Package org.keycloak.keys.infinispan
Class InfinispanPublicKeyStorageProvider
java.lang.Object
org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider
- All Implemented Interfaces:
PublicKeyStorageProvider,Provider
- Author:
- Marek Posolda
-
Constructor Summary
ConstructorsConstructorDescriptionInfinispanPublicKeyStorageProvider(KeycloakSession session, org.infinispan.Cache<String, PublicKeysEntry> keys, Map<String, FutureTask<PublicKeysEntry>> tasksInProgress, int minTimeBetweenRequests, int maxCacheTime) -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()protected KeycloakTransactiongetFirstPublicKey(String modelKey, String algorithm, PublicKeyLoader loader) Get first found public key to verify messages signed by particular client having several public keys.getFirstPublicKey(String modelKey, Predicate<KeyWrapper> predicate, PublicKeyLoader loader) If the key is found in the cache that is returned straight away.getKeys(String modelKey, PublicKeyLoader loader) return all keys under the model key.getPublicKey(String modelKey, String kid, String algorithm, PublicKeyLoader loader) Get public key to verify messages signed by particular client.booleanreloadKeys(String modelKey, PublicKeyLoader loader) Reloads keys for the model key.protected void
-
Constructor Details
-
InfinispanPublicKeyStorageProvider
public InfinispanPublicKeyStorageProvider(KeycloakSession session, org.infinispan.Cache<String, PublicKeysEntry> keys, Map<String, FutureTask<PublicKeysEntry>> tasksInProgress, int minTimeBetweenRequests, int maxCacheTime)
-
-
Method Details
-
getAfterTransaction
-
runInvalidations
protected void runInvalidations() -
getFirstPublicKey
Description copied from interface:PublicKeyStorageProviderGet first found public key to verify messages signed by particular client having several public keys. Used for example during JWT client authentication or to encrypt content encryption key (CEK) by particular client. Used for example during encrypting a token in JWE- Specified by:
getFirstPublicKeyin interfacePublicKeyStorageProvider- Returns:
-
getPublicKey
public KeyWrapper getPublicKey(String modelKey, String kid, String algorithm, PublicKeyLoader loader) Description copied from interface:PublicKeyStorageProviderGet public key to verify messages signed by particular client. Used for example during JWT client authentication- Specified by:
getPublicKeyin interfacePublicKeyStorageProvideralgorithm- The returned key must match this algorithm (unless the algorithm is not set in the JWK)- Returns:
-
getFirstPublicKey
public KeyWrapper getFirstPublicKey(String modelKey, Predicate<KeyWrapper> predicate, PublicKeyLoader loader) If the key is found in the cache that is returned straight away. If not in cache, the keys are reloaded if allowed by the minTimeBetweenRequests and key is searched again.- Specified by:
getFirstPublicKeyin interfacePublicKeyStorageProvider- Parameters:
modelKey- The model keypredicate- The predicate to search the keyloader- The loader to reload keys- Returns:
- The key or null
-
getKeys
return all keys under the model key. The maxCacheTime is used to reload the keys from time to time.- Specified by:
getKeysin interfacePublicKeyStorageProvider- Parameters:
modelKey- The model keyloader- The loader to reload keys id maxCacheTime reached- Returns:
- The keys in the model
-
reloadKeys
Description copied from interface:PublicKeyStorageProviderReloads keys for the model key.- Specified by:
reloadKeysin interfacePublicKeyStorageProvider- Returns:
- true if reloaded, false if not
-
close
public void close()
-