Package org.keycloak.keys.infinispan
Class InfinispanPublicKeyStorageProvider
java.lang.Object
org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider
- All Implemented Interfaces:
PublicKeyStorageProvider
,Provider
- Author:
- Marek Posolda
-
Constructor Summary
ConstructorDescriptionInfinispanPublicKeyStorageProvider
(KeycloakSession session, org.infinispan.Cache<String, PublicKeysEntry> keys, Map<String, FutureTask<PublicKeysEntry>> tasksInProgress, int minTimeBetweenRequests, int maxCacheTime) -
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
protected KeycloakTransaction
getFirstPublicKey
(String modelKey, String algorithm, PublicKeyLoader loader) Get first found public key to verify messages signed by particular client having several public keys.getFirstPublicKey
(String modelKey, Predicate<KeyWrapper> predicate, PublicKeyLoader loader) If the key is found in the cache that is returned straight away.getKeys
(String modelKey, PublicKeyLoader loader) return all keys under the model key.getPublicKey
(String modelKey, String kid, String algorithm, PublicKeyLoader loader) Get public key to verify messages signed by particular client.boolean
reloadKeys
(String modelKey, PublicKeyLoader loader) Reloads keys for the model key.protected void
-
Constructor Details
-
InfinispanPublicKeyStorageProvider
public InfinispanPublicKeyStorageProvider(KeycloakSession session, org.infinispan.Cache<String, PublicKeysEntry> keys, Map<String, FutureTask<PublicKeysEntry>> tasksInProgress, int minTimeBetweenRequests, int maxCacheTime)
-
-
Method Details
-
getAfterTransaction
-
runInvalidations
protected void runInvalidations() -
getFirstPublicKey
Description copied from interface:PublicKeyStorageProvider
Get first found public key to verify messages signed by particular client having several public keys. Used for example during JWT client authentication or to encrypt content encryption key (CEK) by particular client. Used for example during encrypting a token in JWE- Specified by:
getFirstPublicKey
in interfacePublicKeyStorageProvider
- Returns:
-
getPublicKey
public KeyWrapper getPublicKey(String modelKey, String kid, String algorithm, PublicKeyLoader loader) Description copied from interface:PublicKeyStorageProvider
Get public key to verify messages signed by particular client. Used for example during JWT client authentication- Specified by:
getPublicKey
in interfacePublicKeyStorageProvider
algorithm
- The returned key must match this algorithm (unless the algorithm is not set in the JWK)- Returns:
-
getFirstPublicKey
public KeyWrapper getFirstPublicKey(String modelKey, Predicate<KeyWrapper> predicate, PublicKeyLoader loader) If the key is found in the cache that is returned straight away. If not in cache, the keys are reloaded if allowed by the minTimeBetweenRequests and key is searched again.- Specified by:
getFirstPublicKey
in interfacePublicKeyStorageProvider
- Parameters:
modelKey
- The model keypredicate
- The predicate to search the keyloader
- The loader to reload keys- Returns:
- The key or null
-
getKeys
return all keys under the model key. The maxCacheTime is used to reload the keys from time to time.- Specified by:
getKeys
in interfacePublicKeyStorageProvider
- Parameters:
modelKey
- The model keyloader
- The loader to reload keys id maxCacheTime reached- Returns:
- The keys in the model
-
reloadKeys
Description copied from interface:PublicKeyStorageProvider
Reloads keys for the model key.- Specified by:
reloadKeys
in interfacePublicKeyStorageProvider
- Returns:
- true if reloaded, false if not
-
close
public void close()
-