parent
df72cf72f2
commit
e49e8335e0
29 changed files with 108 additions and 212 deletions
|
@ -17,8 +17,10 @@
|
||||||
|
|
||||||
package org.keycloak.common.util;
|
package org.keycloak.common.util;
|
||||||
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.jboss.logging.Logger;
|
||||||
|
|
||||||
|
import java.lang.reflect.Constructor;
|
||||||
|
import java.security.Provider;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -26,11 +28,37 @@ import java.security.Security;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class BouncyIntegration {
|
public class BouncyIntegration {
|
||||||
static {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
private static final Logger log = Logger.getLogger(BouncyIntegration.class);
|
||||||
|
|
||||||
|
private static final String[] providerClassNames = {
|
||||||
|
"org.bouncycastle.jce.provider.BouncyCastleProvider",
|
||||||
|
"org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider"
|
||||||
|
};
|
||||||
|
|
||||||
|
public static final String PROVIDER = loadProvider();
|
||||||
|
|
||||||
|
private static String loadProvider() {
|
||||||
|
for (String providerClassName : providerClassNames) {
|
||||||
|
try {
|
||||||
|
Class<?> providerClass = Class.forName(providerClassName, true, BouncyIntegration.class.getClassLoader());
|
||||||
|
Constructor<Provider> constructor = (Constructor<Provider>) providerClass.getConstructor();
|
||||||
|
Provider provider = constructor.newInstance();
|
||||||
|
|
||||||
|
if (Security.getProvider(provider.getName()) == null) {
|
||||||
|
Security.addProvider(provider);
|
||||||
|
log.debugv("Loaded {0} security provider", providerClassName);
|
||||||
|
} else {
|
||||||
|
log.debugv("Security provider {0} already loaded", providerClassName);
|
||||||
|
}
|
||||||
|
|
||||||
|
return provider.getName();
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.debugv("Failed to load {0}", e, providerClassName);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new RuntimeException("Failed to load required security provider: BouncyCastleProvider or BouncyCastleFipsProvider");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void init() {
|
|
||||||
// empty, the static class does it
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,9 +57,6 @@ import java.util.Date;
|
||||||
* @version $Revision: 2 $
|
* @version $Revision: 2 $
|
||||||
*/
|
*/
|
||||||
public class CertificateUtils {
|
public class CertificateUtils {
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates version 3 {@link java.security.cert.X509Certificate}.
|
* Generates version 3 {@link java.security.cert.X509Certificate}.
|
||||||
|
@ -119,10 +116,10 @@ public class CertificateUtils {
|
||||||
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
|
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
|
||||||
|
|
||||||
// Content Signer
|
// Content Signer
|
||||||
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
|
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BouncyIntegration.PROVIDER).build(caPrivateKey);
|
||||||
|
|
||||||
// Certificate
|
// Certificate
|
||||||
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
|
return new JcaX509CertificateConverter().setProvider(BouncyIntegration.PROVIDER).getCertificate(certGen.build(sigGen));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException("Error creating X509v3Certificate.", e);
|
throw new RuntimeException("Error creating X509v3Certificate.", e);
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,9 +38,6 @@ import java.security.spec.X509EncodedKeySpec;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public final class DerUtils {
|
public final class DerUtils {
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
private DerUtils() {
|
private DerUtils() {
|
||||||
}
|
}
|
||||||
|
@ -55,19 +52,19 @@ public final class DerUtils {
|
||||||
|
|
||||||
PKCS8EncodedKeySpec spec =
|
PKCS8EncodedKeySpec spec =
|
||||||
new PKCS8EncodedKeySpec(keyBytes);
|
new PKCS8EncodedKeySpec(keyBytes);
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA", "BC");
|
KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePrivate(spec);
|
return kf.generatePrivate(spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PublicKey decodePublicKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
public static PublicKey decodePublicKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
||||||
X509EncodedKeySpec spec =
|
X509EncodedKeySpec spec =
|
||||||
new X509EncodedKeySpec(der);
|
new X509EncodedKeySpec(der);
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA", "BC");
|
KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePublic(spec);
|
return kf.generatePublic(spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static X509Certificate decodeCertificate(InputStream is) throws Exception {
|
public static X509Certificate decodeCertificate(InputStream is) throws Exception {
|
||||||
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
|
CertificateFactory cf = CertificateFactory.getInstance("X.509", BouncyIntegration.PROVIDER);
|
||||||
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
|
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
|
||||||
is.close();
|
is.close();
|
||||||
return cert;
|
return cert;
|
||||||
|
@ -76,7 +73,7 @@ public final class DerUtils {
|
||||||
public static PrivateKey decodePrivateKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
public static PrivateKey decodePrivateKey(byte[] der) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
||||||
PKCS8EncodedKeySpec spec =
|
PKCS8EncodedKeySpec spec =
|
||||||
new PKCS8EncodedKeySpec(der);
|
new PKCS8EncodedKeySpec(der);
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA", "BC");
|
KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePrivate(spec);
|
return kf.generatePrivate(spec);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ public class KeyUtils {
|
||||||
|
|
||||||
public static KeyPair generateRsaKeyPair(int keysize) {
|
public static KeyPair generateRsaKeyPair(int keysize) {
|
||||||
try {
|
try {
|
||||||
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
|
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", BouncyIntegration.PROVIDER);
|
||||||
generator.initialize(keysize);
|
generator.initialize(keysize);
|
||||||
KeyPair keyPair = generator.generateKeyPair();
|
KeyPair keyPair = generator.generateKeyPair();
|
||||||
return keyPair;
|
return keyPair;
|
||||||
|
|
|
@ -32,9 +32,6 @@ import java.security.PublicKey;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class KeystoreUtil {
|
public class KeystoreUtil {
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
public enum KeystoreFormat {
|
public enum KeystoreFormat {
|
||||||
JKS,
|
JKS,
|
||||||
|
@ -72,7 +69,7 @@ public class KeystoreUtil {
|
||||||
if (format == KeystoreFormat.JKS) {
|
if (format == KeystoreFormat.JKS) {
|
||||||
keyStore = KeyStore.getInstance(format.toString());
|
keyStore = KeyStore.getInstance(format.toString());
|
||||||
} else {
|
} else {
|
||||||
keyStore = KeyStore.getInstance(format.toString(), "BC");
|
keyStore = KeyStore.getInstance(format.toString(), BouncyIntegration.PROVIDER);
|
||||||
}
|
}
|
||||||
|
|
||||||
keyStore.load(stream, storePassword.toCharArray());
|
keyStore.load(stream, storePassword.toCharArray());
|
||||||
|
|
|
@ -17,13 +17,16 @@
|
||||||
|
|
||||||
package org.keycloak.common.util;
|
package org.keycloak.common.util;
|
||||||
|
|
||||||
|
|
||||||
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
|
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.StringWriter;
|
import java.io.StringWriter;
|
||||||
import java.security.*;
|
import java.security.Key;
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.PublicKey;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
|
|
||||||
|
@ -38,10 +41,6 @@ public final class PemUtils {
|
||||||
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
|
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
|
||||||
public static final String END_CERT = "-----END CERTIFICATE-----";
|
public static final String END_CERT = "-----END CERTIFICATE-----";
|
||||||
|
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
private PemUtils() {
|
private PemUtils() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,15 +17,10 @@
|
||||||
|
|
||||||
package org.keycloak.jose.jwe;
|
package org.keycloak.jose.jwe;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.charset.StandardCharsets;
|
|
||||||
import java.security.spec.KeySpec;
|
|
||||||
|
|
||||||
import org.keycloak.common.util.Base64;
|
import org.keycloak.common.util.Base64;
|
||||||
import org.keycloak.common.util.Base64Url;
|
import org.keycloak.common.util.Base64Url;
|
||||||
import org.keycloak.common.util.BouncyIntegration;
|
|
||||||
import org.keycloak.jose.JOSEHeader;
|
|
||||||
import org.keycloak.jose.JOSE;
|
import org.keycloak.jose.JOSE;
|
||||||
|
import org.keycloak.jose.JOSEHeader;
|
||||||
import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider;
|
import org.keycloak.jose.jwe.alg.JWEAlgorithmProvider;
|
||||||
import org.keycloak.jose.jwe.enc.JWEEncryptionProvider;
|
import org.keycloak.jose.jwe.enc.JWEEncryptionProvider;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
@ -34,16 +29,15 @@ import javax.crypto.SecretKey;
|
||||||
import javax.crypto.SecretKeyFactory;
|
import javax.crypto.SecretKeyFactory;
|
||||||
import javax.crypto.spec.PBEKeySpec;
|
import javax.crypto.spec.PBEKeySpec;
|
||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.security.spec.KeySpec;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
public class JWE implements JOSE {
|
public class JWE implements JOSE {
|
||||||
|
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
private JWEHeader header;
|
private JWEHeader header;
|
||||||
private String base64Header;
|
private String base64Header;
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,7 @@ import javax.crypto.Mac;
|
||||||
import javax.crypto.spec.IvParameterSpec;
|
import javax.crypto.spec.IvParameterSpec;
|
||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.jose.jwe.JWE;
|
import org.keycloak.jose.jwe.JWE;
|
||||||
import org.keycloak.jose.jwe.JWEKeyStorage;
|
import org.keycloak.jose.jwe.JWEKeyStorage;
|
||||||
import org.keycloak.jose.jwe.JWEUtils;
|
import org.keycloak.jose.jwe.JWEUtils;
|
||||||
|
@ -116,7 +117,7 @@ public abstract class AesCbcHmacShaEncryptionProvider implements JWEEncryptionPr
|
||||||
|
|
||||||
|
|
||||||
private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException {
|
private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException {
|
||||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
|
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyIntegration.PROVIDER);
|
||||||
AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes);
|
AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes);
|
||||||
cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivParamSpec);
|
cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivParamSpec);
|
||||||
return cipher.doFinal(contentBytes);
|
return cipher.doFinal(contentBytes);
|
||||||
|
@ -124,7 +125,7 @@ public abstract class AesCbcHmacShaEncryptionProvider implements JWEEncryptionPr
|
||||||
|
|
||||||
|
|
||||||
private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException {
|
private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey) throws GeneralSecurityException {
|
