-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
23 changed files
with
9,481 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
name: build-release | ||
|
||
on: push | ||
|
||
env: | ||
IMAGE_NAME: nxest/keycloak-encryption-provider | ||
|
||
jobs: | ||
build: | ||
name: Build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up JDK 11 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 11 | ||
- name: Build with Gradle | ||
run: cd $GITHUB_WORKSPACE/password-encryption-provider && ./gradlew shadowJar | ||
|
||
- name: Set up Node.js | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: '14' | ||
- name: Build with Gradle | ||
run: | | ||
cd $GITHUB_WORKSPACE/password-encryption-provider-js | ||
npm ci | ||
npm run build | ||
cd $GITHUB_WORKSPACE | ||
- name: Upload artifacts | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: build-artifacts | ||
path: | | ||
Dockerfile | ||
README.md | ||
password-encryption-provider-js/dist | ||
password-encryption-provider-js/theme.properties | ||
password-encryption-provider/build/libs | ||
docker: | ||
if: startsWith( github.ref, 'refs/tags/') | ||
name: Push image | ||
needs: build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download build artifacts | ||
uses: actions/download-artifact@v2 | ||
with: | ||
name: build-artifacts | ||
- name: Display structure of downloaded files | ||
run: ls -R | ||
|
||
- name: Login to dockerhub | ||
uses: docker/login-action@v1 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
||
- name: Setup qemu | ||
uses: docker/setup-qemu-action@v1 | ||
with: | ||
platforms: all | ||
|
||
- name: Setup buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@v1 | ||
with: | ||
version: latest | ||
|
||
- name: Push to docker hub | ||
run: | | ||
# Strip git ref prefix from version | ||
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | ||
# Strip "v" prefix from tag name | ||
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | ||
docker buildx build \ | ||
--tag $IMAGE_NAME:$VERSION \ | ||
--tag $IMAGE_NAME:lastest \ | ||
--platform linux/amd64,linux/arm64 \ | ||
-f Dockerfile ./ \ | ||
--push | ||
- name: Docker Hub README | ||
uses: peter-evans/dockerhub-description@v2 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
repository: $IMAGE_NAME |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
FROM busybox:1.32 | ||
ENV KEYCLOAK_HOME=/opt/jboss/keycloak | ||
ADD ./password-encryption-provider/build/libs/password-encryption-provider.jar $KEYCLOAK_HOME/standalone/deployments/ | ||
ADD ./password-encryption-provider-js/dist/password-encryption-provider.js $KEYCLOAK_HOME/themes/base/login/resources/js/ | ||
ADD ./password-encryption-provider-js/theme.properties $KEYCLOAK_HOME/themes/base/login/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,47 @@ | ||
# keycloak-password-encryption-provider | ||
A keycloak password encryption provider. | ||
# keycloak-password-encryption | ||
|
||
## 基本功能 | ||
|
||
实现 keycloak 登录密码加密传输。 | ||
|
||
## 实现基本原理 | ||
|
||
- 前端 js 获取 keycloak 可用的公钥,然后使用该公钥对 password 字段数据进行加密。 | ||
- 后端使用 CredentialProvider 拦截登录信息,使用私钥对 password 进行解密。 | ||
|
||
## 如何使用 | ||
|
||
### 编译 provider&部署 jar | ||
|
||
```shell | ||
gradle shadowJar | ||
``` | ||
|
||
编译后会在 build/libs 文件夹下生成 keycloak-password-provider.jar,将该 jar 包 cp 到{keycloak home}/standalone/deployments/ 路径下。 | ||
|
||
### 编译 js&部署 js | ||
|
||
```shell | ||
cd /password-encryption-provider-js | ||
npm install | ||
npm run build | ||
``` | ||
|
||
编译后,会在/password-encryption-provider-js/login/resources/js/ 文件夹下生成 password-encryption-provider.js,将该 js 文件 cp 到{keycloak home}/themes/base/login/resources/js/路径下。 | ||
|
||
然后,将“scripts=js/password-encryption-provider.js”cp 到{keycloak home}/themes/base/login/theme.properties 文件内。 | ||
|
||
## 已适配 Keycloak 版本 | ||
|
||
当前源码中所使用版本为 Keycloak-12.0.3 版本,如果使用其他版本的 Keycloak 其他版本,只需在修改/password-encryption-provider/build.gradle 中 keycloak 版本,重新编译即可。 | ||
|
||
### 已适配版本 | ||
|
||
- 10.0.2 | ||
- 12.0.2 | ||
- 12.0.3 | ||
|
||
## 局限性 | ||
|
||
- 仅仅实现了登陆密码加密传输 | ||
- 添加密码&修改密码未实现加密传输 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
// jose = require('node-jose'); | ||
// jwksDownloader = require('./src/jwks-downloader'); | ||
// browserFormPwdEncrypt = require('./src/browser-form-pwd-encryptor'); | ||
require('./src/password-events-register'); |
Oops, something went wrong.