keycloak-uncached
Changes
core/pom.xml 17(+6 -11)
core/src/main/java/org/keycloak/representations/idm/ApplicationInstallationRepresentation.java 2(+0 -2)
core/src/main/java/org/keycloak/util/Base64.java 2091(+2091 -0)
core/src/test/java/org/keycloak/RSAVerifierTest.java 395(+174 -221)
core-jaxrs/pom.xml 71(+71 -0)
examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml 1(+0 -1)
examples/as7-eap-demo/server/pom.xml 14(+9 -5)
examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java 14(+2 -12)
examples/wildfly-demo/server/pom.xml 5(+0 -5)
integration/adapter-core/pom.xml 10(+10 -0)
integration/as7-eap6/adapter/pom.xml 5(+0 -5)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java 2(+1 -1)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/RealmConfigurationLoader.java 2(+1 -1)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java 10(+5 -5)
integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java 4(+2 -2)
integration/undertow/pom.xml 5(+0 -5)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java 2(+1 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java 2(+1 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/RealmConfigurationLoader.java 2(+1 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthenticationMechanism.java 2(+1 -1)
integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletOAuthAuthenticator.java 2(+1 -1)
pom.xml 5(+3 -2)
server/pom.xml 15(+10 -5)
services/pom.xml 11(+6 -5)
testsuite/integration/pom.xml 9(+7 -2)
testsuite/performance/pom.xml 5(+5 -0)
Details
core/pom.xml 17(+6 -11)
diff --git a/core/pom.xml b/core/pom.xml
index 0e1e33e..f4f1663 100755
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -14,23 +14,18 @@
<dependencies>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-jaxrs</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk16</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-client</artifactId>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.spec.javax.servlet</groupId>
- <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/core/src/main/java/org/keycloak/jose/jws/Algorithm.java b/core/src/main/java/org/keycloak/jose/jws/Algorithm.java
new file mode 100755
index 0000000..95b062b
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jose/jws/Algorithm.java
@@ -0,0 +1,18 @@
+package org.keycloak.jose.jws;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public enum Algorithm {
+ none,
+ HS256,
+ HS384,
+ HS512,
+ RS256,
+ RS384,
+ RS512,
+ ES256,
+ ES384,
+ ES512
+}
diff --git a/core/src/main/java/org/keycloak/jose/jws/crypto/HMACProvider.java b/core/src/main/java/org/keycloak/jose/jws/crypto/HMACProvider.java
new file mode 100755
index 0000000..00c6a30
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jose/jws/crypto/HMACProvider.java
@@ -0,0 +1,86 @@
+package org.keycloak.jose.jws.crypto;
+
+
+import org.keycloak.jose.jws.Algorithm;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.util.Base64Url;
+
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class HMACProvider {
+ public static String getJavaAlgorithm(Algorithm alg) {
+ switch (alg) {
+ case HS256:
+ return "HMACSHA256";
+ case HS384:
+ return "HMACSHA384";
+ case HS512:
+ return "HMACSHA512";
+ default:
+ throw new IllegalArgumentException("Not a MAC Algorithm");
+ }
+ }
+
+ public static Mac getMAC(final Algorithm alg) {
+
+ try {
+ return Mac.getInstance(getJavaAlgorithm(alg));
+
+ } catch (NoSuchAlgorithmException e) {
+
+ throw new RuntimeException("Unsupported HMAC algorithm: " + e.getMessage(), e);
+ }
+ }
+
+ public static byte[] sign(byte[] data, Algorithm algorithm, byte[] sharedSecret) {
+ try {
+ Mac mac = getMAC(algorithm);
+ mac.init(new SecretKeySpec(sharedSecret, mac.getAlgorithm()));
+ mac.update(data);
+ return mac.doFinal();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static byte[] sign(byte[] data, Algorithm algorithm, SecretKey key) {
+ try {
+ Mac mac = getMAC(algorithm);
+ mac.init(key);
+ mac.update(data);
+ return mac.doFinal();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static boolean verify(JWSInput input, SecretKey key) {
+ try {
+ byte[] signature = sign(input.getContent(), input.getHeader().getAlgorithm(), key);
+ String x = Base64Url.encode(signature);
+ return x.equals(input.getEncodedSignature());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+ public static boolean verify(JWSInput input, byte[] sharedSecret) {
+ try {
+ byte[] signature = sign(input.getContent(), input.getHeader().getAlgorithm(), sharedSecret);
+ String x = Base64Url.encode(signature);
+ return x.equals(input.getEncodedSignature());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+}
diff --git a/core/src/main/java/org/keycloak/jose/jws/crypto/RSAProvider.java b/core/src/main/java/org/keycloak/jose/jws/crypto/RSAProvider.java
new file mode 100755
index 0000000..151d354
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jose/jws/crypto/RSAProvider.java
@@ -0,0 +1,61 @@
+package org.keycloak.jose.jws.crypto;
+
+
+import org.keycloak.jose.jws.Algorithm;
+import org.keycloak.jose.jws.JWSInput;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class RSAProvider {
+ public static String getJavaAlgorithm(Algorithm alg) {
+ switch (alg) {
+ case RS256:
+ return "SHA256withRSA";
+ case RS384:
+ return "SHA384withRSA";
+ case RS512:
+ return "SHA512withRSA";
+ default:
+ throw new IllegalArgumentException("Not an RSA Algorithm");
+ }
+ }
+
+ public static Signature getSignature(Algorithm alg) {
+ try {
+ return Signature.getInstance(getJavaAlgorithm(alg));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static byte[] sign(byte[] data, Algorithm algorithm, PrivateKey privateKey) {
+ try {
+ Signature signature = getSignature(algorithm);
+ signature.initSign(privateKey);
+ signature.update(data);
+ return signature.sign();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static boolean verify(JWSInput input, PublicKey publicKey) {
+ try {
+ Signature verifier = getSignature(input.getHeader().getAlgorithm());
+ verifier.initVerify(publicKey);
+ verifier.update(input.getContent());
+ return verifier.verify(input.getSignature());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+
+ }
+
+
+}
diff --git a/core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java b/core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java
new file mode 100755
index 0000000..32490f7
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java
@@ -0,0 +1,138 @@
+package org.keycloak.jose.jws;
+
+import org.keycloak.jose.jws.crypto.HMACProvider;
+import org.keycloak.jose.jws.crypto.RSAProvider;
+import org.keycloak.util.Base64Url;
+import org.keycloak.util.JsonSerialization;
+
+import javax.crypto.SecretKey;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.PrivateKey;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class JWSBuilder {
+ String type;
+ String contentType;
+ byte[] contentBytes;
+
+ public JWSBuilder type(String type) {
+ this.type = type;
+ return this;
+ }
+
+ public JWSBuilder contentType(String type) {
+ this.contentType = type;
+ return this;
+ }
+
+ public EncodingBuilder content(byte[] bytes) {
+ this.contentBytes = bytes;
+ return new EncodingBuilder();
+ }
+
+ public EncodingBuilder jsonContent(Object object) {
+ try {
+ this.contentBytes = JsonSerialization.writeValueAsBytes(object);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ return new EncodingBuilder();
+ }
+
+
+ protected String encodeHeader(Algorithm alg) {
+ StringBuilder builder = new StringBuilder("{");
+ builder.append("\"alg\":\"").append(alg.toString()).append("\"");
+
+ if (type != null) builder.append(",\"typ\" : \"").append(type).append("\"");
+ if (contentType != null) builder.append(",\"cty\":\"").append(contentType).append("\"");
+ builder.append("}");
+ try {
+ return Base64Url.encode(builder.toString().getBytes("UTF-8"));
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ protected String encode(Algorithm alg, byte[] data, byte[] signature) {
+ StringBuffer encoding = new StringBuffer();
+ encoding.append(encodeHeader(alg));
+ encoding.append('.');
+ encoding.append(Base64Url.encode(data));
+ encoding.append('.');
+ if (alg != Algorithm.none) {
+ encoding.append(Base64Url.encode(signature));
+ }
+ return encoding.toString();
+ }
+
+ protected byte[] marshalContent() {
+ return contentBytes;
+ }
+
+ public class EncodingBuilder {
+ public String none() {
+ byte[] data = marshalContent();
+ return encode(Algorithm.none, data, null);
+ }
+
+ public String rsa256(PrivateKey privateKey) {
+ byte[] data = marshalContent();
+ byte[] signature = RSAProvider.sign(data, Algorithm.RS256, privateKey);
+ return encode(Algorithm.RS256, data, signature);
+ }
+
+ public String rsa384(PrivateKey privateKey) {
+ byte[] data = marshalContent();
+ byte[] signature = RSAProvider.sign(data, Algorithm.RS384, privateKey);
+ return encode(Algorithm.RS384, data, signature);
+ }
+
+ public String rsa512(PrivateKey privateKey) {
+ byte[] data = marshalContent();
+ byte[] signature = RSAProvider.sign(data, Algorithm.RS512, privateKey);
+ return encode(Algorithm.RS512, data, signature);
+ }
+
+
+ public String hmac256(byte[] sharedSecret) {
+ byte[] data = marshalContent();
+ byte[] signature = HMACProvider.sign(data, Algorithm.HS256, sharedSecret);
+ return encode(Algorithm.HS256, data, signature);
+ }
+
+ public String hmac384(byte[] sharedSecret) {
+ byte[] data = marshalContent();
+ byte[] signature = HMACProvider.sign(data, Algorithm.HS384, sharedSecret);
+ return encode(Algorithm.HS384, data, signature);
+ }
+
+ public String hmac512(byte[] sharedSecret) {
+ byte[] data = marshalContent();
+ byte[] signature = HMACProvider.sign(data, Algorithm.HS512, sharedSecret);
+ return encode(Algorithm.HS512, data, signature);
+ }
+
+ public String hmac256(SecretKey sharedSecret) {
+ byte[] data = marshalContent();
+ byte[] signature = HMACProvider.sign(data, Algorithm.HS256, sharedSecret);
+ return encode(Algorithm.HS256, data, signature);
+ }
+
+ public String hmac384(SecretKey sharedSecret) {
+ byte[] data = marshalContent();
+ byte[] signature = HMACProvider.sign(data, Algorithm.HS384, sharedSecret);
+ return encode(Algorithm.HS384, data, signature);
+ }
+
+ public String hmac512(SecretKey sharedSecret) {
+ byte[] data = marshalContent();
+ byte[] signature = HMACProvider.sign(data, Algorithm.HS512, sharedSecret);
+ return encode(Algorithm.HS512, data, signature);
+ }
+ }
+}
diff --git a/core/src/main/java/org/keycloak/jose/jws/JWSHeader.java b/core/src/main/java/org/keycloak/jose/jws/JWSHeader.java
new file mode 100755
index 0000000..105ef04
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jose/jws/JWSHeader.java
@@ -0,0 +1,64 @@
+package org.keycloak.jose.jws;
+
+import org.codehaus.jackson.annotate.JsonIgnore;
+import org.codehaus.jackson.annotate.JsonProperty;
+import org.codehaus.jackson.map.ObjectMapper;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+import java.io.IOException;
+import java.io.Serializable;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class JWSHeader implements Serializable {
+ @JsonProperty("alg")
+ private Algorithm algorithm;
+
+ @JsonProperty("typ")
+ private String type;
+
+ @JsonProperty("cty")
+ private String contentType;
+
+ public JWSHeader() {
+ }
+
+ public JWSHeader(Algorithm algorithm, String type, String contentType) {
+ this.algorithm = algorithm;
+ this.type = type;
+ this.contentType = contentType;
+ }
+
+ public Algorithm getAlgorithm() {
+ return algorithm;
+ }
+
+ public String getType() {
+ return type;
+ }
+
+ public String getContentType() {
+ return contentType;
+ }
+
+
+ private static final ObjectMapper mapper = new ObjectMapper();
+
+ static {
+ mapper.setSerializationInclusion(JsonSerialize.Inclusion.NON_NULL);
+
+ }
+
+ public String toString() {
+ try {
+ return mapper.writeValueAsString(this);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+
+
+ }
+
+}
diff --git a/core/src/main/java/org/keycloak/jose/jws/JWSInput.java b/core/src/main/java/org/keycloak/jose/jws/JWSInput.java
new file mode 100755
index 0000000..f86151f
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jose/jws/JWSInput.java
@@ -0,0 +1,82 @@
+package org.keycloak.jose.jws;
+
+import org.keycloak.util.Base64Url;
+import org.keycloak.util.JsonSerialization;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class JWSInput {
+ String wireString;
+ String encodedHeader;
+ String encodedContent;
+ String encodedSignature;
+ JWSHeader header;
+ byte[] content;
+ byte[] signature;
+
+
+ public JWSInput(String wire) {
+ this.wireString = wire;
+ String[] parts = wire.split("\\.");
+ if (parts.length < 2 || parts.length > 3) throw new IllegalArgumentException("Parsing error");
+ encodedHeader = parts[0];
+ encodedContent = parts[1];
+ try {
+ content = Base64Url.decode(encodedContent);
+ if (parts.length > 2) {
+ encodedSignature = parts[2];
+ signature = Base64Url.decode(encodedSignature);
+
+ }
+ byte[] headerBytes = Base64Url.decode(encodedHeader);
+ header = JsonSerialization.readValue(headerBytes, JWSHeader.class);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public String getWireString() {
+ return wireString;
+ }
+
+ public String getEncodedHeader() {
+ return encodedHeader;
+ }
+
+ public String getEncodedContent() {
+ return encodedContent;
+ }
+
+ public String getEncodedSignature() {
+ return encodedSignature;
+ }
+
+ public JWSHeader getHeader() {
+ return header;
+ }
+
+ public byte[] getContent() {
+ return content;
+ }
+
+ public byte[] getSignature() {
+ return signature;
+ }
+
+ public <T> T readJsonContent(Class<T> type) throws IOException {
+ return JsonSerialization.readValue(content, type);
+ }
+
+ public String readContentAsString() {
+ try {
+ return new String(content, "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
diff --git a/core/src/main/java/org/keycloak/jwt/JsonWebToken.java b/core/src/main/java/org/keycloak/jwt/JsonWebToken.java
new file mode 100755
index 0000000..519d734
--- /dev/null
+++ b/core/src/main/java/org/keycloak/jwt/JsonWebToken.java
@@ -0,0 +1,136 @@
+package org.keycloak.jwt;
+
+import org.codehaus.jackson.annotate.JsonIgnore;
+import org.codehaus.jackson.annotate.JsonProperty;
+
+import java.io.Serializable;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class JsonWebToken implements Serializable {
+ @JsonProperty("jti")
+ protected String id;
+ @JsonProperty("exp")
+ protected long expiration;
+ @JsonProperty("nbf")
+ protected long notBefore;
+ @JsonProperty("iat")
+ protected long issuedAt;
+ @JsonProperty("iss")
+ protected String issuer;
+ @JsonProperty("aud")
+ protected String audience;
+ @JsonProperty("prn")
+ protected String principal;
+ @JsonProperty("typ")
+ protected String type;
+
+ public String getId() {
+ return id;
+ }
+
+ public JsonWebToken id(String id) {
+ this.id = id;
+ return this;
+ }
+
+
+ public long getExpiration() {
+ return expiration;
+ }
+
+ public JsonWebToken expiration(long expiration) {
+ this.expiration = expiration;
+ return this;
+ }
+
+ @JsonIgnore
+ public boolean isExpired() {
+ long time = System.currentTimeMillis() / 1000;
+ return time > expiration;
+ }
+
+ public long getNotBefore() {
+ return notBefore;
+ }
+
+ public JsonWebToken notBefore(long notBefore) {
+ this.notBefore = notBefore;
+ return this;
+ }
+
+
+ @JsonIgnore
+ public boolean isNotBefore() {
+ return (System.currentTimeMillis() / 1000) >= notBefore;
+
+ }
+
+ /**
+ * Tests that the token is not expired and is not-before.
