org.keycloak.protocol.docker.DockerKeyIdentifier クラス

org.keycloak.protocol.docker.DockerKeyIdentifier 連携図

クラス
class	DelimitingCollector

公開メンバ関数
	DockerKeyIdentifier (final Key key) throws InstantiationException
String	toString ()
boolean	equals (final Object o)
int	hashCode ()

非公開メンバ関数
Stream< Byte >	byteStream (final byte[] bytes)
byte []	truncateToBitLength (final int bitLength, final byte[] arrayToTruncate)

非公開変数類
final String	identifier

詳解

The “kid” field has to be in a libtrust fingerprint compatible format. Such a format can be generated by following steps: 1) Take the DER encoded public key which the JWT token was signed against. 2) Create a SHA256 hash out of it and truncate to 240bits. 3) Split the result into 12 base32 encoded groups with : as delimiter.

Ex: "kid": "PYYO:TEWU:V7JH:26JV:AQTZ:LJC3:SXVJ:XGHA:34F2:2LAQ:ZRMK:Z7Q6"

参照

https://docs.docker.com/registry/spec/auth/jwt/

https://github.com/docker/libtrust/blob/master/key.go#L24

構築子と解体子

DockerKeyIdentifier()

org.keycloak.protocol.docker.DockerKeyIdentifier.DockerKeyIdentifier ( final Key  key ) throws InstantiationException

inline

                                                                            {
        try {
            final MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
            final byte[] hashed = sha256.digest(key.getEncoded());
            final byte[] hashedTruncated = truncateToBitLength(240, hashed);
            final String base32Id = Base32.encode(hashedTruncated);
            identifier = byteStream(base32Id.getBytes()).collect(new DelimitingCollector());
        } catch (final NoSuchAlgorithmException e) {
            throw new InstantiationException("Could not instantiate docker key identifier, no SHA-256 algorithm available.");
        }
    }

関数詳解

byteStream()

Stream<Byte> org.keycloak.protocol.docker.DockerKeyIdentifier.byteStream ( final byte []  bytes )

inlineprivate

                                                        {
        final Collection<Byte> colectionedBytes = new ArrayList<>();
        for (final byte aByte : bytes) {
            colectionedBytes.add(aByte);
        }

        return colectionedBytes.stream();
    }

equals()

boolean org.keycloak.protocol.docker.DockerKeyIdentifier.equals ( final Object  o )

inline

                                          {
        if (this == o) return true;
        if (!(o instanceof DockerKeyIdentifier)) return false;

        final DockerKeyIdentifier that = (DockerKeyIdentifier) o;

        return identifier != null ? identifier.equals(that.identifier) : that.identifier == null;

    }

hashCode()

int org.keycloak.protocol.docker.DockerKeyIdentifier.hashCode ( )

inline

                          {
        return identifier != null ? identifier.hashCode() : 0;
    }

toString()

String org.keycloak.protocol.docker.DockerKeyIdentifier.toString ( )

inline

                             {
        return identifier;
    }

truncateToBitLength()

byte [] org.keycloak.protocol.docker.DockerKeyIdentifier.truncateToBitLength ( final int  bitLength, final byte []  arrayToTruncate  )

inlineprivate

                                                                                          {
        if (bitLength % 8 != 0) {
            throw new IllegalArgumentException("Bit length for truncation of byte array given as a number not divisible by 8");
        }

        final int numberOfBytes = bitLength / 8;
        return Arrays.copyOfRange(arrayToTruncate, 0, numberOfBytes);
    }

メンバ詳解

identifier

final String org.keycloak.protocol.docker.DockerKeyIdentifier.identifier

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/docker/DockerKeyIdentifier.java