Package org.wildfly.security.auth.realm
Class FileSystemSecurityRealm.Identity
- java.lang.Object
-
- org.wildfly.security.auth.realm.FileSystemSecurityRealm.Identity
-
- All Implemented Interfaces:
ModifiableRealmIdentity,RealmIdentity
- Enclosing class:
- FileSystemSecurityRealm
static class FileSystemSecurityRealm.Identity extends Object implements ModifiableRealmIdentity
-
-
Field Summary
Fields Modifier and Type Field Description private static StringBASE64_FORMATprivate static StringENCRYPTION_FORMATprivate CharsethashCharsetprivate EncodinghashEncodingprivate static StringHEXprivate booleanintegrityEnabledprivate IdentitySharedExclusiveLock.IdentityLocklockprivate static StringMCF_FORMATprivate Stringnameprivate Pathpathprivate PrivateKeyprivateKeyprivate Supplier<Provider[]>providersprivate PublicKeypublicKeyprivate SecretKeysecretKeyprivate static StringX509_FORMAT-
Fields inherited from interface org.wildfly.security.auth.server.ModifiableRealmIdentity
NON_EXISTENT
-
Fields inherited from interface org.wildfly.security.auth.server.RealmIdentity
ANONYMOUS
-
-
Constructor Summary
Constructors Constructor Description Identity(String name, Path path, IdentitySharedExclusiveLock.IdentityLock lock, Charset hashCharset, Encoding hashEncoding, Supplier<Provider[]> providers, SecretKey secretKey, PrivateKey privateKey, PublicKey publicKey, boolean integrityEnabled)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private voidconsumeContent(XMLStreamReader reader)voidcreate()Create this realm identity.private VoidcreatePrivileged()voiddelete()Delete this realm identity.private VoiddeletePrivileged()voiddispose()Dispose this realm identity after a completed authentication attempt.booleanexists()Determine if the identity exists in lieu of verifying or acquiring a credential.AttributesgetAttributes()Get the attributes for the realm identity.AuthorizationIdentitygetAuthorizationIdentity()Get an authorization identity for this pre-authenticated identity.<C extends Credential>
CgetCredential(Class<C> credentialType)Acquire a credential of the given type.<C extends Credential>
CgetCredential(Class<C> credentialType, String algorithmName)Acquire a credential of the given type and algorithm name.<C extends Credential>
CgetCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)Acquire a credential of the given type and algorithm name.SupportLevelgetCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.SupportLevelgetEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.PrincipalgetRealmIdentityPrincipal()Get the principal that canonically identifies the identity within the realm.private FileSystemSecurityRealm.VersionidentifyVersion(XMLStreamReader streamReader)private booleanisIntegrityValid()(package private) List<Credential>loadCredentials()private FileSystemSecurityRealm.LoadedIdentityloadIdentity(boolean skipCredentials, boolean skipAttributes)protected FileSystemSecurityRealm.LoadedIdentityloadIdentityPrivileged(boolean skipCredentials, boolean skipAttributes)private voidparseAttribute(XMLStreamReader streamReader, Attributes attributes)private AttributesparseAttributes(XMLStreamReader streamReader, FileSystemSecurityRealm.Version version)private voidparseCertificate(List<Credential> credentials, XMLStreamReader streamReader)private voidparseCredential(XMLStreamReader streamReader, FileSystemSecurityRealm.CredentialParseFunction function)private List<Credential>parseCredentials(XMLStreamReader streamReader, FileSystemSecurityRealm.Version version)private FileSystemSecurityRealm.LoadedIdentityparseIdentity(XMLStreamReader streamReader, boolean skipCredentials, boolean skipAttributes)private FileSystemSecurityRealm.LoadedIdentityparseIdentityContents(XMLStreamReader streamReader, FileSystemSecurityRealm.Version version, boolean skipCredentials, boolean skipAttributes)private voidparseOtp(List<Credential> credentials, XMLStreamReader streamReader)private voidparsePassword(List<Credential> credentials, XMLStreamReader streamReader, FileSystemSecurityRealm.Version version)private voidparsePublicKey(List<Credential> credentials, XMLStreamReader streamReader)private voidreplaceIdentity(FileSystemSecurityRealm.LoadedIdentity newIdentity)private VoidreplaceIdentityPrivileged(FileSystemSecurityRealm.LoadedIdentity newIdentity)private FileSystemSecurityRealm.VersionrequiredVersion(FileSystemSecurityRealm.LoadedIdentity identityToWrite)voidsetAttributes(Attributes attributes)Modify the attributes collection of this identity.voidsetCredentials(Collection<? extends Credential> credentials)Set the credentials of this identity.private PathtempPath()private StringtempSuffix()private booleanvalidateDigitalSignature(Document doc)private booleanvalidatePrincipalName(Document doc)booleanverifyEvidence(Evidence evidence)Verify the given evidence against a credential of this identity.private voidwriteDigitalSignature(Path path, String name)private voidwriteIdentity(XMLStreamWriter streamWriter, FileSystemSecurityRealm.LoadedIdentity newIdentity)-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.server.ModifiableRealmIdentity
updateCredential
-
Methods inherited from interface org.wildfly.security.auth.server.RealmIdentity
applyToCredential, applyToCredential, applyToCredential, getCredentialAcquireSupport
-
-
-
-
Field Detail
-
ENCRYPTION_FORMAT
private static final String ENCRYPTION_FORMAT
- See Also:
- Constant Field Values
-
BASE64_FORMAT
private static final String BASE64_FORMAT
- See Also:
- Constant Field Values
-
MCF_FORMAT
private static final String MCF_FORMAT
- See Also:
- Constant Field Values
-
X509_FORMAT
private static final String X509_FORMAT
- See Also:
- Constant Field Values
-
HEX
private static final String HEX
- See Also:
- Constant Field Values
-
name
private final String name
-
path
private final Path path
-
lock
private IdentitySharedExclusiveLock.IdentityLock lock
-
hashCharset
private final Charset hashCharset
-
hashEncoding
private final Encoding hashEncoding
-
secretKey
private final SecretKey secretKey
-
privateKey
private final PrivateKey privateKey
-
publicKey
private final PublicKey publicKey
-
integrityEnabled
private final boolean integrityEnabled
-
-
Constructor Detail
-
Identity
Identity(String name, Path path, IdentitySharedExclusiveLock.IdentityLock lock, Charset hashCharset, Encoding hashEncoding, Supplier<Provider[]> providers, SecretKey secretKey, PrivateKey privateKey, PublicKey publicKey, boolean integrityEnabled)
-
-
Method Detail
-
getRealmIdentityPrincipal
public Principal getRealmIdentityPrincipal()
Description copied from interface:RealmIdentityGet the principal that canonically identifies the identity within the realm. This method may return the principal object which was passed in as a parameter toSecurityRealm.getRealmIdentity(Principal)(a.k.a. domain principal), but is not required to do so. Any existent realm identity (i.e. any identity which returnstrueon invocation ofRealmIdentity.exists()) must return a non-nullprincipal.- Specified by:
getRealmIdentityPrincipalin interfaceRealmIdentity- Returns:
- the principal for this realm identity (may not be
null)
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:RealmIdentityDetermine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.- Specified by:
getCredentialAcquireSupportin interfaceRealmIdentity- Parameters:
credentialType- the exact credential type (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec- the algorithm parameters to match, ornullif any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential type (may not be
null) - Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getCredential
public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException
Description copied from interface:RealmIdentityAcquire a credential of the given type.- Specified by:
getCredentialin interfaceRealmIdentity- Type Parameters:
C- the credential type- Parameters:
credentialType- the credential type class (must not benull)- Returns:
- the credential, or
nullif no such credential exists - Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getCredential
public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName) throws RealmUnavailableException
Description copied from interface:RealmIdentityAcquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type must override this method.- Specified by:
getCredentialin interfaceRealmIdentity- Type Parameters:
C- the credential type- Parameters:
credentialType- the credential type class (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the credential type does not support algorithm names- Returns:
- the credential, or
nullif no such credential exists - Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getCredential