||||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
|
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", BouncyIntegration.PROVIDER);
|
||||||
AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes);
|
AlgorithmParameterSpec ivParamSpec = new IvParameterSpec(ivBytes);
|
||||||
cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParamSpec);
|
cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParamSpec);
|
||||||
return cipher.doFinal(encryptedBytes);
|
return cipher.doFinal(encryptedBytes);
|
||||||
|
|
|
@ -27,6 +27,7 @@ import javax.crypto.Cipher;
|
||||||
import javax.crypto.spec.GCMParameterSpec;
|
import javax.crypto.spec.GCMParameterSpec;
|
||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.jose.jwe.JWE;
|
import org.keycloak.jose.jwe.JWE;
|
||||||
import org.keycloak.jose.jwe.JWEKeyStorage;
|
import org.keycloak.jose.jwe.JWEKeyStorage;
|
||||||
import org.keycloak.jose.jwe.JWEUtils;
|
import org.keycloak.jose.jwe.JWEUtils;
|
||||||
|
@ -88,7 +89,7 @@ public abstract class AesGcmEncryptionProvider implements JWEEncryptionProvider
|
||||||
}
|
}
|
||||||
|
|
||||||
private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException {
|
private byte[] encryptBytes(byte[] contentBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException {
|
||||||
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyIntegration.PROVIDER);
|
||||||
GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes);
|
GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes);
|
||||||
cipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmParams);
|
cipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmParams);
|
||||||
cipher.updateAAD(aad);
|
cipher.updateAAD(aad);
|
||||||
|
@ -98,7 +99,7 @@ public abstract class AesGcmEncryptionProvider implements JWEEncryptionProvider
|
||||||
}
|
}
|
||||||
|
|
||||||
private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException {
|
private byte[] decryptBytes(byte[] encryptedBytes, byte[] ivBytes, Key aesKey, byte[] aad) throws GeneralSecurityException {
|
||||||
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyIntegration.PROVIDER);
|
||||||
GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes);
|
GCMParameterSpec gcmParams = new GCMParameterSpec(AUTH_TAG_SIZE_BYTE * 8, ivBytes);
|
||||||
cipher.init(Cipher.DECRYPT_MODE, aesKey, gcmParams);
|
cipher.init(Cipher.DECRYPT_MODE, aesKey, gcmParams);
|
||||||
cipher.updateAAD(aad);
|
cipher.updateAAD(aad);
|
||||||
|
|
|
@ -17,14 +17,11 @@
|
||||||
|
|
||||||
package org.keycloak;
|
package org.keycloak;
|
||||||
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.crypto.Algorithm;
|
import org.keycloak.crypto.Algorithm;
|
||||||
import org.keycloak.jose.jws.crypto.HashUtils;
|
import org.keycloak.jose.jws.crypto.HashUtils;
|
||||||
|
|
||||||
import java.security.Security;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* See "at_hash" in OIDC specification
|
* See "at_hash" in OIDC specification
|
||||||
*
|
*
|
||||||
|
@ -32,10 +29,6 @@ import java.security.Security;
|
||||||
*/
|
*/
|
||||||
public class AtHashTest {
|
public class AtHashTest {
|
||||||
|
|
||||||
static {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAtHashRsa() {
|
public void testAtHashRsa() {
|
||||||
verifyHash(Algorithm.RS256,"jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y", "77QmUPtjPfzWtF2AnpK9RQ");
|
verifyHash(Algorithm.RS256,"jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y", "77QmUPtjPfzWtF2AnpK9RQ");
|
||||||
|
|
|
@ -70,10 +70,6 @@ public class RSAVerifierTest {
|
||||||
private static X509Certificate[] clientCertificateChain;
|
private static X509Certificate[] clientCertificateChain;
|
||||||
private AccessToken token;
|
private AccessToken token;
|
||||||
|
|
||||||
static {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair)
|
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair)
|
||||||
throws CertificateException, InvalidKeyException, IOException,
|
throws CertificateException, InvalidKeyException, IOException,
|
||||||
NoSuchProviderException, OperatorCreationException,
|
NoSuchProviderException, OperatorCreationException,
|
||||||
|
|
|
@ -21,6 +21,7 @@ import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.common.util.Base64Url;
|
import org.keycloak.common.util.Base64Url;
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.common.util.KeyUtils;
|
import org.keycloak.common.util.KeyUtils;
|
||||||
import org.keycloak.common.util.PemUtils;
|
import org.keycloak.common.util.PemUtils;
|
||||||
import org.keycloak.crypto.JavaAlgorithm;
|
import org.keycloak.crypto.JavaAlgorithm;
|
||||||
|
@ -128,9 +129,7 @@ public class JWKTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void publicEs256() throws Exception {
|
public void publicEs256() throws Exception {
|
||||||
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
|
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC", BouncyIntegration.PROVIDER);
|
||||||
|
|
||||||
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
|
|
||||||
SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
|
SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
|
||||||
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
|
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
|
||||||
keyGen.initialize(ecSpec, randomGen);
|
keyGen.initialize(ecSpec, randomGen);
|
||||||
|
|
|
@ -44,7 +44,7 @@ public class ProvidersUtil {
|
||||||
// register Apache Santuario 1.5.x XMLDSig version
|
// register Apache Santuario 1.5.x XMLDSig version
|
||||||
addXMLDSigRI();
|
addXMLDSigRI();
|
||||||
// register BC provider if available (to have additional encryption algorithms, etc.)
|
// register BC provider if available (to have additional encryption algorithms, etc.)
|
||||||
addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
|
// addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.credential.hash;
|
package org.keycloak.credential.hash;
|
||||||
|
|
||||||
import org.keycloak.common.util.Base64;
|
import org.keycloak.common.util.Base64;
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.models.PasswordPolicy;
|
import org.keycloak.models.PasswordPolicy;
|
||||||
import org.keycloak.models.credential.PasswordCredentialModel;
|
import org.keycloak.models.credential.PasswordCredentialModel;
|
||||||
|
|
||||||
|
@ -25,6 +26,7 @@ import javax.crypto.SecretKeyFactory;
|
||||||
import javax.crypto.spec.PBEKeySpec;
|
import javax.crypto.spec.PBEKeySpec;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.security.spec.KeySpec;
|
import java.security.spec.KeySpec;
|
||||||
|
@ -124,8 +126,8 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProvider {
|
||||||
|
|
||||||
private SecretKeyFactory getSecretKeyFactory() {
|
private SecretKeyFactory getSecretKeyFactory() {
|
||||||
try {
|
try {
|
||||||
return SecretKeyFactory.getInstance(pbkdf2Algorithm);
|
return SecretKeyFactory.getInstance(pbkdf2Algorithm, BouncyIntegration.PROVIDER);
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
|
||||||
throw new RuntimeException("PBKDF2 algorithm not found", e);
|
throw new RuntimeException("PBKDF2 algorithm not found", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,7 @@ package org.keycloak.authentication.authenticators.x509;
|
||||||
import org.apache.http.HttpResponse;
|
import org.apache.http.HttpResponse;
|
||||||
import org.apache.http.client.methods.HttpGet;
|
import org.apache.http.client.methods.HttpGet;
|
||||||
|
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.connections.httpclient.HttpClientProvider;
|
import org.keycloak.connections.httpclient.HttpClientProvider;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
|
@ -654,11 +655,11 @@ public class CertificateValidator {
|
||||||
intermediateCerts.add(clientCert);
|
intermediateCerts.add(clientCert);
|
||||||
}
|
}
|
||||||
CertStore intermediateCertStore = CertStore.getInstance("Collection",
|
CertStore intermediateCertStore = CertStore.getInstance("Collection",
|
||||||
new CollectionCertStoreParameters(intermediateCerts), "BC");
|
new CollectionCertStoreParameters(intermediateCerts), BouncyIntegration.PROVIDER);
|
||||||
pkixParams.addCertStore(intermediateCertStore);
|
pkixParams.addCertStore(intermediateCertStore);
|
||||||
|
|
||||||
// Build and verify the certification chain
|
// Build and verify the certification chain
|
||||||
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
|
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyIntegration.PROVIDER);
|
||||||
PKIXCertPathBuilderResult result =
|
PKIXCertPathBuilderResult result =
|
||||||
(PKIXCertPathBuilderResult) builder.build(pkixParams);
|
(PKIXCertPathBuilderResult) builder.build(pkixParams);
|
||||||
return result;
|
return result;
|
||||||
|
|
|
@ -78,11 +78,6 @@ import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
|
|
||||||
public final class OCSPUtils {
|
public final class OCSPUtils {
|
||||||
|
|
||||||
|
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
private final static Logger logger = Logger.getLogger(""+OCSPUtils.class);
|
private final static Logger logger = Logger.getLogger(""+OCSPUtils.class);
|
||||||
|
|
||||||
private static int OCSP_CONNECT_TIMEOUT = 10000; // 10 sec
|
private static int OCSP_CONNECT_TIMEOUT = 10000; // 10 sec
|
||||||
|
@ -314,7 +309,7 @@ public final class OCSPUtils {
|
||||||
for (X509CertificateHolder certHolder : certs) {
|
for (X509CertificateHolder certHolder : certs) {
|
||||||
try {
|
try {
|
||||||
X509Certificate tempCert = new JcaX509CertificateConverter()
|
X509Certificate tempCert = new JcaX509CertificateConverter()
|
||||||
.setProvider("BC").getCertificate(certHolder);
|
.setProvider(BouncyIntegration.PROVIDER).getCertificate(certHolder);
|
||||||
X500Name respName = new X500Name(tempCert.getSubjectX500Principal().getName());
|
X500Name respName = new X500Name(tempCert.getSubjectX500Principal().getName());
|
||||||
if (responderName.equals(respName)) {
|
if (responderName.equals(respName)) {
|
||||||
signingCert = tempCert;
|
signingCert = tempCert;
|
||||||
|
@ -332,7 +327,7 @@ public final class OCSPUtils {
|
||||||
for (X509CertificateHolder certHolder : certs) {
|
for (X509CertificateHolder certHolder : certs) {
|
||||||
try {
|
try {
|
||||||
X509Certificate tempCert = new JcaX509CertificateConverter()
|
X509Certificate tempCert = new JcaX509CertificateConverter()
|
||||||
.setProvider("BC").getCertificate(certHolder);
|
.setProvider(BouncyIntegration.PROVIDER).getCertificate(certHolder);
|
||||||
|
|
||||||
SubjectKeyIdentifier subjectKeyIdentifier = null;
|
SubjectKeyIdentifier subjectKeyIdentifier = null;
|
||||||
if (certHolder.getExtensions() != null) {
|
if (certHolder.getExtensions() != null) {
|
||||||
|
@ -452,7 +447,7 @@ public final class OCSPUtils {
|
||||||
private static boolean verifySignature(BasicOCSPResp basicOcspResponse, X509Certificate cert) {
|
private static boolean verifySignature(BasicOCSPResp basicOcspResponse, X509Certificate cert) {
|
||||||
try {
|
try {
|
||||||
ContentVerifierProvider contentVerifier = new JcaContentVerifierProviderBuilder()
|
ContentVerifierProvider contentVerifier = new JcaContentVerifierProviderBuilder()
|
||||||
.setProvider("BC").build(cert.getPublicKey());
|
.setProvider(BouncyIntegration.PROVIDER).build(cert.getPublicKey());
|
||||||
return basicOcspResponse.isSignatureValid(contentVerifier);
|
return basicOcspResponse.isSignatureValid(contentVerifier);
|
||||||
} catch (OperatorCreationException e) {
|
} catch (OperatorCreationException e) {
|
||||||
logger.log(Level.FINE, "Unable to construct OCSP content signature verifier\n{0}", e.getMessage());
|
logger.log(Level.FINE, "Unable to construct OCSP content signature verifier\n{0}", e.getMessage());
|
||||||
|
|
|
@ -22,6 +22,8 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart;
|
||||||
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
|
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
|
||||||
import javax.ws.rs.NotAcceptableException;
|
import javax.ws.rs.NotAcceptableException;
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
|
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.common.util.PemUtils;
|
import org.keycloak.common.util.PemUtils;
|
||||||
import org.keycloak.common.util.StreamUtil;
|
import org.keycloak.common.util.StreamUtil;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
|
@ -228,7 +230,7 @@ public class ClientAttributeCertificateResource {
|
||||||
try {
|
try {
|
||||||
KeyStore keyStore = null;
|
KeyStore keyStore = null;
|
||||||
if (keystoreFormat.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
|
if (keystoreFormat.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
|
||||||
else keyStore = KeyStore.getInstance(keystoreFormat, "BC");
|
else keyStore = KeyStore.getInstance(keystoreFormat, BouncyIntegration.PROVIDER);
|
||||||
keyStore.load(inputParts.get(0).getBody(InputStream.class, null), storePassword);
|
keyStore.load(inputParts.get(0).getBody(InputStream.class, null), storePassword);
|
||||||
try {
|
try {
|
||||||
privateKey = (PrivateKey)keyStore.getKey(keyAlias, keyPassword);
|
privateKey = (PrivateKey)keyStore.getKey(keyAlias, keyPassword);
|
||||||
|
@ -332,7 +334,7 @@ public class ClientAttributeCertificateResource {
|
||||||
String format = config.getFormat();
|
String format = config.getFormat();
|
||||||
KeyStore keyStore;
|
KeyStore keyStore;
|
||||||
if (format.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
|
if (format.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
|
||||||
else keyStore = KeyStore.getInstance(format, "BC");
|
else keyStore = KeyStore.getInstance(format, BouncyIntegration.PROVIDER);
|
||||||
keyStore.load(null, null);
|
keyStore.load(null, null);
|
||||||
String keyAlias = config.getKeyAlias();
|
String keyAlias = config.getKeyAlias();
|
||||||
if (keyAlias == null) keyAlias = client.getClientId();
|
if (keyAlias == null) keyAlias = client.getClientId();
|
||||||
|
|
|
@ -24,6 +24,7 @@ import java.util.Set;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.jboss.logging.Logger.Level;
|
import org.jboss.logging.Logger.Level;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.common.util.PemException;
|
import org.keycloak.common.util.PemException;
|
||||||
import org.keycloak.common.util.PemUtils;
|
import org.keycloak.common.util.PemUtils;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
@ -185,11 +186,11 @@ public class NginxProxySslClientCertificateLookup extends AbstractClientCertific
|
||||||
// Adding the list of intermediate certificates + end user certificate
|
// Adding the list of intermediate certificates + end user certificate
|
||||||
intermediateCerts.add(end_user_auth_cert);
|
intermediateCerts.add(end_user_auth_cert);
|
||||||
CollectionCertStoreParameters intermediateCA_userCert = new CollectionCertStoreParameters(intermediateCerts);
|
CollectionCertStoreParameters intermediateCA_userCert = new CollectionCertStoreParameters(intermediateCerts);
|
||||||
CertStore intermediateCertStore = CertStore.getInstance("Collection", intermediateCA_userCert, "BC");
|
CertStore intermediateCertStore = CertStore.getInstance("Collection", intermediateCA_userCert, BouncyIntegration.PROVIDER);
|
||||||
pkixParams.addCertStore(intermediateCertStore);
|
pkixParams.addCertStore(intermediateCertStore);
|
||||||
|
|
||||||
// Build and verify the certification chain (revocation status excluded)
|
// Build and verify the certification chain (revocation status excluded)
|
||||||
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX","BC");
|
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX",BouncyIntegration.PROVIDER);
|
||||||
CertPath certPath = certPathBuilder.build(pkixParams).getCertPath();
|
CertPath certPath = certPathBuilder.build(pkixParams).getCertPath();
|
||||||
log.debug("Certification path building OK, and contains " + certPath.getCertificates().size() + " X509 Certificates");
|
log.debug("Certification path building OK, and contains " + certPath.getCertificates().size() + " X509 Certificates");
|
||||||
|
|
||||||
|
|
|
@ -55,11 +55,6 @@ public final class CRLUtils {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(CRLUtils.class);
|
private static final Logger log = Logger.getLogger(CRLUtils.class);
|
||||||
|
|
||||||
|
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final String CRL_DISTRIBUTION_POINTS_OID = "2.5.29.31";
|
private static final String CRL_DISTRIBUTION_POINTS_OID = "2.5.29.31";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
* and other contributors as indicated by the @author tags.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.keycloak.test;
|
|
||||||
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.keycloak.common.util.PemUtils;
|
|
||||||
|
|
||||||
import java.security.KeyPair;
|
|
||||||
import java.security.KeyPairGenerator;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.security.Security;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
|
||||||
* @version $Revision: 1 $
|
|
||||||
*/
|
|
||||||
public class RealmKeyGenerator {
|
|
||||||
static {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
public static void main(String[] args) throws Exception {
|
|
||||||
KeyPair keyPair = null;
|
|
||||||
try {
|
|
||||||
keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
System.out.println("privateKey : " + PemUtils.encodeKey(keyPair.getPrivate()));
|
|
||||||
System.out.println("publicKey : " + PemUtils.encodeKey(keyPair.getPublic()));
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -7,6 +7,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation;
|
||||||
|
|
||||||
import java.security.KeyFactory;
|
import java.security.KeyFactory;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
|
@ -18,27 +19,23 @@ import java.util.Base64;
|
