EdDSA support for DPoP (#42362)

mposolda · web-flow · commit 6a27a4c33603 · 2025-09-05T12:54:43.000+02:00
closes #42286 Signed-off-by: mposolda <mposolda@gmail.com>
diff --git a/core/src/main/java/org/keycloak/crypto/AsymmetricSignatureSignerContext.java b/core/src/main/java/org/keycloak/crypto/AsymmetricSignatureSignerContext.java
@@ -21,7 +21,7 @@
 
 public class AsymmetricSignatureSignerContext implements SignatureSignerContext {
 
-    private final KeyWrapper key;
+    protected final KeyWrapper key;
 
     public AsymmetricSignatureSignerContext(KeyWrapper key) throws SignatureException {
         this.key = key;
diff --git a/core/src/main/java/org/keycloak/jose/jwk/ECPublicJWK.java b/core/src/main/java/org/keycloak/jose/jwk/ECPublicJWK.java
@@ -17,10 +17,8 @@
 
 package org.keycloak.jose.jwk;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import org.keycloak.common.util.PemUtils;
-
-import java.security.NoSuchAlgorithmException;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -65,4 +63,26 @@ public String getY() {
     public void setY(String y) {
         this.y = y;
     }
+
+    @JsonIgnore
+    @Override
+    public <T> T getOtherClaim(String claimName, Class<T> claimType) {
+        Object claim = null;
+        switch (claimName) {
+            case CRV:
+                claim = getCrv();
+                break;
+            case X:
+                claim = getX();
+                break;
+            case Y:
+                claim = getY();
+                break;
+        }
+        if (claim != null) {
+            return claimType.cast(claim);
+        } else {
+            return super.getOtherClaim(claimName, claimType);
+        }
+    }
 }
diff --git a/core/src/main/java/org/keycloak/jose/jwk/JWK.java b/core/src/main/java/org/keycloak/jose/jwk/JWK.java
@@ -19,6 +19,7 @@
 
 import com.fasterxml.jackson.annotation.JsonAnyGetter;
 import com.fasterxml.jackson.annotation.JsonAnySetter;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.keycloak.common.util.PemUtils;
 
@@ -169,5 +170,19 @@ public void setOtherClaims(String name, Object value) {
         otherClaims.put(name, value);
     }
 
+    /**
+     * Ability to retrieve custom claims in a unified way. The subclasses (like for example OKPublicJWK) may contain the custom claims
+     * as Java properties when the "JWK" class can contain the same claims inside the "otherClaims" map. This method allows to obtain the
+     * claim in both ways regardless of if we have "JWK" class or some of it's subclass
+     *
+     * @param claimName claim name
+     * @param claimType claim type
+     * @return claim if present or null
+     */
+    @JsonIgnore
+    public <T> T getOtherClaim(String claimName, Class<T> claimType) {
+        Object o = getOtherClaims().get(claimName);
+        return o == null ? null : claimType.cast(o);
+    }
 
 }
diff --git a/core/src/main/java/org/keycloak/jose/jwk/OKPPublicJWK.java b/core/src/main/java/org/keycloak/jose/jwk/OKPPublicJWK.java
@@ -17,6 +17,7 @@
 
 package org.keycloak.jose.jwk;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.keycloak.crypto.KeyType;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -53,4 +54,23 @@ public void setX(String x) {
         this.x = x;
     }
 
+    @JsonIgnore
+    @Override
+    public <T> T getOtherClaim(String claimName, Class<T> claimType) {
+        Object claim = null;
+        switch (claimName) {
+            case CRV:
+                claim = getCrv();
+                break;
+            case X:
+                claim = getX();
+                break;
+        }
+        if (claim != null) {
+            return claimType.cast(claim);
+        } else {
+            return super.getOtherClaim(claimName, claimType);
+        }
+    }
+
 }
diff --git a/core/src/main/java/org/keycloak/jose/jwk/RSAPublicJWK.java b/core/src/main/java/org/keycloak/jose/jwk/RSAPublicJWK.java
@@ -17,6 +17,7 @@
 
 package org.keycloak.jose.jwk;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.keycloak.common.util.PemUtils;
 
@@ -88,4 +89,22 @@ public String getSha256x509Thumbprint() {
         return sha256x509Thumbprint;
     }
 
