org.keycloak.keys.DefaultKeyManager の継承関係図

org.keycloak.keys.DefaultKeyManager 連携図

クラス
class	ProviderComparator

公開メンバ関数
	DefaultKeyManager (KeycloakSession session)

KeyWrapper	getActiveKey (RealmModel realm, KeyUse use, String algorithm)

KeyWrapper	getKey (RealmModel realm, String kid, KeyUse use, String algorithm)

List< KeyWrapper >	getKeys (RealmModel realm, KeyUse use, String algorithm)

List< KeyWrapper >	getKeys (RealmModel realm)

ActiveRsaKey	getActiveRsaKey (RealmModel realm)

ActiveHmacKey	getActiveHmacKey (RealmModel realm)

ActiveAesKey	getActiveAesKey (RealmModel realm)

PublicKey	getRsaPublicKey (RealmModel realm, String kid)

Certificate	getRsaCertificate (RealmModel realm, String kid)

SecretKey	getHmacSecretKey (RealmModel realm, String kid)

SecretKey	getAesSecretKey (RealmModel realm, String kid)

List< RsaKeyMetadata >	getRsaKeys (RealmModel realm)

List< SecretKeyMetadata >	getHmacKeys (RealmModel realm)

List< SecretKeyMetadata >	getAesKeys (RealmModel realm)

非公開メンバ関数
KeyWrapper	getActiveKey (List< KeyProvider > providers, RealmModel realm, KeyUse use, String algorithm)

boolean	matches (KeyWrapper key, KeyUse use, String algorithm)

List< KeyProvider >	getProviders (RealmModel realm)

非公開変数類
final KeycloakSession	session

final Map< String, List< KeyProvider > >	providersMap = new HashMap<>()

静的非公開変数類
static final Logger	logger = Logger.getLogger(DefaultKeyManager.class)

詳解

著者: Stian Thorgersen

構築子と解体子

◆ DefaultKeyManager()

org.keycloak.keys.DefaultKeyManager.DefaultKeyManager ( KeycloakSession session )

inline

                                                       {
         this.session = session;
     }

関数詳解

◆ getActiveAesKey()

ActiveAesKey org.keycloak.keys.DefaultKeyManager.getActiveAesKey ( RealmModel realm )

inline

                                                           {
         KeyWrapper key = getActiveKey(realm, KeyUse.ENC, Algorithm.AES);
         return new ActiveAesKey(key.getKid(), key.getSecretKey());
     }

◆ getActiveHmacKey()

ActiveHmacKey org.keycloak.keys.DefaultKeyManager.getActiveHmacKey ( RealmModel realm )

inline

                                                             {
         KeyWrapper key = getActiveKey(realm, KeyUse.SIG, Algorithm.HS256);
         return new ActiveHmacKey(key.getKid(), key.getSecretKey());
     }

◆ getActiveKey() [1/2]

KeyWrapper org.keycloak.keys.DefaultKeyManager.getActiveKey	(	RealmModel	realm,
		KeyUse	use,
		String	algorithm
	)

inline

                                                                                    {
         KeyWrapper activeKey = getActiveKey(getProviders(realm), realm, use, algorithm);
         if (activeKey != null) {
             return activeKey;
         }
 
         logger.debugv("Failed to find active key for realm, trying fallback: realm={0} algorithm={1} use={2}", realm.getName(), algorithm, use.name());
 
         for (ProviderFactory f : session.getKeycloakSessionFactory().getProviderFactories(KeyProvider.class)) {
             KeyProviderFactory kf = (KeyProviderFactory) f;
             if (kf.createFallbackKeys(session, use, algorithm)) {
                 providersMap.remove(realm.getId());
                 List<KeyProvider> providers = getProviders(realm);
                 activeKey = getActiveKey(providers, realm, use, algorithm);
                 if (activeKey != null) {
                     logger.warnv("Fallback key created: realm={0} algorithm={1} use={2}", realm.getName(), algorithm, use.name());
                     return activeKey;
                 } else {
                     break;
                 }
             }
         }
 
         logger.errorv("Failed to create fallback key for realm: realm={0} algorithm={1} use={2", realm.getName(), algorithm, use.name());
         throw new RuntimeException("Failed to find key: realm=" + realm.getName() + " algorithm=" + algorithm + " use=" + use.name());
     }

◆ getActiveKey() [2/2]

