keycloak-aplcache
Changes
core/pom.xml 7(+6 -1)
dependencies/server-min/pom.xml 2(+1 -1)
distribution/modules/build.xml 2(+1 -1)
distribution/modules/pom.xml 2(+1 -1)
integration/adapter-core/pom.xml 2(+1 -1)
integration/as7-eap6/adapter/pom.xml 2(+1 -1)
integration/installed/pom.xml 2(+1 -1)
integration/jetty/jetty8.1/pom.xml 2(+1 -1)
integration/jetty/jetty9.1/pom.xml 2(+1 -1)
integration/jetty/jetty9.2/pom.xml 2(+1 -1)
integration/jetty/jetty-core/pom.xml 2(+1 -1)
integration/tomcat/tomcat6/pom.xml 2(+1 -1)
integration/tomcat/tomcat7/pom.xml 2(+1 -1)
integration/tomcat/tomcat8/pom.xml 2(+1 -1)
integration/undertow/pom.xml 2(+1 -1)
integration/wildfly-adapter/pom.xml 2(+1 -1)
model/api/pom.xml 7(+6 -1)
model/jpa/pom.xml 2(+1 -1)
model/mongo/pom.xml 2(+1 -1)
pom.xml 14(+10 -4)
proxy/proxy-server/pom.xml 2(+1 -1)
services/pom.xml 6(+3 -3)
services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java 2(+0 -2)
testsuite/integration/pom.xml 2(+1 -1)
testsuite/jetty/jetty81/pom.xml 2(+1 -1)
testsuite/jetty/jetty91/pom.xml 2(+1 -1)
testsuite/jetty/jetty92/pom.xml 2(+1 -1)
testsuite/performance/pom.xml 2(+1 -1)
testsuite/proxy/pom.xml 2(+1 -1)
testsuite/tomcat6/pom.xml 2(+1 -1)
testsuite/tomcat7/pom.xml 2(+1 -1)
testsuite/tomcat8/pom.xml 2(+1 -1)
Details
core/pom.xml 7(+6 -1)
diff --git a/core/pom.xml b/core/pom.xml
index fb19e6c..5754ce3 100755
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -28,7 +28,12 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java
index 81d90a9..5fd33ad 100755
--- a/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/PublishedRealmRepresentation.java
@@ -73,6 +73,7 @@ public class PublishedRealmRepresentation {
try {
pemWriter.writeObject(publicKey);
pemWriter.flush();
+ pemWriter.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
diff --git a/core/src/main/java/org/keycloak/util/CertificateUtils.java b/core/src/main/java/org/keycloak/util/CertificateUtils.java
index 073ef3f..aefd740 100755
--- a/core/src/main/java/org/keycloak/util/CertificateUtils.java
+++ b/core/src/main/java/org/keycloak/util/CertificateUtils.java
@@ -1,66 +1,166 @@
package org.keycloak.util;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
-import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
-
-import javax.security.auth.x500.X500Principal;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509ExtensionUtils;
+import org.bouncycastle.cert.X509v1CertificateBuilder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.crypto.util.PrivateKeyFactory;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.DigestCalculator;
+import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
+import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+
/**
+ * The Class CertificateUtils provides utility functions for generation of V1 and V3 {@link java.security.cert.X509Certificate}
+ *
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
+ * @author <a href="mailto:giriraj.sharma27@gmail.com">Giriraj Sharma</a>
+ * @version $Revision: 2 $
*/
public class CertificateUtils {
static {
BouncyIntegration.init();
}
- public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception {
-
- X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
- X500Principal subjectName = new X500Principal("CN=" + subject);
-
- BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
- certGen.setSerialNumber(serialNumber);
- certGen.setIssuerDN(caCert.getSubjectX500Principal());
- certGen.setNotBefore(new Date(System.currentTimeMillis() - 100000));
- Calendar calendar = Calendar.getInstance();
- calendar.add(Calendar.YEAR, 10);
- certGen.setNotAfter(calendar.getTime());
- certGen.setSubjectDN(subjectName);
- certGen.setPublicKey(keyPair.getPublic());
- certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-
- certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
- new AuthorityKeyIdentifierStructure(caCert));
- certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
- new SubjectKeyIdentifierStructure(keyPair.getPublic()));
-
- X509Certificate cert = certGen.generate(caPrivateKey, "BC"); // note: private key of CA
- return cert;
+
+ /**
+ * Generates version 3 {@link java.security.cert.X509Certificate}.
