@Override public void init(KeycloakDeployment deployment, Object config) { if (config == null || !(config instanceof Map)) { throw new RuntimeException("Configuration of jwt credentials is missing or incorrect for client '" + deployment.getResourceName() + "'. Check your adapter configuration"); } Map<String, Object> cfg = (Map<String, Object>) config; String clientKeystoreFile = (String) cfg.get("client-keystore-file"); if (clientKeystoreFile == null) { throw new RuntimeException("Missing parameter client-keystore-file in configuration of jwt for client " + deployment.getResourceName()); } String clientKeystoreType = (String) cfg.get("client-keystore-type"); KeystoreUtil.KeystoreFormat clientKeystoreFormat = clientKeystoreType==null ? KeystoreUtil.KeystoreFormat.JKS : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType.toUpperCase()); String clientKeystorePassword = (String) cfg.get("client-keystore-password"); if (clientKeystorePassword == null) { throw new RuntimeException("Missing parameter client-keystore-password in configuration of jwt for client " + deployment.getResourceName()); } String clientKeyPassword = (String) cfg.get("client-key-password"); if (clientKeyPassword == null) { clientKeyPassword = clientKeystorePassword; } String clientKeyAlias = (String) cfg.get("client-key-alias"); if (clientKeyAlias == null) { clientKeyAlias = deployment.getResourceName(); } KeyPair keyPair = KeystoreUtil.loadKeyPairFromKeystore(clientKeystoreFile, clientKeystorePassword, clientKeyPassword, clientKeyAlias, clientKeystoreFormat); setupKeyPair(keyPair); this.tokenTimeout = asInt(cfg, "token-timeout", 10); }
String truststorePassword = adapterConfig.getTruststorePassword(); try { this.truststore = KeystoreUtil.loadKeyStore(truststorePath, truststorePassword); } catch (Exception e) { throw new RuntimeException("Failed to load truststore", e); String clientKeystorePassword = adapterConfig.getClientKeystorePassword(); try { KeyStore clientCertKeystore = KeystoreUtil.loadKeyStore(clientKeystore, clientKeystorePassword); keyStore(clientCertKeystore, clientKeystorePassword); } catch (Exception e) {
String truststorePassword = adapterConfig.getTruststorePassword(); try { this.truststore = KeystoreUtil.loadKeyStore(truststorePath, truststorePassword); } catch (Exception e) { throw new RuntimeException("Failed to load truststore", e); String clientKeystorePassword = adapterConfig.getClientKeystorePassword(); try { KeyStore clientCertKeystore = KeystoreUtil.loadKeyStore(clientKeystore, clientKeystorePassword); keyStore(clientCertKeystore, clientKeystorePassword); } catch (Exception e) {
public static String getSignedRequestToken(String keystore, String storePass, String keyPass, String alias, int sigLifetime, String clientId, String realmInfoUrl) { KeyPair keypair = KeystoreUtil.loadKeyPairFromKeystore(keystore, storePass, keyPass, alias, KeystoreUtil.KeystoreFormat.JKS); JsonWebToken reqToken = new JsonWebToken(); reqToken.id(UUID.randomUUID().toString()); reqToken.issuer(clientId); reqToken.subject(clientId); reqToken.audience(realmInfoUrl); int now = Time.currentTime(); reqToken.issuedAt(now); reqToken.expiration(now + sigLifetime); reqToken.notBefore(now); String signedRequestToken = new JWSBuilder() .jsonContent(reqToken) .rsa256(keypair.getPrivate()); return signedRequestToken; } }
clientKeystore = EnvUtil.replace(clientKeystore); try { KeyStore clientCertKeystore = KeystoreUtil.loadKeyStore(clientKeystore, clientKeystorePassword); builder.keyStore(clientCertKeystore, clientPrivateKeyPassword); } catch (Exception e) {
public static String getSignedRequestToken(String keystore, String storePass, String keyPass, String alias, int sigLifetime, String clientId, String realmInfoUrl) { KeyPair keypair = KeystoreUtil.loadKeyPairFromKeystore(keystore, storePass, keyPass, alias, KeystoreUtil.KeystoreFormat.JKS); JsonWebToken reqToken = new JsonWebToken(); reqToken.id(UUID.randomUUID().toString()); reqToken.issuer(clientId); reqToken.subject(clientId); reqToken.audience(realmInfoUrl); int now = Time.currentTime(); reqToken.issuedAt(now); reqToken.expiration(now + sigLifetime); reqToken.notBefore(now); String signedRequestToken = new JWSBuilder() .jsonContent(reqToken) .rsa256(keypair.getPrivate()); return signedRequestToken; } }