tessl/maven-org-keycloak--keycloak-core
Core Keycloak library providing fundamental authentication and authorization functionality
—
Pending
jose-implementation.mddocs/
JOSE Implementation
Complete JSON Object Signing and Encryption implementation including JWS (JSON Web Signature), JWE (JSON Web Encryption), and JWK (JSON Web Key) support according to RFC specifications.
Capabilities
JWS (JSON Web Signature)
JSON Web Signature implementation for creating and parsing signed JWT tokens.
/**
* JWS token input and parsing utilities
*/
public class JWSInput {
/**
* Create JWS input from token string
* @param token JWS token string
*/
public JWSInput(String token) throws JWSInputException;
/**
* Get the JWS header
* @return JWS header object
*/
public JWSHeader getHeader();
/**
* Get the raw payload content
* @return Payload bytes
*/
public byte[] getContent();
/**
* Read JSON payload content as specified type
* @param type Target class type
* @return Deserialized object
* @throws IOException if JSON parsing fails
*/
public <T> T readJsonContent(Class<T> type) throws IOException;
/**
* Get the encoded signature input (header + payload)
* @return Base64URL encoded signature input
*/
public String getEncodedSignatureInput();
/**
* Get the signature bytes
* @return Signature bytes
*/
public byte[] getSignature();
/**
* Get the raw token string
* @return Original token string
*/
public String getWireString();
}
/**
* JWS header representation
*/
public class JWSHeader extends JOSEHeader {
/**
* Get the signature algorithm
* @return Algorithm identifier (e.g., "RS256", "ES256")
*/
public String getAlgorithm();
/**
* Get the key ID
* @return Key identifier
*/
public String getKeyId();
/**
* Get the token type
* @return Type value (usually "JWT")
*/
public String getType();
/**
* Get the content type
* @return Content type value
*/
public String getContentType();
/**
* Get critical header parameters
* @return Set of critical parameter names
*/
public Set<String> getCritical();
/**
* Get custom header parameter
* @param name Parameter name
* @return Parameter value
*/
public Object getOtherHeaderParameter(String name);
}
/**
* JWS token builder for creating signed tokens
*/
public class JWSBuilder {
/**
* Set JSON content as payload
* @param content Object to serialize as JSON
* @return JWSBuilder for chaining
*/
public JWSBuilder jsonContent(Object content);
/**
* Set raw content as payload
* @param content Raw payload bytes
* @return JWSBuilder for chaining
*/
public JWSBuilder content(byte[] content);
/**
* Set content type header
* @param contentType Content type value
* @return JWSBuilder for chaining
*/
public JWSBuilder contentType(String contentType);
/**
* Set token type header
* @param type Type value
* @return JWSBuilder for chaining
*/
public JWSBuilder type(String type);
/**
* Set key ID header
* @param kid Key identifier
* @return JWSBuilder for chaining
*/
public JWSBuilder kid(String kid);
/**
* Sign the token with the provided signer context
* @param signer Signature signer context
* @return Signed JWS token string
*/
public String sign(SignatureSignerContext signer);
}JWE (JSON Web Encryption)
JSON Web Encryption implementation for creating and parsing encrypted JWT tokens.
/**
* JWE token representation and utilities
*/
public class JWE {
/**
* Create JWE from encrypted token string
* @param token JWE token string
*/
public JWE(String token) throws JWEException;
/**
* Get the JWE header
* @return JWE header object
*/
public JWEHeader getHeader();
/**
* Get the encrypted key
* @return Encrypted key bytes
*/
public byte[] getEncryptedKey();
/**
* Get the initialization vector
* @return IV bytes
*/
public byte[] getIv();
/**
* Get the encrypted content
* @return Encrypted content bytes
*/
public byte[] getEncryptedContent();
/**
* Get the authentication tag
* @return Authentication tag bytes
*/
public byte[] getTag();
}
/**
* JWE header representation
*/
public class JWEHeader extends JOSEHeader {
/**
* Get the key management algorithm
* @return Algorithm identifier (e.g., "RSA-OAEP", "A256KW")
*/
public String getAlgorithm();
/**
* Get the content encryption algorithm
* @return Encryption algorithm (e.g., "A256GCM", "A128CBC-HS256")
*/
public String getEncryptionAlgorithm();
/**
* Get the compression algorithm
* @return Compression algorithm or null
*/
public String getCompressionAlgorithm();
/**
* Get the key ID
* @return Key identifier
*/
public String getKeyId();
}
/**
* JWE constants for algorithms and parameters
*/
public interface JWEConstants {
// Key management algorithms
String RSA1_5 = "RSA1_5";
String RSA_OAEP = "RSA-OAEP";
String RSA_OAEP_256 = "RSA-OAEP-256";
String A128KW = "A128KW";
String A192KW = "A192KW";
String A256KW = "A256KW";
String DIR = "dir";
