8000 EC cryptography not immediately available on Quarkus · Issue #12152 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
EC cryptography not immediately available on Quarkus #12152
New issue
New issue
Closed
Closed
EC cryptography not immediately available on Quarkus#12152
Labels
area/dist/quarkuskind/bugCategorizes a PR related to a bug
Milestone
 
20.0.0
@dteleguin

Description

@dteleguin
dteleguin
opened on May 23, 2022

Describe the bug

On Quarkus, EC cryptography is not available immediately upon startup; any calls involving EC-signed JWTs will thus fail. This includes, but is not limited to:

  • sending EC-signed request objects;
  • client authentication using EC-signed JWTs;
  • sending DPoP requests with EC signature (upcoming feature).

This happens because BouncyCastle provider is not installed by default. Once it gets initialized by a different code path (e.g. token generation), EC becomes available.

The issue is not observed on Wildfly since the startup process is different and BouncyCastle provider gets installed by RestEasy.

Version

18

Expected behavior

Operations involving EC cryptography should always be processed correctly.

Actual behavior

Operations involving EC cryptography would fail with root cause:

java.security.NoSuchAlgorithmException: ECDSA KeyFactory not available

How to Reproduce?

  • start Keycloak on Quarkus;
  • send OIDC Authorization request with request object signed using EC algorithm

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/dist/quarkuskind/bugCategorizes a PR related to a bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0