Support for KcReg and KcAdm CLI to use BCFIPS instead of BC on FIPS platforms

Closes #14968

integration/client-cli/admin-cli/src/main/bin/kcadm.bat

@@ -5,4 +5,4 @@ if "%OS%" == "Windows_NT" (
 ) else (
   set DIRNAME=.\
 )
-java %KC_OPTS% -cp "%DIRNAME%\client\keycloak-admin-cli-${project.version}.jar" org.keycloak.client.admin.cli.KcAdmMain %*
+java %KC_OPTS% -cp "%DIRNAME%\client\keycloak-admin-cli-${project.version}.jar" -Dkc.lib.dir="%DIRNAME%\client\lib" org.keycloak.client.admin.cli.KcAdmMain %*

integration/client-cli/admin-cli/src/main/bin/kcadm.sh

@@ -29,4 +29,4 @@ if [ "x$JAVA" = "x" ]; then
     fi
 fi
 
-"$JAVA" $KC_OPTS -cp $DIRNAME/client/keycloak-admin-cli-${project.version}.jar org.keycloak.client.admin.cli.KcAdmMain "$@"
+"$JAVA" $KC_OPTS -cp $DIRNAME/client/keycloak-admin-cli-${project.version}.jar -Dkc.lib.dir=$DIRNAME/client/lib org.keycloak.client.admin.cli.KcAdmMain "$@"

integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/KcAdmMain.java

@@ -27,6 +27,7 @@ import org.keycloak.client.admin.cli.aesh.AeshEnhancer;
 import org.keycloak.client.admin.cli.aesh.Globals;
 import org.keycloak.client.admin.cli.aesh.ValveInputStream;
 import org.keycloak.client.admin.cli.commands.KcAdmCmd;
+import org.keycloak.client.admin.cli.util.ClassLoaderUtil;
 import org.keycloak.common.crypto.CryptoIntegration;
 
 import java.util.ArrayList;
@@ -38,8 +39,14 @@ import java.util.Arrays;
 public class KcAdmMain {
 
     public static void main(String [] args) {
+        String libDir = System.getProperty("kc.lib.dir");
+        if (libDir == null) {
+            throw new RuntimeException("System property kc.lib.dir needs to be set");
+        }
+        ClassLoader cl = ClassLoaderUtil.resolveClassLoader(libDir);
+        Thread.currentThread().setContextClassLoader(cl);
 
-        CryptoIntegration.init(KcAdmMain.class.getClassLoader());
+        CryptoIntegration.init(cl);
         
         Globals.stdin = new ValveInputStream();
 

integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/util/ClassLoaderUtil.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ *  and other contributors as indicated by the @author tags.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.keycloak.client.admin.cli.util;
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.util.stream.Stream;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class ClassLoaderUtil {
+
+    /**
+     * Detect if BC FIPS jars are present in the given directory. Return classloader with appropriate JARS based on that
+     */
+    public static ClassLoader resolveClassLoader(String libDir) {
+        File[] jarsInDir = new File(libDir).listFiles(file -> file.getName().endsWith(".jar"));
+
+        // Detect if BC FIPS jars are present in the "client/lib" directory
+        boolean bcFipsJarPresent = Stream.of(jarsInDir).anyMatch(file -> file.getName().startsWith("bc-fips"));
+        String[] validJarPrefixes = bcFipsJarPresent ?  new String[] {"keycloak-crypto-fips1402", "bc-fips", "bctls-fips"} : new String[] {"keycloak-crypto-default", "bcprov-jdk15on"};
+        URL[] usedJars = Stream.of(jarsInDir)
+                .filter(file -> {
+                    for (String prefix : validJarPrefixes) {
+                        if (file.getName().startsWith(prefix + "-")) return true;
+                    }
+                    return false;
+                })
+                .map(file -> {
+                    try {
+                        return file.toURI().toURL();
+                    } catch (MalformedURLException ex) {
+                        throw new IllegalStateException("Error when converting file into URL. Please check the files in the directory " + jarsInDir, ex);
+                    }
+                }).toArray(URL[]::new);
+
+        return new URLClassLoader(usedJars, ClassLoaderUtil.class.getClassLoader());
+    }
+
+}