||||||
* @author mhajas
|
* @author mhajas
|
||||||
*/
|
*/
|
||||||
public class KeyUtils {
|
public class KeyUtils {
|
||||||
static {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public static PublicKey publicKeyFromString(String key) {
|
public static PublicKey publicKeyFromString(String key) {
|
||||||
try {
|
try {
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
|
||||||
byte[] encoded = Base64.getDecoder().decode(key);
|
byte[] encoded = Base64.getDecoder().decode(key);
|
||||||
return kf.generatePublic(new X509EncodedKeySpec(encoded));
|
return kf.generatePublic(new X509EncodedKeySpec(encoded));
|
||||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
} catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PrivateKey privateKeyFromString(String key) {
|
public static PrivateKey privateKeyFromString(String key) {
|
||||||
try {
|
try {
|
||||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
KeyFactory kf = KeyFactory.getInstance("RSA", BouncyIntegration.PROVIDER);
|
||||||
byte[] encoded = Base64.getDecoder().decode(key);
|
byte[] encoded = Base64.getDecoder().decode(key);
|
||||||
return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
|
return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
|
||||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
} catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,6 +30,7 @@ import org.jboss.logging.Logger;
|
||||||
import org.keycloak.admin.client.Keycloak;
|
import org.keycloak.admin.client.Keycloak;
|
||||||
import org.keycloak.admin.client.resource.ClientResource;
|
import org.keycloak.admin.client.resource.ClientResource;
|
||||||
import org.keycloak.common.util.Base64;
|
import org.keycloak.common.util.Base64;
|
||||||
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.crypto.Algorithm;
|
import org.keycloak.crypto.Algorithm;
|
||||||
import org.keycloak.crypto.JavaAlgorithm;
|
import org.keycloak.crypto.JavaAlgorithm;
|
||||||
|
@ -188,7 +189,7 @@ public class TokenSignatureUtil {
|
||||||
private static Signature getSignature(String sigAlgName) {
|
private static Signature getSignature(String sigAlgName) {
|
||||||
try {
|
try {
|
||||||
// use Bouncy Castle for signature verification intentionally
|
// use Bouncy Castle for signature verification intentionally
|
||||||
Signature signature = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(sigAlgName), "BC");
|
Signature signature = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(sigAlgName), BouncyIntegration.PROVIDER);
|
||||||
return signature;
|
return signature;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
|
|
|
@ -188,11 +188,6 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
private static final ObjectMapper objectMapper = new ObjectMapper();
|
private static final ObjectMapper objectMapper = new ObjectMapper();
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void beforeClientPoliciesTest() {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public AssertEvents events = new AssertEvents(this);
|
public AssertEvents events = new AssertEvents(this);
|
||||||
|
|
||||||
|
@ -405,14 +400,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
||||||
private PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
private PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
||||||
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
|
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
|
||||||
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
||||||
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC");
|
KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePrivate(spec);
|
return kf.generatePrivate(spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
private PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
private PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
||||||
X509EncodedKeySpec spec = new X509EncodedKeySpec(der);
|
X509EncodedKeySpec spec = new X509EncodedKeySpec(der);
|
||||||
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
||||||
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC");
|
KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePublic(spec);
|
return kf.generatePublic(spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -27,10 +27,8 @@ import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClientBuilder;
|
import org.apache.http.impl.client.HttpClientBuilder;
|
||||||
import org.apache.http.message.BasicNameValuePair;
|
import org.apache.http.message.BasicNameValuePair;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -80,6 +78,9 @@ import org.keycloak.testsuite.util.UserBuilder;
|
||||||
import org.keycloak.testsuite.util.UserInfoClientUtil;
|
import org.keycloak.testsuite.util.UserInfoClientUtil;
|
||||||
import org.keycloak.testsuite.util.UserManager;
|
import org.keycloak.testsuite.util.UserManager;
|
||||||
import org.keycloak.util.BasicAuthHelper;
|
import org.keycloak.util.BasicAuthHelper;
|
||||||
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
import org.keycloak.util.TokenUtil;
|
||||||
|
import org.openqa.selenium.By;
|
||||||
|
|
||||||
import javax.ws.rs.client.Client;
|
import javax.ws.rs.client.Client;
|
||||||
import javax.ws.rs.client.Entity;
|
import javax.ws.rs.client.Entity;
|
||||||
|
@ -90,34 +91,29 @@ import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
import static org.hamcrest.Matchers.allOf;
|
import static org.hamcrest.Matchers.allOf;
|
||||||
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
||||||
import static org.hamcrest.Matchers.lessThanOrEqualTo;
|
|
||||||
import static org.hamcrest.Matchers.hasItemInArray;
|
import static org.hamcrest.Matchers.hasItemInArray;
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
import static org.hamcrest.Matchers.lessThanOrEqualTo;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertNotEquals;
|
import static org.junit.Assert.assertNotEquals;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
import static org.keycloak.testsuite.Assert.assertExpiration;
|
||||||
