External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Deprecate org.keycloak.common.util.Base64

Browse Source 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
This commit is contained in:
Tomáš Kyjovský 2025-10-30 09:12:14 +01:00 committed by GitHub
parent f65adbf628
commit 4c64b7189c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
64 changed files with 250 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/PemUtils.java
View File

@ -20,7 +20,6 @@
package org.keycloak.adapters.saml.config;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@ -34,11 +33,11 @@ import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jboss.logging.Logger;
import org.keycloak.common.crypto.CryptoConstants;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.PemException;
/**
@ -125,9 +124,9 @@ public class PemUtils {
private static byte[] pemToDer(String pem) {
try {
pem = removeBeginEnd(pem);
return Base64.decode(pem);
} catch (IOException ioe) {
throw new PemException(ioe);
return Base64.getDecoder().decode(pem);
} catch (IllegalArgumentException e) {
throw new PemException(e);
}
}

4
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java
View File

@ -23,6 +23,7 @@ import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
@ -46,7 +47,6 @@ import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.dom.saml.v2.SAML2Object;
@ -689,7 +689,7 @@ public abstract class AbstractSamlAuthenticationHandler implements SamlAuthentic
try {
//byte[] decodedSignature = RedirectBindingUtil.urlBase64Decode(signature);
byte[] decodedSignature = Base64.decode(signature);
byte[] decodedSignature = Base64.getDecoder().decode(signature);
byte[] rawQueryBytes = rawQuery.getBytes(StandardCharsets.UTF_8);
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getFromXmlMethod(decodedAlgorithm);

9
common/src/main/java/org/keycloak/common/crypto/PemUtilsProvider.java
View File

@ -18,7 +18,6 @@
package org.keycloak.common.crypto;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@ -26,8 +25,8 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Base64;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.DerUtils;
import org.keycloak.common.util.PemException;
@ -129,9 +128,9 @@ public abstract class PemUtilsProvider {
public byte[] pemToDer(String pem) {
try {
pem = removeBeginEnd(pem);
return Base64.decode(pem);
} catch (IOException ioe) {
throw new PemException(ioe);
return Base64.getDecoder().decode(pem);
} catch (IllegalArgumentException e) {
throw new PemException(e);
}
}

1
common/src/main/java/org/keycloak/common/util/Base64.java
View File

@ -153,6 +153,7 @@ import java.io.IOException;
* @author rob@iharder.net
* @version 2.3.7
*/
@Deprecated
public class Base64
{

18
common/src/main/java/org/keycloak/common/util/Base64Url.java
View File

@ -18,23 +18,24 @@
package org.keycloak.common.util;
import java.util.Base64;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class Base64Url {
// Initialize only once, avoiding repeated creation by the factory method.
public static final Base64.Encoder BASE64_URL_ENCODER_WITHOUT_PADDING = Base64.getUrlEncoder().withoutPadding();
public static String encode(byte[] bytes) {
String s = Base64.encodeBytes(bytes);
return encodeBase64ToBase64Url(s);
return BASE64_URL_ENCODER_WITHOUT_PADDING.encodeToString(bytes);
}
public static byte[] decode(String s) {
s = encodeBase64UrlToBase64(s);
try {
return Base64.decode(s);
} catch (Exception e) {
throw new RuntimeException(e);
}
// some places invoke this without a Base64 url encoding! ugh!
return Base64.getUrlDecoder().decode(encodeBase64ToBase64Url(s));
}
@ -54,6 +55,7 @@ public class Base64Url {
* @param base64Url String in base64Url encoding
* @return String in base64 encoding
*/
@Deprecated
public static String encodeBase64UrlToBase64(String base64Url) {
String s = base64Url.replace('-', '+'); // 62nd char of encoding
s = s.replace('_', '/'); // 63rd char of encoding

4
common/src/main/java/org/keycloak/common/util/KerberosSerializationUtils.java
View File

@ -95,7 +95,7 @@ public class KerberosSerializationUtils {
out = new ObjectOutputStream(bos);
out.writeObject(obj);
byte[] objBytes = bos.toByteArray();
return Base64.encodeBytes(objBytes);
return java.util.Base64.getEncoder().encodeToString(objBytes);
} finally {
try {
if (out != null) {
@ -108,7 +108,7 @@ public class KerberosSerializationUtils {
}
private static Object deserialize(String serialized) throws ClassNotFoundException, IOException {
byte[] bytes = Base64.decode(serialized);
byte[] bytes = java.util.Base64.getDecoder().decode(serialized);
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
ObjectInputStream in = null;
try {

4
core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java
View File

@ -18,7 +18,6 @@
package org.keycloak.jose.jws;
import com.fasterxml.jackson.core.JsonProcessingException;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.jose.jwk.JWK;
@ -32,6 +31,7 @@ import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
@ -72,7 +72,7 @@ public class JWSBuilder {
this.x5c = x5c.stream()
.map(x509Certificate -> {
try {
return Base64.encodeBytes(x509Certificate.getEncoded());
return Base64.getEncoder().encodeToString(x509Certificate.getEncoded());
} catch (CertificateEncodingException e) {
throw new RuntimeException(e);
}

9
core/src/main/java/org/keycloak/util/BasicAuthHelper.java
View File

@ -17,13 +17,12 @@
package org.keycloak.util;
import org.keycloak.common.util.Base64;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
/**
* The default implementation is compliant with <a href="https://datatracker.ietf.org/doc/html/rfc2617">RFC 2617</a>
@ -33,7 +32,7 @@ import java.nio.charset.StandardCharsets;
*/
public class BasicAuthHelper {
public static String createHeader(String username, String password) {
return "Basic " + Base64.encodeBytes((username + ':' + password).getBytes(StandardCharsets.UTF_8));
return "Basic " + Base64.getEncoder().encodeToString((username + ':' + password).getBytes(StandardCharsets.UTF_8));
}
public static String[] parseHeader(String header) {
@ -45,8 +44,8 @@ public class BasicAuthHelper {
String val;
try {
val = new String(Base64.decode(header.substring(6)));
} catch (IOException e) {
val = new String(Base64.getDecoder().decode(header.substring(6)));
} catch (IllegalArgumentException e) {
return null;
}

6
core/src/test/java/org/keycloak/RSAVerifierTest.java
View File

@ -23,7 +23,6 @@ import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.Time;
import org.keycloak.jose.jwk.JWK;
@ -39,6 +38,7 @@ import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
@ -107,8 +107,8 @@ public abstract class RSAVerifierTest {
List<String> x5c = tokenVerifier.getHeader().getX5c();
Assert.assertEquals(2, x5c.size());
Assert.assertEquals(Base64.encodeBytes(idpCertificate.getEncoded()), x5c.get(0));
Assert.assertEquals(Base64.encodeBytes(caCertificate.getEncoded()), x5c.get(1));
Assert.assertEquals(Base64.getEncoder().encodeToString(idpCertificate.getEncoded()), x5c.get(0));
Assert.assertEquals(Base64.getEncoder().encodeToString(caCertificate.getEncoded()), x5c.get(1));
Assert.assertEquals(JsonSerialization.mapper.convertValue(jwk, Map.class),
JsonSerialization.mapper.convertValue(tokenVerifier.getHeader().getKey(), Map.class));
}

2
core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java
View File

@ -151,7 +151,7 @@ public class SkeletonKeyTokenTest {
@Test
public void testZipException() throws Exception {
// KEYCLOAK-2479
// Example of LogoutAction, which shows the exception to STDERR during Base64.decode . Need to use flag DONT_GUNZIP to avoid it.
// Example of LogoutAction, which shows the exception to STDERR during Base64 decode . Need to use flag DONT_GUNZIP to avoid it.
String logoutAction = "eyJhbGciOiJSUzI1NiJ9.eyJpZCI6ImUwYmRmMjQyLWJjZGItNGVjMy1hMGU4LTNjN2YyOTUzOTk5MC0xNDU1NzgyNTU2NjAyIiwiZXhwaXJhdGlvbiI6MTQ1NTc4MjU4NiwicmVzb3VyY2UiOiJwcm9kdWN0LXBvcnRhbCIsImFjdGlvbiI6IkxPR09VVCIsImFkYXB0ZXJTZXNzaW9uSWRzIjpbImx2c0oxNUpSX01XUE13aTIwbWRhTkJFRVZQZzQtMTkzVUZKem42M1EiXSwibm90QmVmb3JlIjowLCJrZXljbG9ha1Nlc3Npb25JZHMiOlsiOThkNWE3YTYtYjNmNi00ZTg3LWI5OTktOTg1N2YzMDRiZjY4Il19.H4vo7YXW8oQgYsIo9VPYeSsp1jXJR0TwJUwmiXjQJSyxFoKhHgIh3Y63ldVUeBRppxX9xhjOdYEckeppAn-1XnNxUmbExXWXirRIw8tiEtUPPCPztdkKsM0y6xWRd3Sjgg4fWB_1sMn6EWvCAvO7ahs6Rbb2Vo18nlHfxYRSTWw";
JWSInput input = new JWSInput(logoutAction);
}

4
crypto/default/src/main/java/org/keycloak/crypto/hash/Argon2PasswordHashProvider.java
View File