+ *
+ * @param keyPair the key pair
+ * @param caPrivateKey the CA private key
+ * @param caCert the CA certificate
+ * @param subject the subject name
+ *
+ * @return the x509 certificate
+ *
+ * @throws Exception the exception
+ */
+ public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert,
+ String subject) throws Exception {
+
+ try {
+ X500Name subjectDN = new X500Name("CN=" + subject);
+
+ // Serial Number
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
+
+ // Validity
+ Date notBefore = new Date(System.currentTimeMillis());
+ Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
+
+ // SubjectPublicKeyInfo
+ SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic()
+ .getEncoded()));
+
+ X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()),
+ serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
+
+ DigestCalculator digCalc = new BcDigestCalculatorProvider()
+ .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
+ X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
+
+ // Subject Key Identifier
+ certGen.addExtension(Extension.subjectKeyIdentifier, false,
+ x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
+
+ // Authority Key Identifier
+ certGen.addExtension(Extension.authorityKeyIdentifier, false,
+ x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
+
+ // Key Usage
+ certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign
+ | KeyUsage.cRLSign));
+
+ // Extended Key Usage
+ KeyPurposeId[] EKU = new KeyPurposeId[2];
+ EKU[0] = KeyPurposeId.id_kp_emailProtection;
+ EKU[1] = KeyPurposeId.id_kp_serverAuth;
+
+ certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
+
+ // Basic Constraints
+ certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
+
+ // Content Signer
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
+
+ // Certificate
+ return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
+ } catch (Exception e) {
+ throw new RuntimeException("Error creating X509v3Certificate.", e);
+ }
}
- public static X509Certificate generateV1SelfSignedCertificate(KeyPair keyPair, String subject) throws Exception {
- BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
- X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
- X500Principal subjectPrincipal = new X500Principal("CN=" + subject);
- certGen.setSerialNumber(serialNumber);
- certGen.setIssuerDN(subjectPrincipal);
- certGen.setNotBefore(new Date(System.currentTimeMillis() - 100000));
- Calendar calendar = Calendar.getInstance();
- calendar.add(Calendar.YEAR, 10);
- certGen.setNotAfter(calendar.getTime());
- certGen.setSubjectDN(subjectPrincipal);
- certGen.setPublicKey(keyPair.getPublic());
- certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
- X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
- return cert;
+ /**
+ * Generate version 1 self signed {@link java.security.cert.X509Certificate}..
+ *
+ * @param caKeyPair the CA key pair
+ * @param subject the subject name
+ *
+ * @return the x509 certificate
+ *
+ * @throws Exception the exception
+ */
+ public static X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject) throws Exception {
+
+ try {
+ X500Name subjectDN = new X500Name("CN=" + subject);
+ BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
+ Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
+ Calendar calendar = Calendar.getInstance();
+ calendar.add(Calendar.YEAR, 10);
+ Date validityEndDate = new Date(calendar.getTime().getTime());
+ SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());
+
+ X509v1CertificateBuilder builder = new X509v1CertificateBuilder(subjectDN, serialNumber, validityStartDate,
+ validityEndDate, subjectDN, subPubKeyInfo);
+ X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));
+
+ return new JcaX509CertificateConverter().getCertificate(holder);
+ } catch (Exception e) {
+ throw new RuntimeException("Error creating X509v1Certificate.", e);
+ }
+ }
+
+ /**
+ * Creates the content signer for generation of Version 1 {@link java.security.cert.X509Certificate}.
