All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory Maven / Gradle / Ivy

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2015 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.auth.server;

import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.function.UnaryOperator;

import javax.security.auth.callback.CallbackHandler;

import org.wildfly.common.Assert;
import org.wildfly.security.credential.AlgorithmCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.AlgorithmEvidence;
import org.wildfly.security.evidence.Evidence;

public abstract class AbstractMechanismAuthenticationFactory implements MechanismAuthenticationFactory {

    private final SecurityDomain securityDomain;
    private final MechanismConfigurationSelector mechanismConfigurationSelector;
    private final F factory;

    protected AbstractMechanismAuthenticationFactory(final SecurityDomain securityDomain, final MechanismConfigurationSelector mechanismConfigurationSelector, final F factory) {
        this.securityDomain = securityDomain;
        this.mechanismConfigurationSelector = mechanismConfigurationSelector;
        this.factory = factory;
    }

    public MechanismConfigurationSelector getMechanismConfigurationSelector() {
        return mechanismConfigurationSelector;
    }

    public SecurityDomain getSecurityDomain() {
        return securityDomain;
    }

    public F getFactory() {
        return factory;
    }

    public M createMechanism(final String name, final UnaryOperator factoryTransformation) throws E {
        return doCreate(name, new ServerAuthenticationContext(securityDomain, mechanismConfigurationSelector).createCallbackHandler(), factoryTransformation);
    }

    protected abstract M doCreate(String name, CallbackHandler callbackHandler, final UnaryOperator factoryTransformation) throws E;

    protected abstract Collection> getSupportedEvidenceTypes(String mechName);

    protected abstract Collection getSupportedEvidenceAlgorithmNames(Class evidenceType, String mechName);

    protected abstract Collection> getSupportedCredentialTypes(String mechName);

    protected abstract Collection getSupportedCredentialAlgorithmNames(Class credentialType, String mechName);

    /**
     * Determine whether the given mechanism name needs credentials from a realm in order to authenticate.
     *
     * @param mechName the mechanism name
     * @return {@code true} if the mechanism requires realm credential support, {@code false} if it does not
     */
    protected abstract boolean usesCredentials(String mechName);

    /**
     * Determine whether the given mechanism name is known to WildFly Elytron.
     *
     * If it is not known we can't filter it out as we can not rely upon the other methods being able to
     * return accurate responses about the mechanisms requirements.
     *
     * As this is a new method and other implementations may not know to override this has a default
     * implementation to match the current behaviour i.e. assume we know about all mechanisms.
     *
     * @param mechName the mechanism name
     * @return {@code true} if the mechanism is known to WildFly Elytron, {@code false} if it is not
     */
    protected boolean isKnownMechanism(String mechName) {
        return true;
    };

    public Collection getMechanismNames() {
        final Collection names = new LinkedHashSet<>();
        top: for (String mechName : getAllSupportedMechNames()) {
            // If we don't know about the mech we have to support it as it is likely
            // a custom mechanism so our filtering rules will not be correct.
            if ((! isKnownMechanism(mechName)) ||
                 // if the mech doesn't need credentials, then we support it for sure
                 (! usesCredentials(mechName))) {
                names.add(mechName);
                continue;
            }

            final SecurityDomain securityDomain = this.securityDomain;

            // if the mech supports verification for a type of evidence we have, we support it
            for (Class evidenceType : getSupportedEvidenceTypes(mechName)) {
                if (AlgorithmEvidence.class.isAssignableFrom(evidenceType)) {
                    for (String algorithmName : getSupportedEvidenceAlgorithmNames(evidenceType.asSubclass(AlgorithmEvidence.class), mechName)) {
                        if ("*".equals(algorithmName) && securityDomain.getEvidenceVerifySupport(evidenceType).mayBeSupported() || securityDomain.getEvidenceVerifySupport(evidenceType, algorithmName).mayBeSupported()) {
                            names.add(mechName);
                            continue top;
                        }
                    }
                } else {
                    if (securityDomain.getEvidenceVerifySupport(evidenceType).mayBeSupported()) {
                        names.add(mechName);
                        continue top;
                    }
                }
            }
            // if the mech supports a type of credential we have, we support it
            for (Class credentialType : getSupportedCredentialTypes(mechName)) {
                if (AlgorithmCredential.class.isAssignableFrom(credentialType)) {
                    for (String algorithmName : getSupportedCredentialAlgorithmNames(credentialType.asSubclass(AlgorithmCredential.class), mechName)) {
                        if ("*".equals(algorithmName) && securityDomain.getCredentialAcquireSupport(credentialType).mayBeSupported() || securityDomain.getCredentialAcquireSupport(credentialType, algorithmName).mayBeSupported()) {
                            names.add(mechName);
                            continue top;
                        }
                    }
                } else {
                    if (securityDomain.getCredentialAcquireSupport(credentialType).mayBeSupported()) {
                        names.add(mechName);
                        continue top;
                    }
                }
            }
        }
        return names;
    }

    protected abstract Collection getAllSupportedMechNames();

    protected abstract static class Builder implements MechanismAuthenticationFactory.Builder {
        private SecurityDomain securityDomain;
        private MechanismConfigurationSelector mechanismConfigurationSelector;
        private F factory;

        protected Builder() {
        }

        public Builder setSecurityDomain(final SecurityDomain securityDomain) {
            Assert.checkNotNullParam("securityDomain", securityDomain);
            this.securityDomain = securityDomain;
            return this;
        }

        public Builder setMechanismConfigurationSelector(final MechanismConfigurationSelector mechanismConfigurationSelector) {
            this.mechanismConfigurationSelector = mechanismConfigurationSelector;
            return this;
        }

        public Builder setFactory(final F factory) {
            Assert.checkNotNullParam("factory", factory);
            this.factory = factory;
            return this;
        }

        public SecurityDomain getSecurityDomain() {
            return securityDomain;
        }

        public MechanismConfigurationSelector getMechanismConfigurationSelector() {
            return mechanismConfigurationSelector;
        }

        public F getFactory() {
            return factory;
        }
    }


}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy