Refactor BouncyIntegration (#12244)

Closes #12243
This commit is contained in:
Stian Thorgersen 2022-06-07 09:02:00 +02:00 committed by GitHub
parent df72cf72f2
commit e49e8335e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 108 additions and 212 deletions

View file

@ -17,8 +17,10 @@
package org.keycloak.common.util; package org.keycloak.common.util;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jboss.logging.Logger;
import java.lang.reflect.Constructor;
import java.security.Provider;
import java.security.Security; import java.security.Security;
/** /**
@ -26,11 +28,37 @@ import java.security.Security;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class BouncyIntegration { public class BouncyIntegration {
static {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider()); private static final Logger log = Logger.getLogger(BouncyIntegration.class);
private static final String[] providerClassNames = {
"org.bouncycastle.jce.provider.BouncyCastleProvider",
"org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider"
};
public static final String PROVIDER = loadProvider();
private static String loadProvider() {
for (String providerClassName : providerClassNames) {
try {
Class<?> providerClass = Class.forName(providerClassName, true, BouncyIntegration.class.getClassLoader());
Constructor<Provider> constructor = (Constructor<Provider>) providerClass.getConstructor();
Provider provider = constructor.newInstance();
if (Security.getProvider(provider.getName()) == null) {
Security.addProvider(provider);
log.debugv("Loaded {0} security provider", providerClassName);
} else {
log.debugv("Security provider {0} already loaded", providerClassName);
}
return provider.getName();
} catch (Exception e) {
log.debugv("Failed to load {0}", e, providerClassName);
}
}
throw new RuntimeException("Failed to load required security provider: BouncyCastleProvider or BouncyCastleFipsProvider");
} }
public static void init() {
// empty, the static class does it
}
} }

View file

@ -57,9 +57,6 @@ import java.util.Date;
* @version $Revision: 2 $ * @version $Revision: 2 $
*/ */
public class CertificateUtils { public class CertificateUtils {
static {
BouncyIntegration.init();
}
/** /**
* Generates version 3 {@link java.security.cert.X509Certificate}. * Generates version 3 {@link java.security.cert.X509Certificate}.
@ -119,10 +116,10 @@ public class CertificateUtils {
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
// Content Signer // Content Signer
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BouncyIntegration.PROVIDER).build(caPrivateKey);
// Certificate // Certificate
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen)); return new JcaX509CertificateConverter().setProvider(BouncyIntegration.PROVIDER).getCertificate(certGen.build(sigGen));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Error creating X509v3Certificate.", e); throw new RuntimeException("Error creating X509v3Certificate.", e);
} }

View file

@ -38,9 +38,6 @@ import java.security.spec.X509EncodedKeySpec;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public final class DerUtils { public final class DerUtils {
static {
BouncyIntegration.init();
}
private DerUtils() { private DerUtils() {
} }
@ -55,19 +52,19 @@ public final class DerUtils {
PKCS8EncodedKeySpec spec = PKCS8EncodedKeySpec spec =
new PKCS8EncodedKeySpec(keyBytes); new PKCS8EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
return kf.generatePrivate(spec); return kf.generatePrivate(spec);
} }
public static PublicKey decodePublicKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { public static PublicKey decodePublicKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
X509EncodedKeySpec spec = X509EncodedKeySpec spec =
new X509EncodedKeySpec(der); new X509EncodedKeySpec(der);
KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
return kf.generatePublic(spec); return kf.generatePublic(spec);
} }
public static X509Certificate decodeCertificate(InputStream is) throws Exception { public static X509Certificate decodeCertificate(InputStream is) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); CertificateFactory cf = CertificateFactory.getInstance("X.509", BouncyIntegration.PROVIDER);
X509Certificate cert = (X509Certificate) cf.generateCertificate(is); X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
is.close(); is.close();
return cert; return cert;
@ -76,7 +73,7 @@ public final class DerUtils {
public static PrivateKey decodePrivateKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { public static PrivateKey decodePrivateKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
PKCS8EncodedKeySpec spec = PKCS8EncodedKeySpec spec =
new PKCS8EncodedKeySpec(der); new PKCS8EncodedKeySpec(der);
KeyFactory kf = KeyFactory.getInstance("RSA", "BC"); KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
return kf.generatePrivate(spec); return kf.generatePrivate(spec);
} }
} }

View file

@ -46,7 +46,7 @@ public class KeyUtils {
public static KeyPair generateRsaKeyPair(int keysize) { public static KeyPair generateRsaKeyPair(int keysize) {
try { try {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", BouncyIntegration.PROVIDER);
generator.initialize(keysize); generator.initialize(keysize);
KeyPair keyPair = generator.generateKeyPair(); KeyPair keyPair = generator.generateKeyPair();
return keyPair; return keyPair;

View file

@ -32,9 +32,6 @@ import java.security.PublicKey;
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class KeystoreUtil { public class KeystoreUtil {
static {
BouncyIntegration.init();
}
public enum KeystoreFormat { public enum KeystoreFormat {
JKS, JKS,
@ -72,7 +69,7 @@ public class KeystoreUtil {
if (format == KeystoreFormat.JKS) { if (format == KeystoreFormat.JKS) {
keyStore = KeyStore.getInstance(format.toString()); keyStore = KeyStore.getInstance(format.toString());
} else { } else {
keyStore = KeyStore.getInstance(format.toString(), "BC"); keyStore = KeyStore.getInstance(format.toString(), BouncyIntegration.PROVIDER);
} }
keyStore.load(stream, storePassword.toCharArray()); keyStore.load(stream, storePassword.toCharArray());

View file

@ -17,13 +17,16 @@
package org.keycloak.common.util; package org.keycloak.common.util;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.StringWriter; import java.io.StringWriter;
import java.security.*; import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -38,10 +41,6 @@ public final class PemUtils {
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
public static final String END_CERT = "-----END CERTIFICATE-----"; public static final String END_CERT = "-----END CERTIFICATE-----";
static {
BouncyIntegration.init();
}
private PemUtils() { private PemUtils() {
} }

View file

@ -17,15 +17,10 @@
package org.keycloak.jose.jwe; package org.keycloak.jose.jwe;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.spec.KeySpec;
import org.keycloak.common.util.Base64; import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.jose.JOSEHeader;
import org.keycloak.jose.JOSE; import org.keycloak.jose.JOSE;
import org.keycloak.jose.JOSEHeader;
import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider; import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider;
import org.keycloak.jose.jwe.enc.JWEEncryptionProvider; import org.keycloak.jose.jwe.enc.JWEEncryptionProvider;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -34,16 +29,15 @@ import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.spec.KeySpec;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/ */
public class JWE implements JOSE { public class JWE implements JOSE {
static {
BouncyIntegration.init();
}
private JWEHeader header; private JWEHeader header;
private String base64Header; private String base64Header;

View file

@ -34,6 +34,7 @@ import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.jose.jwe.JWE; import org.keycloak.jose.jwe.JWE;
import org.keycloak.jose.jwe.JWEKeyStorage; import org.keycloak.jose.jwe.JWEKeyStorage;
import org.keycloak.jose.jwe.JWEUtils; import org.keycloak.jose.jwe.JWEUtils;
@ -116,7 +117,7 @@ public abstract class AesCbcHmacShaEncryptionProvider implements JWEEncryptionPr
private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException { private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyIntegration.PROVIDER);
AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes); AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes);
cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivParamSpec); cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivParamSpec);
return cipher.doFinal(contentBytes); return cipher.doFinal(contentBytes);
@ -124,7 +125,7 @@ public abstract class AesCbcHmacShaEncryptionProvider implements JWEEncryptionPr
private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException { private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyIntegration.PROVIDER);
AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes); AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes);
cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParamSpec); cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParamSpec);
return cipher.doFinal(encryptedBytes); return cipher.doFinal(encryptedBytes);

View file

@ -27,6 +27,7 @@ import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.jose.jwe.JWE; import org.keycloak.jose.jwe.JWE;
import org.keycloak.jose.jwe.JWEKeyStorage; import org.keycloak.jose.jwe.JWEKeyStorage;
import org.keycloak.jose.jwe.JWEUtils; import org.keycloak.jose.jwe.JWEUtils;
@ -88,7 +89,7 @@ public abstract class AesGcmEncryptionProvider implements JWEEncryptionProvider
} }
private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException { private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyIntegration.PROVIDER);
GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes); GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes);
cipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmParams); cipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmParams);
cipher.updateAAD(aad); cipher.updateAAD(aad);
@ -98,7 +99,7 @@ public abstract class AesGcmEncryptionProvider implements JWEEncryptionProvider
} }
private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException { private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyIntegration.PROVIDER);
GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes); GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes);
cipher.init(Cipher.DECRYPT_MODE, aesKey, gcmParams); cipher.init(Cipher.DECRYPT_MODE, aesKey, gcmParams);
cipher.updateAAD(aad); cipher.updateAAD(aad);

View file

@ -17,14 +17,11 @@
package org.keycloak; package org.keycloak;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import org.keycloak.crypto.Algorithm; import org.keycloak.crypto.Algorithm;
import org.keycloak.jose.jws.crypto.HashUtils; import org.keycloak.jose.jws.crypto.HashUtils;
import java.security.Security;
/** /**
* See "at_hash" in OIDC specification * See "at_hash" in OIDC specification
* *
@ -32,10 +29,6 @@ import java.security.Security;
*/ */
public class AtHashTest { public class AtHashTest {
static {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
@Test @Test
public void testAtHashRsa() { public void testAtHashRsa() {
verifyHash(Algorithm.RS256,"jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y", "77QmUPtjPfzWtF2AnpK9RQ"); verifyHash(Algorithm.RS256,"jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y", "77QmUPtjPfzWtF2AnpK9RQ");

View file

@ -70,10 +70,6 @@ public class RSAVerifierTest {
private static X509Certificate[] clientCertificateChain; private static X509Certificate[] clientCertificateChain;
private AccessToken token; private AccessToken token;
static {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair)
throws CertificateException, InvalidKeyException, IOException, throws CertificateException, InvalidKeyException, IOException,
NoSuchProviderException, OperatorCreationException, NoSuchProviderException, OperatorCreationException,

View file

@ -21,6 +21,7 @@ import java.util.Arrays;
import java.util.List; import java.util.List;
import org.junit.Test; import org.junit.Test;
import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.common.util.KeyUtils; import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils; import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.JavaAlgorithm; import org.keycloak.crypto.JavaAlgorithm;
@ -128,9 +129,7 @@ public class JWKTest {
@Test @Test
public void publicEs256() throws Exception { public void publicEs256() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC", BouncyIntegration.PROVIDER);
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG"); SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1"); ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
keyGen.initialize(ecSpec, randomGen); keyGen.initialize(ecSpec, randomGen);

View file

@ -44,7 +44,7 @@ public class ProvidersUtil {
// register Apache Santuario 1.5.x XMLDSig version // register Apache Santuario 1.5.x XMLDSig version
addXMLDSigRI(); addXMLDSigRI();
// register BC provider if available (to have additional encryption algorithms, etc.) // register BC provider if available (to have additional encryption algorithms, etc.)
addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider"); // addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
return true; return true;
} }
}); });

View file

@ -18,6 +18,7 @@
package org.keycloak.credential.hash; package org.keycloak.credential.hash;
import org.keycloak.common.util.Base64; import org.keycloak.common.util.Base64;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.models.PasswordPolicy; import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.credential.PasswordCredentialModel; import org.keycloak.models.credential.PasswordCredentialModel;
@ -25,6 +26,7 @@ import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEKeySpec;
import java.io.IOException; import java.io.IOException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec; import java.security.spec.KeySpec;
@ -124,8 +126,8 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProvider {
private SecretKeyFactory getSecretKeyFactory() { private SecretKeyFactory getSecretKeyFactory() {
try { try {
return SecretKeyFactory.getInstance(pbkdf2Algorithm); return SecretKeyFactory.getInstance(pbkdf2Algorithm, BouncyIntegration.PROVIDER);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new RuntimeException("PBKDF2 algorithm not found", e); throw new RuntimeException("PBKDF2 algorithm not found", e);
} }
} }

View file

@ -21,6 +21,7 @@ package org.keycloak.authentication.authenticators.x509;
import org.apache.http.HttpResponse; import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpGet;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
@ -654,11 +655,11 @@ public class CertificateValidator {
intermediateCerts.add(clientCert); intermediateCerts.add(clientCert);
} }
CertStore intermediateCertStore = CertStore.getInstance("Collection", CertStore intermediateCertStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(intermediateCerts), "BC"); new CollectionCertStoreParameters(intermediateCerts), BouncyIntegration.PROVIDER);
pkixParams.addCertStore(intermediateCertStore); pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain // Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyIntegration.PROVIDER);
PKIXCertPathBuilderResult result = PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult) builder.build(pkixParams); (PKIXCertPathBuilderResult) builder.build(pkixParams);
return result; return result;

View file

@ -78,11 +78,6 @@ import org.apache.http.impl.client.CloseableHttpClient;
public final class OCSPUtils { public final class OCSPUtils {
static {
BouncyIntegration.init();
}
private final static Logger logger = Logger.getLogger(""+OCSPUtils.class); private final static Logger logger = Logger.getLogger(""+OCSPUtils.class);
private static int OCSP_CONNECT_TIMEOUT = 10000; // 10 sec private static int OCSP_CONNECT_TIMEOUT = 10000; // 10 sec
@ -314,7 +309,7 @@ public final class OCSPUtils {
for (X509CertificateHolder certHolder : certs) { for (X509CertificateHolder certHolder : certs) {
try { try {
X509Certificate tempCert = new JcaX509CertificateConverter() X509Certificate tempCert = new JcaX509CertificateConverter()
.setProvider("BC").getCertificate(certHolder); .setProvider(BouncyIntegration.PROVIDER).getCertificate(certHolder);
X500Name respName = new X500Name(tempCert.getSubjectX500Principal().getName()); X500Name respName = new X500Name(tempCert.getSubjectX500Principal().getName());
if (responderName.equals(respName)) { if (responderName.equals(respName)) {
signingCert = tempCert; signingCert = tempCert;
@ -332,7 +327,7 @@ public final class OCSPUtils {
for (X509CertificateHolder certHolder : certs) { for (X509CertificateHolder certHolder : certs) {
try { try {
X509Certificate tempCert = new JcaX509CertificateConverter() X509Certificate tempCert = new JcaX509CertificateConverter()
.setProvider("BC").getCertificate(certHolder); .setProvider(BouncyIntegration.PROVIDER).getCertificate(certHolder);
SubjectKeyIdentifier subjectKeyIdentifier = null; SubjectKeyIdentifier subjectKeyIdentifier = null;
if (certHolder.getExtensions() != null) { if (certHolder.getExtensions() != null) {
@ -452,7 +447,7 @@ public final class OCSPUtils {
private static boolean verifySignature(BasicOCSPResp basicOcspResponse, X509Certificate cert) { private static boolean verifySignature(BasicOCSPResp basicOcspResponse, X509Certificate cert) {
try { try {
ContentVerifierProvider contentVerifier = new JcaContentVerifierProviderBuilder() ContentVerifierProvider contentVerifier = new JcaContentVerifierProviderBuilder()
.setProvider("BC").build(cert.getPublicKey()); .setProvider(BouncyIntegration.PROVIDER).build(cert.getPublicKey());
return basicOcspResponse.isSignatureValid(contentVerifier); return basicOcspResponse.isSignatureValid(contentVerifier);
} catch (OperatorCreationException e) { } catch (OperatorCreationException e) {
logger.log(Level.FINE, "Unable to construct OCSP content signature verifier\n{0}", e.getMessage()); logger.log(Level.FINE, "Unable to construct OCSP content signature verifier\n{0}", e.getMessage());

View file

@ -22,6 +22,8 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
import javax.ws.rs.NotAcceptableException; import javax.ws.rs.NotAcceptableException;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.common.util.PemUtils; import org.keycloak.common.util.PemUtils;
import org.keycloak.common.util.StreamUtil; import org.keycloak.common.util.StreamUtil;
import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.OperationType;
@ -228,7 +230,7 @@ public class ClientAttributeCertificateResource {
try { try {
KeyStore keyStore = null; KeyStore keyStore = null;
if (keystoreFormat.equals("JKS")) keyStore = KeyStore.getInstance("JKS"); if (keystoreFormat.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
else keyStore = KeyStore.getInstance(keystoreFormat, "BC"); else keyStore = KeyStore.getInstance(keystoreFormat, BouncyIntegration.PROVIDER);
keyStore.load(inputParts.get(0).getBody(InputStream.class, null), storePassword); keyStore.load(inputParts.get(0).getBody(InputStream.class, null), storePassword);
try { try {
privateKey = (PrivateKey)keyStore.getKey(keyAlias, keyPassword); privateKey = (PrivateKey)keyStore.getKey(keyAlias, keyPassword);
@ -332,7 +334,7 @@ public class ClientAttributeCertificateResource {
String format = config.getFormat(); String format = config.getFormat();
KeyStore keyStore; KeyStore keyStore;
if (format.equals("JKS")) keyStore = KeyStore.getInstance("JKS"); if (format.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
else keyStore = KeyStore.getInstance(format, "BC"); else keyStore = KeyStore.getInstance(format, BouncyIntegration.PROVIDER);
keyStore.load(null, null); keyStore.load(null, null);
String keyAlias = config.getKeyAlias(); String keyAlias = config.getKeyAlias();
if (keyAlias == null) keyAlias = client.getClientId(); if (keyAlias == null) keyAlias = client.getClientId();

View file

@ -24,6 +24,7 @@ import java.util.Set;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.logging.Logger.Level; import org.jboss.logging.Logger.Level;
import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.common.util.PemException; import org.keycloak.common.util.PemException;
import org.keycloak.common.util.PemUtils; import org.keycloak.common.util.PemUtils;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
@ -185,11 +186,11 @@ public class NginxProxySslClientCertificateLookup extends AbstractClientCertific
// Adding the list of intermediate certificates + end user certificate // Adding the list of intermediate certificates + end user certificate
intermediateCerts.add(end_user_auth_cert); intermediateCerts.add(end_user_auth_cert);
CollectionCertStoreParameters intermediateCA_userCert = new CollectionCertStoreParameters(intermediateCerts); CollectionCertStoreParameters intermediateCA_userCert = new CollectionCertStoreParameters(intermediateCerts);
CertStore intermediateCertStore = CertStore.getInstance("Collection", intermediateCA_userCert, "BC"); CertStore intermediateCertStore = CertStore.getInstance("Collection", intermediateCA_userCert, BouncyIntegration.PROVIDER);
pkixParams.addCertStore(intermediateCertStore); pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain (revocation status excluded) // Build and verify the certification chain (revocation status excluded)
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX","BC"); CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX",BouncyIntegration.PROVIDER);
CertPath certPath = certPathBuilder.build(pkixParams).getCertPath(); CertPath certPath = certPathBuilder.build(pkixParams).getCertPath();
log.debug("Certification path building OK, and contains " + certPath.getCertificates().size() + " X509 Certificates"); log.debug("Certification path building OK, and contains " + certPath.getCertificates().size() + " X509 Certificates");

View file

@ -55,11 +55,6 @@ public final class CRLUtils {
private static final Logger log = Logger.getLogger(CRLUtils.class); private static final Logger log = Logger.getLogger(CRLUtils.class);
static {
BouncyIntegration.init();
}
private static final String CRL_DISTRIBUTION_POINTS_OID = "2.5.29.31"; private static final String CRL_DISTRIBUTION_POINTS_OID = "2.5.29.31";
/** /**

View file

@ -1,47 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.test;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.keycloak.common.util.PemUtils;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RealmKeyGenerator {
static {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
public static void main(String[] args) throws Exception {
KeyPair keyPair = null;
try {
keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
System.out.println("privateKey : " + PemUtils.encodeKey(keyPair.getPrivate()));
System.out.println("publicKey : " + PemUtils.encodeKey(keyPair.getPublic()));
}
}

View file

@ -7,6 +7,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
@ -18,27 +19,23 @@ import java.util.Base64;
* @author mhajas * @author mhajas
*/ */
public class KeyUtils { public class KeyUtils {
static {
BouncyIntegration.init();
}
public static PublicKey publicKeyFromString(String key) { public static PublicKey publicKeyFromString(String key) {
try { try {
KeyFactory kf = KeyFactory.getInstance("RSA"); KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
byte[] encoded = Base64.getDecoder().decode(key); byte[] encoded = Base64.getDecoder().decode(key);
return kf.generatePublic(new X509EncodedKeySpec(encoded)); return kf.generatePublic(new X509EncodedKeySpec(encoded));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
public static PrivateKey privateKeyFromString(String key) { public static PrivateKey privateKeyFromString(String key) {
try { try {
KeyFactory kf = KeyFactory.getInstance("RSA"); KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
byte[] encoded = Base64.getDecoder().decode(key); byte[] encoded = Base64.getDecoder().decode(key);
return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }

View file

@ -30,6 +30,7 @@ import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.util.Base64; import org.keycloak.common.util.Base64;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.crypto.Algorithm; import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.JavaAlgorithm; import org.keycloak.crypto.JavaAlgorithm;
@ -188,7 +189,7 @@ public class TokenSignatureUtil {
private static Signature getSignature(String sigAlgName) { private static Signature getSignature(String sigAlgName) {
try { try {
// use Bouncy Castle for signature verification intentionally // use Bouncy Castle for signature verification intentionally
Signature signature = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(sigAlgName), "BC"); Signature signature = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(sigAlgName), BouncyIntegration.PROVIDER);
return signature; return signature;
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException(e);

View file

@ -188,11 +188,6 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
private static final ObjectMapper objectMapper = new ObjectMapper(); private static final ObjectMapper objectMapper = new ObjectMapper();
@BeforeClass
public static void beforeClientPoliciesTest() {
BouncyIntegration.init();
}
@Rule @Rule
public AssertEvents events = new AssertEvents(this); public AssertEvents events = new AssertEvents(this);
@ -405,14 +400,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
private PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { private PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
return kf.generatePrivate(spec); return kf.generatePrivate(spec);
} }
private PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { private PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
X509EncodedKeySpec spec = new X509EncodedKeySpec(der); X509EncodedKeySpec spec = new X509EncodedKeySpec(der);
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
return kf.generatePublic(spec); return kf.generatePublic(spec);
} }

View file

@ -27,10 +27,8 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair; import org.apache.http.message.BasicNameValuePair;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
@ -80,6 +78,9 @@ import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.UserInfoClientUtil; import org.keycloak.testsuite.util.UserInfoClientUtil;
import org.keycloak.testsuite.util.UserManager; import org.keycloak.testsuite.util.UserManager;
import org.keycloak.util.BasicAuthHelper; import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.JsonSerialization;
import org.keycloak.util.TokenUtil;
import org.openqa.selenium.By;
import javax.ws.rs.client.Client; import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity; import javax.ws.rs.client.Entity;
@ -90,34 +91,29 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilder;
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.security.Security;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.lessThanOrEqualTo;
import static org.hamcrest.Matchers.hasItemInArray; import static org.hamcrest.Matchers.hasItemInArray;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.lessThanOrEqualTo;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.Assert.assertExpiration;
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
import static org.keycloak.testsuite.admin.ApiUtil.findClientByClientId; import static org.keycloak.testsuite.admin.ApiUtil.findClientByClientId;
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername; import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsernameId; import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsernameId;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT; import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
import static org.keycloak.testsuite.util.ProtocolMapperUtil.createRoleNameMapper; import static org.keycloak.testsuite.util.ProtocolMapperUtil.createRoleNameMapper;
import static org.keycloak.testsuite.Assert.assertExpiration; import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import org.keycloak.util.JsonSerialization;
import org.keycloak.util.TokenUtil;
import org.openqa.selenium.By;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -133,11 +129,6 @@ public class AccessTokenTest extends AbstractKeycloakTest {
super.beforeAbstractKeycloakTest(); super.beforeAbstractKeycloakTest();
} }
@BeforeClass
public static void addBouncyCastleProvider() {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
@Before @Before
public void clientConfiguration() { public void clientConfiguration() {
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);

View file

@ -32,7 +32,6 @@ import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair; import org.apache.http.message.BasicNameValuePair;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
@ -80,6 +79,7 @@ import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls; import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource; import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
@ -91,6 +91,7 @@ import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import javax.ws.rs.core.Response;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
@ -115,15 +116,11 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
* @author Vaclav Muzikar <vmuzikar@redhat.com> * @author Vaclav Muzikar <vmuzikar@redhat.com>
@ -139,11 +136,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
private static ClientRepresentation app1, app2, app3; private static ClientRepresentation app1, app2, app3;
private static UserRepresentation defaultUser, serviceAccountUser; private static UserRepresentation defaultUser, serviceAccountUser;
@BeforeClass
public static void beforeClientAuthSignedJWTTest() {
BouncyIntegration.init();
}
@Override @Override
public void beforeAbstractKeycloakTest() throws Exception { public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest(); super.beforeAbstractKeycloakTest();
@ -1389,7 +1381,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
} }
private static KeyStore getKeystore(InputStream is, String storePassword, String format) throws Exception { private static KeyStore getKeystore(InputStream is, String storePassword, String format) throws Exception {
KeyStore keyStore = format.equals("JKS") ? KeyStore.getInstance(format) : KeyStore.getInstance(format, "BC"); KeyStore keyStore = format.equals("JKS") ? KeyStore.getInstance(format) : KeyStore.getInstance(format, BouncyIntegration.PROVIDER);
keyStore.load(is, storePassword.toCharArray()); keyStore.load(is, storePassword.toCharArray());
return keyStore; return keyStore;
} }
@ -1462,14 +1454,14 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
private static PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { private static PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
return kf.generatePrivate(spec); return kf.generatePrivate(spec);
} }
private static PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { private static PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
X509EncodedKeySpec spec = new X509EncodedKeySpec(der); X509EncodedKeySpec spec = new X509EncodedKeySpec(der);
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm); String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC"); KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
return kf.generatePublic(spec); return kf.generatePublic(spec);
} }