@ -2,7 +2,6 @@ package org.keycloak.crypto.hash;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.credential.hash.PasswordHashProvider;
import org.keycloak.credential.hash.Salt;
@ -12,6 +11,7 @@ import org.keycloak.models.credential.dto.PasswordCredentialData;
import org.keycloak.models.credential.dto.PasswordSecretData;
import org.keycloak.tracing.TracingProviderUtil;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@ -130,7 +130,7 @@ public class Argon2PasswordHashProvider implements PasswordHashProvider {
byte[] result = new byte[hashLength];
generator.generateBytes(rawPassword.toCharArray(), result);
return Base64.encodeBytes(result);
return Base64.getEncoder().encodeToString(result);
});
} finally {
cpuCoreSemaphore.release();

9
federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
View File

@ -24,15 +24,14 @@ import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.jboss.logging.Logger;
import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.KerberosSerializationUtils;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.KerberosPrincipal;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Base64;
import java.util.Iterator;
import java.util.Set;
@ -157,16 +156,16 @@ public class SPNEGOAuthenticator {
}
protected GSSContext establishContext() throws GSSException, IOException {
protected GSSContext establishContext() throws GSSException {
GSSManager manager = GSSManager.getInstance();
Oid[] supportedMechs = new Oid[] { KerberosConstants.KRB5_OID, KerberosConstants.SPNEGO_OID };
GSSCredential gssCredential = manager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, supportedMechs, GSSCredential.ACCEPT_ONLY);
GSSContext gssContext = manager.createContext(gssCredential);
byte[] inputToken = Base64.decode(spnegoToken);
byte[] inputToken = Base64.getDecoder().decode(spnegoToken);
byte[] respToken = gssContext.acceptSecContext(inputToken, 0, inputToken.length);
responseToken = Base64.encodeBytes(respToken);
responseToken = Base64.getEncoder().encodeToString(respToken);
return gssContext;
}

9
federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPIdentityStore.java
View File

@ -19,7 +19,6 @@ package org.keycloak.storage.ldap.idm.store.ldap;
import javax.naming.NameAlreadyBoundException;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException;
@ -47,8 +46,8 @@ import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
@ -485,7 +484,7 @@ public class LDAPIdentityStore implements IdentityStore {
Object val = enumm.next();
if (val instanceof byte[]) { // byte[]
String attrVal = Base64.encodeBytes((byte[]) val);
String attrVal = Base64.getEncoder().encodeToString((byte[]) val);
attrValues.add(attrVal);
} else { // String
String attrVal = val.toString().trim();
@ -599,9 +598,9 @@ public class LDAPIdentityStore implements IdentityStore {
}
try {
byte[] bytes = Base64.decode(value);
byte[] bytes = Base64.getDecoder().decode(value);
attr.add(bytes);
} catch (IOException ioe) {
} catch (IllegalArgumentException iae) {
logger.warnf("Wasn't able to Base64 decode the attribute value. Ignoring attribute update. Attribute: %s, Attribute value: %s", attrName, attrValue);
}
}

4
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/BasicAuthFilter.java
View File

@ -21,8 +21,8 @@ import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.client.ClientRequestFilter;
import jakarta.ws.rs.core.HttpHeaders;
import java.io.IOException;
import java.util.Base64;
import org.keycloak.common.util.Base64;
/**
* @author rodrigo.sasaki@icarros.com.br
@ -40,7 +40,7 @@ public class BasicAuthFilter implements ClientRequestFilter {
@Override
public void filter(ClientRequestContext requestContext) throws IOException {
String pair = username + ":" + password;
String authHeader = "Basic " + Base64.encodeBytes(pair.getBytes());
String authHeader = "Basic " + Base64.getEncoder().encodeToString(pair.getBytes());
requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader);
}

4
integration/client-registration/src/main/java/org/keycloak/client/registration/Auth.java
View File

@ -17,9 +17,9 @@
package org.keycloak.client.registration;
import java.util.Base64;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpRequest;
import org.keycloak.common.util.Base64;
import org.keycloak.representations.idm.ClientInitialAccessPresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
@ -77,7 +77,7 @@ public abstract class Auth {
@Override
public void addAuth(HttpRequest request) {
String val = Base64.encodeBytes((username + ":" + password).getBytes());
String val = Base64.getEncoder().encodeToString((username + ":" + password).getBytes());
request.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + val);
}
}

7
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStore.java
View File

@ -17,7 +17,6 @@
package org.keycloak.models.jpa;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.UserCredentialStore;
import org.keycloak.models.KeycloakSession;
@ -29,11 +28,11 @@ import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import jakarta.persistence.EntityManager;
import jakarta.persistence.LockModeType;
import jakarta.persistence.TypedQuery;
import java.util.Base64;
import java.util.List;
import jakarta.persistence.LockModeType;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@ -105,7 +104,7 @@ public class JpaUserCredentialStore implements UserCredentialStore {
// Backwards compatibility - users from previous version still have "salt" in the DB filled.
// We migrate it to new secretData format on-the-fly
if (entity.getSalt() != null) {
String newSecretData = entity.getSecretData().replace("__SALT__", Base64.encodeBytes(entity.getSalt()));
String newSecretData = entity.getSecretData().replace("__SALT__", Base64.getEncoder().encodeToString(entity.getSalt()));
entity.setSecretData(newSecretData);
entity.setSalt(null);
}

4
model/jpa/src/main/java/org/keycloak/storage/jpa/JpaUserFederatedStorageProvider.java
View File

@ -17,7 +17,6 @@
package org.keycloak.storage.jpa;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
@ -55,6 +54,7 @@ import org.keycloak.storage.jpa.entity.FederatedUserRoleMappingEntity;
import jakarta.persistence.EntityManager;
import jakarta.persistence.TypedQuery;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
@ -652,7 +652,7 @@ public class JpaUserFederatedStorageProvider implements
// Backwards compatibility - users from previous version still have "salt" in the DB filled.
// We migrate it to new secretData format on-the-fly
if (entity.getSalt() != null) {
String newSecretData = entity.getSecretData().replace("__SALT__", Base64.encodeBytes(entity.getSalt()));
String newSecretData = entity.getSecretData().replace("__SALT__", Base64.getEncoder().encodeToString(entity.getSalt()));
entity.setSecretData(newSecretData);
entity.setSalt(null);
}

18
saml-core-api/src/main/java/org/keycloak/dom/xmlsec/w3/xmldsig/DSAKeyValueType.java
View File

@ -17,7 +17,6 @@
package org.keycloak.dom.xmlsec.w3.xmldsig;
import org.keycloak.common.util.Base64;
import org.keycloak.saml.common.constants.WSTrustConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
@ -27,6 +26,7 @@ import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.util.Base64;
/**
* <p>
@ -203,10 +203,10 @@ public class DSAKeyValueType implements KeyValueType {
public DSAPublicKey convertToPublicKey() throws ProcessingException {
try {
BigInteger BigY = new BigInteger(1, massage(Base64.decode(new String(y))));
BigInteger BigP = new BigInteger(1, massage(Base64.decode(new String(p))));
BigInteger BigQ = new BigInteger(1, massage(Base64.decode(new String(q))));
BigInteger BigG = new BigInteger(1, massage(Base64.decode(new String(g))));
BigInteger BigY = new BigInteger(1, massage(Base64.getDecoder().decode(new String(y))));
BigInteger BigP = new BigInteger(1, massage(Base64.getDecoder().decode(new String(p))));
BigInteger BigQ = new BigInteger(1, massage(Base64.getDecoder().decode(new String(q))));
BigInteger BigG = new BigInteger(1, massage(Base64.getDecoder().decode(new String(g))));
KeyFactory dsaKeyFactory = KeyFactory.getInstance("dsa");
DSAPublicKeySpec kspec = new DSAPublicKeySpec(BigY, BigP, BigQ, BigG);
@ -226,10 +226,10 @@ public class DSAKeyValueType implements KeyValueType {
public DSAPrivateKey convertToPrivateKey() throws ProcessingException {
try {
BigInteger BigY = new BigInteger(1, massage(Base64.decode(new String(y))));
BigInteger BigP = new BigInteger(1, massage(Base64.decode(new String(p))));
BigInteger BigQ = new BigInteger(1, massage(Base64.decode(new String(q))));
BigInteger BigG = new BigInteger(1, massage(Base64.decode(new String(g))));
BigInteger BigY = new BigInteger(1, massage(Base64.getDecoder().decode(new String(y))));
BigInteger BigP = new BigInteger(1, massage(Base64.getDecoder().decode(new String(p))));
BigInteger BigQ = new BigInteger(1, massage(Base64.getDecoder().decode(new String(q))));
BigInteger BigG = new BigInteger(1, massage(Base64.getDecoder().decode(new String(g))));
KeyFactory dsaKeyFactory = KeyFactory.getInstance("dsa");
DSAPrivateKeySpec kspec = new DSAPrivateKeySpec(BigY, BigP, BigQ, BigG);

10
saml-core-api/src/main/java/org/keycloak/dom/xmlsec/w3/xmldsig/RSAKeyValueType.java
View File

@ -17,7 +17,6 @@
package org.keycloak.dom.xmlsec.w3.xmldsig;
import org.keycloak.common.util.Base64;
import org.keycloak.saml.common.constants.WSTrustConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
@ -27,6 +26,7 @@ import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
/**
* <p>
@ -98,8 +98,8 @@ public class RSAKeyValueType implements KeyValueType {
*/
public RSAPublicKey convertToPublicKey() throws ProcessingException {
try {
BigInteger bigModulus = new BigInteger(1, massage(Base64.decode(new String(modulus))));
BigInteger bigEx = new BigInteger(1, massage(Base64.decode(new String(exponent))));
BigInteger bigModulus = new BigInteger(1, massage(Base64.getDecoder().decode(new String(modulus))));
BigInteger bigEx = new BigInteger(1, massage(Base64.getDecoder().decode(new String(exponent))));
KeyFactory rsaKeyFactory = KeyFactory.getInstance("rsa");
RSAPublicKeySpec kspec = new RSAPublicKeySpec(bigModulus, bigEx);
return (RSAPublicKey) rsaKeyFactory.generatePublic(kspec);
@ -117,8 +117,8 @@ public class RSAKeyValueType implements KeyValueType {
*/
public RSAPrivateKey convertToPrivateKey() throws ProcessingException {
try {
BigInteger bigModulus = new BigInteger(1, massage(Base64.decode(new String(modulus))));
BigInteger bigEx = new BigInteger(1, massage(Base64.decode(new String(exponent))));
BigInteger bigModulus = new BigInteger(1, massage(Base64.getDecoder().decode(new String(modulus))));
BigInteger bigEx = new BigInteger(1, massage(Base64.getDecoder().decode(new String(exponent))));
KeyFactory rsaKeyFactory = KeyFactory.getInstance("rsa");
RSAPrivateKeySpec kspec = new RSAPrivateKeySpec(bigModulus, bigEx);
return (RSAPrivateKey) rsaKeyFactory.generatePrivate(kspec);

14
saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/SignatureUtil.java
View File

@ -16,7 +16,6 @@
*/
package org.keycloak.saml.processing.core.saml.v2.util;
import org.keycloak.common.util.Base64;
import org.keycloak.dom.xmlsec.w3.xmldsig.DSAKeyValueType;
import org.keycloak.dom.xmlsec.w3.xmldsig.KeyValueType;
import org.keycloak.dom.xmlsec.w3.xmldsig.RSAKeyValueType;
@ -38,6 +37,7 @@ import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
/**
* Signature utility for signing content
@ -184,8 +184,8 @@ public class SignatureUtil {
byte[] exponent = pubKey.getPublicExponent().toByteArray();
RSAKeyValueType rsaKeyValue = new RSAKeyValueType();
rsaKeyValue.setModulus(Base64.encodeBytes(modulus).getBytes(GeneralConstants.SAML_CHARSET));
rsaKeyValue.setExponent(Base64.encodeBytes(exponent).getBytes(GeneralConstants.SAML_CHARSET));
rsaKeyValue.setModulus(Base64.getEncoder().encodeToString(modulus).getBytes(GeneralConstants.SAML_CHARSET));
rsaKeyValue.setExponent(Base64.getEncoder().encodeToString(exponent).getBytes(GeneralConstants.SAML_CHARSET));
return rsaKeyValue;
} else if (key instanceof DSAPublicKey) {
DSAPublicKey pubKey = (DSAPublicKey) key;
@ -195,10 +195,10 @@ public class SignatureUtil {
byte[] Y = pubKey.getY().toByteArray();
DSAKeyValueType dsaKeyValue = new DSAKeyValueType();
dsaKeyValue.setP(Base64.encodeBytes(P).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setQ(Base64.encodeBytes(Q).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setG(Base64.encodeBytes(G).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setY(Base64.encodeBytes(Y).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setP(Base64.getEncoder().encodeToString(P).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setQ(Base64.getEncoder().encodeToString(Q).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setG(Base64.getEncoder().encodeToString(G).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setY(Base64.getEncoder().encodeToString(Y).getBytes(GeneralConstants.SAML_CHARSET));
return dsaKeyValue;
}
throw logger.unsupportedType(key.toString());

14
saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java
View File

@ -16,7 +16,6 @@
*/
package org.keycloak.saml.processing.core.util;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.PemUtils;
import org.keycloak.dom.xmlsec.w3.xmldsig.DSAKeyValueType;
import org.keycloak.dom.xmlsec.w3.xmldsig.KeyValueType;
@ -80,6 +79,7 @@ import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
@ -732,8 +732,8 @@ public class XMLSignatureUtil {
byte[] exponent = pubKey.getPublicExponent().toByteArray();
RSAKeyValueType rsaKeyValue = new RSAKeyValueType();
rsaKeyValue.setModulus(Base64.encodeBytes(modulus).getBytes(GeneralConstants.SAML_CHARSET));
rsaKeyValue.setExponent(Base64.encodeBytes(exponent).getBytes(GeneralConstants.SAML_CHARSET));
rsaKeyValue.setModulus(Base64.getEncoder().encodeToString(modulus).getBytes(GeneralConstants.SAML_CHARSET));
rsaKeyValue.setExponent(Base64.getEncoder().encodeToString(exponent).getBytes(GeneralConstants.SAML_CHARSET));
return rsaKeyValue;
} else if (key instanceof DSAPublicKey) {
DSAPublicKey pubKey = (DSAPublicKey) key;
@ -743,10 +743,10 @@ public class XMLSignatureUtil {
byte[] Y = pubKey.getY().toByteArray();
DSAKeyValueType dsaKeyValue = new DSAKeyValueType();
dsaKeyValue.setP(Base64.encodeBytes(P).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setQ(Base64.encodeBytes(Q).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setG(Base64.encodeBytes(G).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setY(Base64.encodeBytes(Y).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setP(Base64.getEncoder().encodeToString(P).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setQ(Base64.getEncoder().encodeToString(Q).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setG(Base64.getEncoder().encodeToString(G).getBytes(GeneralConstants.SAML_CHARSET));
dsaKeyValue.setY(Base64.getEncoder().encodeToString(Y).getBytes(GeneralConstants.SAML_CHARSET));
return dsaKeyValue;
}
throw logger.unsupportedType(key.toString());

6
saml-core/src/main/java/org/keycloak/saml/processing/web/util/PostBindingUtil.java
View File

@ -16,7 +16,6 @@
*/
package org.keycloak.saml.processing.web.util;
import org.keycloak.common.util.Base64;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.constants.GeneralConstants;
@ -24,6 +23,7 @@ import org.keycloak.saml.common.constants.GeneralConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Base64;
/**
* Utility for the HTTP/Post binding
@ -43,7 +43,7 @@ public class PostBindingUtil {
* @return
*/
public static String base64Encode(String stringToEncode) throws IOException {
return Base64.encodeBytes(stringToEncode.getBytes(GeneralConstants.SAML_CHARSET));
return Base64.getEncoder().encodeToString(stringToEncode.getBytes(GeneralConstants.SAML_CHARSET));
}
/**
@ -58,7 +58,7 @@ public class PostBindingUtil {
throw logger.nullArgumentError("encodedString");
try {
return Base64.decode(encodedString);
return Base64.getDecoder().decode(encodedString);
} catch (Exception e) {
logger.error(e);
throw logger.invalidArgumentError("base64 decode failed: " + e.getMessage());

12
saml-core/src/main/java/org/keycloak/saml/processing/web/util/RedirectBindingUtil.java
View File

@ -16,7 +16,6 @@
*/
package org.keycloak.saml.processing.web.util;
import org.keycloak.common.util.Base64;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.util.StringUtil;
import org.keycloak.saml.processing.api.util.DeflateUtil;
@ -25,6 +24,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Base64;
/**
* Utility class for SAML HTTP/Redirect binding
@ -70,7 +70,7 @@ public class RedirectBindingUtil {
* @throws IOException
*/
public static String base64Encode(byte[] stringToEncode) throws IOException {
return Base64.encodeBytes(stringToEncode);
return Base64.getEncoder().encodeToString(stringToEncode);
}
/**
@ -83,7 +83,7 @@ public class RedirectBindingUtil {
* @throws IOException
*/
public static String base64URLEncode(byte[] stringToEncode) throws IOException {
String base64Request = Base64.encodeBytes(stringToEncode);
String base64Request = Base64.getEncoder().encodeToString(stringToEncode);
return urlEncode(base64Request);
}
@ -98,7 +98,7 @@ public class RedirectBindingUtil {
*/
public static byte[] urlBase64Decode(String encodedString) throws IOException {
String decodedString = urlDecode(encodedString);
return Base64.decode(decodedString);
return Base64.getDecoder().decode(decodedString);
}
/**
@ -139,7 +139,7 @@ public class RedirectBindingUtil {
*/
public static String deflateBase64Encode(byte[] stringToEncode) throws IOException {
byte[] deflatedMsg = DeflateUtil.encode(stringToEncode);
return Base64.encodeBytes(deflatedMsg);
return Base64.getEncoder().encodeToString(deflatedMsg);
}
/**
@ -166,7 +166,7 @@ public class RedirectBindingUtil {
* @throws IOException
*/
public static InputStream base64DeflateDecode(String encodedString) throws IOException {
byte[] base64decodedMsg = Base64.decode(encodedString);
byte[] base64decodedMsg = Base64.getDecoder().decode(encodedString);
return DeflateUtil.decode(base64decodedMsg);
}

4
saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java
View File

@ -25,7 +25,6 @@ import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.crypto.CryptoProvider;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.DerUtils;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.dom.saml.v2.SAML2Object;
@ -85,6 +84,7 @@ import java.math.BigInteger;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
@ -217,7 +217,7 @@ public class SAMLParserTest {
assertNull(rtChoiceType.getAssertion());
assertNotNull(rtChoiceType.getEncryptedAssertion());
PrivateKey privateKey = DerUtils.decodePrivateKey(Base64.decode(PRIVATE_KEY));
PrivateKey privateKey = DerUtils.decodePrivateKey(Base64.getDecoder().decode(PRIVATE_KEY));
AssertionUtil.decryptAssertion(resp, privateKey);
rtChoiceType = resp.getAssertions().get(0);

25
saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/util/AssertionUtilTest.java
View File

@ -1,18 +1,12 @@
package org.keycloak.saml.processing.core.saml.v2.util;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Scanner;
@ -20,7 +14,6 @@ import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.crypto.CryptoProvider;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.DerUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
@ -31,6 +24,13 @@ import org.keycloak.saml.processing.core.parsers.saml.SAMLParserTest;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
public class AssertionUtilTest {
private static final String PRIVATE_KEY = "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==";
@ -48,7 +48,7 @@ public class AssertionUtilTest {
@Test
public void testSaml20Signed() throws Exception {
X509Certificate decodeCertificate = DerUtils.decodeCertificate(new ByteArrayInputStream(Base64.decode(PUBLIC_CERT)));
X509Certificate decodeCertificate = DerUtils.decodeCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(PUBLIC_CERT)));
try (InputStream st = AssertionUtilTest.class.getResourceAsStream("saml20-signed-response.xml")) {
Document document = DocumentUtil.getDocument(st);
@ -59,18 +59,19 @@ public class AssertionUtilTest {
// test manipulation of signature
Element signatureElement = AssertionUtil.getSignature(assertion);
byte[] validSignature = Base64.decode(signatureElement.getTextContent());
Element signatureValue = (Element) signatureElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "SignatureValue").item(0);
byte[] validSignature = Base64.getDecoder().decode(signatureValue.getTextContent());
// change the signature value slightly
byte[] invalidSignature = Arrays.copyOf(validSignature, validSignature.length);
invalidSignature[0] ^= invalidSignature[0];
signatureElement.setTextContent(Base64.encodeBytes(invalidSignature));
signatureValue.setTextContent(Base64.getEncoder().encodeToString(invalidSignature));
// check that signature now is invalid
assertFalse(AssertionUtil.isSignatureValid(document.getDocumentElement(), decodeCertificate.getPublicKey()));
// restore valid signature, but remove Signature element, check that still invalid
signatureElement.setTextContent(Base64.encodeBytes(validSignature));
signatureElement.setTextContent(Base64.getEncoder().encodeToString(validSignature));
assertion.removeChild(signatureElement);
assertFalse(AssertionUtil.isSignatureValid(document.getDocumentElement(), decodeCertificate.getPublicKey()));

4
server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java
View File

@ -41,7 +41,6 @@ import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicNameValuePair;
import org.keycloak.common.util.Base64;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.connections.httpclient.SafeInputStream;
import org.keycloak.models.KeycloakSession;
@ -56,6 +55,7 @@ import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@ -247,7 +247,7 @@ public class SimpleHttp {
public SimpleHttp authBasic(final String username, final String password) {
final String basicCredentials = String.format("%s:%s", username, password);
header("Authorization", "Basic " + Base64.encodeBytes(basicCredentials.getBytes()));
header("Authorization", "Basic " + Base64.getEncoder().encodeToString(basicCredentials.getBytes()));
return this;
}

9
server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java
View File

@ -18,19 +18,18 @@
package org.keycloak.credential.hash;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.PaddingUtils;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.credential.PasswordCredentialModel;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
/**
* Implementation PBKDF2 password hash algorithm.
@ -100,9 +99,9 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProvider {
private int keySize(PasswordCredentialModel credential) {
try {
byte[] bytes = Base64.decode(credential.getPasswordSecretData().getValue());
byte[] bytes = Base64.getDecoder().decode(credential.getPasswordSecretData().getValue());
return bytes.length * 8;
} catch (IOException e) {
} catch (IllegalArgumentException e) {
throw new RuntimeException("Credential could not be decoded", e);
}
}
@ -116,7 +115,7 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProvider {
try {
byte[] key = getSecretKeyFactory().generateSecret(spec).getEncoded();
return Base64.encodeBytes(key);
return Base64.getEncoder().encodeToString(key);
} catch (InvalidKeySpecException e) {
throw new RuntimeException("Credential could not be encoded", e);
} catch (Exception e) {

6
server-spi-private/src/main/java/org/keycloak/device/DeviceActivityManager.java
View File

@ -19,8 +19,8 @@ package org.keycloak.device;
import jakarta.ws.rs.core.HttpHeaders;
import java.io.IOException;
import java.util.Base64;
import org.keycloak.common.util.Base64;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.account.DeviceRepresentation;
@ -47,7 +47,7 @@ public class DeviceActivityManager {
}
try {
return JsonSerialization.readValue(Base64.decode(deviceInfo), DeviceRepresentation.class);
return JsonSerialization.readValue(Base64.getDecoder().decode(deviceInfo), DeviceRepresentation.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -65,7 +65,7 @@ public class DeviceActivityManager {
if (current != null) {
try {
userSession.setNote(DEVICE_NOTE, Base64.encodeBytes(JsonSerialization.writeValueAsBytes(current)));
userSession.setNote(DEVICE_NOTE, Base64.getEncoder().encodeToString(JsonSerialization.writeValueAsBytes(current)));
} catch (IOException cause) {
throw new RuntimeException(cause);
}

4
server-spi-private/src/main/java/org/keycloak/http/simple/SimpleHttpRequest.java
View File

@ -38,13 +38,13 @@ import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicNameValuePair;
import org.keycloak.common.util.Base64;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@ -149,7 +149,7 @@ public class SimpleHttpRequest {
public SimpleHttpRequest authBasic(final String username, final String password) {
final String basicCredentials = String.format("%s:%s", username, password);
header("Authorization", "Basic " + Base64.encodeBytes(basicCredentials.getBytes()));
header("Authorization", "Basic " + Base64.getEncoder().encodeToString(basicCredentials.getBytes()));
return this;
}

4
server-spi-private/src/main/java/org/keycloak/models/utils/SHAPasswordEncoder.java
View File

@ -17,11 +17,11 @@
package org.keycloak.models.utils;
import org.keycloak.common.util.Base64;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
/**
@ -46,7 +46,7 @@ public class SHAPasswordEncoder {
MessageDigest messageDigest = getMessageDigest();
byte[] digest = messageDigest.digest(rawPassword.getBytes(StandardCharsets.UTF_8));
return Base64.encodeBytes(digest);
return Base64.getEncoder().encodeToString(digest);
}
public boolean verify(String rawPassword, String encodedPassword) {

12
server-spi/src/main/java/org/keycloak/credential/CredentialModel.java
View File

@ -19,12 +19,12 @@ package org.keycloak.credential;
import java.io.IOException;
import java.io.Serializable;
import java.util.Base64;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Map;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.util.JsonSerialization;
@ -174,12 +174,8 @@ public class CredentialModel implements Serializable {
@Deprecated
@JsonIgnore
public byte[] getSalt() {
try {
String saltStr = readString("salt", true);
return saltStr == null ? null : Base64.decode(saltStr);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
String saltStr = readString("salt", true);
return saltStr == null ? null : Base64.getDecoder().decode(saltStr);
}
/**
@ -187,7 +183,7 @@ public class CredentialModel implements Serializable {
*/
@Deprecated
public void setSalt(byte[] salt) {
String saltStr = salt == null ? null : Base64.encodeBytes(salt);
String saltStr = salt == null ? null : Base64.getEncoder().encodeToString(salt);
writeProperty("salt", saltStr, true);
}

7
server-spi/src/main/java/org/keycloak/models/DefaultActionTokenKey.java
View File

@ -16,12 +16,11 @@
*/
package org.keycloak.models;
import org.keycloak.common.util.Base64;
import org.keycloak.representations.JsonWebToken;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.UUID;
import java.util.regex.Pattern;
@ -79,8 +78,8 @@ public class DefaultActionTokenKey extends JsonWebToken implements SingleUseObje
String userId;
try {
userId = new String(Base64.decode(parsed[0]), StandardCharsets.UTF_8);
} catch (IOException ex) {
userId = new String(Base64.getDecoder().decode(parsed[0]), StandardCharsets.UTF_8);
} catch (IllegalArgumentException ex) {
userId = parsed[0];
}
return new DefaultActionTokenKey(userId, parsed[3], Integer.parseInt(parsed[1]), UUID.fromString(parsed[2]));

4
server-spi/src/main/java/org/keycloak/models/SingleUseObjectKeyModel.java
View File

@ -17,8 +17,8 @@
package org.keycloak.models;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.keycloak.common.util.Base64;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.UUID;
/**
@ -58,7 +58,7 @@ public interface SingleUseObjectKeyModel {
default String serializeKey() {
String userId = getUserId();
String encodedUserId = userId == null ? "" : Base64.encodeBytes(userId.getBytes(StandardCharsets.UTF_8));
String encodedUserId = userId == null ? "" : Base64.getEncoder().encodeToString(userId.getBytes(StandardCharsets.UTF_8));
return String.format("%s.%d.%s.%s", encodedUserId, getExp(), getActionVerificationNonce(), getActionId());
}
}

8
server-spi/src/main/java/org/keycloak/models/credential/RecoveryAuthnCodesCredentialModel.java
View File

@ -1,10 +1,12 @@
package org.keycloak.models.credential;
import java.io.IOException;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
import org.keycloak.models.credential.dto.RecoveryAuthnCodeRepresentation;
import org.keycloak.models.credential.dto.RecoveryAuthnCodesCredentialData;
@ -12,8 +14,6 @@ import org.keycloak.models.credential.dto.RecoveryAuthnCodesSecretData;
import org.keycloak.models.utils.RecoveryAuthnCodesUtils;
import org.keycloak.util.JsonSerialization;
import java.io.IOException;
import java.util.List;
public class RecoveryAuthnCodesCredentialModel extends CredentialModel {
@ -63,7 +63,7 @@ public class RecoveryAuthnCodesCredentialModel extends CredentialModel {
try {
List<RecoveryAuthnCodeRepresentation> recoveryCodes = IntStream.range(0, originalGeneratedCodes.size())
.mapToObj(i -> new RecoveryAuthnCodeRepresentation(i + 1,
Base64.encodeBytes(RecoveryAuthnCodesUtils.hashRawCode(originalGeneratedCodes.get(i)))))
Base64.getEncoder().encodeToString(RecoveryAuthnCodesUtils.hashRawCode(originalGeneratedCodes.get(i)))))
.collect(Collectors.toList());
secretData = new RecoveryAuthnCodesSecretData(recoveryCodes);
credentialData = new RecoveryAuthnCodesCredentialData(null,

4
server-spi/src/main/java/org/keycloak/models/credential/dto/PasswordSecretData.java
View File

@ -3,10 +3,10 @@ package org.keycloak.models.credential.dto;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import java.io.IOException;
import java.util.Base64;
import java.util.List;
import java.util.Map;
@ -36,7 +36,7 @@ public class PasswordSecretData {
}
else {
this.value = value;
this.salt = Base64.decode(salt);
this.salt = Base64.getDecoder().decode(salt);
}
}

21
server-spi/src/main/java/org/keycloak/models/utils/RecoveryAuthnCodesUtils.java
View File

@ -1,12 +1,16 @@
package org.keycloak.models.utils;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Optional;
import java.util.Base64;
import java.util.function.Supplier;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.crypto.JavaAlgorithm;
@ -14,11 +18,6 @@ import org.keycloak.jose.jws.crypto.HashUtils;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.RecoveryAuthnCodesCredentialModel;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
public class RecoveryAuthnCodesUtils {
@ -42,10 +41,10 @@ public class RecoveryAuthnCodesUtils {
public static boolean verifyRecoveryCodeInput(String rawInputRecoveryCode, String hashedSavedRecoveryCode) {
byte[] hashedInputBackupCode = hashRawCode(rawInputRecoveryCode);
try {
byte[] savedCode = Base64.decode(hashedSavedRecoveryCode);
byte[] savedCode = Base64.getDecoder().decode(hashedSavedRecoveryCode);
return MessageDigest.isEqual(hashedInputBackupCode, savedCode);
} catch (IOException ioe) {
logger.warnf("Error when decoding saved recovery code", ioe);
} catch (IllegalArgumentException iae) {
logger.warnf("Error when decoding saved recovery code", iae);
return false;
}
}

8
services/src/main/java/org/keycloak/credential/WebAuthnCredentialModelInput.java
View File

@ -17,7 +17,6 @@
package org.keycloak.credential;
import com.webauthn4j.server.ServerProperty;
import org.keycloak.common.util.Base64;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.AuthenticatorTransport;
@ -26,6 +25,7 @@ import com.webauthn4j.data.attestation.authenticator.COSEKey;
import com.webauthn4j.data.attestation.statement.AttestationStatement;
import org.keycloak.common.util.CollectionUtil;
import java.util.Base64;
import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors;
@ -150,13 +150,13 @@ public class WebAuthnCredentialModelInput implements CredentialInput {
.append(attestedCredentialData.getAaguid().toString())
.append(",");
sb.append("CREDENTIAL_ID = ")
.append(Base64.encodeBytes(attestedCredentialData.getCredentialId()))
.append(Base64.getEncoder().encodeToString(attestedCredentialData.getCredentialId()))
.append(",");
COSEKey credPubKey = attestedCredentialData.getCOSEKey();
byte[] keyId = credPubKey.getKeyId();
if (keyId != null)
sb.append("CREDENTIAL_PUBLIC_KEY.key_id = ")
.append(Base64.encodeBytes(keyId))
.append(Base64.getEncoder().encodeToString(keyId))
.append(",");
sb.append("CREDENTIAL_PUBLIC_KEY.algorithm = ")
.append(String.valueOf(credPubKey.getAlgorithm().getValue()))
@ -168,7 +168,7 @@ public class WebAuthnCredentialModelInput implements CredentialInput {
if (authenticationRequest != null) {
// only set on Authentication
sb.append("Credential Id = ")
.append(Base64.encodeBytes(authenticationRequest.getCredentialId()))
.append(Base64.getEncoder().encodeToString(authenticationRequest.getCredentialId()))
.append(",");
}
if (CollectionUtil.isNotEmpty(getTransports())) {

8
services/src/main/java/org/keycloak/credential/WebAuthnCredentialProvider.java
View File

@ -37,7 +37,6 @@ import jakarta.annotation.Nonnull;
import org.jboss.logging.Logger;
import org.keycloak.authentication.authenticators.browser.WebAuthnMetadataService;
import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Time;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -50,6 +49,7 @@ import org.keycloak.util.JsonSerialization;
import java.io.IOException;
import java.util.Arrays;
import java.util.Base64;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
@ -124,7 +124,7 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
WebAuthnCredentialModelInput webAuthnModel = (WebAuthnCredentialModelInput) input;
String aaguid = webAuthnModel.getAttestedCredentialData().getAaguid().toString();
String credentialId = Base64.encodeBytes(webAuthnModel.getAttestedCredentialData().getCredentialId());
String credentialId = Base64.getEncoder().encodeToString(webAuthnModel.getAttestedCredentialData().getCredentialId());
String credentialPublicKey = credentialPublicKeyConverter.convertToDatabaseColumn(webAuthnModel.getAttestedCredentialData().getCOSEKey());
long counter = webAuthnModel.getCount();
String attestationStatementFormat = webAuthnModel.getAttestationStatementFormat();
@ -164,8 +164,8 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
byte[] credentialId = null;
try {
credentialId = Base64.decode(credData.getCredentialId());
} catch (IOException ioe) {
credentialId = Base64.getDecoder().decode(credData.getCredentialId());
} catch (IllegalArgumentException ex) {
// NOP
}

8
services/src/main/java/org/keycloak/keys/AbstractGeneratedEcKeyProviderFactory.java
View File

@ -17,7 +17,6 @@
package org.keycloak.keys;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
@ -31,6 +30,7 @@ import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public abstract class AbstractGeneratedEcKeyProviderFactory<T extends KeyProvider>
extends AbstractEcKeyProviderFactory<T> {
@ -102,8 +102,8 @@ public abstract class AbstractGeneratedEcKeyProviderFactory<T extends KeyProvide
KeyPair keyPair;
try {
keyPair = generateEcKeyPair(convertECDomainParmNistRepToSecRep(ecInNistRep));
model.put(getEcPrivateKeyKey(), Base64.encodeBytes(keyPair.getPrivate().getEncoded()));
model.put(getEcPublicKeyKey(), Base64.encodeBytes(keyPair.getPublic().getEncoded()));
model.put(getEcPrivateKeyKey(), Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()));
model.put(getEcPublicKeyKey(), Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
model.put(getEcEllipticCurveKey(), ecInNistRep);
} catch (Throwable t) {
throw new ComponentValidationException("Failed to generate EC keys", t);
@ -113,7 +113,7 @@ public abstract class AbstractGeneratedEcKeyProviderFactory<T extends KeyProvide
protected String getCurveFromPublicKey(String publicEcKeyBase64Encoded) {
try {
KeyFactory kf = KeyFactory.getInstance("EC");
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEcKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEcKeyBase64Encoded));
ECPublicKey ecKey = (ECPublicKey) kf.generatePublic(publicKeySpec);
return "P-" + ecKey.getParams().getCurve().getField().getFieldSize();
} catch (Throwable t) {

8
services/src/main/java/org/keycloak/keys/GeneratedEcdhKeyProvider.java
View File

@ -17,7 +17,6 @@
package org.keycloak.keys;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.component.ComponentModel;
@ -32,6 +31,7 @@ import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
@ -53,11 +53,11 @@ public class GeneratedEcdhKeyProvider extends AbstractEcKeyProvider {
.orElse(false);
try {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(privateEcdhKeyBase64Encoded));
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateEcdhKeyBase64Encoded));
KeyFactory kf = KeyFactory.getInstance("EC");
PrivateKey decodedPrivateKey = kf.generatePrivate(privateKeySpec);
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEcdhKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEcdhKeyBase64Encoded));
PublicKey decodedPublicKey = kf.generatePublic(publicKeySpec);
KeyPair keyPair = new KeyPair(decodedPublicKey, decodedPrivateKey);
@ -69,7 +69,7 @@ public class GeneratedEcdhKeyProvider extends AbstractEcKeyProvider {
{
selfSignedCertificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realm.getName());
model.getConfig().put(Attributes.CERTIFICATE_KEY,
List.of(Base64.encodeBytes(selfSignedCertificate.getEncoded())));
List.of(Base64.getEncoder().encodeToString(selfSignedCertificate.getEncoded())));
}
return createKeyWrapper(keyPair, ecdhAlgorithm, KeyUse.ENC, selfSignedCertificate);

8
services/src/main/java/org/keycloak/keys/GeneratedEcdsaKeyProvider.java
View File

@ -17,7 +17,6 @@
package org.keycloak.keys;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.component.ComponentModel;
@ -32,6 +31,7 @@ import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
@ -53,11 +53,11 @@ public class GeneratedEcdsaKeyProvider extends AbstractEcKeyProvider {
.orElse(false);
try {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(privateEcdsaKeyBase64Encoded));
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateEcdsaKeyBase64Encoded));
KeyFactory kf = KeyFactory.getInstance("EC");
PrivateKey decodedPrivateKey = kf.generatePrivate(privateKeySpec);
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEcdsaKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEcdsaKeyBase64Encoded));
PublicKey decodedPublicKey = kf.generatePublic(publicKeySpec);
KeyPair keyPair = new KeyPair(decodedPublicKey, decodedPrivateKey);
@ -69,7 +69,7 @@ public class GeneratedEcdsaKeyProvider extends AbstractEcKeyProvider {
{
selfSignedCertificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realm.getName());
model.getConfig().put(Attributes.CERTIFICATE_KEY,
List.of(Base64.encodeBytes(selfSignedCertificate.getEncoded())));
List.of(Base64.getEncoder().encodeToString(selfSignedCertificate.getEncoded())));
}
return createKeyWrapper(keyPair,

6
services/src/main/java/org/keycloak/keys/GeneratedEddsaKeyProvider.java
View File

@ -17,7 +17,6 @@
package org.keycloak.keys;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.component.ComponentModel;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.models.RealmModel;
@ -28,6 +27,7 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
@ -46,11 +46,11 @@ public class GeneratedEddsaKeyProvider extends AbstractEddsaKeyProvider {
String curveName = model.getConfig().getFirst(GeneratedEddsaKeyProviderFactory.EDDSA_ELLIPTIC_CURVE_KEY);
try {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(privateEddsaKeyBase64Encoded));
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateEddsaKeyBase64Encoded));
KeyFactory kf = KeyFactory.getInstance("EdDSA");
PrivateKey decodedPrivateKey = kf.generatePrivate(privateKeySpec);
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEddsaKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEddsaKeyBase64Encoded));
PublicKey decodedPublicKey = kf.generatePublic(publicKeySpec);
KeyPair keyPair = new KeyPair(decodedPublicKey, decodedPrivateKey);

8
services/src/main/java/org/keycloak/keys/GeneratedEddsaKeyProviderFactory.java
View File

@ -17,7 +17,6 @@
package org.keycloak.keys;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
@ -32,6 +31,7 @@ import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.interfaces.EdECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
/**
@ -120,8 +120,8 @@ public class GeneratedEddsaKeyProviderFactory extends AbstractEddsaKeyProviderFa
KeyPair keyPair;
try {
keyPair = generateEddsaKeyPair(curveName);
model.put(EDDSA_PRIVATE_KEY_KEY, Base64.encodeBytes(keyPair.getPrivate().getEncoded()));
model.put(EDDSA_PUBLIC_KEY_KEY, Base64.encodeBytes(keyPair.getPublic().getEncoded()));
model.put(EDDSA_PRIVATE_KEY_KEY, Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()));
model.put(EDDSA_PUBLIC_KEY_KEY, Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
model.put(EDDSA_ELLIPTIC_CURVE_KEY, curveName);
} catch (Throwable t) {
throw new ComponentValidationException("Failed to generate EdDSA keys", t);
@ -131,7 +131,7 @@ public class GeneratedEddsaKeyProviderFactory extends AbstractEddsaKeyProviderFa
private String getCurveFromPublicKey(String publicEddsaKeyBase64Encoded) {
try {
KeyFactory kf = KeyFactory.getInstance("EdDSA");
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEddsaKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEddsaKeyBase64Encoded));
EdECPublicKey edEcKey = (EdECPublicKey) kf.generatePublic(publicKeySpec);
return edEcKey.getParams().getName();
} catch (Throwable t) {

3
services/src/main/java/org/keycloak/protocol/oid4vc/issuance/keybinding/AttestationValidatorUtil.java
View File

@ -58,6 +58,7 @@ import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
@ -278,7 +279,7 @@ public class AttestationValidatorUtil {
for (String certBase64 : x5cList) {
// Use Keycloak's Base64 implementation for decoding x5c certificates
byte[] certBytes = org.keycloak.common.util.Base64.decode(certBase64);
byte[] certBytes = Base64.getDecoder().decode(certBase64);
try (InputStream in = new ByteArrayInputStream(certBytes)) {
certChain.add((X509Certificate) cf.generateCertificate(in));
}

4
services/src/main/java/org/keycloak/protocol/oid4vc/issuance/keybinding/JwtCNonceHandler.java
View File

@ -21,7 +21,6 @@ package org.keycloak.protocol.oid4vc.issuance.keybinding;
import jakarta.annotation.Nullable;
import org.keycloak.TokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.Base64;
import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
@ -44,6 +43,7 @@ import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
@ -84,7 +84,7 @@ public class JwtCNonceHandler implements CNonceHandler {
final long expiresAt = now.plus(nonceLifetimeMillis, ChronoUnit.SECONDS).getEpochSecond();
final int nonceLength = NONCE_DEFAULT_LENGTH + new Random().nextInt(NONCE_LENGTH_RANDOM_OFFSET);
// this generated value itself is basically just a salt-value for the generated token, which itself is the nonce.
final String strongSalt = Base64.encodeBytes(RandomSecret.createRandomSecret(nonceLength));
final String strongSalt = Base64.getEncoder().encodeToString(RandomSecret.createRandomSecret(nonceLength));
JsonWebToken jwtCNonce = new JwtCNonce().salt(strongSalt)
.issuer(issuer)

7
services/src/main/java/org/keycloak/protocol/oid4vc/issuance/signing/LDCredentialSigner.java
View File

@ -18,7 +18,6 @@
package org.keycloak.protocol.oid4vc.issuance.signing;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oid4vc.issuance.TimeProvider;
@ -30,8 +29,8 @@ import org.keycloak.protocol.oid4vc.model.CredentialBuildConfig;
import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
import org.keycloak.protocol.oid4vc.model.vcdm.LdProof;
import java.io.IOException;
import java.time.Instant;
import java.util.Base64;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
@ -97,11 +96,11 @@ public class LDCredentialSigner extends AbstractCredentialSigner<VerifiableCrede
ldProof.setVerificationMethod(keyId);
try {
var proofValue = Base64.encodeBytes(signature, Base64.URL_SAFE);
var proofValue = Base64.getUrlEncoder().encodeToString(signature);
ldProof.setProofValue(proofValue);
verifiableCredential.setAdditionalProperties(PROOF_KEY, ldProof);
return verifiableCredential;
} catch (IOException e) {
} catch (IllegalArgumentException e) {
throw new CredentialSignerException("Was not able to encode the signature.", e);
}
}

7
services/src/main/java/org/keycloak/protocol/saml/profile/ecp/authenticator/HttpBasicAuthenticator.java
View File

@ -5,7 +5,6 @@ import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
import org.keycloak.common.util.Base64;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.models.KeycloakSession;
@ -15,7 +14,7 @@ import org.keycloak.models.UserModel;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.Base64;
import java.util.List;
public class HttpBasicAuthenticator implements Authenticator {
@ -111,13 +110,13 @@ public class HttpBasicAuthenticator implements Authenticator {
}
try {
String val = new String(Base64.decode(credentials));
String val = new String(Base64.getDecoder().decode(credentials));
int seperatorIndex = val.indexOf(":");
if(seperatorIndex == -1) return new String[]{val};
String user = val.substring(0, seperatorIndex);
String pw = val.substring(seperatorIndex + 1);
return new String[]{user,pw};
} catch (final IOException e) {
} catch (final IllegalArgumentException e) {
throw new RuntimeException("Failed to parse credentials.", e);
}
}

6
services/src/main/java/org/keycloak/services/resources/admin/KeyResource.java
View File

@ -21,7 +21,6 @@ import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.models.KeycloakSession;
@ -36,6 +35,7 @@ import jakarta.ws.rs.core.MediaType;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
@ -97,10 +97,10 @@ public class KeyResource {
try {
final String base64Certificate;
if (key.getCertificate() != null) {
base64Certificate = Base64.encodeBytes(key.getCertificate().getEncoded());
base64Certificate = Base64.getEncoder().encodeToString(key.getCertificate().getEncoded());
}
else {
base64Certificate = Base64.encodeBytes(key.getCertificateChain().get(0).getEncoded());
base64Certificate = Base64.getEncoder().encodeToString(key.getCertificateChain().get(0).getEncoded());
}
r.setCertificate(base64Certificate);
} catch (CertificateEncodingException e) {

