWE.java index 12eac89813..0e52bc53a2 100644 --- a/core/src/main/java/org/keycloak/jose/jwe/JWE.java +++ b/core/src/main/java/org/keycloak/jose/jwe/JWE.java @@ -17,15 +17,10 @@ package org.keycloak.jose.jwe; -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.security.spec.KeySpec; - import org.keycloak.common.util.Base64; import org.keycloak.common.util.Base64Url; -import org.keycloak.common.util.BouncyIntegration; -import org.keycloak.jose.JOSEHeader; import org.keycloak.jose.JOSE; +import org.keycloak.jose.JOSEHeader; import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider; import org.keycloak.jose.jwe.enc.JWEEncryptionProvider; import org.keycloak.util.JsonSerialization; @@ -34,16 +29,15 @@ import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.security.spec.KeySpec; /** * @author Marek Posolda */ public class JWE implements JOSE { - static { - BouncyIntegration.init(); - } - private JWEHeader header; private String base64Header; diff --git a/core/src/main/java/org/keycloak/jose/jwe/enc/AesCbcHmacShaEncryptionProvider.java b/core/src/main/java/org/keycloak/jose/jwe/enc/AesCbcHmacShaEncryptionProvider.java index 5450d72c59..03d4140580 100644 --- a/core/src/main/java/org/keycloak/jose/jwe/enc/AesCbcHmacShaEncryptionProvider.java +++ b/core/src/main/java/org/keycloak/jose/jwe/enc/AesCbcHmacShaEncryptionProvider.java @@ -34,6 +34,7 @@ import javax.crypto.Mac; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.jose.jwe.JWE; import org.keycloak.jose.jwe.JWEKeyStorage; import org.keycloak.jose.jwe.JWEUtils; @@ -116,7 +117,7 @@ public abstract class AesCbcHmacShaEncryptionProvider implements JWEEncryptionPr private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyIntegration.PROVIDER); AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes); cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivParamSpec); return cipher.doFinal(contentBytes); @@ -124,7 +125,7 @@ public abstract class AesCbcHmacShaEncryptionProvider implements JWEEncryptionPr private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyIntegration.PROVIDER); AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes); cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParamSpec); return cipher.doFinal(encryptedBytes); diff --git a/core/src/main/java/org/keycloak/jose/jwe/enc/AesGcmEncryptionProvider.java b/core/src/main/java/org/keycloak/jose/jwe/enc/AesGcmEncryptionProvider.java index f4283f6cf6..6f47bcae21 100644 --- a/core/src/main/java/org/keycloak/jose/jwe/enc/AesGcmEncryptionProvider.java +++ b/core/src/main/java/org/keycloak/jose/jwe/enc/AesGcmEncryptionProvider.java @@ -27,6 +27,7 @@ import javax.crypto.Cipher; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.jose.jwe.JWE; import org.keycloak.jose.jwe.JWEKeyStorage; import org.keycloak.jose.jwe.JWEUtils; @@ -88,7 +89,7 @@ public abstract class AesGcmEncryptionProvider implements JWEEncryptionProvider } private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyIntegration.PROVIDER); GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes); cipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmParams); cipher.updateAAD(aad); @@ -98,7 +99,7 @@ public abstract class AesGcmEncryptionProvider implements JWEEncryptionProvider } private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyIntegration.PROVIDER); GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes); cipher.init(Cipher.DECRYPT_MODE, aesKey, gcmParams); cipher.updateAAD(aad); diff --git a/core/src/test/java/org/keycloak/AtHashTest.java b/core/src/test/java/org/keycloak/AtHashTest.java index 02766ed013..582a536f15 100644 --- a/core/src/test/java/org/keycloak/AtHashTest.java +++ b/core/src/test/java/org/keycloak/AtHashTest.java @@ -17,14 +17,11 @@ package org.keycloak; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Assert; import org.junit.Test; import org.keycloak.crypto.Algorithm; import org.keycloak.jose.jws.crypto.HashUtils; -import java.security.Security; - /** * See "at_hash" in OIDC specification * @@ -32,10 +29,6 @@ import java.security.Security; */ public class AtHashTest { - static { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - @Test public void testAtHashRsa() { verifyHash(Algorithm.RS256,"jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y", "77QmUPtjPfzWtF2AnpK9RQ"); diff --git a/core/src/test/java/org/keycloak/RSAVerifierTest.java b/core/src/test/java/org/keycloak/RSAVerifierTest.java index f3ee5e1552..6d120b7cf9 100755 --- a/core/src/test/java/org/keycloak/RSAVerifierTest.java +++ b/core/src/test/java/org/keycloak/RSAVerifierTest.java @@ -70,10 +70,6 @@ public class RSAVerifierTest { private static X509Certificate[] clientCertificateChain; private AccessToken token; - static { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws CertificateException, InvalidKeyException, IOException, NoSuchProviderException, OperatorCreationException, diff --git a/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java b/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java index e2ed5fd372..ec75db09d8 100644 --- a/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java +++ b/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java @@ -21,6 +21,7 @@ import java.util.Arrays; import java.util.List; import org.junit.Test; import org.keycloak.common.util.Base64Url; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.common.util.KeyUtils; import org.keycloak.common.util.PemUtils; import org.keycloak.crypto.JavaAlgorithm; @@ -128,9 +129,7 @@ public class JWKTest { @Test public void publicEs256() throws Exception { - Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); - - KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC", BouncyIntegration.PROVIDER); SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG"); ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1"); keyGen.initialize(ecSpec, randomGen); diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/ProvidersUtil.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/ProvidersUtil.java index e4369a28b3..6a9c828e5b 100755 --- a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/ProvidersUtil.java +++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/ProvidersUtil.java @@ -44,7 +44,7 @@ public class ProvidersUtil { // register Apache Santuario 1.5.x XMLDSig version addXMLDSigRI(); // register BC provider if available (to have additional encryption algorithms, etc.) - addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider"); +// addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider"); return true; } }); diff --git a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java index 522e671215..b49c2e6f32 100644 --- a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java @@ -18,6 +18,7 @@ package org.keycloak.credential.hash; import org.keycloak.common.util.Base64; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.models.PasswordPolicy; import org.keycloak.models.credential.PasswordCredentialModel; @@ -25,6 +26,7 @@ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import java.io.IOException; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; @@ -124,8 +126,8 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProvider { private SecretKeyFactory getSecretKeyFactory() { try { - return SecretKeyFactory.getInstance(pbkdf2Algorithm); - } catch (NoSuchAlgorithmException e) { + return SecretKeyFactory.getInstance(pbkdf2Algorithm, BouncyIntegration.PROVIDER); + } catch (NoSuchAlgorithmException | NoSuchProviderException e) { throw new RuntimeException("PBKDF2 algorithm not found", e); } } diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java index 01e8f67371..9a7086334a 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java @@ -21,6 +21,7 @@ package org.keycloak.authentication.authenticators.x509; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpGet; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.common.util.Time; import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.models.Constants; @@ -654,11 +655,11 @@ public class CertificateValidator { intermediateCerts.add(clientCert); } CertStore intermediateCertStore = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(intermediateCerts), "BC"); + new CollectionCertStoreParameters(intermediateCerts), BouncyIntegration.PROVIDER); pkixParams.addCertStore(intermediateCertStore); // Build and verify the certification chain - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyIntegration.PROVIDER); PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams); return result; diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/x509/OCSPUtils.java b/services/src/main/java/org/keycloak/authentication/authenticators/x509/OCSPUtils.java index 45761b8860..d4106e005f 100644 --- a/services/src/main/java/org/keycloak/authentication/authenticators/x509/OCSPUtils.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/x509/OCSPUtils.java @@ -78,11 +78,6 @@ import org.apache.http.impl.client.CloseableHttpClient; public final class OCSPUtils { - - static { - BouncyIntegration.init(); - } - private final static Logger logger = Logger.getLogger(""+OCSPUtils.class); private static int OCSP_CONNECT_TIMEOUT = 10000; // 10 sec @@ -314,7 +309,7 @@ public final class OCSPUtils { for (X509CertificateHolder certHolder : certs) { try { X509Certificate tempCert = new JcaX509CertificateConverter() - .setProvider("BC").getCertificate(certHolder); + .setProvider(BouncyIntegration.PROVIDER).getCertificate(certHolder); X500Name respName = new X500Name(tempCert.getSubjectX500Principal().getName()); if (responderName.equals(respName)) { signingCert = tempCert; @@ -332,7 +327,7 @@ public final class OCSPUtils { for (X509CertificateHolder certHolder : certs) { try { X509Certificate tempCert = new JcaX509CertificateConverter() - .setProvider("BC").getCertificate(certHolder); + .setProvider(BouncyIntegration.PROVIDER).getCertificate(certHolder); SubjectKeyIdentifier subjectKeyIdentifier = null; if (certHolder.getExtensions() != null) { @@ -452,7 +447,7 @@ public final class OCSPUtils { private static boolean verifySignature(BasicOCSPResp basicOcspResponse, X509Certificate cert) { try { ContentVerifierProvider contentVerifier = new JcaContentVerifierProviderBuilder() - .setProvider("BC").build(cert.getPublicKey()); + .setProvider(BouncyIntegration.PROVIDER).build(cert.getPublicKey()); return basicOcspResponse.isSignatureValid(contentVerifier); } catch (OperatorCreationException e) { logger.log(Level.FINE, "Unable to construct OCSP content signature verifier\n{0}", e.getMessage()); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java index 2494d61e54..22cf0a40c3 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java @@ -22,6 +22,8 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import javax.ws.rs.NotAcceptableException; import javax.ws.rs.NotFoundException; + +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.common.util.PemUtils; import org.keycloak.common.util.StreamUtil; import org.keycloak.events.admin.OperationType; @@ -228,7 +230,7 @@ public class ClientAttributeCertificateResource { try { KeyStore keyStore = null; if (keystoreFormat.equals("JKS")) keyStore = KeyStore.getInstance("JKS"); - else keyStore = KeyStore.getInstance(keystoreFormat, "BC"); + else keyStore = KeyStore.getInstance(keystoreFormat, BouncyIntegration.PROVIDER); keyStore.load(inputParts.get(0).getBody(InputStream.class, null), storePassword); try { privateKey = (PrivateKey)keyStore.getKey(keyAlias, keyPassword); @@ -332,7 +334,7 @@ public class ClientAttributeCertificateResource { String format = config.getFormat(); KeyStore keyStore; if (format.equals("JKS")) keyStore = KeyStore.getInstance("JKS"); - else keyStore = KeyStore.getInstance(format, "BC"); + else keyStore = KeyStore.getInstance(format, BouncyIntegration.PROVIDER); keyStore.load(null, null); String keyAlias = config.getKeyAlias(); if (keyAlias == null) keyAlias = client.getClientId(); diff --git a/services/src/main/java/org/keycloak/services/x509/NginxProxySslClientCertificateLookup.java b/services/src/main/java/org/keycloak/services/x509/NginxProxySslClientCertificateLookup.java index 0deb2dff3b..b4a117fdca 100644 --- a/services/src/main/java/org/keycloak/services/x509/NginxProxySslClientCertificateLookup.java +++ b/services/src/main/java/org/keycloak/services/x509/NginxProxySslClientCertificateLookup.java @@ -24,6 +24,7 @@ import java.util.Set; import org.jboss.logging.Logger; import org.jboss.logging.Logger.Level; import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.common.util.PemException; import org.keycloak.common.util.PemUtils; import org.keycloak.models.KeycloakSession; @@ -185,11 +186,11 @@ public class NginxProxySslClientCertificateLookup extends AbstractClientCertific // Adding the list of intermediate certificates + end user certificate intermediateCerts.add(end_user_auth_cert); CollectionCertStoreParameters intermediateCA_userCert = new CollectionCertStoreParameters(intermediateCerts); - CertStore intermediateCertStore = CertStore.getInstance("Collection", intermediateCA_userCert, "BC"); + CertStore intermediateCertStore = CertStore.getInstance("Collection", intermediateCA_userCert, BouncyIntegration.PROVIDER); pkixParams.addCertStore(intermediateCertStore); // Build and verify the certification chain (revocation status excluded) - CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX","BC"); + CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX",BouncyIntegration.PROVIDER); CertPath certPath = certPathBuilder.build(pkixParams).getCertPath(); log.debug("Certification path building OK, and contains " + certPath.getCertificates().size() + " X509 Certificates"); diff --git a/services/src/main/java/org/keycloak/utils/CRLUtils.java b/services/src/main/java/org/keycloak/utils/CRLUtils.java index 22e4bd2c66..96b0bada27 100644 --- a/services/src/main/java/org/keycloak/utils/CRLUtils.java +++ b/services/src/main/java/org/keycloak/utils/CRLUtils.java @@ -55,11 +55,6 @@ public final class CRLUtils { private static final Logger log = Logger.getLogger(CRLUtils.class); - - static { - BouncyIntegration.init(); - } - private static final String CRL_DISTRIBUTION_POINTS_OID = "2.5.29.31"; /** diff --git a/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java b/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java deleted file mode 100755 index 40987b5387..0000000000 --- a/services/src/test/java/org/keycloak/test/RealmKeyGenerator.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.test; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.keycloak.common.util.PemUtils; - -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.Security; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class RealmKeyGenerator { - static { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - public static void main(String[] args) throws Exception { - KeyPair keyPair = null; - try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - - System.out.println("privateKey : " + PemUtils.encodeKey(keyPair.getPrivate())); - System.out.println("publicKey : " + PemUtils.encodeKey(keyPair.getPublic())); - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/KeyUtils.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/KeyUtils.java index 64bb51d25c..d1a4f596b8 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/KeyUtils.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/KeyUtils.java @@ -7,6 +7,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; @@ -18,27 +19,23 @@ import java.util.Base64; * @author mhajas */ public class KeyUtils { - static { - BouncyIntegration.init(); - } - public static PublicKey publicKeyFromString(String key) { try { - KeyFactory kf = KeyFactory.getInstance("RSA"); + KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER); byte[] encoded = Base64.getDecoder().decode(key); return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + } catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) { throw new RuntimeException(e); } } public static PrivateKey privateKeyFromString(String key) { try { - KeyFactory kf = KeyFactory.getInstance("RSA"); + KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER); byte[] encoded = Base64.getDecoder().decode(key); return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + } catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) { throw new RuntimeException(e); } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenSignatureUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenSignatureUtil.java index c74eaa437b..3fd8307c8e 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenSignatureUtil.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenSignatureUtil.java @@ -30,6 +30,7 @@ import org.jboss.logging.Logger; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.common.util.Base64; +import org.keycloak.common.util.BouncyIntegration; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.crypto.Algorithm; import org.keycloak.crypto.JavaAlgorithm; @@ -188,7 +189,7 @@ public class TokenSignatureUtil { private static Signature getSignature(String sigAlgName) { try { // use Bouncy Castle for signature verification intentionally - Signature signature = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(sigAlgName), "BC"); + Signature signature = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(sigAlgName), BouncyIntegration.PROVIDER); return signature; } catch (Exception e) { throw new RuntimeException(e); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java index 5ea941ba71..16f2b14fe4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java @@ -188,11 +188,6 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { private static final ObjectMapper objectMapper = new ObjectMapper(); - @BeforeClass - public static void beforeClientPoliciesTest() { - BouncyIntegration.init(); - } - @Rule public AssertEvents events = new AssertEvents(this); @@ -405,14 +400,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { private PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); - KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); + KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER); return kf.generatePrivate(spec); } private PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { X509EncodedKeySpec spec = new X509EncodedKeySpec(der); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); - KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); + KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER); return kf.generatePublic(spec); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java index 5d94f55ab2..2343081f0c 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java @@ -27,10 +27,8 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.message.BasicNameValuePair; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Assert; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -80,6 +78,9 @@ import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserInfoClientUtil; import org.keycloak.testsuite.util.UserManager; import org.keycloak.util.BasicAuthHelper; +import org.keycloak.util.JsonSerialization; +import org.keycloak.util.TokenUtil; +import org.openqa.selenium.By; import javax.ws.rs.client.Client; import javax.ws.rs.client.Entity; @@ -90,34 +91,29 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import java.io.IOException; import java.net.URI; -import java.security.Security; import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit; +import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.greaterThanOrEqualTo; -import static org.hamcrest.Matchers.lessThanOrEqualTo; import static org.hamcrest.Matchers.hasItemInArray; -import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.lessThanOrEqualTo; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import static org.keycloak.testsuite.Assert.assertExpiration; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.admin.ApiUtil.findClientByClientId; import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername; import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsernameId; -import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED; import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT; import static org.keycloak.testsuite.util.ProtocolMapperUtil.createRoleNameMapper; -import static org.keycloak.testsuite.Assert.assertExpiration; - -import org.keycloak.util.JsonSerialization; -import org.keycloak.util.TokenUtil; -import org.openqa.selenium.By; +import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED; /** * @author Stian Thorgersen @@ -133,11 +129,6 @@ public class AccessTokenTest extends AbstractKeycloakTest { super.beforeAbstractKeycloakTest(); } - @BeforeClass - public static void addBouncyCastleProvider() { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - @Before public void clientConfiguration() { ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java index 97dc1360da..150c26f21e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java @@ -32,7 +32,6 @@ import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.message.BasicNameValuePair; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -80,6 +79,7 @@ import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; +import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls; import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource; @@ -91,6 +91,7 @@ import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.util.JsonSerialization; +import javax.ws.rs.core.Response; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; @@ -115,15 +116,11 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.ws.rs.core.Response; - import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; - /** * @author Marek Posolda * @author Vaclav Muzikar @@ -139,11 +136,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { private static ClientRepresentation app1, app2, app3; private static UserRepresentation defaultUser, serviceAccountUser; - @BeforeClass - public static void beforeClientAuthSignedJWTTest() { - BouncyIntegration.init(); - } - @Override public void beforeAbstractKeycloakTest() throws Exception { super.beforeAbstractKeycloakTest(); @@ -1389,7 +1381,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { } private static KeyStore getKeystore(InputStream is, String storePassword, String format) throws Exception { - KeyStore keyStore = format.equals("JKS") ? KeyStore.getInstance(format) : KeyStore.getInstance(format, "BC"); + KeyStore keyStore = format.equals("JKS") ? KeyStore.getInstance(format) : KeyStore.getInstance(format, BouncyIntegration.PROVIDER); keyStore.load(is, storePassword.toCharArray()); return keyStore; } @@ -1462,14 +1454,14 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { private static PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); - KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); + KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER); return