+    @JsonIgnore
+    @Override
+    public <T> T getOtherClaim(String claimName, Class<T> claimType) {
+        Object claim = null;
+        switch (claimName) {
+            case MODULUS:
+                claim = getModulus();
+                break;
+            case PUBLIC_EXPONENT:
+                claim = getPublicExponent();
+                break;
+        }
+        if (claim != null) {
+            return claimType.cast(claim);
+        } else {
+            return super.getOtherClaim(claimName, claimType);
+        }
+    }
 }
diff --git a/core/src/main/java/org/keycloak/util/DPoPGenerator.java b/core/src/main/java/org/keycloak/util/DPoPGenerator.java
@@ -20,29 +20,25 @@
 import java.security.Key;
 import java.security.KeyPair;
 import java.security.PrivateKey;
-import java.security.interfaces.RSAPublicKey;
 
 import org.keycloak.OAuth2Constants;
-import org.keycloak.common.util.Base64Url;
 import org.keycloak.common.util.SecretGenerator;
 import org.keycloak.common.util.Time;
 import org.keycloak.crypto.AsymmetricSignatureSignerContext;
 import org.keycloak.crypto.ECDSASignatureSignerContext;
 import org.keycloak.crypto.KeyType;
 import org.keycloak.crypto.KeyUse;
 import org.keycloak.crypto.KeyWrapper;
-import org.keycloak.crypto.SignatureException;
 import org.keycloak.crypto.SignatureSignerContext;
 import org.keycloak.jose.jwk.JWK;
-import org.keycloak.jose.jwk.RSAPublicJWK;
+import org.keycloak.jose.jwk.JWKBuilder;
 import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.jose.jws.JWSHeader;
 import org.keycloak.jose.jws.crypto.HashUtils;
 import org.keycloak.representations.dpop.DPoP;
 
 import static org.keycloak.OAuth2Constants.DPOP_DEFAULT_ALGORITHM;
 import static org.keycloak.OAuth2Constants.DPOP_JWT_HEADER_TYPE;
-import static org.keycloak.jose.jwk.JWKUtil.toIntegerBytes;
 
 /**
  * Utility for generating signed DPoP proofs
@@ -57,58 +53,61 @@ public class DPoPGenerator {
     public static String generateRsaSignedDPoPProof(KeyPair rsaKeyPair, String httpMethod, String endpointURL, String accessToken) {
         JWK jwkRsa = createRsaJwk(rsaKeyPair.getPublic());
         JWSHeader jwsRsaHeader = new JWSHeader(DPOP_DEFAULT_ALGORITHM, DPOP_JWT_HEADER_TYPE, jwkRsa.getKeyId(), jwkRsa);
-        return generateSignedDPoPProof(SecretGenerator.getInstance().generateSecureID(), httpMethod, endpointURL, (long) Time.currentTime(),
+        return new DPoPGenerator().generateSignedDPoPProof(SecretGenerator.getInstance().generateSecureID(), httpMethod, endpointURL, (long) Time.currentTime(),
                 jwsRsaHeader, rsaKeyPair.getPrivate(), accessToken);
     }
 
 
-    public static JWK createRsaJwk(Key publicKey) {
-        RSAPublicKey rsaKey = (RSAPublicKey) publicKey;
+    private static JWK createRsaJwk(Key publicKey) {
+        return JWKBuilder.create()
+                .rsa(publicKey, KeyUse.SIG);
+    }
 
-        RSAPublicJWK k = new RSAPublicJWK();
-        k.setKeyType(KeyType.RSA);
-        k.setModulus(Base64Url.encode(toIntegerBytes(rsaKey.getModulus())));
-        k.setPublicExponent(Base64Url.encode(toIntegerBytes(rsaKey.getPublicExponent())));
 
-        return k;
+    public String generateSignedDPoPProof(String jti, String htm, String htu, Long iat, JWSHeader jwsHeader, PrivateKey privateKey, String accessToken) {
+        DPoP dpop = generateDPoP(jti, htm, htu, iat, accessToken);
+        KeyWrapper keyWrapper = getKeyWrapper(jwsHeader, privateKey);
+        return sign(jwsHeader, dpop, keyWrapper);
     }
 
+    private DPoP generateDPoP(String jti, String htm, String htu, Long iat, String accessToken) {
+        DPoP dpop = new DPoP();
+        dpop.id(jti);
+        dpop.setHttpMethod(htm);
+        dpop.setHttpUri(htu);
+        dpop.iat(iat);
+        if (accessToken != null) {
+            dpop.setAccessTokenHash(HashUtils.accessTokenHash(OAuth2Constants.DPOP_DEFAULT_ALGORITHM.toString(), accessToken, true));
+        }
+        return dpop;
+    }
 
-    public static String generateSignedDPoPProof(String jti, String htm, String htu, Long iat, JWSHeader jwsHeader, PrivateKey privateKey, String accessToken) {
-        try {
-            DPoP dpop = new DPoP();
-            dpop.id(jti);
-            dpop.setHttpMethod(htm);
-            dpop.setHttpUri(htu);
-            dpop.iat(iat);
-            if (accessToken != null) {
-                dpop.setAccessTokenHash(HashUtils.accessTokenHash(OAuth2Constants.DPOP_DEFAULT_ALGORITHM.toString(), accessToken, true));
-            }
+    protected KeyWrapper getKeyWrapper(JWSHeader jwsHeader, PrivateKey privateKey) {
+        JWK jwkKey = jwsHeader.getKey();
+        if (jwkKey == null) {
+            throw new IllegalArgumentException("The JWSHeader does not have key in the 'jwk' claim");
+        }
+        KeyWrapper keyWrapper = JWKSUtils.getKeyWrapper(jwkKey, true);
+        keyWrapper.setPrivateKey(privateKey);
+        return keyWrapper;
+    }
 
-            KeyWrapper keyWrapper = new KeyWrapper();
-            keyWrapper.setKid(jwsHeader.getKeyId());
-            keyWrapper.setAlgorithm(jwsHeader.getAlgorithm().toString());
-            keyWrapper.setPrivateKey(privateKey);
-            keyWrapper.setType(privateKey.getAlgorithm());
-            keyWrapper.setUse(KeyUse.SIG);
-            SignatureSignerContext sigCtx = createSignatureSignerContext(keyWrapper);
+    private String sign(JWSHeader jwsHeader, DPoP dpop, KeyWrapper keyWrapper) {
+        SignatureSignerContext sigCtx = createSignatureSignerContext(keyWrapper);
 
-            return new JWSBuilder()
-                    .header(jwsHeader)
-                    .jsonContent(dpop)
-                    .sign(sigCtx);
-        } catch (SignatureException e) {
-            throw new RuntimeException(e);
-        }
+        return new JWSBuilder()
+                .header(jwsHeader)
+                .jsonContent(dpop)
+                .sign(sigCtx);
     }
 
-    private static SignatureSignerContext createSignatureSignerContext(KeyWrapper keyWrapper) {
+    private SignatureSignerContext createSignatureSignerContext(KeyWrapper keyWrapper) {
         switch (keyWrapper.getType()) {
-            case KeyType.RSA:
-                return new AsymmetricSignatureSignerContext(keyWrapper);
             case KeyType.EC:
                 return new ECDSASignatureSignerContext(keyWrapper);
-             // TODO: EdDSA?
+            case KeyType.RSA:
+            case KeyType.OKP:
+                return new AsymmetricSignatureSignerContext(keyWrapper);
             default:
                 throw new IllegalArgumentException("No signer provider for key algorithm type " + keyWrapper.getType());
         }
diff --git a/core/src/main/java/org/keycloak/util/JWKSUtils.java b/core/src/main/java/org/keycloak/util/JWKSUtils.java
@@ -17,7 +17,6 @@
 
 package org.keycloak.util;
 
-import com.fasterxml.jackson.databind.JsonNode;
 import org.jboss.logging.Logger;
 import org.keycloak.crypto.KeyUse;
 import org.keycloak.crypto.KeyWrapper;
@@ -34,7 +33,6 @@
 
 import java.io.IOException;
 import java.security.PublicKey;
-import java.security.interfaces.ECPublicKey;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -55,6 +53,7 @@ public class JWKSUtils {
     static {
         JWK_THUMBPRINT_REQUIRED_MEMBERS.put(KeyType.RSA, new String[] { RSAPublicJWK.MODULUS, RSAPublicJWK.PUBLIC_EXPONENT });
         JWK_THUMBPRINT_REQUIRED_MEMBERS.put(KeyType.EC, new String[] { ECPublicJWK.CRV, ECPublicJWK.X, ECPublicJWK.Y });
+        JWK_THUMBPRINT_REQUIRED_MEMBERS.put(KeyType.OKP, new String[] { OKPPublicJWK.CRV, OKPPublicJWK.X });
     }
 
     /**
@@ -80,7 +79,7 @@ public static PublicKeysWrapper getKeyWrappersForUse(JSONWebKeySet keySet, JWK.U
             } else if ((requestedUse.asString().equals(jwk.getPublicKeyUse()) || (jwk.getPublicKeyUse() == null && useRequestedUseWhenNull))
                     && parser.isKeyTypeSupported(jwk.getKeyType())) {
                 try {
-                    KeyWrapper keyWrapper = wrap(jwk, parser);
+                    KeyWrapper keyWrapper = wrap(jwk, parser, false);
                     keyWrapper.setUse(getKeyUse(requestedUse.asString()));
                     result.add(keyWrapper);
                 } catch (RuntimeException e) {
@@ -118,26 +117,32 @@ public static JWK getKeyForUse(JSONWebKeySet keySet, JWK.Use requestedUse) {
     }
 
     public static KeyWrapper getKeyWrapper(JWK jwk) {
+        return getKeyWrapper(jwk, false);
+    }
+
+    public static KeyWrapper getKeyWrapper(JWK jwk, boolean skipPublicKey) {
         JWKParser parser = JWKParser.create(jwk);
         if (parser.isKeyTypeSupported(jwk.getKeyType())) {
-            return wrap(jwk, parser);
+            return wrap(jwk, parser, skipPublicKey);
         } else {
             return null;
         }
     }
 
-    private static KeyWrapper wrap(JWK jwk, JWKParser parser) {
+    private static KeyWrapper wrap(JWK jwk, JWKParser parser, boolean skipPublicKey) {
         KeyWrapper keyWrapper = new KeyWrapper();
         keyWrapper.setKid(jwk.getKeyId());
         if (jwk.getAlgorithm() != null) {
             keyWrapper.setAlgorithm(jwk.getAlgorithm());
         }
-        if (jwk.getOtherClaims().get(OKPPublicJWK.CRV) != null) {
-            keyWrapper.setCurve((String) jwk.getOtherClaims().get(OKPPublicJWK.CRV));
+        if (jwk.getOtherClaim(OKPPublicJWK.CRV, String.class) != null) {
+            keyWrapper.setCurve(jwk.getOtherClaim(OKPPublicJWK.CRV, String.class));
         }
         keyWrapper.setType(jwk.getKeyType());
         keyWrapper.setUse(getKeyUse(jwk.getPublicKeyUse()));
-        keyWrapper.setPublicKey(parser.toPublicKey());
+        if (!skipPublicKey) {
+            keyWrapper.setPublicKey(parser.toPublicKey());
+        }
         return keyWrapper;
     }
 
@@ -160,9 +165,8 @@ public static String computeThumbprint(JWK key, String hashAlg)  {
         members.put(JWK.KEY_TYPE, kty);
 
         try {
-            JsonNode node = JsonSerialization.writeValueAsNode(key);
             for (String member : requiredMembers) {
-                members.put(member, node.get(member).asText());
+                members.put(member, key.getOtherClaim(member, String.class));
             }
 
             byte[] bytes = JsonSerialization.writeValueAsBytes(members);
diff --git a/core/src/main/java15/org/keycloak/jose/jwk/EdECUtilsImpl.java b/core/src/main/java15/org/keycloak/jose/jwk/EdECUtilsImpl.java
@@ -70,8 +70,8 @@ public JWK okp(String kid, String algorithm, Key key, KeyUse keyUse) {
 