28
services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java
View File

@ -28,7 +28,6 @@ import org.keycloak.broker.provider.UserAuthenticationIdentityProvider;
import org.keycloak.broker.provider.util.IdentityBrokerState;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.Base64;
import org.keycloak.events.Details;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
@ -60,7 +59,12 @@ import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -90,6 +94,21 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
return new Endpoint(session, callback, event, this);
}
private static String base64EncodeRequestToken(RequestToken requestToken) throws IOException {
try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(Base64.getEncoder().wrap(baos))) {
oos.writeObject(requestToken);
oos.close();
return baos.toString(StandardCharsets.US_ASCII);
}
}
protected static RequestToken base64DecodeRequestToken(String serialized) throws IOException, ClassNotFoundException {
try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(serialized)))) {
return (RequestToken) in.readObject();
}
}
@Override
public Response performLogin(AuthenticationRequest request) {
try {
@ -97,7 +116,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
RequestToken requestToken = oAuthAuthorization.getOAuthRequestToken(uri.toString());
AuthenticationSessionModel authSession = request.getAuthenticationSession();
authSession.setAuthNote(TWITTER_TOKEN, Base64.encodeObject(requestToken));
authSession.setAuthNote(TWITTER_TOKEN, base64EncodeRequestToken(requestToken));
URI authenticationUrl = URI.create(requestToken.getAuthenticationURL());
@ -209,10 +228,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
try (VaultStringSecret vaultStringSecret = session.vault().getStringSecret(providerConfig.getClientSecret())) {
String twitterToken = authSession.getAuthNote(TWITTER_TOKEN);
RequestToken requestToken;
try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(Base64.decode(twitterToken)))) {
requestToken = (RequestToken) in.readObject();
}
RequestToken requestToken = base64DecodeRequestToken(twitterToken);
AccessToken oAuthAccessToken = provider.oAuthAuthorization.getOAuthAccessToken(requestToken, verifier);

4
services/src/main/java/org/keycloak/utils/TotpUtils.java
View File

@ -21,12 +21,12 @@ import com.google.zxing.BarcodeFormat;
import com.google.zxing.client.j2se.MatrixToImageWriter;
import com.google.zxing.common.BitMatrix;
import com.google.zxing.qrcode.QRCodeWriter;
import org.keycloak.common.util.Base64;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.Base32;
import java.io.ByteArrayOutputStream;
import java.util.Base64;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -59,7 +59,7 @@ public class TotpUtils {
MatrixToImageWriter.writeToStream(bitMatrix, "png", bos);
bos.close();
return Base64.encodeBytes(bos.toByteArray());
return Base64.getEncoder().encodeToString(bos.toByteArray());
} catch (Exception e) {
throw new RuntimeException(e);
}

10
test-framework/remote-providers/src/main/java/org/keycloak/testframework/remote/providers/runonserver/SerializationUtil.java
View File

@ -1,6 +1,5 @@
package org.keycloak.testframework.remote.providers.runonserver;
import org.keycloak.common.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@ -8,6 +7,7 @@ import java.io.NotSerializableException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.util.Base64;
/**
* Created by st on 26.01.17.
@ -21,7 +21,7 @@ public class SerializationUtil {
oos.writeObject(function);
oos.close();
return Base64.encodeBytes(os.toByteArray());
return Base64.getEncoder().encodeToString(os.toByteArray());
} catch (Exception e) {
throw new RuntimeException(e);
}
@ -29,7 +29,7 @@ public class SerializationUtil {
public static Object decode(String encoded, ClassLoader classLoader) {
try {
byte[] bytes = Base64.decode(encoded);
byte[] bytes = Base64.getDecoder().decode(encoded);
ByteArrayInputStream is = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(is) {
@Override
@ -51,7 +51,7 @@ public class SerializationUtil {
oos.writeObject(t);
oos.close();
return "EXCEPTION:" + Base64.encodeBytes(os.toByteArray());
return "EXCEPTION:" + Base64.getEncoder().encodeToString(os.toByteArray());
} catch (NotSerializableException e) {
// when the exception can't be serialized, at least log the original exception, so it can be analyzed
throw new RuntimeException("Unable to serialize exception due to not serializable class " + e.getMessage(), t);
@ -63,7 +63,7 @@ public class SerializationUtil {
public static Throwable decodeException(String result) {
try {
result = result.substring("EXCEPTION:".length());
byte[] bytes = Base64.decode(result);
byte[] bytes = Base64.getDecoder().decode(result);
ByteArrayInputStream is = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(is);
return (Throwable) ois.readObject();

4
tests/base/src/test/java/org/keycloak/tests/admin/user/UserCreateTest.java
View File

@ -8,7 +8,6 @@ import org.junit.jupiter.api.Test;
import org.keycloak.admin.client.CreatedResponseUtil;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
import org.keycloak.crypto.hash.Argon2Parameters;
import org.keycloak.crypto.hash.Argon2PasswordHashProviderFactory;
@ -46,6 +45,7 @@ import org.keycloak.util.JsonSerialization;
import java.io.IOException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
@ -240,7 +240,7 @@ public class UserCreateTest extends AbstractUserTest {
String deprecatedCredential = "{\n" +
" \"type\" : \"password\",\n" +
" \"hashedSaltedValue\" : \"" + pcm.getPasswordSecretData().getValue() + "\",\n" +
" \"salt\" : \"" + Base64.encodeBytes(pcm.getPasswordSecretData().getSalt()) + "\",\n" +
" \"salt\" : \"" + Base64.getEncoder().encodeToString(pcm.getPasswordSecretData().getSalt()) + "\",\n" +
" \"hashIterations\" : " + pcm.getPasswordCredentialData().getHashIterations() + ",\n" +
" \"algorithm\" : \"" + pcm.getPasswordCredentialData().getAlgorithm() + "\"\n" +
" }";

6
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource.java
View File

@ -26,7 +26,6 @@ import jakarta.ws.rs.Consumes;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils;
@ -86,6 +85,7 @@ import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -223,8 +223,8 @@ public class TestingOIDCEndpointsApplicationResource {
public Map<String, String> getKeysAsBase64() {
// It seems that PemUtils.decodePrivateKey, decodePublicKey can only treat RSA type keys, not EC type keys. Therefore, these are not used.
TestApplicationResourceProviderFactory.OIDCKeyData keyData = clientData.getFirstKey();
String privateKeyPem = Base64.encodeBytes(keyData.getSigningKeyPair().getPrivate().getEncoded());
String publicKeyPem = Base64.encodeBytes(keyData.getSigningKeyPair().getPublic().getEncoded());
String privateKeyPem = Base64.getEncoder().encodeToString(keyData.getSigningKeyPair().getPrivate().getEncoded());
String publicKeyPem = Base64.getEncoder().encodeToString(keyData.getSigningKeyPair().getPublic().getEncoded());
Map<String, String> res = new HashMap<>();
res.put(PRIVATE_KEY, privateKeyPem);

10
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/SerializationUtil.java
View File

@ -1,8 +1,8 @@
package org.keycloak.testsuite.runonserver;
import org.keycloak.common.util.Base64;
import java.io.*;
import java.util.Base64;
/**
* Created by st on 26.01.17.
@ -16,7 +16,7 @@ public class SerializationUtil {
oos.writeObject(function);
oos.close();
return Base64.encodeBytes(os.toByteArray());
return Base64.getEncoder().encodeToString(os.toByteArray());
} catch (Exception e) {
throw new RuntimeException(e);
}
@ -24,7 +24,7 @@ public class SerializationUtil {
public static Object decode(String encoded, ClassLoader classLoader) {
try {
byte[] bytes = Base64.decode(encoded);
byte[] bytes = Base64.getDecoder().decode(encoded);
ByteArrayInputStream is = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(is) {
@Override
@ -50,7 +50,7 @@ public class SerializationUtil {
oos.writeObject(t);
oos.close();
return "EXCEPTION:" + Base64.encodeBytes(os.toByteArray());
return "EXCEPTION:" + Base64.getEncoder().encodeToString(os.toByteArray());
} catch (NotSerializableException e) {
// when the exception can't be serialized, at least log the original exception, so it can be analyzed
throw new RuntimeException("Unable to serialize exception due to not serializable class " + e.getMessage(), t);
@ -62,7 +62,7 @@ public class SerializationUtil {
public static Throwable decodeException(String result) {
try {
result = result.substring("EXCEPTION:".length());
byte[] bytes = Base64.decode(result);
byte[] bytes = Base64.getDecoder().decode(result);
ByteArrayInputStream is = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(is);
return (Throwable) ois.readObject();

7
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TokenSignatureUtil.java
View File

@ -16,7 +16,6 @@
*/
package org.keycloak.testsuite.util;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@ -24,6 +23,7 @@ import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import jakarta.ws.rs.core.Response;
@ -31,7 +31,6 @@ import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.JavaAlgorithm;
@ -171,8 +170,8 @@ public class TokenSignatureUtil {
if (rep.getKid().equals(activeKid)) {
X509EncodedKeySpec publicKeySpec = null;
try {
publicKeySpec = new X509EncodedKeySpec(Base64.decode(rep.getPublicKey()));
} catch (IOException e1) {
publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(rep.getPublicKey()));
} catch (IllegalArgumentException e1) {
e1.printStackTrace();
}
KeyFactory kf = null;

4
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/saml/CreateAuthnRequestStepBuilder.java
View File