+ *
+ * @param privateKey the private key
+ *
+ * @return the content signer
+ */
+ public static ContentSigner createSigner(PrivateKey privateKey) {
+ try {
+ AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
+ AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
+
+ return new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
+ .build(PrivateKeyFactory.createKey(privateKey.getEncoded()));
+ } catch (Exception e) {
+ throw new RuntimeException("Could not create content signer.", e);
+ }
}
}
dependencies/server-min/pom.xml 2(+1 -1)
diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml
index b269f35..3fbe17a 100755
--- a/dependencies/server-min/pom.xml
+++ b/dependencies/server-min/pom.xml
@@ -26,7 +26,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
distribution/modules/build.xml 2(+1 -1)
diff --git a/distribution/modules/build.xml b/distribution/modules/build.xml
index e23ff58..69eb308 100755
--- a/distribution/modules/build.xml
+++ b/distribution/modules/build.xml
@@ -48,7 +48,7 @@
</module-def>
<module-def name="org.bouncycastle">
- <maven-resource group="org.bouncycastle" artifact="bcprov-jdk16"/>
+ <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
</module-def>
<module-def name="org.jboss.aesh">
distribution/modules/pom.xml 2(+1 -1)
diff --git a/distribution/modules/pom.xml b/distribution/modules/pom.xml
index 2a1c7cc..60286e6 100755
--- a/distribution/modules/pom.xml
+++ b/distribution/modules/pom.xml
@@ -59,7 +59,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
integration/adapter-core/pom.xml 2(+1 -1)
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index bbcd626..ab62cea 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -29,7 +29,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
integration/as7-eap6/adapter/pom.xml 2(+1 -1)
diff --git a/integration/as7-eap6/adapter/pom.xml b/integration/as7-eap6/adapter/pom.xml
index 55c3476..d2d6011 100755
--- a/integration/as7-eap6/adapter/pom.xml
+++ b/integration/as7-eap6/adapter/pom.xml
@@ -40,7 +40,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/installed/pom.xml 2(+1 -1)
diff --git a/integration/installed/pom.xml b/integration/installed/pom.xml
index 29df75d..4277e37 100755
--- a/integration/installed/pom.xml
+++ b/integration/installed/pom.xml
@@ -26,7 +26,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
diff --git a/integration/jboss-adapter-core/pom.xml b/integration/jboss-adapter-core/pom.xml
index 9f10b5f..bf3cbcd 100755
--- a/integration/jboss-adapter-core/pom.xml
+++ b/integration/jboss-adapter-core/pom.xml
@@ -41,7 +41,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/jetty/jetty8.1/pom.xml 2(+1 -1)
diff --git a/integration/jetty/jetty8.1/pom.xml b/integration/jetty/jetty8.1/pom.xml
index 8ea3c55..57a6cd2 100755
--- a/integration/jetty/jetty8.1/pom.xml
+++ b/integration/jetty/jetty8.1/pom.xml
@@ -56,7 +56,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/jetty/jetty9.1/pom.xml 2(+1 -1)
diff --git a/integration/jetty/jetty9.1/pom.xml b/integration/jetty/jetty9.1/pom.xml
index 5601a87..cd61857 100755
--- a/integration/jetty/jetty9.1/pom.xml
+++ b/integration/jetty/jetty9.1/pom.xml
@@ -71,7 +71,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/jetty/jetty9.2/pom.xml 2(+1 -1)
diff --git a/integration/jetty/jetty9.2/pom.xml b/integration/jetty/jetty9.2/pom.xml
index 22c0bab..de8fa5b 100755
--- a/integration/jetty/jetty9.2/pom.xml
+++ b/integration/jetty/jetty9.2/pom.xml
@@ -57,7 +57,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/jetty/jetty-core/pom.xml 2(+1 -1)
diff --git a/integration/jetty/jetty-core/pom.xml b/integration/jetty/jetty-core/pom.xml
index b424977..c77184f 100755
--- a/integration/jetty/jetty-core/pom.xml
+++ b/integration/jetty/jetty-core/pom.xml
@@ -52,7 +52,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
diff --git a/integration/servlet-oauth-client/pom.xml b/integration/servlet-oauth-client/pom.xml
index f537413..ab7ba87 100755
--- a/integration/servlet-oauth-client/pom.xml
