Package org.keycloak.keys

Interface PublicKeyStorageProvider

All Superinterfaces:
Provider
All Known Implementing Classes:
InfinispanPublicKeyStorageProvider
public interface PublicKeyStorageProvider extends Provider
Author:
Marek Posolda

  • Method Details

    • getPublicKey

      KeyWrapper getPublicKey(String modelKey, String kid, String algorithm, PublicKeyLoader loader)
      Get public key to verify messages signed by particular client. Used for example during JWT client authentication
      Parameters:
      modelKey -
      kid -
      algorithm - The returned key must match this algorithm (unless the algorithm is not set in the JWK)
      loader -
      Returns:

    • getFirstPublicKey

      KeyWrapper getFirstPublicKey(String modelKey, String algorithm, PublicKeyLoader loader)
      Get first found public key to verify messages signed by particular client having several public keys. Used for example during JWT client authentication or to encrypt content encryption key (CEK) by particular client. Used for example during encrypting a token in JWE
      Parameters:
      modelKey -
      algorithm -
      loader -
      Returns:

    • getFirstPublicKey

      KeyWrapper getFirstPublicKey(String modelKey, Predicate<KeyWrapper> predicate, PublicKeyLoader loader)
      Get the first public key that matches the predicate. Used by SAML when fetching a key via the metadata entity descriptor url.
      Parameters:
      modelKey -
      predicate -
      loader -
      Returns:
      The key or null

    • getKeys

      List<KeyWrapper> getKeys(String modelKey, PublicKeyLoader loader)
      Getter for all the keys in the model key.
      Parameters:
      modelKey -
      loader -
      Returns:

    • reloadKeys

      boolean reloadKeys(String modelKey, PublicKeyLoader loader)
      Reloads keys for the model key.
      Parameters:
      modelKey -
      loader -
      Returns:
      true if reloaded, false if not