Package org.keycloak.common.crypto
Interface CryptoProvider
-
public interface CryptoProvider
Abstraction to handle differences between the APIs for non-fips and fips mode- Author:
- Marek Posolda
-
-
Method Summary
-
-
-
Method Detail
-
getBouncyCastleProvider
Provider getBouncyCastleProvider()
- Returns:
- BouncyCastle security provider. Can be either non-FIPS or FIPS based provider
-
getAlgorithmProvider
<T> T getAlgorithmProvider(Class<T> clazz, String algorithm)
Get some algorithm provider implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Parameters:
clazz
- Returned class.algorithm
- Type of the algorithm, which we want to return- Returns:
-
getCertificateUtils
CertificateUtilsProvider getCertificateUtils()
Get CertificateUtils implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Returns:
-
getPemUtils
PemUtilsProvider getPemUtils()
Get PEMUtils implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Returns:
-
getOCSPProver
<T> T getOCSPProver(Class<T> clazz)
-
getIdentityExtractorProvider
UserIdentityExtractorProvider getIdentityExtractorProvider()
-
getEcdsaCryptoProvider
ECDSACryptoProvider getEcdsaCryptoProvider()
-
createECParams
ECParameterSpec createECParams(String curveName)
Create the param spec for the EC curve- Parameters:
curveName
-- Returns:
-
getKeyPairGen
KeyPairGenerator getKeyPairGen(String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException
-
getKeyFactory
KeyFactory getKeyFactory(String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException
-
getAesCbcCipher
Cipher getAesCbcCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException
-
getAesGcmCipher
Cipher getAesGcmCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException
-
getSecretKeyFact
SecretKeyFactory getSecretKeyFact(String keyAlgorithm) throws NoSuchAlgorithmException, NoSuchProviderException
-
getKeyStore
KeyStore getKeyStore(KeystoreUtil.KeystoreFormat format) throws KeyStoreException, NoSuchProviderException
-
getSupportedKeyStoreTypes
default Stream<KeystoreUtil.KeystoreFormat> getSupportedKeyStoreTypes()
- Returns:
- Keystore types/algorithms supported by this CryptoProvider
-
getX509CertFactory
CertificateFactory getX509CertFactory() throws CertificateException, NoSuchProviderException
-
getCertStore
CertStore getCertStore(CollectionCertStoreParameters collectionCertStoreParameters) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException
-
getCertPathBuilder
CertPathBuilder getCertPathBuilder() throws NoSuchAlgorithmException, NoSuchProviderException
-
getSignature
Signature getSignature(String sigAlgName) throws NoSuchAlgorithmException, NoSuchProviderException
-
wrapFactoryForTruststore
SSLSocketFactory wrapFactoryForTruststore(SSLSocketFactory delegate)
Wrap given SSLSocketFactory and decorate it with some additional functionality. This method is used in the context of truststore (where Keycloak is SSL client)- Parameters:
delegate
- The original factory to wrap. Usually default java SSLSocketFactory- Returns:
- decorated factory
-
getSupportedRsaKeySizes
default String[] getSupportedRsaKeySizes()
- Returns:
- Allowed key sizes of RSA key modulus, which this cryptoProvider supports
-
-