@GET @Path("/set-oidc-request") @Produces(org.keycloak.utils.MediaType.APPLICATION_JWT) @NoCache public void setOIDCRequest( @QueryParam("realmName") String realmName, @QueryParam("clientId") String clientId, @QueryParam("redirectUri") String redirectUri, @QueryParam("maxAge") String maxAge, @QueryParam("jwaAlgorithm") String jwaAlgorithm) { Map<String, Object> oidcRequest = new HashMap<>(); oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, clientId); oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE); oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri); if (maxAge != null) { oidcRequest.put(OIDCLoginProtocol.MAX_AGE_PARAM, Integer.parseInt(maxAge)); } Algorithm alg = Enum.valueOf(Algorithm.class, jwaAlgorithm); if (alg == Algorithm.none) { clientData.setOidcRequest(new JWSBuilder().jsonContent(oidcRequest).none()); } else if (alg == Algorithm.RS256) { if (clientData.getSigningKeyPair() == null) { throw new BadRequestException("Requested RS256, but signing key not set"); } PrivateKey privateKey = clientData.getSigningKeyPair().getPrivate(); String kid = KeyUtils.createKeyId(clientData.getSigningKeyPair().getPublic()); clientData.setOidcRequest( new JWSBuilder().kid(kid).jsonContent(oidcRequest).rsa256(privateKey)); } else { throw new BadRequestException("Unknown argument: " + jwaAlgorithm); } }
@GET @Path("/set-sector-identifier-redirect-uris") @Produces(MediaType.APPLICATION_JSON) public void setSectorIdentifierRedirectUris( @QueryParam("redirectUris") List<String> redirectUris) { clientData.setSectorIdentifierRedirectUris(new ArrayList<>()); clientData.getSectorIdentifierRedirectUris().addAll(redirectUris); }
@GET @Produces(MediaType.APPLICATION_JSON) @Path("/get-keys-as-pem") public Map<String, String> getKeysAsPem() { String privateKeyPem = PemUtils.encodeKey(clientData.getSigningKeyPair().getPrivate()); String publicKeyPem = PemUtils.encodeKey(clientData.getSigningKeyPair().getPublic()); Map<String, String> res = new HashMap<>(); res.put(PRIVATE_KEY, privateKeyPem); res.put(PUBLIC_KEY, publicKeyPem); return res; }
@GET @Produces(MediaType.APPLICATION_JSON) @Path("/get-jwks") @NoCache public JSONWebKeySet getJwks() { JSONWebKeySet keySet = new JSONWebKeySet(); if (clientData.getSigningKeyPair() == null) { keySet.setKeys(new JWK[] {}); } else { keySet.setKeys( new JWK[] {JWKBuilder.create().rs256(clientData.getSigningKeyPair().getPublic())}); } return keySet; }
@GET @Path("/get-oidc-request") @Produces(org.keycloak.utils.MediaType.APPLICATION_JWT) @NoCache public String getOIDCRequest() { return clientData.getOidcRequest(); }
@GET @Produces(MediaType.APPLICATION_JSON) @Path("/generate-keys") @NoCache public Map<String, String> generateKeys() { try { KeyPair keyPair = KeyUtils.generateRsaKeyPair(2048); clientData.setSigningKeyPair(keyPair); } catch (Exception e) { throw new BadRequestException("Error generating signing keypair", e); } return getKeysAsPem(); }
@GET @Path("/get-sector-identifier-redirect-uris") @Produces(MediaType.APPLICATION_JSON) public List<String> getSectorIdentifierRedirectUris() { return clientData.getSectorIdentifierRedirectUris(); }