95 final AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
96 final ClientModel client = clientSession.getClient();
98 DockerResponseToken responseToken =
new DockerResponseToken()
99 .id(KeycloakModelUtils.generateId())
100 .type(TokenUtil.TOKEN_TYPE_BEARER)
102 .subject(userSession.getUser().getUsername())
104 .audience(client.getClientId())
105 .issuedFor(client.getClientId());
109 responseToken.notBefore(responseToken.getIssuedAt())
110 .expiration(responseToken.getIssuedAt() + accessTokenLifespan);
113 final Set<ProtocolMapperModel> mappings = clientSessionCtx.getProtocolMappers();
114 for (
final ProtocolMapperModel mapping : mappings) {
116 if (mapper instanceof DockerAuthV2AttributeMapper) {
117 final DockerAuthV2AttributeMapper dockerAttributeMapper = (DockerAuthV2AttributeMapper) mapper;
118 if (dockerAttributeMapper.appliesTo(responseToken)) {
119 responseToken = dockerAttributeMapper.transformDockerResponseToken(responseToken, mapping,
session, userSession, clientSession);
128 final String encodedToken =
new JWSBuilder()
129 .
kid(
new DockerKeyIdentifier(activeKey.getPublicKey()).toString())
131 .jsonContent(responseToken)
132 .rsa256(activeKey.getPrivateKey());
133 final String expiresInIso8601String =
new SimpleDateFormat(
ISO_8601_DATE_FORMAT).format(
new Date(responseToken.getIssuedAt() * 1000L));
135 final DockerResponse responseEntity =
new DockerResponse()
136 .setToken(encodedToken)
137 .setExpires_in(accessTokenLifespan)
138 .setIssued_at(expiresInIso8601String);
139 return new ResponseBuilderImpl().status(Response.Status.OK).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(responseEntity).build();
141 logger.errorv(
"Unable to handle request for event type {0}. Currently only LOGIN event types are supported by docker protocol.",
event.
getEvent() == null ?
"null" :
event.getEvent().
getType());
142 throw new ErrorResponseException(
"invalid_request",
"Event type not supported", Response.Status.BAD_REQUEST);
144 }
catch (
final InstantiationException e) {
145 logger.errorv(
"Error attempting to create Key ID for Docker JOSE header: ", e.getMessage());
146 throw new ErrorResponseException(
"token_error",
"Unable to construct JOSE header for JWT", Response.Status.INTERNAL_SERVER_ERROR);
ActiveRsaKey getActiveRsaKey(RealmModel realm)
KeycloakSessionFactory getKeycloakSessionFactory()
static final String ISO_8601_DATE_FORMAT
Definition: DockerAuthV2Protocol.java:43
DockerAuthV2Protocol()
Definition: DockerAuthV2Protocol.java:51
final String kid
Definition: KeyManager.java:76
KeycloakSession session
Definition: DockerAuthV2Protocol.java:45
static final Logger logger
Definition: DockerAuthV2Protocol.java:36
RealmModel realm
Definition: DockerAuthV2Protocol.java:46
< T extends Provider > ProviderFactory< T > getProviderFactory(Class< T > clazz)
EventBuilder event
Definition: DockerAuthV2Protocol.java:49
int getAccessTokenLifespan()
EventType getType()
Definition: Event.java:54
Event getEvent()
Definition: EventBuilder.java:152