+ *
+ * @return
+ */
+ @JsonIgnore
+ public boolean isActive() {
+ return (!isExpired() || expiration == 0) && (isNotBefore() || notBefore == 0);
+ }
+
+ public long getIssuedAt() {
+ return issuedAt;
+ }
+
+ /**
+ * Set issuedAt to the current time
+ */
+ @JsonIgnore
+ public JsonWebToken issuedNow() {
+ issuedAt = System.currentTimeMillis() / 1000;
+ return this;
+ }
+
+ public JsonWebToken issuedAt(long issuedAt) {
+ this.issuedAt = issuedAt;
+ return this;
+ }
+
+
+ public String getIssuer() {
+ return issuer;
+ }
+
+ public JsonWebToken issuer(String issuer) {
+ this.issuer = issuer;
+ return this;
+ }
+
+
+ public String getAudience() {
+ return audience;
+ }
+
+ public JsonWebToken audience(String audience) {
+ this.audience = audience;
+ return this;
+ }
+
+ public String getPrincipal() {
+ return principal;
+ }
+
+ public JsonWebToken principal(String principal) {
+ this.principal = principal;
+ return this;
+ }
+
+ public String getType() {
+ return type;
+ }
+
+ public JsonWebToken type(String type) {
+ this.type = type;
+ return this;
+ }
+}
diff --git a/core/src/main/java/org/keycloak/PemUtils.java b/core/src/main/java/org/keycloak/PemUtils.java
index 32babcb..8b25bca 100755
--- a/core/src/main/java/org/keycloak/PemUtils.java
+++ b/core/src/main/java/org/keycloak/PemUtils.java
@@ -1,6 +1,7 @@
package org.keycloak;
-import org.jboss.resteasy.util.Base64;
+
+import org.keycloak.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
diff --git a/core/src/main/java/org/keycloak/representations/idm/admin/AdminAction.java b/core/src/main/java/org/keycloak/representations/idm/admin/AdminAction.java
index 3b0a4e4..f9dd8a8 100755
--- a/core/src/main/java/org/keycloak/representations/idm/admin/AdminAction.java
+++ b/core/src/main/java/org/keycloak/representations/idm/admin/AdminAction.java
@@ -41,8 +41,7 @@ public class AdminAction {
}
@JsonIgnore
- public boolean isExpired()
- {
+ public boolean isExpired() {
long time = System.currentTimeMillis() / 1000;
return time > expiration;
}
diff --git a/core/src/main/java/org/keycloak/representations/idm/ApplicationInstallationRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ApplicationInstallationRepresentation.java
index fbad6df..23f9516 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ApplicationInstallationRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ApplicationInstallationRepresentation.java
@@ -2,8 +2,6 @@ package org.keycloak.representations.idm;
import org.codehaus.jackson.annotate.JsonProperty;
-import java.util.ArrayList;
-import java.util.List;
import java.util.Map;
/**
diff --git a/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java
index af9b292..4e043ed 100755
--- a/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java
@@ -1,9 +1,9 @@
package org.keycloak.representations.idm;
/**
-* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
-* @version $Revision: 1 $
-*/
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
public class CredentialRepresentation {
public static final String PASSWORD = "password";
public static final String TOTP = "totp";
diff --git a/core/src/main/java/org/keycloak/representations/idm/MappingsRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/MappingsRepresentation.java
index ba519fa..8172a2a 100755
--- a/core/src/main/java/org/keycloak/representations/idm/MappingsRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/MappingsRepresentation.java
@@ -19,7 +19,7 @@ public class MappingsRepresentation {
this.realmMappings = realmMappings;
}
- public Map<String,ApplicationMappingsRepresentation> getApplicationMappings() {
+ public Map<String, ApplicationMappingsRepresentation> getApplicationMappings() {
return applicationMappings;
}
diff --git a/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
index 7a4cc69..be44c43 100755
--- a/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java
@@ -1,6 +1,5 @@
package org.keycloak.representations.idm;
-import java.util.ArrayList;
import java.util.List;
/**
diff --git a/core/src/main/java/org/keycloak/representations/SkeletonKeyScope.java b/core/src/main/java/org/keycloak/representations/SkeletonKeyScope.java
index 4076b9e..d721ddd 100755
--- a/core/src/main/java/org/keycloak/representations/SkeletonKeyScope.java
+++ b/core/src/main/java/org/keycloak/representations/SkeletonKeyScope.java
@@ -1,6 +1,7 @@
package org.keycloak.representations;
-import javax.ws.rs.core.MultivaluedHashMap;
+
+import org.keycloak.util.MultivaluedHashMap;
/**
* Key is resource desired. Values are roles desired for that resource
diff --git a/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java b/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java
index 601bbbe..0f4fe1b 100755
--- a/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java
+++ b/core/src/main/java/org/keycloak/representations/SkeletonKeyToken.java
@@ -2,7 +2,7 @@ package org.keycloak.representations;
import org.codehaus.jackson.annotate.JsonIgnore;
import org.codehaus.jackson.annotate.JsonProperty;
-import org.jboss.resteasy.jwt.JsonWebToken;
+import org.keycloak.jwt.JsonWebToken;
import java.util.HashMap;
import java.util.HashSet;
diff --git a/core/src/main/java/org/keycloak/RSATokenVerifier.java b/core/src/main/java/org/keycloak/RSATokenVerifier.java
index 8c703d7..56fe140 100755
--- a/core/src/main/java/org/keycloak/RSATokenVerifier.java
+++ b/core/src/main/java/org/keycloak/RSATokenVerifier.java
@@ -1,8 +1,7 @@
package org.keycloak;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
-import org.jboss.resteasy.jwt.JsonSerialization;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.SkeletonKeyToken;
import java.io.IOException;
@@ -13,11 +12,6 @@ import java.security.PublicKey;
* @version $Revision: 1 $
*/
public class RSATokenVerifier {
- public static SkeletonKeyToken verifyToken(String tokenString, ResourceMetadata metadata) throws VerificationException {
- PublicKey realmKey = metadata.getRealmKey();
- String realm = metadata.getRealm();
- return verifyToken(tokenString, realmKey, realm);
- }
public static SkeletonKeyToken verifyToken(String tokenString, PublicKey realmKey, String realm) throws VerificationException {
JWSInput input = new JWSInput(tokenString);
@@ -31,7 +25,7 @@ public class RSATokenVerifier {
SkeletonKeyToken token = null;
try {
- token = JsonSerialization.fromBytes(SkeletonKeyToken.class, input.getContent());
+ token = input.readJsonContent(SkeletonKeyToken.class);
} catch (IOException e) {
throw new VerificationException(e);
}
diff --git a/core/src/main/java/org/keycloak/TokenIdGenerator.java b/core/src/main/java/org/keycloak/TokenIdGenerator.java
index f1b5e55..8ac61d3 100755
--- a/core/src/main/java/org/keycloak/TokenIdGenerator.java
+++ b/core/src/main/java/org/keycloak/TokenIdGenerator.java
@@ -9,6 +9,7 @@ import java.util.concurrent.atomic.AtomicLong;
*/
public class TokenIdGenerator {
private static final AtomicLong counter = new AtomicLong();
+
public static String generateId() {
return UUID.randomUUID().toString() + "-" + System.currentTimeMillis();
}
core/src/main/java/org/keycloak/util/Base64.java 2091(+2091 -0)
diff --git a/core/src/main/java/org/keycloak/util/Base64.java b/core/src/main/java/org/keycloak/util/Base64.java
new file mode 100755
index 0000000..dde2944
--- /dev/null
+++ b/core/src/main/java/org/keycloak/util/Base64.java
@@ -0,0 +1,2091 @@
+package org.keycloak.util;
+
+/**
+ * <p>Encodes and decodes to and from Base64 notation.</p>
+ * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>.</p>
+ * <p/>
+ * <p>Example:</p>
+ * <p/>
+ * <code>String encoded = Base64.encode( myByteArray );</code>
+ * <br />
+ * <code>byte[] myByteArray = Base64.decode( encoded );</code>
+ * <p/>
+ * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass
+ * several pieces of information to the encoder. In the "higher level" methods such as
+ * encodeBytes( bytes, options ) the options parameter can be used to indicate such
+ * things as first gzipping the bytes before encoding them, not inserting linefeeds,
+ * and encoding using the URL-safe and Ordered dialects.</p>
+ * <p/>
+ * <p>Note, according to <a href="http://www.faqs.org/rfcs/rfc3548.html">RFC3548</a>,
+ * Section 2.1, implementations should not add line feeds unless explicitly told
+ * to do so. I've got Base64 set to this behavior now, although earlier versions
+ * broke lines by default.</p>
+ * <p/>
+ * <p>The constants defined in Base64 can be OR-ed together to combine options, so you
+ * might make a call like this:</p>
+ * <p/>
+ * <code>String encoded = Base64.encodeBytes( mybytes, Base64.GZIP | Base64.DO_BREAK_LINES );</code>
+ * <p>to compress the data before encoding it and then making the output have newline characters.</p>
+ * <p>Also...</p>
+ * <code>String encoded = Base64.encodeBytes( crazyString.getBytes() );</code>
+ * <p/>
+ * <p/>
+ * <p/>
+ * <p>
+ * Change Log:
+ * </p>
+ * <ul>
+ * <li>v2.3.7 - Fixed subtle bug when base 64 input stream contained the
+ * value 01111111, which is an invalid base 64 character but should not
+ * throw an ArrayIndexOutOfBoundsException either. Led to discovery of
+ * mishandling (or potential for better handling) of other bad input
+ * characters. You should now get an IOException if you try decoding
+ * something that has bad characters in it.</li>
+ * <li>v2.3.6 - Fixed bug when breaking lines and the final byte of the encoded
+ * string ended in the last column; the buffer was not properly shrunk and
+ * contained an extra (null) byte that made it into the string.</li>
+ * <li>v2.3.5 - Fixed bug in {@link #encodeFromFile} where estimated buffer size
+ * was wrong for files of size 31, 34, and 37 bytes.</li>
+ * <li>v2.3.4 - Fixed bug when working with gzipped streams whereby flushing
+ * the Base64.OutputStream closed the Base64 encoding (by padding with equals
+ * signs) too soon. Also added an option to suppress the automatic decoding
+ * of gzipped streams. Also added experimental support for specifying a
+ * class loader when using the
+ * {@link #decodeToObject(String, int, ClassLoader)}
+ * method.</li>
+ * <li>v2.3.3 - Changed default char encoding to US-ASCII which reduces the internal Java
+ * footprint with its CharEncoders and so forth. Fixed some javadocs that were
+ * inconsistent. Removed imports and specified things like java.io.IOException
+ * explicitly inline.</li>
+ * <li>v2.3.2 - Reduced memory footprint! Finally refined the "guessing" of how big the
+ * final encoded data will be so that the code doesn't have to create two output
+ * arrays: an oversized initial one and then a final, exact-sized one. Big win
+ * when using the {@link #encodeBytesToBytes(byte[])} family of methods (and not
+ * using the gzip options which uses a different mechanism with streams and stuff).</li>
+ * <li>v2.3.1 - Added {@link #encodeBytesToBytes(byte[], int, int, int)} and some
+ * similar helper methods to be more efficient with memory by not returning a
+ * String but just a byte array.</li>
+ * <li>v2.3 - <strong>This is not a drop-in replacement!</strong> This is two years of comments
+ * and bug fixes queued up and finally executed. Thanks to everyone who sent
+ * me stuff, and I'm sorry I wasn't able to distribute your fixes to everyone else.
+ * Much bad coding was cleaned up including throwing exceptions where necessary
+ * instead of returning null values or something similar. Here are some changes
+ * that may affect you:
+ * <ul>
+ * <li><em>Does not break lines, by default.</em> This is to keep in compliance with
+ * <a href="http://www.faqs.org/rfcs/rfc3548.html">RFC3548</a>.</li>
+ * <li><em>Throws exceptions instead of returning null values.</em> Because some operations
+ * (especially those that may permit the GZIP option) use IO streams, there
+ * is a possiblity of an java.io.IOException being thrown. After some discussion and
+ * thought, I've changed the behavior of the methods to throw java.io.IOExceptions
+ * rather than return null if ever there's an error. I think this is more
+ * appropriate, though it will require some changes to your code. Sorry,
+ * it should have been done this way to begin with.</li>
+ * <li><em>Removed all references to System.out, System.err, and the like.</em>
+ * Shame on me. All I can say is sorry they were ever there.</li>
+ * <li><em>Throws NullPointerExceptions and IllegalArgumentExceptions</em> as needed
+ * such as when passed arrays are null or offsets are invalid.</li>
+ * <li>Cleaned up as much javadoc as I could to avoid any javadoc warnings.
+ * This was especially annoying before for people who were thorough in their
+ * own projects and then had gobs of javadoc warnings on this file.</li>
+ * </ul>
+ * <li>v2.2.1 - Fixed bug using URL_SAFE and ORDERED encodings. Fixed bug
+ * when using very small files (~< 40 bytes).</li>
+ * <li>v2.2 - Added some helper methods for encoding/decoding directly from
+ * one file to the next. Also added a main() method to support command line
+ * encoding/decoding from one file to the next. Also added these Base64 dialects:
+ * <ol>
+ * <li>The default is RFC3548 format.</li>
+ * <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.URLSAFE_FORMAT) generates
+ * URL and file name friendly format as described in Section 4 of RFC3548.
+ * http://www.faqs.org/rfcs/rfc3548.html</li>
+ * <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.ORDERED_FORMAT) generates
+ * URL and file name friendly format that preserves lexical ordering as described
+ * in http://www.faqs.org/qa/rfcc-1940.html</li>
+ * </ol>
+ * Special thanks to Jim Kellerman at <a href="http://www.powerset.com/">http://www.powerset.com/</a>
+ * for contributing the new Base64 dialects.
+ * </li>
+ * <p/>
+ * <li>v2.1 - Cleaned up javadoc comments and unused variables and methods. Added
+ * some convenience methods for reading and writing to and from files.</li>
+ * <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on systems
+ * with other encodings (like EBCDIC).</li>
+ * <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
+ * encoded data was a single byte.</li>
+ * <li>v2.0 - I got rid of methods that used booleans to set options.
+ * Now everything is more consolidated and cleaner. The code now detects
+ * when data that's being decoded is gzip-compressed and will decompress it
+ * automatically. Generally things are cleaner. You'll probably have to
+ * change some method calls that you were making to support the new
+ * options format (<tt>int</tt>s that you "OR" together).</li>
+ * <li>v1.5.1 - Fixed bug when decompressing and decoding to a
+ * byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.
+ * Added the ability to "suspend" encoding in the Output Stream so
+ * you can turn on and off the encoding if you need to embed base64
+ * data in an otherwise "normal" stream (like an XML file).</li>
+ * <li>v1.5 - Output stream pases on flush() command but doesn't do anything itself.
+ * This helps when using GZIP streams.
+ * Added the ability to GZip-compress objects before encoding them.</li>
+ * <li>v1.4 - Added helper methods to read/write files.</li>
+ * <li>v1.3.6 - Fixed OutputStream.flush() so that 'position' is reset.</li>
+ * <li>v1.3.5 - Added flag to turn on and off line breaks. Fixed bug in input stream
+ * where last buffer being read, if not completely full, was not returned.</li>
+ * <li>v1.3.4 - Fixed when "improperly padded stream" error was thrown at the wrong time.</li>
+ * <li>v1.3.3 - Fixed I/O streams which were totally messed up.</li>
+ * </ul>
+ * <p/>
+ * <p>
+ * I am placing this code in the Public Domain. Do with it as you will.
+ * This software comes with no guarantees or warranties but with
+ * plenty of well-wishing instead!
+ * Please visit <a href="http://iharder.net/base64">http://iharder.net/base64</a>
+ * periodically to check for updates or to contribute improvements.
+ * </p>
+ *
+ * @author Robert Harder
+ * @author rob@iharder.net
+ * @version 2.3.7
+ */
+public class Base64 {
+
+/* ******** P U B L I C F I E L D S ******** */
+
+
+ /**
+ * No options specified. Value is zero.
+ */
+ public final static int NO_OPTIONS = 0;
+
+ /**
+ * Specify encoding in first bit. Value is one.
+ */
+ public final static int ENCODE = 1;
+
+
+ /**
+ * Specify decoding in first bit. Value is zero.
+ */
+ public final static int DECODE = 0;
+
+
+ /**
+ * Specify that data should be gzip-compressed in second bit. Value is two.
+ */
+ public final static int GZIP = 2;
+
+ /**
+ * Specify that gzipped data should <em>not</em> be automatically gunzipped.
+ */
+ public final static int DONT_GUNZIP = 4;
+
+
+ /**
+ * Do break lines when encoding. Value is 8.
+ */
+ public final static int DO_BREAK_LINES = 8;
+
+ /**
+ * Encode using Base64-like encoding that is URL- and Filename-safe as described
+ * in Section 4 of RFC3548:
+ * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+ * It is important to note that data encoded this way is <em>not</em> officially valid Base64,
+ * or at the very least should not be called Base64 without also specifying that is
+ * was encoded using the URL- and Filename-safe dialect.