String A128GCMKW = "A128GCMKW";
String A192GCMKW = "A192GCMKW";
String A256GCMKW = "A256GCMKW";
// Content encryption algorithms
String A128CBC_HS256 = "A128CBC-HS256";
String A192CBC_HS384 = "A192CBC-HS384";
String A256CBC_HS512 = "A256CBC-HS512";
String A128GCM = "A128GCM";
String A192GCM = "A192GCM";
String A256GCM = "A256GCM";
// Compression algorithms
String DEF = "DEF";
}
/**
* JWE utilities for encryption and decryption operations
*/
public class JWEUtils {
/**
* Encrypt content using direct encryption with shared key
* @param content Content to encrypt
* @param encryptionAlg Content encryption algorithm
* @param encryptionKey Symmetric encryption key
* @return JWE token string
* @throws JWEException if encryption fails
*/
public static String encryptDirect(byte[] content, String encryptionAlg, SecretKey encryptionKey)
throws JWEException;
/**
* Decrypt JWE token using direct decryption with shared key
* @param jweString JWE token string
* @param encryptionKey Symmetric encryption key
* @return Decrypted content bytes
* @throws JWEException if decryption fails
*/
public static byte[] decryptDirect(String jweString, SecretKey encryptionKey)
throws JWEException;
/**
* Encrypt content using RSA key encryption
* @param content Content to encrypt
* @param keyAlg Key management algorithm
* @param encryptionAlg Content encryption algorithm
* @param publicKey RSA public key for key encryption
* @return JWE token string
* @throws JWEException if encryption fails
*/
public static String encryptRSA(byte[] content, String keyAlg, String encryptionAlg, PublicKey publicKey)
throws JWEException;
/**
* Decrypt JWE token using RSA key decryption
* @param jweString JWE token string
* @param privateKey RSA private key for key decryption
* @return Decrypted content bytes
* @throws JWEException if decryption fails
*/
public static byte[] decryptRSA(String jweString, PrivateKey privateKey)
throws JWEException;
}JWK (JSON Web Key)
JSON Web Key implementation for representing cryptographic keys in JSON format.
/**
* JSON Web Key representation
*/
public class JWK {
/**
* Get the key type
* @return Key type (e.g., "RSA", "EC", "oct")
*/
public String getKeyType();
/**
* Get the key ID
* @return Key identifier
*/
public String getKeyId();
/**
* Get the algorithm
* @return Algorithm identifier
*/
public String getAlgorithm();
/**
* Get the key usage
* @return Key use (e.g., "sig", "enc")
*/
public String getKeyUse();
/**
* Get key operations
* @return List of key operations
*/
public List<String> getKeyOps();
/**
* Convert to PublicKey instance
* @return PublicKey object
*/
public PublicKey toPublicKey();
/**
* Check if key ID is present
* @return true if key has an ID
*/
public boolean hasKeyId();
/**
* Get custom JWK parameter
* @param name Parameter name
* @return Parameter value
*/
public Object getOtherKeyParameter(String name);
}
/**
* JSON Web Key Set representation
*/
public class JSONWebKeySet {
/**
* Get all keys in the set
* @return List of JWK objects
*/
public List<JWK> getKeys();
/**
* Get a key by its key ID
* @param kid Key identifier
* @return JWK object or null if not found
*/
public JWK getKeyByKid(String kid);
/**
* Get keys by algorithm
* @param algorithm Algorithm identifier
* @return List of matching JWK objects
*/
public List<JWK> getKeysByAlg(String algorithm);
/**
* Get keys by key use
* @param use Key use identifier
* @return List of matching JWK objects
*/
public List<JWK> getKeysByUse(String use);
}
/**
* RSA public key JWK representation
*/
public class RSAPublicJWK extends JWK {
/**
* Get the RSA modulus (n parameter)
* @return Base64URL encoded modulus
*/
public String getModulus();
/**
* Get the RSA public exponent (e parameter)
* @return Base64URL encoded exponent
*/
public String getPublicExponent();
/**
* Convert to RSA PublicKey
* @return RSAPublicKey instance
*/
public RSAPublicKey toRSAPublicKey();
}
/**
* Elliptic Curve public key JWK representation
*/
public class ECPublicJWK extends JWK {
/**
* Get the curve name (crv parameter)
* @return Curve identifier (e.g., "P-256", "P-384", "P-521")
*/
public String getCrv();
/**
* Get the x coordinate (x parameter)
* @return Base64URL encoded x coordinate
*/
public String getX();
/**
* Get the y coordinate (y parameter)
* @return Base64URL encoded y coordinate
*/
public String getY();
/**
* Convert to EC PublicKey
* @return ECPublicKey instance
*/
public ECPublicKey toECPublicKey();
}
/**
* Octet Key Pair (EdDSA) JWK representation
*/
public class OKPPublicJWK extends JWK {
/**
* Get the curve name (crv parameter)
* @return Curve identifier (e.g., "Ed25519", "Ed448")
*/
public String getCrv();
/**
* Get the public key value (x parameter)
* @return Base64URL encoded public key
*/
public String getX();
}JWK Builder and Utilities
/**
