Package org.keycloak.common.crypto
Interface CryptoProvider
public interface CryptoProvider
Abstraction to handle differences between the APIs for non-fips and fips mode
- Author:
- Marek Posolda
-
Method Summary
Modifier and TypeMethodDescriptioncreateECParams(String curveName) Create the param spec for the EC curve<T> TgetAlgorithmProvider(Class<T> clazz, String algorithm) Get some algorithm provider implementation.Get CertificateUtils implementation.getCertStore(CollectionCertStoreParameters collectionCertStoreParameters) getKeyFactory(String algorithm) getKeyPairGen(String algorithm) <T> TgetOCSPProver(Class<T> clazz) Get PEMUtils implementation.getSecretKeyFact(String keyAlgorithm) getSignature(String sigAlgName) default Stream<KeystoreUtil.KeystoreFormat>default String[]wrapFactoryForTruststore(SSLSocketFactory delegate) Wrap given SSLSocketFactory and decorate it with some additional functionality.
-
Method Details
-
getBouncyCastleProvider
Provider getBouncyCastleProvider()- Returns:
- BouncyCastle security provider. Can be either non-FIPS or FIPS based provider
-
getAlgorithmProvider
Get some algorithm provider implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Parameters:
clazz- Returned class.algorithm- Type of the algorithm, which we want to return- Returns:
-
getCertificateUtils
CertificateUtilsProvider getCertificateUtils()Get CertificateUtils implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Returns:
-
getPemUtils
PemUtilsProvider getPemUtils()Get PEMUtils implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Returns:
-
getOCSPProver
-
getIdentityExtractorProvider
UserIdentityExtractorProvider getIdentityExtractorProvider() -
getEcdsaCryptoProvider
ECDSACryptoProvider getEcdsaCryptoProvider() -
createECParams
Create the param spec for the EC curve- Parameters:
curveName-- Returns:
-
getKeyPairGen
KeyPairGenerator getKeyPairGen(String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException -
getKeyFactory
-
getAesCbcCipher
Cipher getAesCbcCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException -
getAesGcmCipher
Cipher getAesGcmCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException -
getSecretKeyFact
SecretKeyFactory getSecretKeyFact(String keyAlgorithm) throws NoSuchAlgorithmException, NoSuchProviderException -
getKeyStore
KeyStore getKeyStore(KeystoreUtil.KeystoreFormat format) throws KeyStoreException, NoSuchProviderException -
getSupportedKeyStoreTypes
- Returns:
- Keystore types/algorithms supported by this CryptoProvider
-
getX509CertFactory
-
getCertStore
CertStore getCertStore(CollectionCertStoreParameters collectionCertStoreParameters) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException -
getCertPathBuilder
-
getSignature
-
wrapFactoryForTruststore
Wrap given SSLSocketFactory and decorate it with some additional functionality. This method is used in the context of truststore (where Keycloak is SSL client)- Parameters:
delegate- The original factory to wrap. Usually default java SSLSocketFactory- Returns:
- decorated factory
-
getSupportedRsaKeySizes
- Returns:
- Allowed key sizes of RSA key modulus, which this cryptoProvider supports
-