+ */
+ public final static int URL_SAFE = 16;
+
+
+ /**
+ * Encode using the special "ordered" dialect of Base64 described here:
+ * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+ */
+ public final static int ORDERED = 32;
+
+
+/* ******** P R I V A T E F I E L D S ******** */
+
+
+ /**
+ * Maximum line length (76) of Base64 output.
+ */
+ private final static int MAX_LINE_LENGTH = 76;
+
+
+ /**
+ * The equals sign (=) as a byte.
+ */
+ private final static byte EQUALS_SIGN = (byte) '=';
+
+
+ /**
+ * The new line character (\n) as a byte.
+ */
+ private final static byte NEW_LINE = (byte) '\n';
+
+
+ /**
+ * Preferred encoding.
+ */
+ private final static String PREFERRED_ENCODING = "US-ASCII";
+
+
+ private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+ private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
+
+
+/* ******** S T A N D A R D B A S E 6 4 A L P H A B E T ******** */
+
+ /**
+ * The 64 valid Base64 values.
+ */
+ /* Host platform me be something funny like EBCDIC, so we hardcode these values. */
+ private final static byte[] _STANDARD_ALPHABET = {
+ (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G',
+ (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+ (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
+ (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z',
+ (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g',
+ (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n',
+ (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u',
+ (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z',
+ (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5',
+ (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) '+', (byte) '/'
+ };
+
+
+ /**
+ * Translates a Base64 value to either its 6-bit reconstruction value
+ * or a negative number indicating some other meaning.
+ */
+ private final static byte[] _STANDARD_DECODABET = {
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 0 - 8
+ -5, -5, // Whitespace: Tab and Linefeed
+ -9, -9, // Decimal 11 - 12
+ -5, // Whitespace: Carriage Return
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+ -9, -9, -9, -9, -9, // Decimal 27 - 31
+ -5, // Whitespace: Space
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+ 62, // Plus sign at decimal 43
+ -9, -9, -9, // Decimal 44 - 46
+ 63, // Slash at decimal 47
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, // Numbers zero through nine
+ -9, -9, -9, // Decimal 58 - 60
+ -1, // Equals sign at decimal 61
+ -9, -9, -9, // Decimal 62 - 64
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, // Letters 'A' through 'N'
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, // Letters 'O' through 'Z'
+ -9, -9, -9, -9, -9, -9, // Decimal 91 - 96
+ 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a' through 'm'
+ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n' through 'z'
+ -9, -9, -9, -9, -9 // Decimal 123 - 127
+ , -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 140 - 152
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 153 - 165
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 166 - 178
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 179 - 191
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 192 - 204
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 205 - 217
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 218 - 230
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 231 - 243
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 // Decimal 244 - 255
+ };
+
+
+/* ******** U R L S A F E B A S E 6 4 A L P H A B E T ******** */
+
+ /**
+ * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548:
+ * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+ * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
+ */
+ private final static byte[] _URL_SAFE_ALPHABET = {
+ (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G',
+ (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+ (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
+ (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z',
+ (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g',
+ (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n',
+ (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u',
+ (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z',
+ (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5',
+ (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) '-', (byte) '_'
+ };
+
+ /**
+ * Used in decoding URL- and Filename-safe dialects of Base64.
+ */
+ private final static byte[] _URL_SAFE_DECODABET = {
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 0 - 8
+ -5, -5, // Whitespace: Tab and Linefeed
+ -9, -9, // Decimal 11 - 12
+ -5, // Whitespace: Carriage Return
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+ -9, -9, -9, -9, -9, // Decimal 27 - 31
+ -5, // Whitespace: Space
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+ -9, // Plus sign at decimal 43
+ -9, // Decimal 44
+ 62, // Minus sign at decimal 45
+ -9, // Decimal 46
+ -9, // Slash at decimal 47
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, // Numbers zero through nine
+ -9, -9, -9, // Decimal 58 - 60
+ -1, // Equals sign at decimal 61
+ -9, -9, -9, // Decimal 62 - 64
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, // Letters 'A' through 'N'
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, // Letters 'O' through 'Z'
+ -9, -9, -9, -9, // Decimal 91 - 94
+ 63, // Underscore at decimal 95
+ -9, // Decimal 96
+ 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a' through 'm'
+ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n' through 'z'
+ -9, -9, -9, -9, -9 // Decimal 123 - 127
+ , -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 140 - 152
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 153 - 165
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 166 - 178
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 179 - 191
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 192 - 204
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 205 - 217
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 218 - 230
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 231 - 243
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 // Decimal 244 - 255
+ };
+
+
+/* ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
+
+ /**
+ * I don't get the point of this technique, but someone requested it,
+ * and it is described here:
+ * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+ */
+ private final static byte[] _ORDERED_ALPHABET = {
+ (byte) '-',
+ (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4',
+ (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9',
+ (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G',
+ (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+ (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
+ (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z',
+ (byte) '_',
+ (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g',
+ (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n',
+ (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u',
+ (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z'
+ };
+
+ /**
+ * Used in decoding the "ordered" dialect of Base64.
+ */
+ private final static byte[] _ORDERED_DECODABET = {
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 0 - 8
+ -5, -5, // Whitespace: Tab and Linefeed
+ -9, -9, // Decimal 11 - 12
+ -5, // Whitespace: Carriage Return
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+ -9, -9, -9, -9, -9, // Decimal 27 - 31
+ -5, // Whitespace: Space
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+ -9, // Plus sign at decimal 43
+ -9, // Decimal 44
+ 0, // Minus sign at decimal 45
+ -9, // Decimal 46
+ -9, // Slash at decimal 47
+ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // Numbers zero through nine
+ -9, -9, -9, // Decimal 58 - 60
+ -1, // Equals sign at decimal 61
+ -9, -9, -9, // Decimal 62 - 64
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, // Letters 'A' through 'M'
+ 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, // Letters 'N' through 'Z'
+ -9, -9, -9, -9, // Decimal 91 - 94
+ 37, // Underscore at decimal 95
+ -9, // Decimal 96
+ 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, // Letters 'a' through 'm'
+ 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, // Letters 'n' through 'z'
+ -9, -9, -9, -9, -9 // Decimal 123 - 127
+ , -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 128 - 139
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 140 - 152
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 153 - 165
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 166 - 178
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 179 - 191
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 192 - 204
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 205 - 217
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 218 - 230
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 231 - 243
+ -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 // Decimal 244 - 255
+ };
+
+
+/* ******** D E T E R M I N E W H I C H A L H A B E T ******** */
+
+
+ /**
+ * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
+ * the options specified.
+ * It's possible, though silly, to specify ORDERED <b>and</b> URLSAFE
+ * in which case one of them will be picked, though there is
+ * no guarantee as to which one will be picked.
+ */
+ private final static byte[] getAlphabet(int options) {
+ if ((options & URL_SAFE) == URL_SAFE) {
+ return _URL_SAFE_ALPHABET;
+ } else if ((options & ORDERED) == ORDERED) {
+ return _ORDERED_ALPHABET;
+ } else {
+ return _STANDARD_ALPHABET;
+ }
+ } // end getAlphabet
+
+
+ /**
+ * Returns one of the _SOMETHING_DECODABET byte arrays depending on
+ * the options specified.
+ * It's possible, though silly, to specify ORDERED and URL_SAFE
+ * in which case one of them will be picked, though there is
+ * no guarantee as to which one will be picked.
+ */
+ private final static byte[] getDecodabet(int options) {
+ if ((options & URL_SAFE) == URL_SAFE) {
+ return _URL_SAFE_DECODABET;
+ } else if ((options & ORDERED) == ORDERED) {
+ return _ORDERED_DECODABET;
+ } else {
+ return _STANDARD_DECODABET;
+ }
+ } // end getAlphabet
+
+
+ /**
+ * Defeats instantiation.
+ */
+ private Base64() {
+ }
+
+
+/* ******** E N C O D I N G M E T H O D S ******** */
+
+
+ /**
+ * Encodes up to the first three bytes of array <var>threeBytes</var>
+ * and returns a four-byte array in Base64 notation.
+ * The actual number of significant bytes in your array is
+ * given by <var>numSigBytes</var>.
+ * The array <var>threeBytes</var> needs only be as big as
+ * <var>numSigBytes</var>.
+ * Code can reuse a byte array by passing a four-byte array as <var>b4</var>.
+ *
+ * @param b4 A reusable byte array to reduce array instantiation
+ * @param threeBytes the array to convert
+ * @param numSigBytes the number of significant bytes in your array
+ * @return four byte array in Base64 notation.
+ * @since 1.5.1
+ */
+ private static byte[] encode3to4(byte[] b4, byte[] threeBytes, int numSigBytes, int options) {
+ encode3to4(threeBytes, 0, numSigBytes, b4, 0, options);
+ return b4;
+ } // end encode3to4
+
+
+ /**
+ * <p>Encodes up to three bytes of the array <var>source</var>
+ * and writes the resulting four Base64 bytes to <var>destination</var>.
+ * The source and destination arrays can be manipulated
+ * anywhere along their length by specifying
+ * <var>srcOffset</var> and <var>destOffset</var>.
+ * This method does not check to make sure your arrays
+ * are large enough to accomodate <var>srcOffset</var> + 3 for
+ * the <var>source</var> array or <var>destOffset</var> + 4 for
+ * the <var>destination</var> array.
+ * The actual number of significant bytes in your array is
+ * given by <var>numSigBytes</var>.</p>
+ * <p>This is the lowest level of the encoding methods with
+ * all possible parameters.</p>
+ *
+ * @param source the array to convert
+ * @param srcOffset the index where conversion begins
+ * @param numSigBytes the number of significant bytes in your array
+ * @param destination the array to hold the conversion
+ * @param destOffset the index where output will be put
+ * @return the <var>destination</var> array
+ * @since 1.3
+ */
+ private static byte[] encode3to4(
+ byte[] source, int srcOffset, int numSigBytes,
+ byte[] destination, int destOffset, int options) {
+
+ byte[] ALPHABET = getAlphabet(options);
+
+ // 1 2 3
+ // 01234567890123456789012345678901 Bit position
+ // --------000000001111111122222222 Array position from threeBytes
+ // --------| || || || | Six bit groups to index ALPHABET
+ // >>18 >>12 >> 6 >> 0 Right shift necessary
+ // 0x3f 0x3f 0x3f Additional AND
+
+ // Create buffer with zero-padding if there are only one or two
+ // significant bytes passed in the array.
+ // We have to shift left 24 in order to flush out the 1's that appear
+ // when Java treats a value as negative that is cast from a byte to an int.
+ int inBuff = (numSigBytes > 0 ? ((source[srcOffset] << 24) >>> 8) : 0)
+ | (numSigBytes > 1 ? ((source[srcOffset + 1] << 24) >>> 16) : 0)
+ | (numSigBytes > 2 ? ((source[srcOffset + 2] << 24) >>> 24) : 0);
+
+ switch (numSigBytes) {
+ case 3:
+ destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+ destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f];
+ destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f];
+ destination[destOffset + 3] = ALPHABET[(inBuff) & 0x3f];
+ return destination;
+
+ case 2:
+ destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+ destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f];
+ destination[destOffset + 2] = ALPHABET[(inBuff >>> 6) & 0x3f];
+ destination[destOffset + 3] = EQUALS_SIGN;
+ return destination;
+
+ case 1:
+ destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+ destination[destOffset + 1] = ALPHABET[(inBuff >>> 12) & 0x3f];
+ destination[destOffset + 2] = EQUALS_SIGN;
+ destination[destOffset + 3] = EQUALS_SIGN;
+ return destination;
+
+ default:
+ return destination;
+ } // end switch
+ } // end encode3to4
+
+
+ /**
+ * Performs Base64 encoding on the <code>raw</code> ByteBuffer,
+ * writing it to the <code>encoded</code> ByteBuffer.
+ * This is an experimental feature. Currently it does not
+ * pass along any options (such as {@link #DO_BREAK_LINES}
+ * or {@link #GZIP}.
+ *
+ * @param raw input buffer
+ * @param encoded output buffer
+ * @since 2.3
+ */
+ public static void encode(java.nio.ByteBuffer raw, java.nio.ByteBuffer encoded) {
+ byte[] raw3 = new byte[3];
+ byte[] enc4 = new byte[4];
+
+ while (raw.hasRemaining()) {
+ int rem = Math.min(3, raw.remaining());
+ raw.get(raw3, 0, rem);
+ encode3to4(enc4, raw3, rem, NO_OPTIONS);
+ encoded.put(enc4);
+ } // end input remaining
+ }
+
+
+ /**
+ * Performs Base64 encoding on the <code>raw</code> ByteBuffer,
+ * writing it to the <code>encoded</code> CharBuffer.
+ * This is an experimental feature. Currently it does not
+ * pass along any options (such as {@link #DO_BREAK_LINES}
+ * or {@link #GZIP}.
+ *
+ * @param raw input buffer
+ * @param encoded output buffer
+ * @since 2.3
+ */
+ public static void encode(java.nio.ByteBuffer raw, java.nio.CharBuffer encoded) {
+ byte[] raw3 = new byte[3];
+ byte[] enc4 = new byte[4];
+
+ while (raw.hasRemaining()) {
+ int rem = Math.min(3, raw.remaining());
+ raw.get(raw3, 0, rem);
+ encode3to4(enc4, raw3, rem, Base64.NO_OPTIONS);
+ for (int i = 0; i < 4; i++) {
+ encoded.put((char) (enc4[i] & 0xFF));
+ }
+ } // end input remaining
+ }
+
+
+ /**
+ * Serializes an object and returns the Base64-encoded
+ * version of that serialized object.
+ * <p/>
+ * <p>As of v 2.3, if the object
+ * cannot be serialized or there is another error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned a null value, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ * <p/>
+ * The object is not GZip-compressed before being encoded.
+ *
+ * @param serializableObject The object to encode
+ * @return The Base64-encoded object
+ * @throws java.io.IOException if there is an error
+ * @throws NullPointerException if serializedObject is null
+ * @since 1.4
+ */
+ public static String encodeObject(java.io.Serializable serializableObject)
+ throws java.io.IOException {
+ return encodeObject(serializableObject, NO_OPTIONS);
+ } // end encodeObject
+
+
+ /**
+ * Serializes an object and returns the Base64-encoded
+ * version of that serialized object.
+ * <p/>
+ * <p>As of v 2.3, if the object
+ * cannot be serialized or there is another error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned a null value, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ * <p/>
+ * The object is not GZip-compressed before being encoded.
+ * <p/>
+ * Example options:<pre>
+ * GZIP: gzip-compresses object before encoding it.
+ * DO_BREAK_LINES: break lines at 76 characters
+ * </pre>
+ * <p/>
+ * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
+ * <p/>
+ * Example: <code>encodeObject( myObj, Base64.GZIP | Base64.DO_BREAK_LINES )</code>
+ *
+ * @param serializableObject The object to encode
+ * @param options Specified options
+ * @return The Base64-encoded object
+ * @throws java.io.IOException if there is an error
+ * @see #GZIP
+ * @see #DO_BREAK_LINES
+ * @since 2.0
+ */
+ public static String encodeObject(java.io.Serializable serializableObject, int options)
+ throws java.io.IOException {
+
+ if (serializableObject == null) {
+ throw new NullPointerException("Cannot serialize a null object.");
+ } // end if: null
+
+ // Streams
+ java.io.ByteArrayOutputStream baos = null;
+ java.io.OutputStream b64os = null;
+ java.util.zip.GZIPOutputStream gzos = null;
+ java.io.ObjectOutputStream oos = null;
+
+
+ try {
+ // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
+ baos = new java.io.ByteArrayOutputStream();
+ b64os = new OutputStream(baos, ENCODE | options);
+ if ((options & GZIP) != 0) {
+ // Gzip
+ gzos = new java.util.zip.GZIPOutputStream(b64os);
+ oos = new java.io.ObjectOutputStream(gzos);
+ } else {
+ // Not gzipped
+ oos = new java.io.ObjectOutputStream(b64os);
+ }
+ oos.writeObject(serializableObject);
+ } // end try
+ catch (java.io.IOException e) {
+ // Catch it and then throw it immediately so that
+ // the finally{} block is called for cleanup.
+ throw e;
+ } // end catch
+ finally {
+ try {
+ oos.close();
+ } catch (Exception e) {
+ }
+ try {
+ gzos.close();
+ } catch (Exception e) {
+ }
+ try {
+ b64os.close();
+ } catch (Exception e) {
+ }
+ try {
+ baos.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ // Return value according to relevant encoding.
