Sync from Keycloak and remove DummyCryptoProvider

closes #82 Signed-off-by: mposolda <[email protected]>
keycloak · Oct 15, 2024 · 676f6bb · 676f6bb
1 parent 5f8905a
commit 676f6bb
Show file tree

Hide file tree

Showing 17 changed files with 137 additions and 145 deletions.
diff --git a/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java b/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
@@ -114,6 +114,12 @@ List<UserRepresentation> search(@QueryParam("emailVerified") Boolean emailVerifi
     @Consumes(MediaType.APPLICATION_JSON)
     List<UserRepresentation> searchByAttributes(@QueryParam("q") String searchQuery);
 
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    List<UserRepresentation> searchByAttributes(@QueryParam("q") String searchQuery,
+                                                @QueryParam("exact") Boolean exact);
+
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @Consumes(MediaType.APPLICATION_JSON)

diff --git a/authz-client/pom.xml b/authz-client/pom.xml
@@ -101,9 +101,20 @@
                                             <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
                                             <includes>
                                                 org/**/*,
-                                                META-INF/services/*
                                             </includes>  <!-- unpack just source code and potential services -->
                                         </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.keycloak</groupId>
+                                            <artifactId>keycloak-authz-client-tests</artifactId>
+                                            <version>${keycloak.version}</version>
+                                            <type>jar</type>
+                                            <classifier>sources</classifier>
+                                            <overWrite>true</overWrite>
+                                            <outputDirectory>${project.build.directory}/unpacked-resources</outputDirectory>
+                                            <includes>
+                                                META-INF/services/**/*
+                                            </includes>
+                                        </artifactItem>
                                     </artifactItems>
                                     <overWriteReleases>false</overWriteReleases>
                                     <overWriteSnapshots>true</overWriteSnapshots>

diff --git a/authz-client/src/main/java/org/keycloak/authorization/client/AuthzClient.java b/authz-client/src/main/java/org/keycloak/authorization/client/AuthzClient.java
@@ -30,6 +30,7 @@
 import org.keycloak.authorization.client.resource.ProtectionResource;
 import org.keycloak.authorization.client.util.Http;
 import org.keycloak.authorization.client.util.TokenCallable;
+import org.keycloak.common.crypto.CryptoIntegration;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.util.SystemPropertiesJsonParserFactory;
@@ -91,6 +92,7 @@ public static AuthzClient create(InputStream configStream) throws RuntimeExcepti
      * @return a new instance
      */
     public static AuthzClient create(Configuration configuration) {
+        CryptoIntegration.init(AuthzClient.class.getClassLoader());
         return new AuthzClient(configuration);
     }
 

diff --git a/...ent/testsuite/authz/util/ASN1Decoder.java → ...ation/client/util/crypto/ASN1Decoder.java b/...ent/testsuite/authz/util/ASN1Decoder.java → ...ation/client/util/crypto/ASN1Decoder.java
@@ -1,20 +1,23 @@
 /*
  * Copyright 2024 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
+ *  and other contributors as indicated by the @author tags.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
  */
-package org.keycloak.client.testsuite.authz.util;
+
+package org.keycloak.authorization.client.util.crypto;
 
 import java.io.ByteArrayInputStream;
 import java.io.EOFException;
@@ -197,3 +200,4 @@ int read() {
         return tmp;
     }
 }
+
diff --git a/...ent/testsuite/authz/util/ASN1Encoder.java → ...ation/client/util/crypto/ASN1Encoder.java b/...ent/testsuite/authz/util/ASN1Encoder.java → ...ation/client/util/crypto/ASN1Encoder.java
@@ -1,20 +1,23 @@
 /*
  * Copyright 2024 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
+ *  and other contributors as indicated by the @author tags.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
  */
-package org.keycloak.client.testsuite.authz.util;
+
+package org.keycloak.authorization.client.util.crypto;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -95,3 +98,4 @@ byte[] concatenate(ASN1Encoder... objects) throws IOException {
         return tmp.toByteArray();
     }
 }
+
diff --git a/...suite/authz/util/DummyCryptoProvider.java → ...til/crypto/AuthzClientCryptoProvider.java b/...suite/authz/util/DummyCryptoProvider.java → ...til/crypto/AuthzClientCryptoProvider.java
@@ -1,20 +1,23 @@
 /*
  * Copyright 2024 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
+ *  and other contributors as indicated by the @author tags.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
  */
-package org.keycloak.client.testsuite.authz.util;
+
+package org.keycloak.authorization.client.util.crypto;
 
 import java.io.IOException;
 import java.math.BigInteger;
@@ -48,11 +51,11 @@
 import org.keycloak.common.util.KeystoreUtil;
 