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
||||||
import static org.keycloak.testsuite.admin.ApiUtil.findClientByClientId;
|
import static org.keycloak.testsuite.admin.ApiUtil.findClientByClientId;
|
||||||
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
|
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
|
||||||
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsernameId;
|
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsernameId;
|
||||||
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
|
|
||||||
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
|
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
|
||||||
import static org.keycloak.testsuite.util.ProtocolMapperUtil.createRoleNameMapper;
|
import static org.keycloak.testsuite.util.ProtocolMapperUtil.createRoleNameMapper;
|
||||||
import static org.keycloak.testsuite.Assert.assertExpiration;
|
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
|
||||||
|
|
||||||
import org.keycloak.util.JsonSerialization;
|
|
||||||
import org.keycloak.util.TokenUtil;
|
|
||||||
import org.openqa.selenium.By;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
@ -133,11 +129,6 @@ public class AccessTokenTest extends AbstractKeycloakTest {
|
||||||
super.beforeAbstractKeycloakTest();
|
super.beforeAbstractKeycloakTest();
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void addBouncyCastleProvider() {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void clientConfiguration() {
|
public void clientConfiguration() {
|
||||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
||||||
|
|
|
@ -32,7 +32,6 @@ import org.apache.http.impl.client.DefaultHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
import org.apache.http.message.BasicNameValuePair;
|
import org.apache.http.message.BasicNameValuePair;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -80,6 +79,7 @@ import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||||
|
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||||
import org.keycloak.testsuite.auth.page.AuthRealm;
|
import org.keycloak.testsuite.auth.page.AuthRealm;
|
||||||
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
|
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
|
||||||
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
|
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
|
||||||
|
@ -91,6 +91,7 @@ import org.keycloak.testsuite.util.RealmBuilder;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
|
@ -115,15 +116,11 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertNotEquals;
|
import static org.junit.Assert.assertNotEquals;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
|
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
* @author Vaclav Muzikar <vmuzikar@redhat.com>
|
* @author Vaclav Muzikar <vmuzikar@redhat.com>
|
||||||
|
@ -139,11 +136,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
private static ClientRepresentation app1, app2, app3;
|
private static ClientRepresentation app1, app2, app3;
|
||||||
private static UserRepresentation defaultUser, serviceAccountUser;
|
private static UserRepresentation defaultUser, serviceAccountUser;
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void beforeClientAuthSignedJWTTest() {
|
|
||||||
BouncyIntegration.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void beforeAbstractKeycloakTest() throws Exception {
|
public void beforeAbstractKeycloakTest() throws Exception {
|
||||||
super.beforeAbstractKeycloakTest();
|
super.beforeAbstractKeycloakTest();
|
||||||
|
@ -1389,7 +1381,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static KeyStore getKeystore(InputStream is, String storePassword, String format) throws Exception {
|
private static KeyStore getKeystore(InputStream is, String storePassword, String format) throws Exception {
|
||||||
KeyStore keyStore = format.equals("JKS") ? KeyStore.getInstance(format) : KeyStore.getInstance(format, "BC");
|
KeyStore keyStore = format.equals("JKS") ? KeyStore.getInstance(format) : KeyStore.getInstance(format, BouncyIntegration.PROVIDER);
|
||||||
keyStore.load(is, storePassword.toCharArray());
|
keyStore.load(is, storePassword.toCharArray());
|
||||||
return keyStore;
|
return keyStore;
|
||||||
}
|
}
|
||||||
|
@ -1462,14 +1454,14 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
private static PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
private static PrivateKey decodePrivateKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
||||||
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
|
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
|
||||||
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
||||||
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC");
|
KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePrivate(spec);
|
return kf.generatePrivate(spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
private static PublicKey decodePublicKey(byte[] der, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
|
||||||
X509EncodedKeySpec spec = new X509EncodedKeySpec(der);
|
X509EncodedKeySpec spec = new X509EncodedKeySpec(der);
|
||||||
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
String keyAlg = getKeyAlgorithmFromJwaAlgorithm(algorithm);
|
||||||
KeyFactory kf = KeyFactory.getInstance(keyAlg, "BC");
|
KeyFactory kf = KeyFactory.getInstance(keyAlg, BouncyIntegration.PROVIDER);
|
||||||
return kf.generatePublic(spec);
|
return kf.generatePublic(spec);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,11 +17,9 @@
|
||||||
package org.keycloak.testsuite.oauth;
|
package org.keycloak.testsuite.oauth;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.JsonNode;
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -33,7 +31,6 @@ import org.keycloak.common.enums.SslRequired;
|
||||||
import org.keycloak.crypto.Algorithm;
|
import org.keycloak.crypto.Algorithm;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
import org.keycloak.events.Errors;
|
import org.keycloak.events.Errors;
|
||||||
import org.keycloak.events.EventType;
|
|
||||||
import org.keycloak.jose.jws.JWSHeader;
|
import org.keycloak.jose.jws.JWSHeader;
|
||||||
import org.keycloak.jose.jws.JWSInput;
|
import org.keycloak.jose.jws.JWSInput;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
@ -76,7 +73,6 @@ import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.allOf;
|
import static org.hamcrest.Matchers.allOf;
|
||||||
|
@ -89,14 +85,13 @@ import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.junit.Assert.fail;
|
|
||||||
import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_IDLE_TIMEOUT;
|
import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_IDLE_TIMEOUT;
|
||||||
import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN;
|
import static org.keycloak.protocol.oidc.OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN;
|
||||||
import static org.keycloak.testsuite.Assert.assertExpiration;
|
import static org.keycloak.testsuite.Assert.assertExpiration;
|
||||||
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
||||||
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
|
import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername;
|
||||||
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
|
|
||||||
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
|
import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
|
||||||
|
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
@ -116,11 +111,6 @@ public class RefreshTokenTest extends AbstractKeycloakTest {
|
||||||
super.beforeAbstractKeycloakTest();
|
super.beforeAbstractKeycloakTest();
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void addBouncyCastleProvider() {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void clientConfiguration() {
|
public void clientConfiguration() {
|
||||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
||||||
|
|
|
@ -24,7 +24,6 @@ import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClientBuilder;
|
import org.apache.http.impl.client.HttpClientBuilder;
|
||||||
import org.apache.http.message.BasicNameValuePair;
|
import org.apache.http.message.BasicNameValuePair;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -49,7 +48,6 @@ import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientScopeRepresentation;
|
import org.keycloak.representations.idm.ClientScopeRepresentation;
|
||||||
import org.keycloak.representations.idm.EventRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
|
@ -66,8 +64,10 @@ import org.keycloak.testsuite.util.TokenSignatureUtil;
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
import org.keycloak.testsuite.util.UserManager;
|
import org.keycloak.testsuite.util.UserManager;
|
||||||
|
|
||||||
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -77,11 +77,6 @@ import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
import javax.validation.constraints.AssertTrue;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
|
@ -101,7 +96,6 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
|
||||||
@Override
|
@Override
|
||||||
public void beforeAbstractKeycloakTest() throws Exception {
|
public void beforeAbstractKeycloakTest() throws Exception {
|
||||||
super.beforeAbstractKeycloakTest();
|
super.beforeAbstractKeycloakTest();
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -18,13 +18,8 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.oidc;
|
package org.keycloak.testsuite.oidc;
|
||||||
|
|
||||||
import java.security.Security;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
|
@ -39,6 +34,9 @@ import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.util.ClientManager;
|
import org.keycloak.testsuite.util.ClientManager;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
|
||||||
|
@ -57,11 +55,6 @@ public class OIDCPublicClientTest extends AbstractKeycloakTest {
|
||||||
super.beforeAbstractKeycloakTest();
|
super.beforeAbstractKeycloakTest();
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void addBouncyCastleProvider() {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void clientConfiguration() {
|
public void clientConfiguration() {
|
||||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
||||||
|
|
|
@ -17,9 +17,7 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.oidc.flows;
|
package org.keycloak.testsuite.oidc.flows;
|
||||||
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
import org.jboss.arquillian.graphene.page.Page;
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuthErrorException;
|
import org.keycloak.OAuthErrorException;
|
||||||
|
@ -32,9 +30,9 @@ import org.keycloak.jose.jws.crypto.HashUtils;
|
||||||
import org.keycloak.representations.IDToken;
|
import org.keycloak.representations.IDToken;
|
||||||
import org.keycloak.representations.idm.EventRepresentation;
|
import org.keycloak.representations.idm.EventRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
|
||||||
import org.keycloak.testsuite.admin.AbstractAdminTest;
|
import org.keycloak.testsuite.admin.AbstractAdminTest;
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.pages.AppPage;
|
import org.keycloak.testsuite.pages.AppPage;
|
||||||
|
@ -45,13 +43,12 @@ import org.keycloak.testsuite.util.TokenSignatureUtil;
|
||||||
|
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.junit.Assert.assertFalse;
|
|
||||||
import static org.junit.Assert.assertTrue;
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Abstract test for various values of response_type
|
* Abstract test for various values of response_type
|
||||||
|
@ -60,11 +57,6 @@ import static org.junit.Assert.assertNull;
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeycloakTest {
|
public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeycloakTest {
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void addBouncyCastleProvider() {
|
|
||||||
if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public AssertEvents events = new AssertEvents(this);
|
public AssertEvents events = new AssertEvents(this);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue