VCSigningServiceProviderFactory.java
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.protocol.oid4vc.issuance.signing;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.component.ComponentFactory;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oid4vc.OID4VCEnvironmentProviderFactory;
import org.keycloak.provider.ConfigurationValidationHelper;
import org.keycloak.provider.ProviderConfigurationBuilder;
/**
* Provider Factory to create {@link VerifiableCredentialsSigningService}s
*
* @author <a href="https://github.com/wistefan">Stefan Wiedemann</a>
*/
public interface VCSigningServiceProviderFactory extends ComponentFactory<VerifiableCredentialsSigningService, VerifiableCredentialsSigningService>, OID4VCEnvironmentProviderFactory {
/**
* Key for the realm attribute providing the issuerDidy.
*/
String ISSUER_DID_REALM_ATTRIBUTE_KEY = "issuerDid";
static ProviderConfigurationBuilder configurationBuilder() {
return ProviderConfigurationBuilder.create()
// I do believe the ALGORITHM_TYPE need to be mandatory instead. As the keyId might change with key rotation.
// If keyId is not set, service can always work with active key.
.property(SigningProperties.ALGORITHM_TYPE.asConfigProperty());
}
@Override
default void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel model) throws ComponentValidationException {
ConfigurationValidationHelper.check(model)
.checkRequired(SigningProperties.ALGORITHM_TYPE.asConfigProperty());
validateSpecificConfiguration(session, realm, model);
}
@Override
default void close() {
// no-op
}
@Override
default void init(Config.Scope config) {
// no-op
}
@Override
default void postInit(KeycloakSessionFactory factory) {
// no-op
}
@Override
default boolean isSupported(Config.Scope config) {
return Profile.isFeatureEnabled(Profile.Feature.OID4VC_VCI);
}
/**
* Should validate potential implementation specific configuration of the factory.
*/
void validateSpecificConfiguration(KeycloakSession session, RealmModel realm, ComponentModel model) throws ComponentValidationException;
/**
* Should return the credentials format supported by the signing service.
*
* @return the format
*/
String supportedFormat();
}