kf.generatePrivate(spec); } private static PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { X509EncodedKeySpec spec = new X509EncodedKeySpec(der); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); - KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); + KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER); return kf.generatePublic(spec); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java index c2b37f1d56..82f6942b99 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java @@ -17,11 +17,9 @@ package org.keycloak.testsuite.oauth; import com.fasterxml.jackson.databind.JsonNode; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -33,7 +31,6 @@ import org.keycloak.common.enums.SslRequired; import org.keycloak.crypto.Algorithm; import org.keycloak.events.Details; import org.keycloak.events.Errors; -import org.keycloak.events.EventType; import org.keycloak.jose.jws.JWSHeader; import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.RealmModel; @@ -76,7 +73,6 @@ import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import java.net.URI; -import java.security.Security; import java.util.List; import static org.hamcrest.Matchers.allOf; @@ -89,14 +85,13 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_IDLE_TIMEOUT; import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN; import static org.keycloak.testsuite.Assert.assertExpiration; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername; -import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED; import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT; +import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED; /** * @author Stian Thorgersen @@ -116,11 +111,6 @@ public class RefreshTokenTest extends AbstractKeycloakTest { super.beforeAbstractKeycloakTest(); } - @BeforeClass - public static void addBouncyCastleProvider() { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - @Before public void clientConfiguration() { ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java index 949125115a..cb206d17a9 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java @@ -24,7 +24,6 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.message.BasicNameValuePair; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -49,7 +48,6 @@ import org.keycloak.representations.AccessToken; import org.keycloak.representations.RefreshToken; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientScopeRepresentation; -import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; @@ -66,8 +64,10 @@ import org.keycloak.testsuite.util.TokenSignatureUtil; import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserManager; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; import java.io.UnsupportedEncodingException; -import java.security.Security; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -77,11 +77,6 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; -import javax.validation.constraints.AssertTrue; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; - /** * @author Stian Thorgersen */ @@ -101,7 +96,6 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT @Override public void beforeAbstractKeycloakTest() throws Exception { super.beforeAbstractKeycloakTest(); - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCPublicClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCPublicClientTest.java index 6c48783b49..49d8f34991 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCPublicClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCPublicClientTest.java @@ -18,13 +18,8 @@ package org.keycloak.testsuite.oidc; -import java.security.Security; -import java.util.List; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Assert; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -39,6 +34,9 @@ import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.util.ClientManager; import org.keycloak.testsuite.util.OAuthClient; + +import java.util.List; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; @@ -57,11 +55,6 @@ public class OIDCPublicClientTest extends AbstractKeycloakTest { super.beforeAbstractKeycloakTest(); } - @BeforeClass - public static void addBouncyCastleProvider() { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - @Before public void clientConfiguration() { ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/flows/AbstractOIDCResponseTypeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/flows/AbstractOIDCResponseTypeTest.java index 86b2b8c5ad..f96727e948 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/flows/AbstractOIDCResponseTypeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/flows/AbstractOIDCResponseTypeTest.java @@ -17,9 +17,7 @@ package org.keycloak.testsuite.oidc.flows; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jboss.arquillian.graphene.page.Page; -import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuthErrorException; @@ -32,9 +30,9 @@ import org.keycloak.jose.jws.crypto.HashUtils; import org.keycloak.representations.IDToken; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; -import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; @@ -45,13 +43,12 @@ import org.keycloak.testsuite.util.TokenSignatureUtil; import javax.ws.rs.core.UriBuilder; import java.io.IOException; -import java.security.Security; import java.util.List; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; /** * Abstract test for various values of response_type @@ -60,11 +57,6 @@ import static org.junit.Assert.assertNull; */ public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeycloakTest { - @BeforeClass - public static void addBouncyCastleProvider() { - if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); - } - @Rule public AssertEvents events = new AssertEvents(this);