public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:RealmIdentityAcquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type and algorithm must override this method.- Specified by:
getCredentialin interfaceRealmIdentity- Type Parameters:
C- the credential type- Parameters:
credentialType- the credential type class (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec- the algorithm parameters to match, ornullif any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the credential, or
nullif no such credential exists - Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Description copied from interface:RealmIdentityDetermine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.- Specified by:
getEvidenceVerifySupportin interfaceRealmIdentity- Parameters:
evidenceType- the type of evidence to be verified (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
verifyEvidence
public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException
Description copied from interface:RealmIdentityVerify the given evidence against a credential of this identity. The credential to be used is selected based on the evidence type.- Specified by:
verifyEvidencein interfaceRealmIdentity- Parameters:
evidence- the evidence to verify- Returns:
trueif verification was successful,falseotherwise- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
loadCredentials
List<Credential> loadCredentials() throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
exists
public boolean exists() throws RealmUnavailableExceptionDescription copied from interface:RealmIdentityDetermine if the identity exists in lieu of verifying or acquiring a credential. This method is intended to be used to verify an identity for non-authentication purposes only. Implementations of this method should returnfalseup until the point it is known that a call toRealmIdentity.getAuthorizationIdentity()can successfully return an identity. If a realm can load an identity independently of credential acquisition and evidence verification if not already loaded it should be loaded at the time of this call to return an accurate result.- Specified by:
existsin interfaceRealmIdentity- Returns:
trueif the identity exists in this realm,falseotherwise- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
delete
public void delete() throws RealmUnavailableExceptionDescription copied from interface:ModifiableRealmIdentityDelete this realm identity. After this call,RealmIdentity.exists()will returnfalse. If the identity does not exist, an exception is thrown.- Specified by:
deletein interfaceModifiableRealmIdentity- Throws:
RealmUnavailableException- if deletion fails for some reason
-
deletePrivileged
private Void deletePrivileged() throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
tempSuffix
private String tempSuffix()
-
tempPath
private Path tempPath()
-
create
public void create() throws RealmUnavailableExceptionDescription copied from interface:ModifiableRealmIdentityCreate this realm identity. After this call,RealmIdentity.exists()will returntrueand the credentials and role sets will be empty. If the identity already exists, an exception is thrown.- Specified by:
createin interfaceModifiableRealmIdentity- Throws:
RealmUnavailableException- if creation fails for some reason
-
createPrivileged
private Void createPrivileged() throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
setCredentials
public void setCredentials(Collection<? extends Credential> credentials) throws RealmUnavailableException
Description copied from interface:ModifiableRealmIdentitySet the credentials of this identity. If the identity does not exist, an exception is thrown. Any existing credential(s) are replaced/updated with the new value (in a possibly realm-specific manner).- Specified by:
setCredentialsin interfaceModifiableRealmIdentity- Parameters:
credentials- the new credentials to set- Throws:
RealmUnavailableException- if updating the credentials fails for some reason
-
setAttributes
public void setAttributes(Attributes attributes) throws RealmUnavailableException
Description copied from interface:ModifiableRealmIdentityModify the attributes collection of this identity. If the identity does not exist, an exception is thrown.- Specified by:
setAttributesin interfaceModifiableRealmIdentity- Parameters:
attributes- the new attributes collection- Throws:
RealmUnavailableException- if updating the attributes collection fails for some reason
-
getAttributes
public Attributes getAttributes() throws RealmUnavailableException
Description copied from interface:RealmIdentityGet the attributes for the realm identity.- Specified by:
getAttributesin interfaceRealmIdentity- Returns:
- the attributes, or
nullif the implementing class does not support getting attributes - Throws:
RealmUnavailableException- if accessing the attributes fails for some reason
-
replaceIdentity
private void replaceIdentity(FileSystemSecurityRealm.LoadedIdentity newIdentity) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
replaceIdentityPrivileged
private Void replaceIdentityPrivileged(FileSystemSecurityRealm.LoadedIdentity newIdentity) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
requiredVersion
private FileSystemSecurityRealm.Version requiredVersion(FileSystemSecurityRealm.LoadedIdentity identityToWrite)
-
writeIdentity
private void writeIdentity(XMLStreamWriter streamWriter, FileSystemSecurityRealm.LoadedIdentity newIdentity) throws XMLStreamException, InvalidKeySpecException, NoSuchAlgorithmException, GeneralSecurityException
-
dispose
public void dispose()
Description copied from interface:RealmIdentityDispose this realm identity after a completed authentication attempt.- Specified by:
disposein interfaceRealmIdentity
-
getAuthorizationIdentity
public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException
Description copied from interface:RealmIdentityGet an authorization identity for this pre-authenticated identity.- Specified by:
getAuthorizationIdentityin interfaceRealmIdentity- Returns:
- the authorization identity (may not be
null) - Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
loadIdentity
private FileSystemSecurityRealm.LoadedIdentity loadIdentity(boolean skipCredentials, boolean skipAttributes) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
loadIdentityPrivileged
protected FileSystemSecurityRealm.LoadedIdentity loadIdentityPrivileged(boolean skipCredentials, boolean skipAttributes) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
parseIdentity
private FileSystemSecurityRealm.LoadedIdentity parseIdentity(XMLStreamReader streamReader, boolean skipCredentials, boolean skipAttributes) throws RealmUnavailableException, XMLStreamException
-
identifyVersion
private FileSystemSecurityRealm.Version identifyVersion(XMLStreamReader streamReader)
-
parseIdentityContents
private FileSystemSecurityRealm.LoadedIdentity parseIdentityContents(XMLStreamReader streamReader, FileSystemSecurityRealm.Version version, boolean skipCredentials, boolean skipAttributes) throws RealmUnavailableException, XMLStreamException
-
parseCredentials
private List<Credential> parseCredentials(XMLStreamReader streamReader, FileSystemSecurityRealm.Version version) throws RealmUnavailableException, XMLStreamException
-
parseCredential
private void parseCredential(XMLStreamReader streamReader, FileSystemSecurityRealm.CredentialParseFunction function) throws RealmUnavailableException, XMLStreamException
-
parseCertificate
private void parseCertificate(List<Credential> credentials, XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException
-
parsePublicKey
private void parsePublicKey(List<Credential> credentials, XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException
-
parsePassword
private void parsePassword(List<Credential> credentials, XMLStreamReader streamReader, FileSystemSecurityRealm.Version version) throws XMLStreamException, RealmUnavailableException
-
parseOtp
private void parseOtp(List<Credential> credentials, XMLStreamReader streamReader) throws XMLStreamException, RealmUnavailableException
-
parseAttributes
private Attributes parseAttributes(XMLStreamReader streamReader, FileSystemSecurityRealm.Version version) throws RealmUnavailableException, XMLStreamException
-
parseAttribute
private void parseAttribute(XMLStreamReader streamReader, Attributes attributes) throws XMLStreamException, RealmUnavailableException
-
consumeContent
private void consumeContent(XMLStreamReader reader) throws XMLStreamException
- Throws:
XMLStreamException
-
isIntegrityValid
private boolean isIntegrityValid()
-
validateDigitalSignature
private boolean validateDigitalSignature(Document doc)
-
validatePrincipalName
private boolean validatePrincipalName(Document doc)
-
writeDigitalSignature
private void writeDigitalSignature(Path path, String name) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
-