* JWK builder for creating JWK objects from keys
*/
public class JWKBuilder {
/**
* Create JWK from RSA public key
* @param publicKey RSA public key
* @return RSAPublicJWK instance
*/
public static RSAPublicJWK createRSAJWK(RSAPublicKey publicKey);
/**
* Create JWK from EC public key
* @param publicKey EC public key
* @return ECPublicJWK instance
*/
public static ECPublicJWK createECJWK(ECPublicKey publicKey);
/**
* Create JWK from secret key
* @param secretKey Symmetric secret key
* @return JWK instance
*/
public static JWK createSecretJWK(SecretKey secretKey);
}
/**
* JWK parsing utilities
*/
public class JWKParser {
/**
* Parse JWK from JSON string
* @param json JWK JSON representation
* @return JWK instance
* @throws IOException if parsing fails
*/
public static JWK parseJWK(String json) throws IOException;
/**
* Parse JWK Set from JSON string
* @param json JWK Set JSON representation
* @return JSONWebKeySet instance
* @throws IOException if parsing fails
*/
public static JSONWebKeySet parseJWKSet(String json) throws IOException;
}
/**
* JWK utilities for key operations
*/
public class JWKUtil {
/**
* Convert JWK to KeyWrapper
* @param jwk JWK instance
* @return KeyWrapper instance
*/
public static KeyWrapper toKeyWrapper(JWK jwk);
/**
* Convert KeyWrapper to JWK
* @param keyWrapper KeyWrapper instance
* @return JWK instance
*/
public static JWK fromKeyWrapper(KeyWrapper keyWrapper);
/**
* Validate JWK structure and parameters
* @param jwk JWK to validate
* @return true if valid
*/
public static boolean isValid(JWK jwk);
}JOSE Parser and Base Classes
/**
* Generic JOSE parser for JWS and JWE tokens
*/
public class JOSEParser {
/**
* Parse JOSE token (JWS or JWE)
* @param token JOSE token string
* @return JOSE object
* @throws JOSEException if parsing fails
*/
public static JOSE parse(String token) throws JOSEException;
/**
* Parse JOSE header only
* @param token JOSE token string
* @return JOSEHeader object
* @throws JOSEException if parsing fails
*/
public static JOSEHeader parseHeader(String token) throws JOSEException;
/**
* Check if token is JWS format
* @param token Token string
* @return true if JWS format
*/
public static boolean isJWS(String token);
/**
* Check if token is JWE format
* @param token Token string
* @return true if JWE format
*/
public static boolean isJWE(String token);
}
/**
* Base JOSE header representation
*/
public class JOSEHeader {
/**
* Get the algorithm header parameter
* @return Algorithm identifier
*/
public String getAlgorithm();
/**
* Get the type header parameter
* @return Type value
*/
public String getType();
/**
* Get the key ID header parameter
* @return Key identifier
*/
public String getKeyId();
/**
* Get the content type header parameter
* @return Content type value
*/
public String getContentType();
/**
* Get custom header parameter
* @param name Parameter name
* @return Parameter value
*/
public Object getHeaderParameter(String name);
}
/**
* Base JOSE token representation
*/
public class JOSE {
/**
* Get the JOSE header
* @return JOSEHeader object
*/
public JOSEHeader getHeader();
/**
* Get the raw token string
* @return Original token string
*/
public String serialize();
}Exception Handling
/**
* Exception thrown during JWS input parsing
*/
public class JWSInputException extends Exception {
public JWSInputException(String message);
public JWSInputException(String message, Throwable cause);
}
/**
* Exception thrown during JWE operations
*/
public class JWEException extends Exception {
public JWEException(String message);
public JWEException(String message, Throwable cause);
}
/**
* General JOSE exception
*/
public class JOSEException extends Exception {
public JOSEException(String message);
public JOSEException(String message, Throwable cause);
}Usage Examples
import org.keycloak.jose.jws.*;
import org.keycloak.jose.jwk.*;
import org.keycloak.jose.jwe.*;
import org.keycloak.crypto.*;
// Create and sign a JWS token
JWSBuilder builder = new JWSBuilder();
String jws = builder
.jsonContent(Map.of("sub", "user123", "name", "John Doe"))
.type("JWT")
.kid("key-1")
.sign(signerContext);
// Parse and verify JWS token
JWSInput jwsInput = new JWSInput(jws);
JWSHeader header = jwsInput.getHeader();
Map<String, Object> payload = jwsInput.readJsonContent(Map.class);
// Work with JWK Set
String jwksJson = "{ \"keys\": [...] }";
JSONWebKeySet jwks = JWKParser.parseJWKSet(jwksJson);
JWK signingKey = jwks.getKeyByKid("key-1");
PublicKey publicKey = signingKey.toPublicKey();
// JWE encryption/decryption
byte[] content = "sensitive data".getBytes();
String jweToken = JWEUtils.encryptDirect(content, JWEConstants.A256GCM, secretKey);
byte[] decrypted = JWEUtils.decryptDirect(jweToken, secretKey);Install with Tessl CLI
npx tessl i tessl/maven-org-keycloak--keycloak-core