I am referring to this screen where the user can add a new key to the realm’s keystore. Can the private Key provided here be retrieved from within the codebase? Is there anything in the current codebase where I can refer to as an example?
In my use case, I have added a function to services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java for JWE decryption. It’s not a good idea at the moment because the private key is hardcoded into the source code. I was wondering if there was anyway I could retrieve the the Private RSA Key from the realm instead?
protected String getDecryptedToken(String encryptedToken) {
String decryptedToken = encryptedToken;
try {
//setup the private key to use
String privateKeyString = "...";
//create a private key object from the Base64 representation
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
PrivateKey privKey = kf.generatePrivate(keySpecPKCS8);
//create a JWE from the string of the JWE
JWEObject jweObject = JWEObject.parse(encryptedToken);
//perform decryption
RSADecrypter decrypter = new RSADecrypter(privKey);
jweObject.decrypt(decrypter);
decryptedToken = jweObject.getPayload().toString();
logger.debug("JWE Token decrypted: " + decryptedToken);
} catch (NoSuchAlgorithmException e) {
throw new IdentityBrokerException("No such algorithm", e);
} catch (NullPointerException e) {
throw new IdentityBrokerException("Error decoding key", e);
} catch (InvalidKeySpecException e) {
throw new IdentityBrokerException("Invalid key used", e);
} catch (ParseException e) {
throw new IdentityBrokerException("Error parsing JWE", e);
} catch (JOSEException e) {
throw new IdentityBrokerException("Invalid JOSE format", e);
} catch (Exception e) {
throw new IdentityBrokerException("A decryption error has occured", e);
}
return decryptedToken;
}