+++ b/integration/servlet-oauth-client/pom.xml
@@ -16,7 +16,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
integration/tomcat/tomcat6/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/tomcat6/pom.xml b/integration/tomcat/tomcat6/pom.xml
index d65b822..8e99b1b 100755
--- a/integration/tomcat/tomcat6/pom.xml
+++ b/integration/tomcat/tomcat6/pom.xml
@@ -62,7 +62,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/tomcat/tomcat7/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/tomcat7/pom.xml b/integration/tomcat/tomcat7/pom.xml
index e2351ad..165a4db 100755
--- a/integration/tomcat/tomcat7/pom.xml
+++ b/integration/tomcat/tomcat7/pom.xml
@@ -63,7 +63,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/tomcat/tomcat8/pom.xml 2(+1 -1)
diff --git a/integration/tomcat/tomcat8/pom.xml b/integration/tomcat/tomcat8/pom.xml
index de38a9d..8eed10d 100755
--- a/integration/tomcat/tomcat8/pom.xml
+++ b/integration/tomcat/tomcat8/pom.xml
@@ -75,7 +75,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
diff --git a/integration/tomcat/tomcat-core/pom.xml b/integration/tomcat/tomcat-core/pom.xml
index df5c6da..2a3b724 100755
--- a/integration/tomcat/tomcat-core/pom.xml
+++ b/integration/tomcat/tomcat-core/pom.xml
@@ -45,7 +45,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/undertow/pom.xml 2(+1 -1)
diff --git a/integration/undertow/pom.xml b/integration/undertow/pom.xml
index 623fd92..66d767a 100755
--- a/integration/undertow/pom.xml
+++ b/integration/undertow/pom.xml
@@ -41,7 +41,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
integration/wildfly-adapter/pom.xml 2(+1 -1)
diff --git a/integration/wildfly-adapter/pom.xml b/integration/wildfly-adapter/pom.xml
index 73c0dd5..3f34b6e 100755
--- a/integration/wildfly-adapter/pom.xml
+++ b/integration/wildfly-adapter/pom.xml
@@ -51,7 +51,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
model/api/pom.xml 7(+6 -1)
diff --git a/model/api/pom.xml b/model/api/pom.xml
index 38903df..d317f4f 100755
--- a/model/api/pom.xml
+++ b/model/api/pom.xml
@@ -21,7 +21,12 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
index 5bf0dc9..30157e0 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -88,6 +88,7 @@ public final class KeycloakModelUtils {
try {
pemWriter.writeObject(key);
pemWriter.flush();
+ pemWriter.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
@@ -101,6 +102,7 @@ public final class KeycloakModelUtils {
try {
pemWriter.writeObject(certificate);
pemWriter.flush();
+ pemWriter.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
diff --git a/model/invalidation-cache/model-adapters/pom.xml b/model/invalidation-cache/model-adapters/pom.xml
index cfff0ca..abcf5bc 100755
--- a/model/invalidation-cache/model-adapters/pom.xml
+++ b/model/invalidation-cache/model-adapters/pom.xml
@@ -16,7 +16,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
model/jpa/pom.xml 2(+1 -1)
diff --git a/model/jpa/pom.xml b/model/jpa/pom.xml
index 78f68be..92b58f2 100755
--- a/model/jpa/pom.xml
+++ b/model/jpa/pom.xml
@@ -16,7 +16,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
model/mongo/pom.xml 2(+1 -1)
diff --git a/model/mongo/pom.xml b/model/mongo/pom.xml
index 1117528..79e3170 100755
--- a/model/mongo/pom.xml
+++ b/model/mongo/pom.xml
@@ -17,7 +17,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
pom.xml 14(+10 -4)
diff --git a/pom.xml b/pom.xml
index 13207a8..66314cf 100755
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,8 @@
<properties>
<aesh.version>0.33.12</aesh.version>
<base64.version>2.3.8</base64.version>
- <bouncycastle.version>1.46</bouncycastle.version>
+ <bouncycastle.crypto.version>1.50</bouncycastle.crypto.version>
+ <bouncycastle.mail.version>1.46</bouncycastle.mail.version>
<jackson.version>1.9.9</jackson.version>
<keycloak.apache.httpcomponents.version>4.2.1</keycloak.apache.httpcomponents.version>
<resteasy.version>2.3.7.Final</resteasy.version>
@@ -132,13 +133,18 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
