Package org.keycloak.crypto.fips

Class Fips1402StrictCryptoProvider

java.lang.Object

org.keycloak.crypto.fips.FIPS1402Provider

org.keycloak.crypto.fips.Fips1402StrictCryptoProvider

All Implemented Interfaces:

org.keycloak.common.crypto.CryptoProvider

public class Fips1402StrictCryptoProvider
extends FIPS1402Provider

A FIPS1402Provider that forces BC to run in FIPS approve mode by default.

In order to set the default mode the org.bouncycastle.fips.approved_only must be set. Otherwise, calling CryptoServicesRegistrar.setApprovedOnlyMode(boolean) the mode is set on a per thread-basis and does not work well when handling requests using multiple threads.

Constructor Summary

Constructors

Constructor	Description
Fips1402StrictCryptoProvider()

Method Summary

Modifier and Type	Method	Description
String[]	getSupportedRsaKeySizes()

Methods inherited from class org.keycloak.crypto.fips.FIPS1402Provider

createECParams, getAesCbcCipher, getAesGcmCipher, getAlgorithmProvider, getBouncyCastleProvider, getCertificateUtils, getCertPathBuilder, getCertStore, getEcdsaCryptoProvider, getIdentityExtractorProvider, getKeyFactory, getKeyPairGen, getKeyStore, getOCSPProver, getPemUtils, getSecretKeyFact, getSignature, getX509CertFactory, wrapFactoryForTruststore

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.common.crypto.CryptoProvider

getSupportedKeyStoreTypes

Constructor Details

Fips1402StrictCryptoProvider

public Fips1402StrictCryptoProvider()

Method Details

getSupportedRsaKeySizes

public String[] getSupportedRsaKeySizes()