KeyWrapper org.keycloak.keys.DefaultKeyManager.getActiveKey	(	List< KeyProvider >	providers,
		RealmModel	realm,
		KeyUse	use,
		String	algorithm
	)

inlineprivate

                                                                                                                  {
         for (KeyProvider p : providers) {
             for (KeyWrapper key : p .getKeys()) {
                 if (key.getStatus().isActive() && matches(key, use, algorithm)) {
                     if (logger.isTraceEnabled()) {
                         logger.tracev("Active key found: realm={0} kid={1} algorithm={2} use={3}", realm.getName(), key.getKid(), algorithm, use.name());
                     }
 
                     return key;
                 }
             }
         }
         return null;
     }

◆ getActiveRsaKey()

ActiveRsaKey org.keycloak.keys.DefaultKeyManager.getActiveRsaKey ( RealmModel realm )

inline

                                                           {
         KeyWrapper key = getActiveKey(realm, KeyUse.SIG, Algorithm.RS256);
         return new ActiveRsaKey(key.getKid(), (PrivateKey) key.getSignKey(), (PublicKey) key.getVerifyKey(), key.getCertificate());
     }

◆ getAesKeys()

List<SecretKeyMetadata> org.keycloak.keys.DefaultKeyManager.getAesKeys ( RealmModel realm )

inline

                                                                 {
         List<SecretKeyMetadata> keys = new LinkedList<>();
         for (KeyWrapper key : getKeys(realm, KeyUse.ENC, Algorithm.AES)) {
             SecretKeyMetadata m = new SecretKeyMetadata();
             m.setKid(key.getKid());
             m.setProviderId(key.getProviderId());
             m.setProviderPriority(key.getProviderPriority());
             m.setStatus(key.getStatus());
 
             keys.add(m);
         }
         return keys;
     }

◆ getAesSecretKey()

SecretKey org.keycloak.keys.DefaultKeyManager.getAesSecretKey	(	RealmModel	realm,
		String	kid
	)

inline

                                                                    {
         KeyWrapper key = getKey(realm, kid, KeyUse.ENC, Algorithm.AES);
         return key.getSecretKey();
     }

◆ getHmacKeys()

List<SecretKeyMetadata> org.keycloak.keys.DefaultKeyManager.getHmacKeys ( RealmModel realm )

inline

                                                                  {
         List<SecretKeyMetadata> keys = new LinkedList<>();
         for (KeyWrapper key : getKeys(realm, KeyUse.SIG, Algorithm.HS256)) {
             SecretKeyMetadata m = new SecretKeyMetadata();
             m.setKid(key.getKid());
             m.setProviderId(key.getProviderId());
             m.setProviderPriority(key.getProviderPriority());
             m.setStatus(key.getStatus());
 
             keys.add(m);
         }
         return keys;
     }

◆ getHmacSecretKey()

SecretKey org.keycloak.keys.DefaultKeyManager.getHmacSecretKey	(	RealmModel	realm,
		String	kid
	)

inline

                                                                     {
         KeyWrapper key = getKey(realm, kid, KeyUse.SIG, Algorithm.HS256);
         return key != null ? key.getSecretKey() : null;
     }

◆ getKey()

KeyWrapper org.keycloak.keys.DefaultKeyManager.getKey	(	RealmModel	realm,
		String	kid,
		KeyUse	use,
		String	algorithm
	)

inline

                                                                                          {
         if (kid == null) {
             logger.warnv("kid is null, can't find public key", realm.getName(), kid);
             return null;
         }
 
         for (KeyProvider p : getProviders(realm)) {
             for (KeyWrapper key : p.getKeys()) {
                 if (key.getKid().equals(kid) && key.getStatus().isEnabled() && matches(key, use, algorithm)) {
                     if (logger.isTraceEnabled()) {
                         logger.tracev("Found key: realm={0} kid={1} algorithm={2} use={3}", realm.getName(), key.getKid(), algorithm, use.name());
                     }
 
                     return key;
                 }
             }
         }
 
         if (logger.isTraceEnabled()) {
             logger.tracev("Failed to find public key: realm={0} kid={1} algorithm={2} use={3}", realm.getName(), kid, algorithm, use.name());
         }
 
         return null;
     }

◆ getKeys() [1/2]

List<KeyWrapper> org.keycloak.keys.DefaultKeyManager.getKeys	(	RealmModel	realm,
		KeyUse	use,
		String	algorithm
	)

inline

                                                                                     {
         List<KeyWrapper> keys = new LinkedList<>();
         for (KeyProvider p : getProviders(realm)) {
             for (KeyWrapper key : p .getKeys()) {
                 if (key.getStatus().isEnabled() && matches(key, use, algorithm)) {
                     keys.add(key);
                 }
             }
         }
         return keys;
     }

◆ getKeys() [2/2]

List<KeyWrapper> org.keycloak.keys.DefaultKeyManager.getKeys ( RealmModel realm )

inline

                                                       {
         List<KeyWrapper> keys = new LinkedList<>();
         for (KeyProvider p : getProviders(realm)) {
             for (KeyWrapper key : p .getKeys()) {
                 keys.add(key);
             }
         }
         return keys;
     }

◆ getProviders()

List<KeyProvider> org.keycloak.keys.DefaultKeyManager.getProviders ( RealmModel realm )

inlineprivate

                                                              {
         List<KeyProvider> providers = providersMap.get(realm.getId());
         if (providers == null) {
             providers = new LinkedList<>();
 
             List<ComponentModel> components = new LinkedList<>(realm.getComponents(realm.getId(), KeyProvider.class.getName()));
             components.sort(new ProviderComparator());
 
             for (ComponentModel c : components) {
                 try {
                     ProviderFactory<KeyProvider> f = session.getKeycloakSessionFactory().getProviderFactory(KeyProvider.class, c.getProviderId());
                     KeyProviderFactory factory = (KeyProviderFactory) f;
                     KeyProvider provider = factory.create(session, c);
                     session.enlistForClose(provider);
                     providers.add(provider);
                 } catch (Throwable t) {
                     logger.errorv(t, "Failed to load provider {0}", c.getId());
                 }
             }
 
             providersMap.put(realm.getId(), providers);
         }
         return providers;
     }

◆ getRsaCertificate()

Certificate org.keycloak.keys.DefaultKeyManager.getRsaCertificate	(	RealmModel	realm,
		String	kid
	)

inline

                                                                        {
         KeyWrapper key = getKey(realm, kid, KeyUse.SIG, Algorithm.RS256);
         return key != null ? key.getCertificate() : null;
     }

◆ getRsaKeys()

List<RsaKeyMetadata> org.keycloak.keys.DefaultKeyManager.getRsaKeys ( RealmModel realm )

inline

                                                              {
         List<RsaKeyMetadata> keys = new LinkedList<>();
         for (KeyWrapper key : getKeys(realm, KeyUse.SIG, Algorithm.RS256)) {
             RsaKeyMetadata m = new RsaKeyMetadata();
             m.setCertificate(key.getCertificate());
             m.setPublicKey((PublicKey) key.getVerifyKey());
             m.setKid(key.getKid());
             m.setProviderId(key.getProviderId());
             m.setProviderPriority(key.getProviderPriority());
             m.setStatus(key.getStatus());
 
             keys.add(m);
         }
         return keys;
     }

◆ getRsaPublicKey()

PublicKey org.keycloak.keys.DefaultKeyManager.getRsaPublicKey	(	RealmModel	realm,
		String	kid
	)

inline

                                                                    {
         KeyWrapper key = getKey(realm, kid, KeyUse.SIG, Algorithm.RS256);
         return key != null ? (PublicKey) key.getVerifyKey() : null;
     }

◆ matches()

boolean org.keycloak.keys.DefaultKeyManager.matches	(	KeyWrapper	key,
		KeyUse	use,
		String	algorithm
	)

inlineprivate

                                                                           {
         return use.equals(key.getUse()) && key.getAlgorithm().equals(algorithm);
     }

メンバ詳解

◆ logger

final Logger org.keycloak.keys.DefaultKeyManager.logger = Logger.getLogger(DefaultKeyManager.class)

staticprivate

◆ providersMap

final Map<String, List<KeyProvider> > org.keycloak.keys.DefaultKeyManager.providersMap = new HashMap<>()

private

◆ session

final KeycloakSession org.keycloak.keys.DefaultKeyManager.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/keys/DefaultKeyManager.java

クラス

公開メンバ関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ DefaultKeyManager()

関数詳解

◆ getActiveAesKey()

◆ getActiveHmacKey()

◆ getActiveKey() [1/2]

◆ getActiveKey() [2/2]

◆ getActiveRsaKey()

◆ getAesKeys()

◆ getAesSecretKey()

◆ getHmacKeys()

◆ getHmacSecretKey()

◆ getKey()

◆ getKeys() [1/2]

◆ getKeys() [2/2]

◆ getProviders()

◆ getRsaCertificate()

◆ getRsaKeys()

◆ getRsaPublicKey()

◆ matches()

メンバ詳解

◆ logger

◆ providersMap

◆ session