Add support for AKP JWK parsing building #44203
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82d7c66 to
8a08fd3
Compare
mposolda
reviewed
Nov 14, 2025
Contributor
mposolda
left a comment
There was a problem hiding this comment.
Added the question inline.
| public class AKPJWKTest { | ||
|
|
||
| @Rule | ||
| public BouncyCastleSetup bc = new BouncyCastleSetup(); |
Contributor
There was a problem hiding this comment.
Should this be tested with the bc-fips as well?
If yes, it might be better to use CryptoInitRule instead of this and use same pattern like other tests? For example JWKTest, which is abstract class with subclasses in both crypto/default and crypto/fips1402 . In that case, we will not need BouncyCastleSetup and will not need introducing bcprov-jdk18on into the core module.
Contributor
Author
There was a problem hiding this comment.
Yer, that's much nicer, re-worked it. It's a high chance it'll fail in FIPS mode, but will let it run to see
Contributor
There was a problem hiding this comment.
Thanks, Approved the PR. If it does not work in FIPS mode, we can delete just the unit test in the crypto/fips1402 or @Ignore it and create a follow-up issue for that?
Contributor
Author
There was a problem hiding this comment.
As expected ML-DSA is not available in FIPS mode, so removed FIPS1402AKPJWKTest
7074041 to
ad979d0
Compare
mposolda
previously approved these changes
Nov 14, 2025
Closes keycloak#44141 Signed-off-by: stianst <[email protected]>
Jonaka3385
pushed a commit
to Jonaka3385/keycloak
that referenced
this pull request
Nov 17, 2025
Closes keycloak#44156 Signed-off-by: Giuseppe Graziano <[email protected]> Add permissions to stability-* workflows (keycloak#44212) Signed-off-by: stianst <[email protected]> Avoid downloading spotless dependencies every time Closes keycloak#44214 Signed-off-by: stianst <[email protected]> fix: correcting termination test on openshift (keycloak#44181) closes: keycloak#44179 Signed-off-by: Steve Hawkins <[email protected]> Translations update from Hosted Weblate (keycloak#44055) * Updated translation for Turkish Language: tr Update translation files Updated by "Cleanup translation files" hook in Weblate. Updated translation for Turkish Language: tr Updated translation for Turkish Language: tr Co-authored-by: Arif EROL <[email protected]> Co-authored-by: Hosted Weblate <[email protected]> Signed-off-by: Arif EROL <[email protected]> Signed-off-by: Hosted Weblate <[email protected]> * Update translation files Updated by "Cleanup translation files" hook in Weblate. Co-authored-by: Hosted Weblate <[email protected]> Signed-off-by: Hosted Weblate <[email protected]> * Updated translation for French Language: fr Updated translation for French Language: fr Update translation files Updated by "Cleanup translation files" hook in Weblate. Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Updated translation for French Language: fr Co-authored-by: Alexander Schwartz <[email protected]> Co-authored-by: Dodouce <[email protected]> Co-authored-by: Hosted Weblate <[email protected]> Co-authored-by: Sylvain Pichon <[email protected]> Signed-off-by: Alexander Schwartz <[email protected]> Signed-off-by: Dodouce <[email protected]> Signed-off-by: Hosted Weblate <[email protected]> Signed-off-by: Sylvain Pichon <[email protected]> * Update translation files Updated by "Cleanup translation files" hook in Weblate. Co-authored-by: Hosted Weblate <[email protected]> Signed-off-by: Hosted Weblate <[email protected]> * Update translation files Updated by "Cleanup translation files" hook in Weblate. Updated translation for Chinese (Traditional Han script) Language: zh_Hant Updated translation for Chinese (Traditional Han script) Language: zh_Hant Co-authored-by: Hosted Weblate <[email protected]> Co-authored-by: 秉虎 <[email protected]> Signed-off-by: Hosted Weblate <[email protected]> Signed-off-by: 秉虎 <[email protected]> --------- Signed-off-by: Arif EROL <[email protected]> Signed-off-by: Hosted Weblate <[email protected]> Signed-off-by: Alexander Schwartz <[email protected]> Signed-off-by: Dodouce <[email protected]> Signed-off-by: Sylvain Pichon <[email protected]> Signed-off-by: 秉虎 <[email protected]> Co-authored-by: Arif EROL <[email protected]> Co-authored-by: Alexander Schwartz <[email protected]> Co-authored-by: Dodouce <[email protected]> Co-authored-by: Sylvain Pichon <[email protected]> Co-authored-by: 秉虎 <[email protected]> Create remember_me column for user sessions Closes keycloak#44112 Signed-off-by: Pedro Ruivo <[email protected]> Co-authored-by: Pedro Ruivo <[email protected]> Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids Closes keycloak#44183 Signed-off-by: Stefan Guilhen <[email protected]> Fix logger call to align arguments with format pattern fixes keycloak#44229 Signed-off-by: Lucas <[email protected]> MLDSA Keys and Feature-Flag Removing Feature-Flag set auto-mount service account token to false in keycloak pods (keycloak#40605) closes keycloak#38843 Signed-off-by: AvivGuiser <[email protected]> Co-authored-by: Steven Hawkins <[email protected]> Bug fix double-encoding for query parameter acr_values Related bug fix in Keycloak version 26.4 space with mutiple values results in → "+" → "%2B" Reported bug: keycloak#44125 Signed-off-by: jhgojbis <[email protected]> Fixing encoding of forwarded parameters Closes keycloak#44125 Signed-off-by: Pedro Igor <[email protected]> Fix UserSessionProviderOfflineModelTest#testLoadUserSessionsWithNotDeletedOfflineClientSessions Fixes keycloak#43886 Signed-off-by: Pedro Ruivo <[email protected]> Co-authored-by: Pedro Ruivo <[email protected]> Deprecate TopologyInfo Closes keycloak#44047 Signed-off-by: Pedro Ruivo <[email protected]> Co-authored-by: Pedro Ruivo <[email protected]> Find highest sequence number in jgroups_ping * Find the highest sequence number in jgroups_ping table to avoid duplicates Fixes keycloak#44189 Signed-off-by: Pedro Ruivo <[email protected]> Co-authored-by: Pedro Ruivo <[email protected]> Bump the actions-dependencies group with 3 updates (keycloak#44245) Bumps the actions-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) Updates `github/codeql-action` from 4.30.8 to 4.31.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f443b60...014f16e) Updates `actions/download-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@634f93c...018cc2c) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump the actions-dependencies group with 3 updates (keycloak#44245) Bumps the actions-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) Updates `github/codeql-action` from 4.30.8 to 4.31.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f443b60...014f16e) Updates `actions/download-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@634f93c...018cc2c) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> JWK Algorithm Key Pair support (keycloak#44203) Closes keycloak#44141 Signed-off-by: stianst <[email protected]> Merge GenerateKeystoreForTestUtil with CryptoKeyStore (keycloak#44223) Closes keycloak#44195 Signed-off-by: stianst <[email protected]> Rename ApiUtil to AdminApiUtil (keycloak#44224) Closes keycloak#44196 Signed-off-by: stianst <[email protected]>
Ogenbertrand
pushed a commit
to adorsys/keycloak-oid4vc
that referenced
this pull request
Dec 2, 2025
Closes keycloak#44141 Signed-off-by: stianst <[email protected]> Signed-off-by: Ogenbertrand <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Found at least two ways to generate the
pubclaim:BouncyCastleAPIs - this would requirecoreto have a dependency on BouncyCastle or a bit of refactoring to move it elsewhere. Additionally, this doesn't seem to work well for all public keys as it depends on if the key was generated by Sun or BouncyCastle. See https://github.com/stianst/playground/blob/main/signing/src/main/java/playground/stianst/github/io/ParseAPK2WithBouncyCastle.java for an exampleIn the end I went with the latter although it's a bit strange it works, and has also been tested with example public keys from the ML-DSA for JOSE and COSE specification. The examples are here and they are added to the tests directly.
Closes #44141
Signed-off-by: stianst [email protected]