+ try {
+ return new String(baos.toByteArray(), PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uue) {
+ // Fall back to some Java default
+ return new String(baos.toByteArray());
+ } // end catch
+
+ } // end encode
+
+
+ /**
+ * Encodes a byte array into Base64 notation.
+ * Does not GZip-compress data.
+ *
+ * @param source The data to convert
+ * @return The data in Base64-encoded form
+ * @throws NullPointerException if source array is null
+ * @since 1.4
+ */
+ public static String encodeBytes(byte[] source) {
+ // Since we're not going to have the GZIP encoding turned on,
+ // we're not going to have an java.io.IOException thrown, so
+ // we should not force the user to have to catch it.
+ String encoded = null;
+ try {
+ encoded = encodeBytes(source, 0, source.length, NO_OPTIONS);
+ } catch (java.io.IOException ex) {
+ assert false : ex.getMessage();
+ } // end catch
+ assert encoded != null;
+ return encoded;
+ } // end encodeBytes
+
+
+ /**
+ * Encodes a byte array into Base64 notation.
+ * <p>
+ * Example options:<pre>
+ * GZIP: gzip-compresses object before encoding it.
+ * DO_BREAK_LINES: break lines at 76 characters
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+ * <p>
+ * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DO_BREAK_LINES )</code>
+ * <p/>
+ * <p/>
+ * <p>As of v 2.3, if there is an error with the GZIP stream,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned a null value, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param source The data to convert
+ * @param options Specified options
+ * @return The Base64-encoded data as a String
+ * @throws java.io.IOException if there is an error
+ * @throws NullPointerException if source array is null
+ * @see #GZIP
+ * @see #DO_BREAK_LINES
+ * @since 2.0
+ */
+ public static String encodeBytes(byte[] source, int options) throws java.io.IOException {
+ return encodeBytes(source, 0, source.length, options);
+ } // end encodeBytes
+
+
+ /**
+ * Encodes a byte array into Base64 notation.
+ * Does not GZip-compress data.
+ * <p/>
+ * <p>As of v 2.3, if there is an error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned a null value, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param source The data to convert
+ * @param off Offset in array where conversion should begin
+ * @param len Length of data to convert
+ * @return The Base64-encoded data as a String
+ * @throws NullPointerException if source array is null
+ * @throws IllegalArgumentException if source array, offset, or length are invalid
+ * @since 1.4
+ */
+ public static String encodeBytes(byte[] source, int off, int len) {
+ // Since we're not going to have the GZIP encoding turned on,
+ // we're not going to have an java.io.IOException thrown, so
+ // we should not force the user to have to catch it.
+ String encoded = null;
+ try {
+ encoded = encodeBytes(source, off, len, NO_OPTIONS);
+ } catch (java.io.IOException ex) {
+ assert false : ex.getMessage();
+ } // end catch
+ assert encoded != null;
+ return encoded;
+ } // end encodeBytes
+
+
+ /**
+ * Encodes a byte array into Base64 notation.
+ * <p>
+ * Example options:<pre>
+ * GZIP: gzip-compresses object before encoding it.
+ * DO_BREAK_LINES: break lines at 76 characters
+ * <i>Note: Technically, this makes your encoding non-compliant.</i>
+ * </pre>
+ * <p>
+ * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+ * <p>
+ * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DO_BREAK_LINES )</code>
+ * <p/>
+ * <p/>
+ * <p>As of v 2.3, if there is an error with the GZIP stream,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned a null value, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param source The data to convert
+ * @param off Offset in array where conversion should begin
+ * @param len Length of data to convert
+ * @param options Specified options
+ * @return The Base64-encoded data as a String
+ * @throws java.io.IOException if there is an error
+ * @throws NullPointerException if source array is null
+ * @throws IllegalArgumentException if source array, offset, or length are invalid
+ * @see #GZIP
+ * @see #DO_BREAK_LINES
+ * @since 2.0
+ */
+ public static String encodeBytes(byte[] source, int off, int len, int options) throws java.io.IOException {
+ byte[] encoded = encodeBytesToBytes(source, off, len, options);
+
+ // Return value according to relevant encoding.
+ try {
+ return new String(encoded, PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uue) {
+ return new String(encoded);
+ } // end catch
+
+ } // end encodeBytes
+
+
+ /**
+ * Similar to {@link #encodeBytes(byte[])} but returns
+ * a byte array instead of instantiating a String. This is more efficient
+ * if you're working with I/O streams and have large data sets to encode.
+ *
+ * @param source The data to convert
+ * @return The Base64-encoded data as a byte[] (of ASCII characters)
+ * @throws NullPointerException if source array is null
+ * @since 2.3.1
+ */
+ public static byte[] encodeBytesToBytes(byte[] source) {
+ byte[] encoded = null;
+ try {
+ encoded = encodeBytesToBytes(source, 0, source.length, NO_OPTIONS);
+ } catch (java.io.IOException ex) {
+ assert false : "IOExceptions only come from GZipping, which is turned off: " + ex.getMessage();
+ }
+ return encoded;
+ }
+
+
+ /**
+ * Similar to {@link #encodeBytes(byte[], int, int, int)} but returns
+ * a byte array instead of instantiating a String. This is more efficient
+ * if you're working with I/O streams and have large data sets to encode.
+ *
+ * @param source The data to convert
+ * @param off Offset in array where conversion should begin
+ * @param len Length of data to convert
+ * @param options Specified options
+ * @return The Base64-encoded data as a String
+ * @throws java.io.IOException if there is an error
+ * @throws NullPointerException if source array is null
+ * @throws IllegalArgumentException if source array, offset, or length are invalid
+ * @see #GZIP
+ * @see #DO_BREAK_LINES
+ * @since 2.3.1
+ */
+ public static byte[] encodeBytesToBytes(byte[] source, int off, int len, int options) throws java.io.IOException {
+
+ if (source == null) {
+ throw new NullPointerException("Cannot serialize a null array.");
+ } // end if: null
+
+ if (off < 0) {
+ throw new IllegalArgumentException("Cannot have negative offset: " + off);
+ } // end if: off < 0
+
+ if (len < 0) {
+ throw new IllegalArgumentException("Cannot have length offset: " + len);
+ } // end if: len < 0
+
+ if (off + len > source.length) {
+ throw new IllegalArgumentException(
+ String.format("Cannot have offset of %d and length of %d with array of length %d", off, len, source.length));
+ } // end if: off < 0
+
+
+ // Compress?
+ if ((options & GZIP) != 0) {
+ java.io.ByteArrayOutputStream baos = null;
+ java.util.zip.GZIPOutputStream gzos = null;
+ OutputStream b64os = null;
+
+ try {
+ // GZip -> Base64 -> ByteArray
+ baos = new java.io.ByteArrayOutputStream();
+ b64os = new OutputStream(baos, ENCODE | options);
+ gzos = new java.util.zip.GZIPOutputStream(b64os);
+
+ gzos.write(source, off, len);
+ gzos.close();
+ } // end try
+ catch (java.io.IOException e) {
+ // Catch it and then throw it immediately so that
+ // the finally{} block is called for cleanup.
+ throw e;
+ } // end catch
+ finally {
+ try {
+ gzos.close();
+ } catch (Exception e) {
+ }
+ try {
+ b64os.close();
+ } catch (Exception e) {
+ }
+ try {
+ baos.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ return baos.toByteArray();
+ } // end if: compress
+
+ // Else, don't compress. Better not to use streams at all then.
+ else {
+ boolean breakLines = (options & DO_BREAK_LINES) != 0;
+
+ //int len43 = len * 4 / 3;
+ //byte[] outBuff = new byte[ ( len43 ) // Main 4:3
+ // + ( (len % 3) > 0 ? 4 : 0 ) // Account for padding
+ // + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines
+ // Try to determine more precisely how big the array needs to be.
+ // If we get it right, we don't have to do an array copy, and
+ // we save a bunch of memory.
+ int encLen = (len / 3) * 4 + (len % 3 > 0 ? 4 : 0); // Bytes needed for actual encoding
+ if (breakLines) {
+ encLen += encLen / MAX_LINE_LENGTH; // Plus extra newline characters
+ }
+ byte[] outBuff = new byte[encLen];
+
+
+ int d = 0;
+ int e = 0;
+ int len2 = len - 2;
+ int lineLength = 0;
+ for (; d < len2; d += 3, e += 4) {
+ encode3to4(source, d + off, 3, outBuff, e, options);
+
+ lineLength += 4;
+ if (breakLines && lineLength >= MAX_LINE_LENGTH) {
+ outBuff[e + 4] = NEW_LINE;
+ e++;
+ lineLength = 0;
+ } // end if: end of line
+ } // en dfor: each piece of array
+
+ if (d < len) {
+ encode3to4(source, d + off, len - d, outBuff, e, options);
+ e += 4;
+ } // end if: some padding needed
+
+
+ // Only resize array if we didn't guess it right.
+ if (e <= outBuff.length - 1) {
+ // If breaking lines and the last byte falls right at
+ // the line length (76 bytes per line), there will be
+ // one extra byte, and the array will need to be resized.
+ // Not too bad of an estimate on array size, I'd say.
+ byte[] finalOut = new byte[e];
+ System.arraycopy(outBuff, 0, finalOut, 0, e);
+ //System.err.println("Having to resize array from " + outBuff.length + " to " + e );
+ return finalOut;
+ } else {
+ //System.err.println("No need to resize array.");
+ return outBuff;
+ }
+
+ } // end else: don't compress
+
+ } // end encodeBytesToBytes
+
+
+/* ******** D E C O D I N G M E T H O D S ******** */
+
+
+ /**
+ * Decodes four bytes from array <var>source</var>
+ * and writes the resulting bytes (up to three of them)
+ * to <var>destination</var>.
+ * The source and destination arrays can be manipulated
+ * anywhere along their length by specifying
+ * <var>srcOffset</var> and <var>destOffset</var>.
+ * This method does not check to make sure your arrays
+ * are large enough to accomodate <var>srcOffset</var> + 4 for
+ * the <var>source</var> array or <var>destOffset</var> + 3 for
+ * the <var>destination</var> array.
+ * This method returns the actual number of bytes that
+ * were converted from the Base64 encoding.
+ * <p>This is the lowest level of the decoding methods with
+ * all possible parameters.</p>
+ *
+ * @param source the array to convert
+ * @param srcOffset the index where conversion begins
+ * @param destination the array to hold the conversion
+ * @param destOffset the index where output will be put
+ * @param options alphabet type is pulled from this (standard, url-safe, ordered)
+ * @return the number of decoded bytes converted
+ * @throws NullPointerException if source or destination arrays are null
+ * @throws IllegalArgumentException if srcOffset or destOffset are invalid
+ * or there is not enough room in the array.
+ * @since 1.3
+ */
+ private static int decode4to3(
+ byte[] source, int srcOffset,
+ byte[] destination, int destOffset, int options) {
+
+ // Lots of error checking and exception throwing
+ if (source == null) {
+ throw new NullPointerException("Source array was null.");
+ } // end if
+ if (destination == null) {
+ throw new NullPointerException("Destination array was null.");
+ } // end if
+ if (srcOffset < 0 || srcOffset + 3 >= source.length) {
+ throw new IllegalArgumentException(String.format(
+ "Source array with length %d cannot have offset of %d and still process four bytes.", source.length, srcOffset));
+ } // end if
+ if (destOffset < 0 || destOffset + 2 >= destination.length) {
+ throw new IllegalArgumentException(String.format(
+ "Destination array with length %d cannot have offset of %d and still store three bytes.", destination.length, destOffset));
+ } // end if
+
+
+ byte[] DECODABET = getDecodabet(options);
+
+ // Example: Dk==
+ if (source[srcOffset + 2] == EQUALS_SIGN) {
+ // Two ways to do the same thing. Don't know which way I like best.
+ //int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+ // | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
+ int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18)
+ | ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12);
+
+ destination[destOffset] = (byte) (outBuff >>> 16);
+ return 1;
+ }
+
+ // Example: DkL=
+ else if (source[srcOffset + 3] == EQUALS_SIGN) {
+ // Two ways to do the same thing. Don't know which way I like best.
+ //int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+ // | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+ // | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
+ int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18)
+ | ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12)
+ | ((DECODABET[source[srcOffset + 2]] & 0xFF) << 6);
+
+ destination[destOffset] = (byte) (outBuff >>> 16);
+ destination[destOffset + 1] = (byte) (outBuff >>> 8);
+ return 2;
+ }
+
+ // Example: DkLE
+ else {
+ // Two ways to do the same thing. Don't know which way I like best.
+ //int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+ // | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+ // | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
+ // | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
+ int outBuff = ((DECODABET[source[srcOffset]] & 0xFF) << 18)
+ | ((DECODABET[source[srcOffset + 1]] & 0xFF) << 12)
+ | ((DECODABET[source[srcOffset + 2]] & 0xFF) << 6)
+ | ((DECODABET[source[srcOffset + 3]] & 0xFF));
+
+
+ destination[destOffset] = (byte) (outBuff >> 16);
+ destination[destOffset + 1] = (byte) (outBuff >> 8);
+ destination[destOffset + 2] = (byte) (outBuff);
+
+ return 3;
+ }
+ } // end decodeToBytes
+
+
+ /**
+ * Low-level access to decoding ASCII characters in
+ * the form of a byte array. <strong>Ignores GUNZIP option, if
+ * it's set.</strong> This is not generally a recommended method,
+ * although it is used internally as part of the decoding process.
+ * Special case: if len = 0, an empty array is returned. Still,
+ * if you need more speed and reduced memory footprint (and aren't
+ * gzipping), consider this method.
+ *
+ * @param source The Base64 encoded data
+ * @return decoded data
+ * @since 2.3.1
+ */
+ public static byte[] decode(byte[] source)
+ throws java.io.IOException {
+ byte[] decoded = null;
+// try {
+ decoded = decode(source, 0, source.length, NO_OPTIONS);
+// } catch( java.io.IOException ex ) {
+// assert false : "IOExceptions only come from GZipping, which is turned off: " + ex.getMessage();
+// }
+ return decoded;
+ }
+
+
+ /**
+ * Low-level access to decoding ASCII characters in
+ * the form of a byte array. <strong>Ignores GUNZIP option, if
+ * it's set.</strong> This is not generally a recommended method,
+ * although it is used internally as part of the decoding process.
+ * Special case: if len = 0, an empty array is returned. Still,
+ * if you need more speed and reduced memory footprint (and aren't
+ * gzipping), consider this method.
+ *
+ * @param source The Base64 encoded data
+ * @param off The offset of where to begin decoding
+ * @param len The length of characters to decode
+ * @param options Can specify options such as alphabet type to use
+ * @return decoded data
+ * @throws java.io.IOException If bogus characters exist in source data
+ * @since 1.3
+ */
+ public static byte[] decode(byte[] source, int off, int len, int options)
+ throws java.io.IOException {
+
+ // Lots of error checking and exception throwing
+ if (source == null) {
+ throw new NullPointerException("Cannot decode null source array.");
+ } // end if
+ if (off < 0 || off + len > source.length) {
+ throw new IllegalArgumentException(String.format(
+ "Source array with length %d cannot have offset of %d and process %d bytes.", source.length, off, len));
+ } // end if
+
+ if (len == 0) {
+ return new byte[0];
+ } else if (len < 4) {
+ throw new IllegalArgumentException(
+ "Base64-encoded string must have at least four characters, but length specified was " + len);
+ } // end if
+
+ byte[] DECODABET = getDecodabet(options);
+
+ int len34 = len * 3 / 4; // Estimate on array size
+ byte[] outBuff = new byte[len34]; // Upper limit on size of output
+ int outBuffPosn = 0; // Keep track of where we're writing
+
+ byte[] b4 = new byte[4]; // Four byte buffer from source, eliminating white space
+ int b4Posn = 0; // Keep track of four byte input buffer
+ int i = 0; // Source array counter
+ byte sbiDecode = 0; // Special value from DECODABET
+
+ for (i = off; i < off + len; i++) { // Loop through source
+
+ sbiDecode = DECODABET[source[i] & 0xFF];
+
+ // White space, Equals sign, or legit Base64 character
+ // Note the values such as -5 and -9 in the
+ // DECODABETs at the top of the file.
+ if (sbiDecode >= WHITE_SPACE_ENC) {
+ if (sbiDecode >= EQUALS_SIGN_ENC) {
+ b4[b4Posn++] = source[i]; // Save non-whitespace
+ if (b4Posn > 3) { // Time to decode?
+ outBuffPosn += decode4to3(b4, 0, outBuff, outBuffPosn, options);
+ b4Posn = 0;
+
+ // If that was the equals sign, break out of 'for' loop
+ if (source[i] == EQUALS_SIGN) {
+ break;
+ } // end if: equals sign
+ } // end if: quartet built
+ } // end if: equals sign or better
+ } // end if: white space, equals sign or better
+ else {
+ // There's a bad input character in the Base64 stream.
+ throw new java.io.IOException(String.format(
+ "Bad Base64 input character decimal %d in array position %d", ((int) source[i]) & 0xFF, i));
+ } // end else:
+ } // each input character
+
+ byte[] out = new byte[outBuffPosn];
+ System.arraycopy(outBuff, 0, out, 0, outBuffPosn);
+ return out;
+ } // end decode
+
+
+ /**
+ * Decodes data from Base64 notation, automatically
+ * detecting gzip-compressed data and decompressing it.
+ *
+ * @param s the string to decode
+ * @return the decoded data
+ * @throws java.io.IOException If there is a problem
+ * @since 1.4
+ */
+ public static byte[] decode(String s) throws java.io.IOException {
+ return decode(s, NO_OPTIONS);
+ }
+
+
+ /**
+ * Decodes data from Base64 notation, automatically
+ * detecting gzip-compressed data and decompressing it.
+ *
+ * @param s the string to decode
+ * @param options encode options such as URL_SAFE
+ * @return the decoded data
+ * @throws java.io.IOException if there is an error
+ * @throws NullPointerException if <tt>s</tt> is null
+ * @since 1.4
+ */
+ public static byte[] decode(String s, int options) throws java.io.IOException {
+
+ if (s == null) {
+ throw new NullPointerException("Input string was null.");
+ } // end if
+
+ byte[] bytes;
+ try {
+ bytes = s.getBytes(PREFERRED_ENCODING);
+ } // end try
+ catch (java.io.UnsupportedEncodingException uee) {
+ bytes = s.getBytes();
+ } // end catch
+ //</change>
+
+ // Decode
+ bytes = decode(bytes, 0, bytes.length, options);
+
+ // Check to see if it's gzip-compressed
+ // GZIP Magic Two-Byte Number: 0x8b1f (35615)
+ boolean dontGunzip = (options & DONT_GUNZIP) != 0;
+ if ((bytes != null) && (bytes.length >= 4) && (!dontGunzip)) {
+
+ int head = ((int) bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);
+ if (java.util.zip.GZIPInputStream.GZIP_MAGIC == head) {
+ java.io.ByteArrayInputStream bais = null;
+ java.util.zip.GZIPInputStream gzis = null;
+ java.io.ByteArrayOutputStream baos = null;
+ byte[] buffer = new byte[2048];
+ int length = 0;
+
+ try {
+ baos = new java.io.ByteArrayOutputStream();
+ bais = new java.io.ByteArrayInputStream(bytes);
+ gzis = new java.util.zip.GZIPInputStream(bais);
+
+ while ((length = gzis.read(buffer)) >= 0) {
+ baos.write(buffer, 0, length);
+ } // end while: reading input
+
+ // No error? Get new bytes.
+ bytes = baos.toByteArray();
+
+ } // end try
+ catch (java.io.IOException e) {
+ e.printStackTrace();
+ // Just return originally-decoded bytes
+ } // end catch
+ finally {
+ try {
+ baos.close();
+ } catch (Exception e) {
+ }
+ try {
+ gzis.close();
+ } catch (Exception e) {
+ }
+ try {
+ bais.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ } // end if: gzipped
+ } // end if: bytes.length >= 2
+
+ return bytes;
+ } // end decode
+
+
+ /**
+ * Attempts to decode Base64 data and deserialize a Java
+ * Object within. Returns <tt>null</tt> if there was an error.
+ *
+ * @param encodedObject The Base64 data to decode
+ * @return The decoded and deserialized object
+ * @throws NullPointerException if encodedObject is null
+ * @throws java.io.IOException if there is a general error
+ * @throws ClassNotFoundException if the decoded object is of a
+ * class that cannot be found by the JVM
+ * @since 1.5
+ */
+ public static Object decodeToObject(String encodedObject)
+ throws java.io.IOException, ClassNotFoundException {
+ return decodeToObject(encodedObject, NO_OPTIONS, null);
+ }
+
+
+ /**
+ * Attempts to decode Base64 data and deserialize a Java
+ * Object within. Returns <tt>null</tt> if there was an error.
+ * If <tt>loader</tt> is not null, it will be the class loader
+ * used when deserializing.
+ *
+ * @param encodedObject The Base64 data to decode
+ * @param options Various parameters related to decoding
+ * @param loader Optional class loader to use in deserializing classes.
+ * @return The decoded and deserialized object
+ * @throws NullPointerException if encodedObject is null
+ * @throws java.io.IOException if there is a general error
+ * @throws ClassNotFoundException if the decoded object is of a
+ * class that cannot be found by the JVM
+ * @since 2.3.4
+ */
+ public static Object decodeToObject(
+ String encodedObject, int options, final ClassLoader loader)
+ throws java.io.IOException, ClassNotFoundException {
+
+ // Decode and gunzip if necessary
+ byte[] objBytes = decode(encodedObject, options);
+
+ java.io.ByteArrayInputStream bais = null;
+ java.io.ObjectInputStream ois = null;
+ Object obj = null;
+
+ try {
+ bais = new java.io.ByteArrayInputStream(objBytes);
+
+ // If no custom class loader is provided, use Java's builtin OIS.
+ if (loader == null) {
+ ois = new java.io.ObjectInputStream(bais);
+ } // end if: no loader provided
+
+ // Else make a customized object input stream that uses
+ // the provided class loader.
+ else {
+ ois = new java.io.ObjectInputStream(bais) {
+ @Override
+ public Class<?> resolveClass(java.io.ObjectStreamClass streamClass)
+ throws java.io.IOException, ClassNotFoundException {
+ Class c = Class.forName(streamClass.getName(), false, loader);
+ if (c == null) {
+ return super.resolveClass(streamClass);
+ } else {
+ return c; // Class loader knows of this class.
+ } // end else: not null
+ } // end resolveClass
+ }; // end ois
+ } // end else: no custom class loader
+
+ obj = ois.readObject();
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and throw in order to execute finally{}
+ } // end catch
+ catch (ClassNotFoundException e) {
+ throw e; // Catch and throw in order to execute finally{}
+ } // end catch
+ finally {
+ try {
+ bais.close();
+ } catch (Exception e) {
+ }
+ try {
+ ois.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ return obj;
+ } // end decodeObject
+
+
+ /**
+ * Convenience method for encoding data to a file.
+ * <p/>
+ * <p>As of v 2.3, if there is a error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned false, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param dataToEncode byte array of data to encode in base64 form
+ * @param filename Filename for saving encoded data
+ * @throws java.io.IOException if there is an error
+ * @throws NullPointerException if dataToEncode is null
+ * @since 2.1
+ */
+ public static void encodeToFile(byte[] dataToEncode, String filename)
+ throws java.io.IOException {
+
+ if (dataToEncode == null) {
+ throw new NullPointerException("Data to encode was null.");
+ } // end iff
+
+ OutputStream bos = null;
+ try {
+ bos = new OutputStream(
+ new java.io.FileOutputStream(filename), ENCODE);
+ bos.write(dataToEncode);
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and throw to execute finally{} block
+ } // end catch: java.io.IOException
+ finally {
+ try {
+ bos.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ } // end encodeToFile
+
+
+ /**
+ * Convenience method for decoding data to a file.
+ * <p/>
+ * <p>As of v 2.3, if there is a error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned false, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param dataToDecode Base64-encoded data as a string
+ * @param filename Filename for saving decoded data
+ * @throws java.io.IOException if there is an error
+ * @since 2.1
+ */
+ public static void decodeToFile(String dataToDecode, String filename)
+ throws java.io.IOException {
+
+ OutputStream bos = null;
+ try {
+ bos = new OutputStream(
+ new java.io.FileOutputStream(filename), DECODE);
+ bos.write(dataToDecode.getBytes(PREFERRED_ENCODING));
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and throw to execute finally{} block
+ } // end catch: java.io.IOException
+ finally {
+ try {
+ bos.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ } // end decodeToFile
+
+
+ /**
+ * Convenience method for reading a base64-encoded
+ * file and decoding it.
+ * <p/>
+ * <p>As of v 2.3, if there is a error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned false, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param filename Filename for reading encoded data
+ * @return decoded byte array
+ * @throws java.io.IOException if there is an error
+ * @since 2.1
+ */
+ public static byte[] decodeFromFile(String filename)
+ throws java.io.IOException {
+
+ byte[] decodedData = null;
+ InputStream bis = null;
+ try {
+ // Set up some useful variables
+ java.io.File file = new java.io.File(filename);
+ byte[] buffer = null;
+ int length = 0;
+ int numBytes = 0;
+
+ // Check for size of file
+ if (file.length() > Integer.MAX_VALUE) {
+ throw new java.io.IOException("File is too big for this convenience method (" + file.length() + " bytes).");
+ } // end if: file too big for int index
+ buffer = new byte[(int) file.length()];
+
+ // Open a stream
+ bis = new InputStream(
+ new java.io.BufferedInputStream(
+ new java.io.FileInputStream(file)), DECODE);
+
+ // Read until done
+ while ((numBytes = bis.read(buffer, length, 4096)) >= 0) {
+ length += numBytes;
+ } // end while
+
+ // Save in a variable to return
+ decodedData = new byte[length];
+ System.arraycopy(buffer, 0, decodedData, 0, length);
+
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and release to execute finally{}
+ } // end catch: java.io.IOException
+ finally {
+ try {
+ bis.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ return decodedData;
+ } // end decodeFromFile
+
+
+ /**
+ * Convenience method for reading a binary file
+ * and base64-encoding it.
+ * <p/>
+ * <p>As of v 2.3, if there is a error,
+ * the method will throw an java.io.IOException. <b>This is new to v2.3!</b>
+ * In earlier versions, it just returned false, but
+ * in retrospect that's a pretty poor way to handle it.</p>
+ *
+ * @param filename Filename for reading binary data
+ * @return base64-encoded string
+ * @throws java.io.IOException if there is an error
+ * @since 2.1
+ */
+ public static String encodeFromFile(String filename)
+ throws java.io.IOException {
+
+ String encodedData = null;
+ InputStream bis = null;
+ try {
+ // Set up some useful variables
+ java.io.File file = new java.io.File(filename);
+ byte[] buffer = new byte[Math.max((int) (file.length() * 1.4 + 1), 40)]; // Need max() for math on small files (v2.2.1); Need +1 for a few corner cases (v2.3.5)
+ int length = 0;
+ int numBytes = 0;
+
+ // Open a stream
+ bis = new InputStream(
+ new java.io.BufferedInputStream(
+ new java.io.FileInputStream(file)), ENCODE);
+
+ // Read until done
+ while ((numBytes = bis.read(buffer, length, 4096)) >= 0) {
+ length += numBytes;
+ } // end while
+
+ // Save in a variable to return
+ encodedData = new String(buffer, 0, length, PREFERRED_ENCODING);
+
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and release to execute finally{}
+ } // end catch: java.io.IOException
+ finally {
+ try {
+ bis.close();
+ } catch (Exception e) {
+ }
+ } // end finally
+
+ return encodedData;
+ } // end encodeFromFile
+
+ /**
+ * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
+ *
+ * @param infile Input file
+ * @param outfile Output file
+ * @throws java.io.IOException if there is an error
+ * @since 2.2
+ */
+ public static void encodeFileToFile(String infile, String outfile)
+ throws java.io.IOException {
+
+ String encoded = encodeFromFile(infile);
+ java.io.OutputStream out = null;
+ try {
+ out = new java.io.BufferedOutputStream(
+ new java.io.FileOutputStream(outfile));
+ out.write(encoded.getBytes("US-ASCII")); // Strict, 7-bit output.
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and release to execute finally{}
+ } // end catch
+ finally {
+ try {
+ out.close();
+ } catch (Exception ex) {
+ }
+ } // end finally
+ } // end encodeFileToFile
+
+
+ /**
+ * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
+ *
+ * @param infile Input file
+ * @param outfile Output file
+ * @throws java.io.IOException if there is an error
+ * @since 2.2
+ */
+ public static void decodeFileToFile(String infile, String outfile)
+ throws java.io.IOException {
+
+ byte[] decoded = decodeFromFile(infile);
+ java.io.OutputStream out = null;
+ try {
+ out = new java.io.BufferedOutputStream(
+ new java.io.FileOutputStream(outfile));
+ out.write(decoded);
+ } // end try
+ catch (java.io.IOException e) {
+ throw e; // Catch and release to execute finally{}
+ } // end catch
+ finally {
+ try {
+ out.close();
+ } catch (Exception ex) {
+ }
+ } // end finally
+ } // end decodeFileToFile
+
+
+ /* ******** I N N E R C L A S S I N P U T S T R E A M ******** */
+
+
+ /**
+ * A {@link InputStream} will read data from another
+ * <tt>java.io.InputStream</tt>, given in the constructor,
+ * and encode/decode to/from Base64 notation on the fly.
+ *
+ * @see Base64
+ * @since 1.3
+ */
+ public static class InputStream extends java.io.FilterInputStream {
+
+ private boolean encode; // Encoding or decoding
+ private int position; // Current position in the buffer
+ private byte[] buffer; // Small buffer holding converted data
+ private int bufferLength; // Length of buffer (3 or 4)
+ private int numSigBytes; // Number of meaningful bytes in the buffer
+ private int lineLength;
+ private boolean breakLines; // Break lines at less than 80 characters
+ private int options; // Record options used to create the stream.
+ private byte[] decodabet; // Local copies to avoid extra method calls
+
+
+ /**
+ * Constructs a {@link InputStream} in DECODE mode.
+ *
+ * @param in the <tt>java.io.InputStream</tt> from which to read data.
+ * @since 1.3
+ */
+ public InputStream(java.io.InputStream in) {
+ this(in, DECODE);
+ } // end constructor
+
+
+ /**
+ * Constructs a {@link InputStream} in
+ * either ENCODE or DECODE mode.
+ * <p/>
+ * Valid options:<pre>
+ * ENCODE or DECODE: Encode or Decode as data is read.
+ * DO_BREAK_LINES: break lines at 76 characters
+ * (only meaningful when encoding)</i>
+ * </pre>
+ * <p/>
+ * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
+ *
+ * @param in the <tt>java.io.InputStream</tt> from which to read data.
+ * @param options Specified options
+ * @see #ENCODE
+ * @see #DECODE
+ * @see #DO_BREAK_LINES
+ * @since 2.0
+ */
+ public InputStream(java.io.InputStream in, int options) {
+
+ super(in);
+ this.options = options; // Record for later
+ this.breakLines = (options & DO_BREAK_LINES) > 0;
+ this.encode = (options & ENCODE) > 0;
+ this.bufferLength = encode ? 4 : 3;
+ this.buffer = new byte[bufferLength];
+ this.position = -1;
+ this.lineLength = 0;
+ this.decodabet = getDecodabet(options);
+ } // end constructor
+
+ /**
+ * Reads enough of the input stream to convert
+ * to/from Base64 and returns the next byte.
+ *
+ * @return next byte
+ * @since 1.3
+ */
+ @Override
+ public int read() throws java.io.IOException {
+
+ // Do we need to get data?
+ if (position < 0) {
+ if (encode) {
+ byte[] b3 = new byte[3];
+ int numBinaryBytes = 0;
+ for (int i = 0; i < 3; i++) {
+ int b = in.read();
+
+ // If end of stream, b is -1.
+ if (b >= 0) {
+ b3[i] = (byte) b;
+ numBinaryBytes++;
+ } else {
+ break; // out of for loop
+ } // end else: end of stream
+
+ } // end for: each needed input byte
+
+ if (numBinaryBytes > 0) {
+ encode3to4(b3, 0, numBinaryBytes, buffer, 0, options);
+ position = 0;
+ numSigBytes = 4;
+ } // end if: got data
+ else {
+ return -1; // Must be end of stream
+ } // end else
+ } // end if: encoding
+
+ // Else decoding
+ else {
+ byte[] b4 = new byte[4];
+ int i = 0;
+ for (i = 0; i < 4; i++) {
+ // Read four "meaningful" bytes:
+ int b = 0;
+ do {
+ b = in.read();
+ }
+ while (b >= 0 && decodabet[b & 0x7f] <= WHITE_SPACE_ENC);
+
+ if (b < 0) {
+ break; // Reads a -1 if end of stream
+ } // end if: end of stream
+
+ b4[i] = (byte) b;
+ } // end for: each needed input byte
+
+ if (i == 4) {
+ numSigBytes = decode4to3(b4, 0, buffer, 0, options);
+ position = 0;
+ } // end if: got four characters
+ else if (i == 0) {
+ return -1;
+ } // end else if: also padded correctly
+ else {
+ // Must have broken out from above.