     @Override
     public PublicKey createOKPPublicKey(JWK jwk) {
-        String x = (String) jwk.getOtherClaims().get(OKPPublicJWK.X);
-        String crv = (String) jwk.getOtherClaims().get(OKPPublicJWK.CRV);
+        String x = jwk.getOtherClaim(OKPPublicJWK.X, String.class);
+        String crv = jwk.getOtherClaim(OKPPublicJWK.CRV, String.class);
         // JWK representation "x" of a public key
         int bytesLength = 0;
         if (Algorithm.Ed25519.equals(crv)) {
diff --git a/services/src/main/java/org/keycloak/keys/AbstractEddsaKeyProviderFactory.java b/services/src/main/java/org/keycloak/keys/AbstractEddsaKeyProviderFactory.java
@@ -38,7 +38,7 @@ public abstract class AbstractEddsaKeyProviderFactory implements KeyProviderFact
     protected static final String EDDSA_PRIVATE_KEY_KEY = "eddsaPrivateKey";
     protected static final String EDDSA_PUBLIC_KEY_KEY = "eddsaPublicKey";
     protected static final String EDDSA_ELLIPTIC_CURVE_KEY = "eddsaEllipticCurveKey";
-    protected static final String DEFAULT_EDDSA_ELLIPTIC_CURVE = Algorithm.Ed25519;
+    public static final String DEFAULT_EDDSA_ELLIPTIC_CURVE = Algorithm.Ed25519;
 
     protected static ProviderConfigProperty EDDSA_ELLIPTIC_CURVE_PROPERTY = new ProviderConfigProperty(EDDSA_ELLIPTIC_CURVE_KEY, 
             "Elliptic Curve", "Elliptic Curve used in EdDSA", LIST_TYPE,
diff --git a/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/keybinding/AbstractProofValidator.java b/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/keybinding/AbstractProofValidator.java
@@ -51,8 +51,8 @@ private KeyWrapper getKeyWrapper(JWK jwk, String algorithm) {
         keyWrapper.setAlgorithm(algorithm);
 
         // Set the curve if any
-        if (jwk.getOtherClaims().get(OKPPublicJWK.CRV) != null) {
-            keyWrapper.setCurve((String) jwk.getOtherClaims().get(OKPPublicJWK.CRV));
+        if (jwk.getOtherClaim(OKPPublicJWK.CRV, String.class) != null) {
+            keyWrapper.setCurve(jwk.getOtherClaim(OKPPublicJWK.CRV, String.class));
         }
 
         JWKParser parser = JWKParser.create(jwk);
diff --git a/services/src/main/java/org/keycloak/services/util/DPoPUtil.java b/services/src/main/java/org/keycloak/services/util/DPoPUtil.java
@@ -40,7 +40,6 @@
 import org.keycloak.common.Profile;
 import org.keycloak.common.VerificationException;
 import org.keycloak.common.util.Time;
-import org.keycloak.crypto.Algorithm;
 import org.keycloak.crypto.KeyWrapper;
 import org.keycloak.crypto.SignatureProvider;
 import org.keycloak.crypto.SignatureVerifierContext;
@@ -338,7 +337,6 @@ public static List<String> getDPoPSupportedAlgorithms(KeycloakSession session) {
                 .map(algorithm -> new AbstractMap.SimpleEntry<>(algorithm, session.getProvider(SignatureProvider.class, algorithm)))
                 .filter(entry -> entry.getValue() != null)
                 .filter(entry -> entry.getValue().isAsymmetricAlgorithm())
-                .filter(entry -> !entry.getKey().equals(Algorithm.EdDSA))
                 .map(Map.Entry::getKey)
                 .collect(Collectors.toList());
     }
diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/KeyManager.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/KeyManager.java
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AbstractWellKnownProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AbstractWellKnownProviderTest.java
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientPoliciesUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientPoliciesUtil.java

Original file line number	Diff line number	Diff line change
`@@ -51,8 +51,8 @@ private KeyWrapper getKeyWrapper(JWK jwk, String algorithm) {`
`51`	`51`	`keyWrapper.setAlgorithm(algorithm);`
`52`	`52`
`53`	`53`	`// Set the curve if any`
`54`		`- if (jwk.getOtherClaims().get(OKPPublicJWK.CRV) != null) {`
`55`		`- keyWrapper.setCurve((String) jwk.getOtherClaims().get(OKPPublicJWK.CRV));`
	`54`	`+ if (jwk.getOtherClaim(OKPPublicJWK.CRV, String.class) != null) {`
	`55`	`+ keyWrapper.setCurve(jwk.getOtherClaim(OKPPublicJWK.CRV, String.class));`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`JWKParser parser = JWKParser.create(jwk);`