@ -16,7 +16,6 @@
*/
package org.keycloak.testsuite.util.saml;
import org.keycloak.common.util.Base64;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.Users;
import org.keycloak.testsuite.util.SamlClientBuilder;
@ -28,6 +27,7 @@ import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.testsuite.util.SamlClient.Binding;
import java.net.URI;
import java.util.Base64;
import java.util.UUID;
import java.util.function.Supplier;
@ -111,7 +111,7 @@ public class CreateAuthnRequestStepBuilder extends SamlDocumentStepBuilder<Authn
String username = user.getUsername();
String password = Users.getPasswordOf(user);
String pair = username + ":" + password;
this.authorizationHeader = "Basic " + Base64.encodeBytes(pair.getBytes());
this.authorizationHeader = "Basic " + Base64.getEncoder().encodeToString(pair.getBytes());
return this;
}

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java
View File

@ -47,6 +47,7 @@ import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
@ -118,7 +119,6 @@ import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RoleScopeResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.MultivaluedHashMap;
@ -1462,7 +1462,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
Document doc = DocumentUtil.getDocument(new StringReader(xml));
String certBase64 = DocumentUtil.getElement(doc, new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate")).getTextContent();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(new ByteArrayInputStream(Base64.decode(certBase64)));
Certificate cert = cf.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(certBase64)));
PublicKey pubkey = cert.getPublicKey();
Assert.assertTrue(AssertionUtil.isSignatureValid(doc.getDocumentElement(), pubkey));
@ -1704,7 +1704,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
String username = "pedroigor";
String password = "password";
String pair = username + ":" + password;
String authHeader = "Basic " + Base64.encodeBytes(pair.getBytes());
String authHeader = "Basic " + Base64.getEncoder().encodeToString(pair.getBytes());
Response authenticationResponse = AdminClientUtil.createResteasyClient().target(singleSignOnService).request()
.header(HttpHeaders.AUTHORIZATION, authHeader)
@ -1795,7 +1795,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
String username = "pedroigor";
String password = "baspassword";
String pair = username + ":" + password;
String authHeader = "Basic " + Base64.encodeBytes(pair.getBytes());
String authHeader = "Basic " + Base64.getEncoder().encodeToString(pair.getBytes());
Response authenticationResponse = AdminClientUtil.createResteasyClient().target(singleSignOnService).request()
.header(HttpHeaders.AUTHORIZATION, authHeader)

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java
View File

@ -50,6 +50,7 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
@ -91,7 +92,6 @@ import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
@ -455,8 +455,8 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
// It seems that PemUtils.decodePrivateKey, decodePublicKey can only treat RSA type keys, not EC type keys. Therefore, these are not used.
String privateKeyBase64 = generatedKeys.get(TestingOIDCEndpointsApplicationResource.PRIVATE_KEY);
String publicKeyBase64 = generatedKeys.get(TestingOIDCEndpointsApplicationResource.PUBLIC_KEY);
PrivateKey privateKey = decodePrivateKey(Base64.decode(privateKeyBase64), algorithm);
PublicKey publicKey = decodePublicKey(Base64.decode(publicKeyBase64), algorithm);
PrivateKey privateKey = decodePrivateKey(Base64.getDecoder().decode(privateKeyBase64), algorithm);
PublicKey publicKey = decodePublicKey(Base64.getDecoder().decode(publicKeyBase64), algorithm);
return new KeyPair(publicKey, privateKey);
}

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java
View File

@ -24,7 +24,6 @@ import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.keycloak.common.crypto.FipsMode;
import org.keycloak.common.util.Base64;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.hash.PasswordHashProvider;
@ -60,6 +59,7 @@ import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.spec.KeySpec;
import java.time.Duration;
import java.util.Base64;
import java.util.List;
import java.util.UUID;
import java.util.function.BiFunction;
@ -415,9 +415,9 @@ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, keyLength);
byte[] key = SecretKeyFactory.getInstance(algorithm).generateSecret(spec).getEncoded();
if (expectedSuccess) {
assertEquals(Base64.encodeBytes(key), credential.getPasswordSecretData().getValue());
assertEquals(Base64.getEncoder().encodeToString(key), credential.getPasswordSecretData().getValue());
} else {
assertNotEquals(Base64.encodeBytes(key), credential.getPasswordSecretData().getValue());
assertNotEquals(Base64.getEncoder().encodeToString(key), credential.getPasswordSecretData().getValue());
}
} else if (algorithm.equals("Argon2id")) {
org.bouncycastle.crypto.params.Argon2Parameters parameters = new org.bouncycastle.crypto.params.Argon2Parameters.Builder(org.bouncycastle.crypto.params.Argon2Parameters.ARGON2_id)
@ -432,7 +432,7 @@ public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
byte[] result = new byte[32];
generator.generateBytes(password.toCharArray(), result);
Assert.assertEquals(Base64.encodeBytes(result), credential.getPasswordSecretData().getValue());
Assert.assertEquals(Base64.getEncoder().encodeToString(result), credential.getPasswordSecretData().getValue());
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedEcdhKeyProviderTest.java
View File

@ -24,6 +24,7 @@ import static org.keycloak.testsuite.AbstractAdminTest.loadJson;
import java.security.KeyFactory;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import jakarta.ws.rs.WebApplicationException;
@ -32,7 +33,6 @@ import jakarta.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.KeyType;
@ -330,7 +330,7 @@ public class GeneratedEcdhKeyProviderTest extends AbstractKeycloakTest {
private String getCurveFromPublicKey(String publicEcKeyBase64Encoded) throws Exception {
KeyFactory kf = KeyFactory.getInstance("EC");
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEcKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEcKeyBase64Encoded));
ECPublicKey ecKey = (ECPublicKey) kf.generatePublic(publicKeySpec);
return "P-" + ecKey.getParams().getCurve().getField().getFieldSize();
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedEcdsaKeyProviderTest.java
View File

@ -25,6 +25,7 @@ import java.security.KeyFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import jakarta.ws.rs.WebApplicationException;
@ -33,7 +34,6 @@ import jakarta.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.KeyType;
@ -263,7 +263,7 @@ public class GeneratedEcdsaKeyProviderTest extends AbstractKeycloakTest {
private String getCurveFromPublicKey(String publicEcdsaKeyBase64Encoded) throws Exception {
KeyFactory kf = KeyFactory.getInstance("EC");
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decode(publicEcdsaKeyBase64Encoded));
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicEcdsaKeyBase64Encoded));
ECPublicKey ecKey = (ECPublicKey) kf.generatePublic(publicKeySpec);
return "P-" + ecKey.getParams().getCurve().getField().getFieldSize();
}

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java
View File

@ -43,6 +43,7 @@ import java.security.interfaces.RSAKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Calendar;
import java.util.HashMap;
import java.util.LinkedList;
@ -80,7 +81,6 @@ import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
@ -951,8 +951,8 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
// It seems that PemUtils.decodePrivateKey, decodePublicKey can only treat RSA type keys, not EC type keys. Therefore, these are not used.
String privateKeyBase64 = generatedKeys.get(TestingOIDCEndpointsApplicationResource.PRIVATE_KEY);
String publicKeyBase64 = generatedKeys.get(TestingOIDCEndpointsApplicationResource.PUBLIC_KEY);
PrivateKey privateKey = decodePrivateKey(Base64.decode(privateKeyBase64), algorithm, curve);
PublicKey publicKey = decodePublicKey(Base64.decode(publicKeyBase64), algorithm, curve);
PrivateKey privateKey = decodePrivateKey(Base64.getDecoder().decode(privateKeyBase64), algorithm, curve);
PublicKey publicKey = decodePublicKey(Base64.getDecoder().decode(publicKeyBase64), algorithm, curve);
return new KeyPair(publicKey, privateKey);
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/OID4VCIWellKnownProviderTest.java
View File

@ -27,6 +27,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.oid4vc.issuance.signing.OID4VCTest;
import java.io.IOException;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.UUID;
@ -80,7 +81,7 @@ public class OID4VCIWellKnownProviderTest extends OID4VCTest {
// Generate a random AES key (default length: 256 bits)
byte[] secret = SecretGenerator.getInstance().randomBytes(32); // 32 bytes = 256 bits
String secretBase64 = org.keycloak.common.util.Base64.encodeBytes(secret);
String secretBase64 = Base64.getEncoder().encodeToString(secret);
ComponentExportRepresentation component = new ComponentExportRepresentation();
component.setName(keyName);

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RealmManager.java
View File

@ -2,7 +2,6 @@ package org.keycloak.testsuite.util;
import org.keycloak.admin.client.resource.ComponentResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.PemUtils;
@ -19,6 +18,7 @@ import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
@ -85,12 +85,12 @@ public class RealmManager {
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
rep.setPrivateKey(Base64.encodeBytes(keyPair.getPrivate().getEncoded()));
rep.setPublicKey(Base64.encodeBytes(keyPair.getPublic().getEncoded()));
rep.setPrivateKey(Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()));
rep.setPublicKey(Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
X509Certificate certificate;
try {
certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, rep.getId());
rep.setCertificate(Base64.encodeBytes(certificate.getEncoded()));
rep.setCertificate(Base64.getEncoder().encodeToString(certificate.getEncoded()));
} catch (Exception e) {
throw new RuntimeException(e);
}