+ throw new java.io.IOException("Improperly padded Base64 input.");
+ } // end
+
+ } // end else: decode
+ } // end else: get data
+
+ // Got data?
+ if (position >= 0) {
+ // End of relevant data?
+ if ( /*!encode &&*/ position >= numSigBytes) {
+ return -1;
+ } // end if: got data
+
+ if (encode && breakLines && lineLength >= MAX_LINE_LENGTH) {
+ lineLength = 0;
+ return '\n';
+ } // end if
+ else {
+ lineLength++; // This isn't important when decoding
+ // but throwing an extra "if" seems
+ // just as wasteful.
+
+ int b = buffer[position++];
+
+ if (position >= bufferLength) {
+ position = -1;
+ } // end if: end
+
+ return b & 0xFF; // This is how you "cast" a byte that's
+ // intended to be unsigned.
+ } // end else
+ } // end if: position >= 0
+
+ // Else error
+ else {
+ throw new java.io.IOException("Error in Base64 code reading stream.");
+ } // end else
+ } // end read
+
+
+ /**
+ * Calls {@link #read()} repeatedly until the end of stream
+ * is reached or <var>len</var> bytes are read.
+ * Returns number of bytes read into array or -1 if
+ * end of stream is encountered.
+ *
+ * @param dest array to hold values
+ * @param off offset for array
+ * @param len max number of bytes to read into array
+ * @return bytes read into array or -1 if end of stream is encountered.
+ * @since 1.3
+ */
+ @Override
+ public int read(byte[] dest, int off, int len)
+ throws java.io.IOException {
+ int i;
+ int b;
+ for (i = 0; i < len; i++) {
+ b = read();
+
+ if (b >= 0) {
+ dest[off + i] = (byte) b;
+ } else if (i == 0) {
+ return -1;
+ } else {
+ break; // Out of 'for' loop
+ } // Out of 'for' loop
+ } // end for: each byte read
+ return i;
+ } // end read
+
+ } // end inner class InputStream
+
+
+ /* ******** I N N E R C L A S S O U T P U T S T R E A M ******** */
+
+
+ /**
+ * A {@link OutputStream} will write data to another
+ * <tt>java.io.OutputStream</tt>, given in the constructor,
+ * and encode/decode to/from Base64 notation on the fly.
+ *
+ * @see Base64
+ * @since 1.3
+ */
+ public static class OutputStream extends java.io.FilterOutputStream {
+
+ private boolean encode;
+ private int position;
+ private byte[] buffer;
+ private int bufferLength;
+ private int lineLength;
+ private boolean breakLines;
+ private byte[] b4; // Scratch used in a few places
+ private boolean suspendEncoding;
+ private int options; // Record for later
+ private byte[] decodabet; // Local copies to avoid extra method calls
+
+ /**
+ * Constructs a {@link OutputStream} in ENCODE mode.
+ *
+ * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+ * @since 1.3
+ */
+ public OutputStream(java.io.OutputStream out) {
+ this(out, ENCODE);
+ } // end constructor
+
+
+ /**
+ * Constructs a {@link OutputStream} in
+ * either ENCODE or DECODE mode.
+ * <p/>
+ * Valid options:<pre>
+ * ENCODE or DECODE: Encode or Decode as data is read.
+ * DO_BREAK_LINES: don't break lines at 76 characters
+ * (only meaningful when encoding)</i>
+ * </pre>
+ * <p/>
+ * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
+ *
+ * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+ * @param options Specified options.
+ * @see #ENCODE
+ * @see #DECODE
+ * @see #DO_BREAK_LINES
+ * @since 1.3
+ */
+ public OutputStream(java.io.OutputStream out, int options) {
+ super(out);
+ this.breakLines = (options & DO_BREAK_LINES) != 0;
+ this.encode = (options & ENCODE) != 0;
+ this.bufferLength = encode ? 3 : 4;
+ this.buffer = new byte[bufferLength];
+ this.position = 0;
+ this.lineLength = 0;
+ this.suspendEncoding = false;
+ this.b4 = new byte[4];
+ this.options = options;
+ this.decodabet = getDecodabet(options);
+ } // end constructor
+
+
+ /**
+ * Writes the byte to the output stream after
+ * converting to/from Base64 notation.
+ * When encoding, bytes are buffered three
+ * at a time before the output stream actually
+ * gets a write() call.
+ * When decoding, bytes are buffered four
+ * at a time.
+ *
+ * @param theByte the byte to write
+ * @since 1.3
+ */
+ @Override
+ public void write(int theByte)
+ throws java.io.IOException {
+ // Encoding suspended?
+ if (suspendEncoding) {
+ this.out.write(theByte);
+ return;
+ } // end if: supsended
+
+ // Encode?
+ if (encode) {
+ buffer[position++] = (byte) theByte;
+ if (position >= bufferLength) { // Enough to encode.
+
+ this.out.write(encode3to4(b4, buffer, bufferLength, options));
+
+ lineLength += 4;
+ if (breakLines && lineLength >= MAX_LINE_LENGTH) {
+ this.out.write(NEW_LINE);
+ lineLength = 0;
+ } // end if: end of line
+
+ position = 0;
+ } // end if: enough to output
+ } // end if: encoding
+
+ // Else, Decoding
+ else {
+ // Meaningful Base64 character?
+ if (decodabet[theByte & 0x7f] > WHITE_SPACE_ENC) {
+ buffer[position++] = (byte) theByte;
+ if (position >= bufferLength) { // Enough to output.
+
+ int len = decode4to3(buffer, 0, b4, 0, options);
+ out.write(b4, 0, len);
+ position = 0;
+ } // end if: enough to output
+ } // end if: meaningful base64 character
+ else if (decodabet[theByte & 0x7f] != WHITE_SPACE_ENC) {
+ throw new java.io.IOException("Invalid character in Base64 data.");
+ } // end else: not white space either
+ } // end else: decoding
+ } // end write
+
+
+ /**
+ * Calls {@link #write(int)} repeatedly until <var>len</var>
+ * bytes are written.
+ *
+ * @param theBytes array from which to read bytes
+ * @param off offset for array
+ * @param len max number of bytes to read into array
+ * @since 1.3
+ */
+ @Override
+ public void write(byte[] theBytes, int off, int len)
+ throws java.io.IOException {
+ // Encoding suspended?
+ if (suspendEncoding) {
+ this.out.write(theBytes, off, len);
+ return;
+ } // end if: supsended
+
+ for (int i = 0; i < len; i++) {
+ write(theBytes[off + i]);
+ } // end for: each byte written
+
+ } // end write
+
+
+ /**
+ * Method added by PHIL. [Thanks, PHIL. -Rob]
+ * This pads the buffer without closing the stream.
+ *
+ * @throws java.io.IOException if there's an error.
+ */
+ public void flushBase64() throws java.io.IOException {
+ if (position > 0) {
+ if (encode) {
+ out.write(encode3to4(b4, buffer, position, options));
+ position = 0;
+ } // end if: encoding
+ else {
+ throw new java.io.IOException("Base64 input not properly padded.");
+ } // end else: decoding
+ } // end if: buffer partially full
+
+ } // end flush
+
+
+ /**
+ * Flushes and closes (I think, in the superclass) the stream.
+ *
+ * @since 1.3
+ */
+ @Override
+ public void close() throws java.io.IOException {
+ // 1. Ensure that pending characters are written
+ flushBase64();
+
+ // 2. Actually close the stream
+ // Base class both flushes and closes.
+ super.close();
+
+ buffer = null;
+ out = null;
+ } // end close
+
+
+ /**
+ * Suspends encoding of the stream.
+ * May be helpful if you need to embed a piece of
+ * base64-encoded data in a stream.
+ *
+ * @throws java.io.IOException if there's an error flushing
+ * @since 1.5.1
+ */
+ public void suspendEncoding() throws java.io.IOException {
+ flushBase64();
+ this.suspendEncoding = true;
+ } // end suspendEncoding
+
+
+ /**
+ * Resumes encoding of the stream.
+ * May be helpful if you need to embed a piece of
+ * base64-encoded data in a stream.
+ *
+ * @since 1.5.1
+ */
+ public void resumeEncoding() {
+ this.suspendEncoding = false;
+ } // end resumeEncoding
+
+
+ } // end inner class OutputStream
+
+
+} // end class Base64
diff --git a/core/src/main/java/org/keycloak/util/Base64Url.java b/core/src/main/java/org/keycloak/util/Base64Url.java
new file mode 100755
index 0000000..15d2d77
--- /dev/null
+++ b/core/src/main/java/org/keycloak/util/Base64Url.java
@@ -0,0 +1,42 @@
+package org.keycloak.util;
+
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class Base64Url {
+ public static String encode(byte[] bytes) {
+ String s = Base64.encodeBytes(bytes);
+ s = s.split("=")[0]; // Remove any trailing '='s
+ s = s.replace('+', '-'); // 62nd char of encoding
+ s = s.replace('/', '_'); // 63rd char of encoding
+ return s;
+ }
+
+ public static byte[] decode(String s) {
+ s = s.replace('-', '+'); // 62nd char of encoding
+ s = s.replace('_', '/'); // 63rd char of encoding
+ switch (s.length() % 4) // Pad with trailing '='s
+ {
+ case 0:
+ break; // No pad chars in this case
+ case 2:
+ s += "==";
+ break; // Two pad chars
+ case 3:
+ s += "=";
+ break; // One pad char
+ default:
+ throw new RuntimeException(
+ "Illegal base64url string!");
+ }
+ try {
+ return Base64.decode(s);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+}
diff --git a/core/src/main/java/org/keycloak/util/JsonSerialization.java b/core/src/main/java/org/keycloak/util/JsonSerialization.java
new file mode 100755
index 0000000..4b573e2
--- /dev/null
+++ b/core/src/main/java/org/keycloak/util/JsonSerialization.java
@@ -0,0 +1,45 @@
+package org.keycloak.util;
+
+import org.codehaus.jackson.map.ObjectMapper;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Any class that extends JsonWebToken will use NON_DEFAULT inclusion
+ *
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class JsonSerialization {
+ public static final ObjectMapper mapper = new ObjectMapper();
+
+ static {
+ mapper.setSerializationInclusion(JsonSerialize.Inclusion.NON_DEFAULT);
+ mapper.setSerializationInclusion(JsonSerialize.Inclusion.NON_NULL);
+ }
+
+ public static String writeValueAsString(Object obj) throws IOException {
+ return mapper.writeValueAsString(obj);
+ }
+
+ public static byte[] writeValueAsBytes(Object obj) throws IOException {
+ return mapper.writeValueAsBytes(obj);
+ }
+
+ public static <T> T readValue(byte[] bytes, Class<T> type) throws IOException {
+ return mapper.readValue(bytes, type);
+ }
+
+ public static <T> T readValue(String bytes, Class<T> type) throws IOException {
+ return mapper.readValue(bytes, type);
+ }
+
+ public static <T> T readValue(InputStream bytes, Class<T> type) throws IOException {
+ return mapper.readValue(bytes, type);
+ }
+
+
+
+}
diff --git a/core/src/main/java/org/keycloak/util/MultivaluedHashMap.java b/core/src/main/java/org/keycloak/util/MultivaluedHashMap.java
new file mode 100755
index 0000000..bf0a66c
--- /dev/null
+++ b/core/src/main/java/org/keycloak/util/MultivaluedHashMap.java
@@ -0,0 +1,105 @@
+package org.keycloak.util;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+@SuppressWarnings("serial")
+public class MultivaluedHashMap<K, V> extends HashMap<K, List<V>>
+{
+ public void putSingle(K key, V value)
+ {
+ List<V> list = new ArrayList<V>();
+ list.add(value);
+ put(key, list);
+ }
+
+ public void addAll(K key, V... newValues)
+ {
+ for (V value : newValues)
+ {
+ add(key, value);
+ }
+ }
+
+ public void addAll(K key, List<V> valueList)
+ {
+ for (V value : valueList)
+ {
+ add(key, value);
+ }
+ }
+
+ public void addFirst(K key, V value)
+ {
+ List<V> list = get(key);
+ if (list == null)
+ {
+ add(key, value);
+ return;
+ }
+ else
+ {
+ list.add(0, value);
+ }
+ }
+ public final void add(K key, V value)
+ {
+ getList(key).add(value);
+ }
+
+
+ public final void addMultiple(K key, Collection<V> values)
+ {
+ getList(key).addAll(values);
+ }
+
+ public V getFirst(K key)
+ {
+ List<V> list = get(key);
+ return list == null ? null : list.get(0);
+ }
+
+ public final List<V> getList(K key)
+ {
+ List<V> list = get(key);
+ if (list == null)
+ put(key, list = new ArrayList<V>());
+ return list;
+ }
+
+ public void addAll(MultivaluedHashMap<K, V> other)
+ {
+ for (Map.Entry<K, List<V>> entry : other.entrySet())
+ {
+ getList(entry.getKey()).addAll(entry.getValue());
+ }
+ }
+
+ public boolean equalsIgnoreValueOrder(MultivaluedHashMap<K, V> omap) {
+ if (this == omap) {
+ return true;
+ }
+ if (!keySet().equals(omap.keySet())) {
+ return false;
+ }
+ for (Map.Entry<K, List<V>> e : entrySet()) {
+ List<V> olist = omap.get(e.getKey());
+ if (e.getValue().size() != olist.size()) {
+ return false;
+ }
+ for (V v : e.getValue()) {
+ if (!olist.contains(v)) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+}
core/src/test/java/org/keycloak/RSAVerifierTest.java 395(+174 -221)
diff --git a/core/src/test/java/org/keycloak/RSAVerifierTest.java b/core/src/test/java/org/keycloak/RSAVerifierTest.java
index d169d37..0aacbc8 100755
--- a/core/src/test/java/org/keycloak/RSAVerifierTest.java
+++ b/core/src/test/java/org/keycloak/RSAVerifierTest.java
@@ -4,11 +4,10 @@ import junit.framework.Assert;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.jboss.resteasy.jose.jws.JWSBuilder;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
+import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.representations.SkeletonKeyToken;
import javax.security.auth.x500.X500Principal;
@@ -30,94 +29,80 @@ import java.util.Date;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class RSAVerifierTest
-{
- private static X509Certificate[] idpCertificates;
- private static KeyPair idpPair;
- private static KeyPair badPair;
- private static KeyPair clientPair;
- private static X509Certificate[] clientCertificateChain;
- private ResourceMetadata metadata;
- private SkeletonKeyToken token;
-
- static
- {
- if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
- }
-
- public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws InvalidKeyException,
- NoSuchProviderException, SignatureException
- {
-
- X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
-
- certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
- certGen.setIssuerDN(new X500Principal(issuer));
- certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
- certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
- certGen.setSubjectDN(new X500Principal(subject));
- certGen.setPublicKey(pair.getPublic());
- certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-
- return certGen.generateX509Certificate(pair.getPrivate(), "BC");
- }
-
- @BeforeClass
- public static void setupCerts() throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
- {
- badPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
- idpPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
- idpCertificates = new X509Certificate[]{generateTestCertificate("CN=IDP", "CN=IDP", idpPair)};
- clientPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
- clientCertificateChain = new X509Certificate[]{generateTestCertificate("CN=Client", "CN=IDP", idpPair)};
- }
-
- @Before
- public void initTest()
- {
- metadata = new ResourceMetadata();
- metadata.setResourceName("service");
- metadata.setRealm("domain");
- metadata.setRealmKey(idpPair.getPublic());
-
- token = new SkeletonKeyToken();
- token.principal("CN=Client")
- .audience("domain")
- .addAccess("service").addRole("admin");
- }
-
- @Test
- public void testPemWriter() throws Exception
- {
- PublicKey realmPublicKey = idpPair.getPublic();
- StringWriter sw = new StringWriter();
- PEMWriter writer = new PEMWriter(sw);
- try
- {
- writer.writeObject(realmPublicKey);
- writer.flush();
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- System.out.println(sw.toString());
- }
-
-
- @Test
- public void testSimpleVerification() throws Exception
- {
-
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(idpPair.getPrivate());
- SkeletonKeyToken token = RSATokenVerifier.verifyToken(encoded, metadata);
- Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
- Assert.assertEquals("CN=Client", token.getPrincipal());
- }
+public class RSAVerifierTest {
+ private static X509Certificate[] idpCertificates;
+ private static KeyPair idpPair;
+ private static KeyPair badPair;
+ private static KeyPair clientPair;
+ private static X509Certificate[] clientCertificateChain;
+ private SkeletonKeyToken token;
+
+ static {
+ if (Security.getProvider("BC") == null) Security.addProvider(new BouncyCastleProvider());
+ }
+
+ public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws InvalidKeyException,
+ NoSuchProviderException, SignatureException {
+
+ X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+
+ certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
+ certGen.setIssuerDN(new X500Principal(issuer));
+ certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
+ certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
+ certGen.setSubjectDN(new X500Principal(subject));
+ certGen.setPublicKey(pair.getPublic());
+ certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
+
+ return certGen.generateX509Certificate(pair.getPrivate(), "BC");
+ }
+
+ @BeforeClass
+ public static void setupCerts() throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
+ badPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ idpPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ idpCertificates = new X509Certificate[]{generateTestCertificate("CN=IDP", "CN=IDP", idpPair)};
+ clientPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ clientCertificateChain = new X509Certificate[]{generateTestCertificate("CN=Client", "CN=IDP", idpPair)};
+ }
+
+ @Before
+ public void initTest() {
+
+ token = new SkeletonKeyToken();
+ token.principal("CN=Client")
+ .audience("domain")
+ .addAccess("service").addRole("admin");
+ }
+
+ @Test
+ public void testPemWriter() throws Exception {
+ PublicKey realmPublicKey = idpPair.getPublic();
+ StringWriter sw = new StringWriter();
+ PEMWriter writer = new PEMWriter(sw);
+ try {
+ writer.writeObject(realmPublicKey);
+ writer.flush();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ System.out.println(sw.toString());
+ }
+
+
+ @Test
+ public void testSimpleVerification() throws Exception {
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(idpPair.getPrivate());
+ SkeletonKeyToken token = verifySkeletonKeyToken(encoded);
+ Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
+ Assert.assertEquals("CN=Client", token.getPrincipal());
+ }
+
+ private SkeletonKeyToken verifySkeletonKeyToken(String encoded) throws VerificationException {