View file

@ -17,11 +17,9 @@
package org.keycloak.testsuite.oauth; package org.keycloak.testsuite.oauth;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jboss.arquillian.graphene.page.Page; import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
@ -33,7 +31,6 @@ import org.keycloak.common.enums.SslRequired;
import org.keycloak.crypto.Algorithm; import org.keycloak.crypto.Algorithm;
import org.keycloak.events.Details; import org.keycloak.events.Details;
import org.keycloak.events.Errors; import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSHeader; import org.keycloak.jose.jws.JWSHeader;
import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInput;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
@ -76,7 +73,6 @@ import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilder;
import java.net.URI; import java.net.URI;
import java.security.Security;
import java.util.List; import java.util.List;
import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.allOf;
@ -89,14 +85,13 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_IDLE_TIMEOUT; import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_IDLE_TIMEOUT;
import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN; import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN;
import static org.keycloak.testsuite.Assert.assertExpiration; import static org.keycloak.testsuite.Assert.assertExpiration;
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername; import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT; import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -116,11 +111,6 @@ public class RefreshTokenTest extends AbstractKeycloakTest {
super.beforeAbstractKeycloakTest(); super.beforeAbstractKeycloakTest();
} }
@BeforeClass
public static void addBouncyCastleProvider() {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
@Before @Before
public void clientConfiguration() { public void clientConfiguration() {
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);

View file

@ -24,7 +24,6 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair; import org.apache.http.message.BasicNameValuePair;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
@ -49,7 +48,6 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken; import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation; import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
@ -66,8 +64,10 @@ import org.keycloak.testsuite.util.TokenSignatureUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.UserManager; import org.keycloak.testsuite.util.UserManager;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.Security;
import java.util.HashMap; import java.util.HashMap;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
@ -77,11 +77,6 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import javax.validation.constraints.AssertTrue;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/ */
@ -101,7 +96,6 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
@Override @Override
public void beforeAbstractKeycloakTest() throws Exception { public void beforeAbstractKeycloakTest() throws Exception {
super.beforeAbstractKeycloakTest(); super.beforeAbstractKeycloakTest();
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
} }
@Override @Override

View file

@ -18,13 +18,8 @@
package org.keycloak.testsuite.oidc; package org.keycloak.testsuite.oidc;
import java.security.Security;
import java.util.List;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
@ -39,6 +34,9 @@ import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.ClientManager; import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
import java.util.List;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
@ -57,11 +55,6 @@ public class OIDCPublicClientTest extends AbstractKeycloakTest {
super.beforeAbstractKeycloakTest(); super.beforeAbstractKeycloakTest();
} }
@BeforeClass
public static void addBouncyCastleProvider() {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
@Before @Before
public void clientConfiguration() { public void clientConfiguration() {
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);

View file

@ -17,9 +17,7 @@
package org.keycloak.testsuite.oidc.flows; package org.keycloak.testsuite.oidc.flows;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jboss.arquillian.graphene.page.Page; import org.jboss.arquillian.graphene.page.Page;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuthErrorException; import org.keycloak.OAuthErrorException;
@ -32,9 +30,9 @@ import org.keycloak.jose.jws.crypto.HashUtils;
import org.keycloak.representations.IDToken; import org.keycloak.representations.IDToken;
import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
@ -45,13 +43,12 @@ import org.keycloak.testsuite.util.TokenSignatureUtil;
import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilder;
import java.io.IOException; import java.io.IOException;
import java.security.Security;
import java.util.List; import java.util.List;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
/** /**
* Abstract test for various values of response_type * Abstract test for various values of response_type
@ -60,11 +57,6 @@ import static org.junit.Assert.assertNull;
*/ */
public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeycloakTest { public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeycloakTest {
@BeforeClass
public static void addBouncyCastleProvider() {
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
}
@Rule @Rule
public AssertEvents events = new AssertEvents(this); public AssertEvents events = new AssertEvents(this);