 /**
- * <p>Dummy crypto provider to be used with the authz-client.</p>
+ * <p>Simple crypto provider to be used with the authz-client.</p>
  *
  * @author rmartinc
  */
-public class DummyCryptoProvider implements CryptoProvider {
+public class AuthzClientCryptoProvider implements CryptoProvider {
 
     @Override
     public Provider getBouncyCastleProvider() {
@@ -63,6 +66,11 @@ public Provider getBouncyCastleProvider() {
         }
     }
 
+    @Override
+    public int order() {
+        return 100;
+    }
+
     @Override
     public <T> T getAlgorithmProvider(Class<T> clazz, String algorithm) {
         throw new UnsupportedOperationException("Not supported yet.");
@@ -215,4 +223,4 @@ public Signature getSignature(String sigAlgName) throws NoSuchAlgorithmException
     public SSLSocketFactory wrapFactoryForTruststore(SSLSocketFactory delegate) {
         throw new UnsupportedOperationException("Not supported yet.");
     }
-}
+}
diff --git a/authz-client/src/main/resources/META-INF/services/org.keycloak.common.crypto.CryptoProvider b/authz-client/src/main/resources/META-INF/services/org.keycloak.common.crypto.CryptoProvider
@@ -0,0 +1,20 @@
+#
+# Copyright 2024 Red Hat, Inc. and/or its affiliates
+#  and other contributors as indicated by the @author tags.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#
+
+org.keycloak.authorization.client.util.crypto.AuthzClientCryptoProvider
diff --git a/client-common-synced/src/main/java/org/keycloak/OAuth2Constants.java b/client-common-synced/src/main/java/org/keycloak/OAuth2Constants.java
@@ -93,6 +93,7 @@ public interface OAuth2Constants {
     String SCOPE_PHONE = "phone";
 
     String ORGANIZATION = "organization";
+    String ORGANIZATION_ID = "id";
 
     String UI_LOCALES_PARAM = "ui_locales";
 

diff --git a/client-common-synced/src/main/java/org/keycloak/common/Profile.java b/client-common-synced/src/main/java/org/keycloak/common/Profile.java
@@ -51,17 +51,17 @@ public enum Feature {
 
         ACCOUNT_API("Account Management REST API", Type.DEFAULT),
 
-        ACCOUNT3("Account Console version 3", Type.DEFAULT, Feature.ACCOUNT_API),
+        ACCOUNT_V3("Account Console version 3", Type.DEFAULT, 3, Feature.ACCOUNT_API),
 
         ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW),
 
         ADMIN_API("Admin API", Type.DEFAULT),
 
-        ADMIN2("New Admin Console", Type.DEFAULT, Feature.ADMIN_API),
+        ADMIN_V2("New Admin Console", Type.DEFAULT, 2, Feature.ADMIN_API),
 
-        LOGIN2("New Login Theme", Type.DEFAULT),
+        LOGIN_V2("New Login Theme", Type.DEFAULT, 2),
 
-        LOGIN1("Legacy Login Theme", Type.DEPRECATED),
+        LOGIN_V1("Legacy Login Theme", Type.DEPRECATED, 1),
 
         DOCKER("Docker Registry protocol", Type.DISABLED_BY_DEFAULT),
 
@@ -92,8 +92,6 @@ public enum Feature {
 
         UPDATE_EMAIL("Update Email Action", Type.PREVIEW),
 
-        JS_ADAPTER("Host keycloak.js and keycloak-authz.js through the Keycloak server", Type.DEFAULT),
-
         FIPS("FIPS 140-2 mode", Type.DISABLED_BY_DEFAULT),
 
         DPOP("OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer", Type.PREVIEW),

diff --git a/client-common-synced/src/main/java/org/keycloak/common/crypto/CryptoIntegration.java b/client-common-synced/src/main/java/org/keycloak/common/crypto/CryptoIntegration.java
@@ -3,6 +3,7 @@
 import java.security.KeyStore;
 import java.security.Provider;
 import java.security.Security;
+import java.util.Comparator;
 import java.util.List;
 import java.util.ServiceLoader;
 import java.util.stream.Collectors;
@@ -53,15 +54,20 @@ public static CryptoProvider getProvider() {
     // Try to auto-detect provider
     private static CryptoProvider detectProvider(ClassLoader classLoader) {
         List<CryptoProvider> foundProviders = StreamSupport.stream(ServiceLoader.load(CryptoProvider.class, classLoader).spliterator(), false)
+                .sorted(Comparator.comparingInt(CryptoProvider::order).reversed())
                 .collect(Collectors.toList());
 