+ return RSATokenVerifier.verifyToken(encoded, idpPair.getPublic(), "domain");
+ }
/*
@Test
@@ -143,137 +128,105 @@ public class RSAVerifierTest
*/
- @Test
- public void testBadSignature() throws Exception
- {
-
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(badPair.getPrivate());
-
- SkeletonKeyToken v = null;
- try
- {
- v = RSATokenVerifier.verifyToken(encoded, metadata);
- Assert.fail();
- }
- catch (VerificationException ignored)
- {
- }
- }
-
- @Test
- public void testNotBeforeGood() throws Exception
- {
- token.notBefore((System.currentTimeMillis()/1000) - 100);
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(idpPair.getPrivate());
-
- SkeletonKeyToken v = null;
- try
- {
- v = RSATokenVerifier.verifyToken(encoded, metadata);
- }
- catch (VerificationException ignored)
- {
- throw ignored;
- }
- }
-
- @Test
- public void testNotBeforeBad() throws Exception
- {
- token.notBefore((System.currentTimeMillis()/1000) + 100);
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(idpPair.getPrivate());
-
- SkeletonKeyToken v = null;
- try
- {
- v = RSATokenVerifier.verifyToken(encoded, metadata);
- Assert.fail();
- }
- catch (VerificationException ignored)
- {
- System.out.println(ignored.getMessage());
- }
- }
-
- @Test
- public void testExpirationGood() throws Exception
- {
- token.expiration((System.currentTimeMillis()/1000) + 100);
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(idpPair.getPrivate());
-
- SkeletonKeyToken v = null;
- try
- {
- v = RSATokenVerifier.verifyToken(encoded, metadata);
- }
- catch (VerificationException ignored)
- {
- throw ignored;
- }
- }
-
- @Test
- public void testExpirationBad() throws Exception
- {
- token.expiration((System.currentTimeMillis()/1000) - 100);
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(idpPair.getPrivate());
-
- SkeletonKeyToken v = null;
- try
- {
- v = RSATokenVerifier.verifyToken(encoded, metadata);
- Assert.fail();
- }
- catch (VerificationException ignored)
- {
- System.out.println(ignored.getMessage());
- }
- }
-
- @Test
- public void testTokenAuth() throws Exception
- {
- token = new SkeletonKeyToken();
- token.principal("CN=Client")
- .audience("domain")
- .addAccess("service").addRole("admin").verifyCaller(true);
- byte[] tokenBytes = JsonSerialization.toByteArray(token, false);
-
- String encoded = new JWSBuilder()
- .content(tokenBytes)
- .rsa256(idpPair.getPrivate());
-
- SkeletonKeyToken v = null;
- try
- {
- v = RSATokenVerifier.verifyToken(encoded, metadata);
- }
- catch (VerificationException ignored)
- {
- System.out.println(ignored.getMessage());
- }
- }
-
+ @Test
+ public void testBadSignature() throws Exception {
+
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(badPair.getPrivate());
+
+ SkeletonKeyToken v = null;
+ try {
+ v = verifySkeletonKeyToken(encoded);
+ Assert.fail();
+ } catch (VerificationException ignored) {
+ }
+ }
+
+ @Test
+ public void testNotBeforeGood() throws Exception {
+ token.notBefore((System.currentTimeMillis() / 1000) - 100);
+
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(idpPair.getPrivate());
+
+ SkeletonKeyToken v = null;
+ try {
+ v = verifySkeletonKeyToken(encoded);
+ } catch (VerificationException ignored) {
+ throw ignored;
+ }
+ }
+
+ @Test
+ public void testNotBeforeBad() throws Exception {
+ token.notBefore((System.currentTimeMillis() / 1000) + 100);
+
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(idpPair.getPrivate());
+
+ SkeletonKeyToken v = null;
+ try {
+ v = verifySkeletonKeyToken(encoded);
+ Assert.fail();
+ } catch (VerificationException ignored) {
+ System.out.println(ignored.getMessage());
+ }
+ }
+
+ @Test
+ public void testExpirationGood() throws Exception {
+ token.expiration((System.currentTimeMillis() / 1000) + 100);
+
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(idpPair.getPrivate());
+
+ SkeletonKeyToken v = null;
+ try {
+ v = verifySkeletonKeyToken(encoded);
+ } catch (VerificationException ignored) {
+ throw ignored;
+ }
+ }
+
+ @Test
+ public void testExpirationBad() throws Exception {
+ token.expiration((System.currentTimeMillis() / 1000) - 100);
+
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(idpPair.getPrivate());
+
+ SkeletonKeyToken v = null;
+ try {
+ v = verifySkeletonKeyToken(encoded);
+ Assert.fail();
+ } catch (VerificationException ignored) {
+ System.out.println(ignored.getMessage());
+ }
+ }
+
+ @Test
+ public void testTokenAuth() throws Exception {
+ token = new SkeletonKeyToken();
+ token.principal("CN=Client")
+ .audience("domain")
+ .addAccess("service").addRole("admin").verifyCaller(true);
+
+ String encoded = new JWSBuilder()
+ .jsonContent(token)
+ .rsa256(idpPair.getPrivate());
+
+ SkeletonKeyToken v = null;
+ try {
+ v = verifySkeletonKeyToken(encoded);
+ } catch (VerificationException ignored) {
+ System.out.println(ignored.getMessage());
+ }
+ }
}
diff --git a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java
index c9d2e0d..e4df124 100755
--- a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java
+++ b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java
@@ -1,11 +1,11 @@
package org.keycloak;
import junit.framework.Assert;
-import org.jboss.resteasy.jose.jws.JWSBuilder;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.junit.Test;
+import org.keycloak.jose.jws.JWSBuilder;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
@@ -26,7 +26,7 @@ public class SkeletonKeyTokenTest
scope2.add("one", "admin");
scope2.add("one", "buyer");
scope2.add("two", "seller");
- String json = JsonSerialization.toString(scope2, true);
+ String json = JsonSerialization.writeValueAsString(scope2);
System.out.println(json);
@@ -40,10 +40,10 @@ public class SkeletonKeyTokenTest
token.addAccess("foo").addRole("admin");
token.addAccess("bar").addRole("user");
- String json = JsonSerialization.toString(token, true);
+ String json = JsonSerialization.writeValueAsString(token);
System.out.println(json);
- token = JsonSerialization.fromString(SkeletonKeyToken.class, json);
+ token = JsonSerialization.readValue(json, SkeletonKeyToken.class);
Assert.assertEquals("111", token.getId());
SkeletonKeyToken.Access foo = token.getResourceAccess("foo");
Assert.assertNotNull(foo);
@@ -60,18 +60,16 @@ public class SkeletonKeyTokenTest
token.addAccess("bar").addRole("user");
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
- byte[] tokenBytes = JsonSerialization.toByteArray(token, true);
String encoded = new JWSBuilder()
- .content(tokenBytes)
+ .jsonContent(token)
.rsa256(keyPair.getPrivate());
System.out.println(encoded);
JWSInput input = new JWSInput(encoded);
- byte[] content = input.getContent();
- token = JsonSerialization.fromBytes(SkeletonKeyToken.class, content);
+ token = input.readJsonContent(SkeletonKeyToken.class);
Assert.assertEquals("111", token.getId());
Assert.assertTrue(RSAProvider.verify(input, keyPair.getPublic()));
}
core-jaxrs/pom.xml 71(+71 -0)
diff --git a/core-jaxrs/pom.xml b/core-jaxrs/pom.xml
new file mode 100755
index 0000000..3af3940
--- /dev/null
+++ b/core-jaxrs/pom.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0"?>
+<project>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.0-alpha-1-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <name>Keycloak Core JAX-RS</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jackson-provider</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.spec.javax.servlet</groupId>
+ <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/examples/as7-eap-demo/customer-app/pom.xml b/examples/as7-eap-demo/customer-app/pom.xml
index 6a8d958..5d88ff3 100755
--- a/examples/as7-eap-demo/customer-app/pom.xml
+++ b/examples/as7-eap-demo/customer-app/pom.xml
@@ -40,6 +40,11 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index 1469973..697d61c 100755
--- a/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/as7-eap-demo/customer-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -5,7 +5,6 @@
<module name="org.bouncycastle"/>
<module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
<module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
- <module name="org.jboss.resteasy.jose-jwt" />
</dependencies>
</deployment>
</jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/database-service/pom.xml b/examples/as7-eap-demo/database-service/pom.xml
index 0f39e04..57ef592 100755
--- a/examples/as7-eap-demo/database-service/pom.xml
+++ b/examples/as7-eap-demo/database-service/pom.xml
@@ -36,6 +36,11 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index f1f1ffa..45b708c 100755
--- a/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/as7-eap-demo/database-service/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -3,7 +3,6 @@
<!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
<dependencies>
<module name="org.bouncycastle"/>
- <module name="org.jboss.resteasy.jose-jwt" />
</dependencies>
</deployment>
</jboss-deployment-structure>
\ No newline at end of file
diff --git a/examples/as7-eap-demo/product-app/pom.xml b/examples/as7-eap-demo/product-app/pom.xml
index a85d1bb..5054870 100755
--- a/examples/as7-eap-demo/product-app/pom.xml
+++ b/examples/as7-eap-demo/product-app/pom.xml
@@ -40,6 +40,11 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index 1469973..697d61c 100755
--- a/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/examples/as7-eap-demo/product-app/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -5,7 +5,6 @@
<module name="org.bouncycastle"/>
<module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
<module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
- <module name="org.jboss.resteasy.jose-jwt" />
</dependencies>
</deployment>
</jboss-deployment-structure>
\ No newline at end of file
examples/as7-eap-demo/server/pom.xml 14(+9 -5)
diff --git a/examples/as7-eap-demo/server/pom.xml b/examples/as7-eap-demo/server/pom.xml
index bc9b63a..5c468d5 100755
--- a/examples/as7-eap-demo/server/pom.xml
+++ b/examples/as7-eap-demo/server/pom.xml
@@ -16,12 +16,21 @@
<dependencies>
<dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk16</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>${project.version}</version>
</dependency>
@@ -122,11 +131,6 @@
<!-- resteasy -->
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <version>${resteasy.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<version>${resteasy.version}</version>
</dependency>
diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
index 0b7b49d..ee95beb 100755
--- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
+++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java
@@ -1,6 +1,6 @@
package org.keycloak.example.demo;
-import org.jboss.resteasy.jwt.JsonSerialization;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
@@ -10,7 +10,6 @@ import org.keycloak.services.resources.KeycloakApplication;
import javax.servlet.ServletContext;
import javax.ws.rs.core.Context;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
/**
@@ -39,17 +38,8 @@ public class DemoApplication extends KeycloakApplication {
public static RealmRepresentation loadJson(String path)
{
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- int c;
try {
- while ( (c = is.read()) != -1)
- {
- os.write(c);
- }
- byte[] bytes = os.toByteArray();
- //System.out.println(new String(bytes));
-
- return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
+ return JsonSerialization.readValue(is, RealmRepresentation.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
diff --git a/examples/as7-eap-demo/third-party/pom.xml b/examples/as7-eap-demo/third-party/pom.xml
index 0811425..04308a9 100755
--- a/examples/as7-eap-demo/third-party/pom.xml
+++ b/examples/as7-eap-demo/third-party/pom.xml
@@ -31,6 +31,11 @@
<artifactId>keycloak-core</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
<build>
examples/wildfly-demo/server/pom.xml 5(+0 -5)
diff --git a/examples/wildfly-demo/server/pom.xml b/examples/wildfly-demo/server/pom.xml
index 531ac7c..1870a90 100755
--- a/examples/wildfly-demo/server/pom.xml
+++ b/examples/wildfly-demo/server/pom.xml
@@ -16,11 +16,6 @@
<dependencies>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>${project.version}</version>
integration/adapter-core/pom.xml 10(+10 -0)
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index 4f8b0f0..9cda78b 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -36,6 +36,16 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
integration/as7-eap6/adapter/pom.xml 5(+0 -5)
diff --git a/integration/as7-eap6/adapter/pom.xml b/integration/as7-eap6/adapter/pom.xml
index f16d930..3950f6b 100755
--- a/integration/as7-eap6/adapter/pom.xml
+++ b/integration/as7-eap6/adapter/pom.xml
@@ -32,11 +32,6 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
<scope>provided</scope>
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java
index a76100f..3d8bd0d 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java
@@ -72,7 +72,7 @@ public class CatalinaBearerTokenAuthenticator {
tokenString = split[1];
try {
- token = RSATokenVerifier.verifyToken(tokenString, resourceMetadata);
+ token = RSATokenVerifier.verifyToken(tokenString, resourceMetadata.getRealmKey(), resourceMetadata.getRealm());
} catch (VerificationException e) {
log.error("Failed to verify token", e);
challengeResponse(response, "invalid_token", e.getMessage());
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/RealmConfigurationLoader.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/RealmConfigurationLoader.java
index beb5d6e..f5421d2 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/RealmConfigurationLoader.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/config/RealmConfigurationLoader.java
@@ -4,7 +4,7 @@ import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.plugins.providers.RegisterBuiltin;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.adapters.config.AdapterConfigLoader;
import javax.ws.rs.core.UriBuilder;
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java
index bdf0b47..556fa85 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthManagedResourceValve.java
@@ -13,19 +13,19 @@ import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.realm.GenericPrincipal;
import org.jboss.logging.Logger;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.ResourceMetadata;
import org.keycloak.SkeletonKeyPrincipal;
import org.keycloak.SkeletonKeySession;
import org.keycloak.adapters.as7.config.CatalinaAdapterConfigLoader;
import org.keycloak.adapters.as7.config.RealmConfigurationLoader;
import org.keycloak.adapters.config.AdapterConfig;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.SkeletonKeyToken;
import org.keycloak.representations.idm.admin.LogoutAction;
+import org.keycloak.util.JsonSerialization;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletException;
@@ -148,7 +148,7 @@ public class OAuthManagedResourceValve extends FormAuthenticator implements Life
protected void remoteLogout(JWSInput token, HttpServletResponse response) throws IOException {
try {
log.debug("->> remoteLogout: ");
- LogoutAction action = JsonSerialization.fromBytes(LogoutAction.class, token.getContent());
+ LogoutAction action = JsonSerialization.readValue(token.getContent(), LogoutAction.class);
if (action.isExpired()) {
log.warn("admin request failed, expired token");
response.sendError(400, "Expired token");
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
index 7fd64a0..75648b1 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/ServletOAuthLogin.java
@@ -2,7 +2,7 @@ package org.keycloak.adapters.as7;
import org.jboss.logging.Logger;
import org.keycloak.RSATokenVerifier;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.VerificationException;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.SkeletonKeyToken;
@@ -256,7 +256,7 @@ public class ServletOAuthLogin {
tokenString = tokenResponse.getToken();
try {
- token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata());
+ token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata().getRealmKey(), realmInfo.getMetadata().getRealm());
log.debug("Token Verification succeeded!");
} catch (VerificationException e) {
log.error("failed verification of token");
integration/undertow/pom.xml 5(+0 -5)
diff --git a/integration/undertow/pom.xml b/integration/undertow/pom.xml
index 6d7479c..3060d39 100755
--- a/integration/undertow/pom.xml
+++ b/integration/undertow/pom.xml
@@ -32,11 +32,6 @@
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
<scope>provided</scope>
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java
index a76604b..cd00194 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/BearerTokenAuthenticator.java
@@ -78,7 +78,7 @@ public class BearerTokenAuthenticator {
}
try {
- token = RSATokenVerifier.verifyToken(tokenString, resourceMetadata);
+ token = RSATokenVerifier.verifyToken(tokenString, resourceMetadata.getRealmKey(), resourceMetadata.getRealm());
} catch (VerificationException e) {
log.error("Failed to verify token", e);
challenge = challengeResponse(exchange, "invalid_token", e.getMessage());
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
index 7c72a23..ef7120e 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java
@@ -6,7 +6,7 @@ import io.undertow.security.idm.Account;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.AttachmentKey;
import org.jboss.logging.Logger;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.ResourceMetadata;
import org.keycloak.SkeletonKeyPrincipal;
import org.keycloak.SkeletonKeySession;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
index 23fd318..8806ac6 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/OAuthAuthenticator.java
@@ -8,7 +8,7 @@ import io.undertow.server.handlers.CookieImpl;