- <version>${bouncycastle.version}</version>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>${bouncycastle.crypto.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>${bouncycastle.crypto.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk16</artifactId>
- <version>${bouncycastle.version}</version>
+ <version>${bouncycastle.mail.version}</version>
</dependency>
<dependency>
<groupId>net.iharder</groupId>
diff --git a/project-integrations/aerogear-ups/app/pom.xml b/project-integrations/aerogear-ups/app/pom.xml
index 6ded2c0..7af8a71 100755
--- a/project-integrations/aerogear-ups/app/pom.xml
+++ b/project-integrations/aerogear-ups/app/pom.xml
@@ -17,7 +17,7 @@
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
proxy/proxy-server/pom.xml 2(+1 -1)
diff --git a/proxy/proxy-server/pom.xml b/proxy/proxy-server/pom.xml
index b8914af..1ff8f73 100755
--- a/proxy/proxy-server/pom.xml
+++ b/proxy/proxy-server/pom.xml
@@ -45,7 +45,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
services/pom.xml 6(+3 -3)
diff --git a/services/pom.xml b/services/pom.xml
index d061ea8..f02030c 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
@@ -11,12 +11,12 @@
<artifactId>keycloak-services</artifactId>
<name>Keycloak REST Services</name>
- <description/>
+ <description />
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
index 3437407..4510dc2 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -27,10 +27,8 @@ import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
-import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
testsuite/integration/pom.xml 2(+1 -1)
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 071d891..cae67d1 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -107,7 +107,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/jetty/jetty81/pom.xml 2(+1 -1)
diff --git a/testsuite/jetty/jetty81/pom.xml b/testsuite/jetty/jetty81/pom.xml
index a1772e6..a8936a8 100755
--- a/testsuite/jetty/jetty81/pom.xml
+++ b/testsuite/jetty/jetty81/pom.xml
@@ -101,7 +101,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/jetty/jetty91/pom.xml 2(+1 -1)
diff --git a/testsuite/jetty/jetty91/pom.xml b/testsuite/jetty/jetty91/pom.xml
index 90e2f77..5ef51a1 100755
--- a/testsuite/jetty/jetty91/pom.xml
+++ b/testsuite/jetty/jetty91/pom.xml
@@ -101,7 +101,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/jetty/jetty92/pom.xml 2(+1 -1)
diff --git a/testsuite/jetty/jetty92/pom.xml b/testsuite/jetty/jetty92/pom.xml
index 7da0cbb..c7d91c7 100755
--- a/testsuite/jetty/jetty92/pom.xml
+++ b/testsuite/jetty/jetty92/pom.xml
@@ -101,7 +101,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/performance/pom.xml 2(+1 -1)
diff --git a/testsuite/performance/pom.xml b/testsuite/performance/pom.xml
index 8f06367..7a86e40 100755
--- a/testsuite/performance/pom.xml
+++ b/testsuite/performance/pom.xml
@@ -75,7 +75,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.jmeter</groupId>
testsuite/proxy/pom.xml 2(+1 -1)
diff --git a/testsuite/proxy/pom.xml b/testsuite/proxy/pom.xml
index 5f0773b..721e4c3 100755
--- a/testsuite/proxy/pom.xml
+++ b/testsuite/proxy/pom.xml
@@ -106,7 +106,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/tomcat6/pom.xml 2(+1 -1)
diff --git a/testsuite/tomcat6/pom.xml b/testsuite/tomcat6/pom.xml
index cbd02ea..b8cbf76 100755
--- a/testsuite/tomcat6/pom.xml
+++ b/testsuite/tomcat6/pom.xml
@@ -100,7 +100,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/tomcat7/pom.xml 2(+1 -1)
diff --git a/testsuite/tomcat7/pom.xml b/testsuite/tomcat7/pom.xml
index 5daa7a7..8e17fd3 100755
--- a/testsuite/tomcat7/pom.xml
+++ b/testsuite/tomcat7/pom.xml
@@ -101,7 +101,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
testsuite/tomcat8/pom.xml 2(+1 -1)
diff --git a/testsuite/tomcat8/pom.xml b/testsuite/tomcat8/pom.xml
index 52552d8..b9c7af9 100755
--- a/testsuite/tomcat8/pom.xml
+++ b/testsuite/tomcat8/pom.xml
@@ -100,7 +100,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>