         if (foundProviders.isEmpty()) {
             throw new IllegalStateException("Not able to load any cryptoProvider with the classLoader: " + classLoader);
-        } else if (foundProviders.size() > 1) {
-            throw new IllegalStateException("Multiple crypto providers loaded with the classLoader: " + classLoader +
-                    ". Make sure only one cryptoProvider available on the classpath. Available providers: " +foundProviders);
         } else {
             logger.debugf("Detected crypto provider: %s", foundProviders.get(0).getClass().getName());
+            if (foundProviders.size() > 1) {
+                StringBuilder builder = new StringBuilder("Ignored crypto providers: ");
+                for (int i = 1 ; i < foundProviders.size() ; i++) {
+                    builder.append(foundProviders.get(i).getClass().getName() + ", ");
+                }
+                logger.debugf(builder.toString());
+            }
             return foundProviders.get(0);
         }
     }

diff --git a/client-common-synced/src/main/java/org/keycloak/common/crypto/CryptoProvider.java b/client-common-synced/src/main/java/org/keycloak/common/crypto/CryptoProvider.java
@@ -36,6 +36,13 @@ public interface CryptoProvider {
      */
     Provider getBouncyCastleProvider();
 
+    /**
+     * Order of this provider. This allows to specify which CryptoProvider will have preference in case that more of them are on the classpath.
+     *
+     * The higher number has preference over the lower number
+     */
+    int order();
+
     /**
      * Get some algorithm provider implementation. Returned implementation can be dependent according to if we have
      * non-fips bouncycastle or fips bouncycastle on the classpath.
@@ -84,7 +91,7 @@ public interface CryptoProvider {
     KeyFactory getKeyFactory(String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException;
 
     Cipher getAesCbcCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException;
-    
+
     Cipher getAesGcmCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException;
 
     SecretKeyFactory getSecretKeyFact(String keyAlgorithm) throws NoSuchAlgorithmException, NoSuchProviderException;

diff --git a/...nt-common-synced/src/main/java/org/keycloak/common/util/ConcurrentMultivaluedHashMap.java b/...nt-common-synced/src/main/java/org/keycloak/common/util/ConcurrentMultivaluedHashMap.java
@@ -18,6 +18,7 @@
 package org.keycloak.common.util;
 
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArrayList;
 
@@ -28,6 +29,15 @@
 @SuppressWarnings("serial")
 public class ConcurrentMultivaluedHashMap<K, V> extends ConcurrentHashMap<K, List<V>> implements MultivaluedMap<K, V>
 {
+    public ConcurrentMultivaluedHashMap() {
+    }
+
+    public ConcurrentMultivaluedHashMap(Map<K, List<V>> map) {
+        if (map == null) {
+            throw new IllegalArgumentException("Map can not be null");
+        }
+        putAll(map);
+    }
 
    @Override
    public List<V> createListInstance() {

diff --git a/client-common-synced/src/main/java/org/keycloak/jose/jwk/JWKParser.java b/client-common-synced/src/main/java/org/keycloak/jose/jwk/JWKParser.java
@@ -27,14 +27,14 @@ public class JWKParser extends AbstractJWKParser {
     private JWKParser() {
     }
 
-    public JWKParser(JWK jwk) {
-        this.jwk = jwk;
-    }
-
     public static JWKParser create() {
         return new JWKParser();
     }
 
+    public JWKParser(JWK jwk) {
+        this.jwk = jwk;
+    }
+
     public static JWKParser create(JWK jwk) {
         return new JWKParser(jwk);
     }

diff --git a/...mon-synced/src/main/java/org/keycloak/representations/idm/OrganizationRepresentation.java b/...mon-synced/src/main/java/org/keycloak/representations/idm/OrganizationRepresentation.java
@@ -32,6 +32,7 @@ public class OrganizationRepresentation {
     private String alias;
     private boolean enabled = true;
     private String description;
+    private String redirectUrl;
     private Map<String, List<String>> attributes;
     private Set<OrganizationDomainRepresentation> domains;
     private List<MemberRepresentation> members;
@@ -77,6 +78,14 @@ public void setDescription(String description) {
         this.description = description;
     }
 
+    public String getRedirectUrl() {
+        return redirectUrl;
+    }
+
+    public void setRedirectUrl(String redirectUrl) {
+        this.redirectUrl = redirectUrl;
+    }
+
     public Map<String, List<String>> getAttributes() {
         return attributes;
     }