import io.undertow.util.Headers;
import org.jboss.logging.Logger;
import org.keycloak.RSATokenVerifier;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.VerificationException;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.SkeletonKeyToken;
@@ -269,7 +269,7 @@ public class OAuthAuthenticator {
tokenString = tokenResponse.getToken();
try {
- token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata());
+ token = RSATokenVerifier.verifyToken(tokenString, realmInfo.getMetadata().getRealmKey(), realmInfo.getMetadata().getRealm());
log.debug("Token Verification succeeded!");
} catch (VerificationException e) {
log.error("failed verification of token");
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/RealmConfigurationLoader.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/RealmConfigurationLoader.java
index b1244dc..2481e81 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/RealmConfigurationLoader.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/RealmConfigurationLoader.java
@@ -4,7 +4,7 @@ import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.plugins.providers.RegisterBuiltin;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.adapters.config.AdapterConfigLoader;
import javax.ws.rs.core.UriBuilder;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthenticationMechanism.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthenticationMechanism.java
index c104564..5c33717 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthenticationMechanism.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthenticationMechanism.java
@@ -3,7 +3,7 @@ package org.keycloak.adapters.undertow;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.ConfidentialPortManager;
import io.undertow.servlet.handlers.ServletRequestContext;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
import org.keycloak.ResourceMetadata;
import org.keycloak.SkeletonKeySession;
import org.keycloak.adapters.config.AdapterConfig;
diff --git a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletOAuthAuthenticator.java b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletOAuthAuthenticator.java
index 754c7b4..ce807a6 100755
--- a/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletOAuthAuthenticator.java
+++ b/integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletOAuthAuthenticator.java
@@ -2,7 +2,7 @@ package org.keycloak.adapters.undertow;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.ConfidentialPortManager;
-import org.keycloak.RealmConfiguration;
+import org.keycloak.adapters.RealmConfiguration;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
pom.xml 5(+3 -2)
diff --git a/pom.xml b/pom.xml
index b45134e..fc62fe8 100755
--- a/pom.xml
+++ b/pom.xml
@@ -74,6 +74,7 @@
<modules>
<module>core</module>
+ <module>core-jaxrs</module>
<module>model</module>
<module>services</module>
<module>integration</module>
@@ -117,12 +118,12 @@
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-client</artifactId>
+ <artifactId>resteasy-jackson-provider</artifactId>
<version>${resteasy.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
+ <artifactId>resteasy-client</artifactId>
<version>${resteasy.version}</version>
</dependency>
<dependency>
server/pom.xml 15(+10 -5)
diff --git a/server/pom.xml b/server/pom.xml
index 764d214..e58d026 100755
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -16,11 +16,6 @@
<dependencies>
<dependency>
- <groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-ui</artifactId>
<version>${project.version}</version>
@@ -104,6 +99,16 @@
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-mapper-asl</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<scope>provided</scope>
diff --git a/server/src/main/java/org/keycloak/server/KeycloakServerApplication.java b/server/src/main/java/org/keycloak/server/KeycloakServerApplication.java
index a4af8be..4ebcae1 100755
--- a/server/src/main/java/org/keycloak/server/KeycloakServerApplication.java
+++ b/server/src/main/java/org/keycloak/server/KeycloakServerApplication.java
@@ -1,7 +1,7 @@
package org.keycloak.server;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.managers.RealmManager;
@@ -11,7 +11,6 @@ import org.keycloak.services.resources.KeycloakApplication;
import javax.servlet.ServletContext;
import javax.ws.rs.core.Context;
-import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -63,13 +62,7 @@ public class KeycloakServerApplication extends KeycloakApplication {
private static <T> T loadJson(InputStream is, Class<T> type) {
try {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- int c;
- while ((c = is.read()) != -1) {
- os.write(c);
- }
- byte[] bytes = os.toByteArray();
- return JsonSerialization.fromBytes(type, bytes);
+ return JsonSerialization.readValue(is, type);
} catch (IOException e) {
throw new RuntimeException("Failed to parse json", e);
}
services/pom.xml 11(+6 -5)
diff --git a/services/pom.xml b/services/pom.xml
index ec06977..56e8481 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -26,6 +26,12 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-model-api</artifactId>
<version>${project.version}</version>
</dependency>
@@ -94,11 +100,6 @@
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
<scope>provided</scope>
</dependency>
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index b111ab5..a42b93a 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -1,12 +1,11 @@
package org.keycloak.services.managers;
-import org.jboss.resteasy.jose.jws.JWSBuilder;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
+import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
@@ -85,14 +84,8 @@ public class AuthenticationManager {
}
protected String encodeToken(RealmModel realm, Object token) {
- byte[] tokenBytes = null;
- try {
- tokenBytes = JsonSerialization.toByteArray(token, false);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
String encodedToken = new JWSBuilder()
- .content(tokenBytes)
+ .jsonContent(token)
.rsa256(realm.getPrivateKey());
return encodedToken;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 61ebb23..6a9a811 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -1,9 +1,8 @@
package org.keycloak.services.managers;
-import org.jboss.resteasy.jose.Base64Url;
-import org.jboss.resteasy.jose.jws.JWSBuilder;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
+import org.keycloak.jose.jws.JWSBuilder;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@@ -11,6 +10,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
+import org.keycloak.util.Base64Url;
import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
@@ -149,7 +149,7 @@ public class TokenManager {
public String encodeScope(SkeletonKeyScope scope) {
String token = null;
try {
- token = JsonSerialization.toString(scope, false);
+ token = JsonSerialization.writeValueAsString(scope);
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -160,7 +160,7 @@ public class TokenManager {
SkeletonKeyScope scope = null;
byte[] bytes = Base64Url.decode(scopeParam);
try {
- scope = JsonSerialization.fromBytes(SkeletonKeyScope.class, bytes);
+ scope = JsonSerialization.readValue(bytes, SkeletonKeyScope.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
@@ -204,14 +204,8 @@ public class TokenManager {
public String encodeToken(RealmModel realm, Object token) {
- byte[] tokenBytes = null;
- try {
- tokenBytes = JsonSerialization.toByteArray(token, false);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
String encodedToken = new JWSBuilder()
- .content(tokenBytes)
+ .jsonContent(token)
.rsa256(realm.getPrivateKey());
return encodedToken;
}
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 02e1e57..d950b10 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -21,12 +21,12 @@
*/
package org.keycloak.services.resources;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.jaxrs.JaxrsOAuthClient;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.*;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.SkeletonKeyToken;
@@ -295,7 +295,7 @@ public class AccountService {
}
String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
- JWSInput input = new JWSInput(code, providers);
+ JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
verifiedCode = RSAProvider.verify(input, realm.getPublicKey());
@@ -306,7 +306,7 @@ public class AccountService {
logger.debug("unverified access code");
throw new BadRequestException();
}
- String key = input.readContent(String.class);
+ String key = input.readContentAsString();
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
logger.debug("bad access code");
diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
index 9ce4f94..7d41a29 100755
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@@ -21,10 +21,10 @@
*/
package org.keycloak.services.resources;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@@ -321,7 +321,7 @@ public class RequiredActionsService {
return null;
}
- JWSInput input = new JWSInput(code, providers);
+ JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
verifiedCode = RSAProvider.verify(input, realm.getPublicKey());
@@ -335,7 +335,7 @@ public class RequiredActionsService {
return null;
}
- String key = input.readContent(String.class);
+ String key = input.readContentAsString();
AccessCodeEntry accessCodeEntry = tokenManager.getAccessCode(key);
if (accessCodeEntry == null) {
logger.debug("getAccessCodeEntry access code entry null");
diff --git a/services/src/main/java/org/keycloak/services/resources/SaasService.java b/services/src/main/java/org/keycloak/services/resources/SaasService.java
index a11b06e..e733b33 100755
--- a/services/src/main/java/org/keycloak/services/resources/SaasService.java
+++ b/services/src/main/java/org/keycloak/services/resources/SaasService.java
@@ -1,14 +1,14 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.annotations.cache.NoCache;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.spi.NotImplementedYetException;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.jaxrs.JaxrsOAuthClient;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
@@ -257,7 +257,7 @@ public class SaasService {
}
String path = new JaxrsOAuthClient().checkStateCookie(uriInfo, headers);
- JWSInput input = new JWSInput(code, providers);
+ JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
verifiedCode = RSAProvider.verify(input, realm.getPublicKey());
@@ -268,7 +268,7 @@ public class SaasService {
logger.debug("unverified access code");
throw new BadRequestException();
}
- String key = input.readContent(String.class);
+ String key = input.readContentAsString();
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
logger.debug("bad access code");
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index a9cdb62..37cbec3 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -1,13 +1,12 @@
package org.keycloak.services.resources;
import org.jboss.resteasy.annotations.cache.NoCache;
-import org.jboss.resteasy.jose.jws.JWSBuilder;
-import org.jboss.resteasy.jose.jws.JWSInput;
-import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
+import org.keycloak.jose.jws.JWSBuilder;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
@@ -406,7 +405,7 @@ public class TokenService {
return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build();
}
- JWSInput input = new JWSInput(code, providers);
+ JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
verifiedCode = RSAProvider.verify(input, realm.getPublicKey());
@@ -420,7 +419,7 @@ public class TokenService {
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
- String key = input.readContent(String.class);
+ String key = input.readContentAsString();
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
Map<String, String> res = new HashMap<String, String>();
@@ -457,13 +456,7 @@ public class TokenService {
}
protected AccessTokenResponse accessTokenResponse(PrivateKey privateKey, SkeletonKeyToken token) {
- byte[] tokenBytes = null;
- try {
- tokenBytes = JsonSerialization.toByteArray(token, false);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- String encodedToken = new JWSBuilder().content(tokenBytes).rsa256(privateKey);
+ String encodedToken = new JWSBuilder().jsonContent(token).rsa256(privateKey);
return accessTokenResponse(token, encodedToken);
}
@@ -589,7 +582,7 @@ public class TokenService {
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
String code = formData.getFirst("code");
- JWSInput input = new JWSInput(code, providers);
+ JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
verifiedCode = RSAProvider.verify(input, realm.getPublicKey());
@@ -599,7 +592,7 @@ public class TokenService {
if (!verifiedCode) {
return oauth.forwardToSecurityFailure("Illegal access code.");
}
- String key = input.readContent(String.class);
+ String key = input.readContentAsString();
AccessCodeEntry accessCodeEntry = tokenManager.getAccessCode(key);
if (accessCodeEntry == null) {
return oauth.forwardToSecurityFailure("Unknown access code.");
diff --git a/services/src/test/java/org/keycloak/test/AbstractKeycloakServerTest.java b/services/src/test/java/org/keycloak/test/AbstractKeycloakServerTest.java
index a2b00e1..96dbd49 100755
--- a/services/src/test/java/org/keycloak/test/AbstractKeycloakServerTest.java
+++ b/services/src/test/java/org/keycloak/test/AbstractKeycloakServerTest.java
@@ -4,12 +4,12 @@ import io.undertow.servlet.Servlets;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.FilterInfo;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
import org.jboss.resteasy.spi.ResteasyDeployment;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.keycloak.SkeletonKeyContextResolver;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.filters.KeycloakSessionServletFilter;
import org.keycloak.services.resources.KeycloakApplication;
@@ -65,6 +65,6 @@ public class AbstractKeycloakServerTest {
byte[] bytes = os.toByteArray();
System.out.println(new String(bytes));
- return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
+ return JsonSerialization.readValue(bytes, RealmRepresentation.class);
}
}
testsuite/integration/pom.xml 9(+7 -2)
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 310842e..27e5af8 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -48,6 +48,11 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>${project.version}</version>
</dependency>
@@ -149,11 +154,11 @@
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>jose-jwt</artifactId>
+ <artifactId>resteasy-multipart-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
- <artifactId>resteasy-multipart-provider</artifactId>
+ <artifactId>resteasy-jackson-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
index 8f33252..ab3e4bf 100755
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
@@ -33,10 +33,10 @@ import io.undertow.servlet.Servlets;
import io.undertow.servlet.api.DefaultServletConfig;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.FilterInfo;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
import org.jboss.resteasy.spi.ResteasyDeployment;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
@@ -49,15 +49,11 @@ import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import javax.servlet.DispatcherType;
-import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -100,13 +96,7 @@ public class KeycloakServer {
private static <T> T loadJson(InputStream is, Class<T> type) {
try {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- int c;
- while ((c = is.read()) != -1) {
- os.write(c);
- }
- byte[] bytes = os.toByteArray();
- return JsonSerialization.fromBytes(type, bytes);
+ return JsonSerialization.readValue(is, type);
} catch (IOException e) {
throw new RuntimeException("Failed to parse json", e);
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
index eab1260..6b6e1d5 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
@@ -30,15 +30,15 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
-import org.jboss.resteasy.jose.Base64Url;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.security.PemUtils;
import org.json.JSONObject;
import org.junit.Assert;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.representations.SkeletonKeyScope;
import org.keycloak.representations.SkeletonKeyToken;
+import org.keycloak.util.Base64Url;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
@@ -200,7 +200,7 @@ public class OAuthClient {
if (scope != null) {
try {
- b.queryParam("scope", Base64Url.encode(JsonSerialization.toByteArray(scope, false)));
+ b.queryParam("scope", Base64Url.encode(JsonSerialization.writeValueAsBytes(scope)));
} catch (Exception e) {
throw new RuntimeException("Failed to serialize scope", e);
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
index cdbcfe1..4668761 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
@@ -23,8 +23,8 @@ package org.keycloak.testsuite.rule;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.ServletInfo;
-import org.jboss.resteasy.jwt.JsonSerialization;
import org.junit.rules.ExternalResource;
+import org.keycloak.util.JsonSerialization;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@@ -93,7 +93,7 @@ public class KeycloakRule extends ExternalResource {
os.write(c);
}
byte[] bytes = os.toByteArray();
- return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
+ return JsonSerialization.readValue(bytes, RealmRepresentation.class);
}
public void configure(KeycloakSetup configurer) {
testsuite/performance/pom.xml 5(+5 -0)
diff --git a/testsuite/performance/pom.xml b/testsuite/performance/pom.xml
index 136f55a..990bef0 100755
--- a/testsuite/performance/pom.xml
+++ b/testsuite/performance/pom.xml
@@ -22,6 +22,11 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-core-jaxrs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>${project.version}</version>
</dependency>