public static Map<String, PublicKey> getKeysForUse(JSONWebKeySet keySet, JWK.Use requestedUse) { Map<String, PublicKey> result = new HashMap<>(); for (JWK jwk : keySet.getKeys()) { JWKParser parser = JWKParser.create(jwk); if (jwk.getPublicKeyUse().equals(requestedUse.asString()) && parser.isKeyTypeSupported(jwk.getKeyType())) { result.put(jwk.getKeyId(), parser.toPublicKey()); } } return result; }
private PublicKey createRSAPublicKey() { BigInteger modulus = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.MODULUS).toString())); BigInteger publicExponent = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.PUBLIC_EXPONENT).toString())); try { KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePublic(new RSAPublicKeySpec(modulus, publicExponent)); } catch (Exception e) { throw new RuntimeException(e); } }
public static JWK getKeyForUse(JSONWebKeySet keySet, JWK.Use requestedUse) { for (JWK jwk : keySet.getKeys()) { JWKParser parser = JWKParser.create(jwk); if (parser.getJwk().getPublicKeyUse().equals(requestedUse.asString()) && parser.isKeyTypeSupported(jwk.getKeyType())) { return jwk; } } return null; } }
public static Map<String, KeyWrapper> getKeyWrappersForUse(JSONWebKeySet keySet, JWK.Use requestedUse) { Map<String, KeyWrapper> result = new HashMap<>(); for (JWK jwk : keySet.getKeys()) { JWKParser parser = JWKParser.create(jwk); if (jwk.getPublicKeyUse().equals(requestedUse.asString()) && parser.isKeyTypeSupported(jwk.getKeyType())) { KeyWrapper keyWrapper = new KeyWrapper(); keyWrapper.setKid(jwk.getKeyId()); keyWrapper.setAlgorithm(jwk.getAlgorithm()); keyWrapper.setType(jwk.getKeyType()); keyWrapper.setUse(getKeyUse(jwk.getPublicKeyUse())); keyWrapper.setVerifyKey(parser.toPublicKey()); result.put(keyWrapper.getKid(), keyWrapper); } } return result; }
public PublicKey toPublicKey() { String keyType = jwk.getKeyType(); if (keyType.equals(KeyType.RSA)) { return createRSAPublicKey(); } else if (keyType.equals(KeyType.EC)) { return createECPublicKey(); } else { throw new RuntimeException("Unsupported keyType " + keyType); } }
public String createSignedRequestToken(String clientId, String realmInfoUrl) { JsonWebToken jwt = createRequestToken(clientId, realmInfoUrl); return new JWSBuilder() .kid(publicKeyJwk.getKeyId()) .jsonContent(jwt) .rsa256(keyPair.getPrivate()); }
for (JWK jwk : keySet.getKeys()) { JWKParser parse = JWKParser.create(jwk); if (parse.getJwk().getPublicKeyUse().equals(JWK.SIG_USE) && keyTypeSupported(jwk.getKeyType())) { PublicKey key = parse.toPublicKey(); config.setPublicKeySignatureVerifier(KeycloakModelUtils.getPemFromKey(key));
private PublicKey createECPublicKey() { String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV); BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X))); BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y))); String name; switch (crv) { case "P-256" : name = "secp256r1"; break; case "P-384" : name = "secp384r1"; break; case "P-521" : name = "secp521r1"; break; default : throw new RuntimeException("Unsupported curve"); } try { ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(name); ECNamedCurveSpec params = new ECNamedCurveSpec("prime256v1", spec.getCurve(), spec.getG(), spec.getN()); ECPoint point = new ECPoint(x, y); ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params); KeyFactory kf = KeyFactory.getInstance("ECDSA"); return kf.generatePublic(pubKeySpec); } catch (Exception e) { throw new RuntimeException(e); } }