Package org.keycloak.common.crypto
Interface CryptoProvider
- All Known Implementing Classes:
AuthzClientCryptoProvider
public interface CryptoProvider
Abstraction to handle differences between the APIs for non-fips and fips mode
- Author:
- Marek Posolda
-
Method Summary
Modifier and TypeMethodDescriptioncreateECParams
(String curveName) Create the param spec for the EC curve<T> T
getAlgorithmProvider
(Class<T> clazz, String algorithm) Get some algorithm provider implementation.Get CertificateUtils implementation.getCertStore
(CollectionCertStoreParameters collectionCertStoreParameters) getKeyFactory
(String algorithm) getKeyPairGen
(String algorithm) <T> T
getOCSPProver
(Class<T> clazz) Get PEMUtils implementation.getSecretKeyFact
(String keyAlgorithm) getSignature
(String sigAlgName) default Stream<KeystoreUtil.KeystoreFormat>
default String[]
int
order()
Order of this provider.wrapFactoryForTruststore
(SSLSocketFactory delegate) Wrap given SSLSocketFactory and decorate it with some additional functionality.
-
Method Details
-
getBouncyCastleProvider
Provider getBouncyCastleProvider()- Returns:
- BouncyCastle security provider. Can be either non-FIPS or FIPS based provider
-
order
int order()Order of this provider. This allows to specify which CryptoProvider will have preference in case that more of them are on the classpath. The higher number has preference over the lower number -
getAlgorithmProvider
Get some algorithm provider implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Parameters:
clazz
- Returned class.algorithm
- Type of the algorithm, which we want to return- Returns:
-
getCertificateUtils
CertificateUtilsProvider getCertificateUtils()Get CertificateUtils implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Returns:
-
getPemUtils
PemUtilsProvider getPemUtils()Get PEMUtils implementation. Returned implementation can be dependent according to if we have non-fips bouncycastle or fips bouncycastle on the classpath.- Returns:
-
getOCSPProver
-
getIdentityExtractorProvider
UserIdentityExtractorProvider getIdentityExtractorProvider() -
getEcdsaCryptoProvider
ECDSACryptoProvider getEcdsaCryptoProvider() -
createECParams
Create the param spec for the EC curve- Parameters:
curveName
-- Returns:
-
getKeyPairGen
KeyPairGenerator getKeyPairGen(String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException -
getKeyFactory
-
getAesCbcCipher
Cipher getAesCbcCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException -
getAesGcmCipher
Cipher getAesGcmCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException -
getSecretKeyFact
SecretKeyFactory getSecretKeyFact(String keyAlgorithm) throws NoSuchAlgorithmException, NoSuchProviderException -
getKeyStore
KeyStore getKeyStore(KeystoreUtil.KeystoreFormat format) throws KeyStoreException, NoSuchProviderException -
getSupportedKeyStoreTypes
- Returns:
- Keystore types/algorithms supported by this CryptoProvider
-
getX509CertFactory
-
getCertStore
CertStore getCertStore(CollectionCertStoreParameters collectionCertStoreParameters) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException -
getCertPathBuilder
-
getSignature
-
wrapFactoryForTruststore
Wrap given SSLSocketFactory and decorate it with some additional functionality. This method is used in the context of truststore (where Keycloak is SSL client)- Parameters:
delegate
- The original factory to wrap. Usually default java SSLSocketFactory- Returns:
- decorated factory
-
getSupportedRsaKeySizes
- Returns:
- Allowed key sizes of RSA key modulus, which this cryptoProvider supports
-