/** * Parse an Elytron authentication client configuration from a configuration discovered using the default wildfly-client-config discovery rules. * * @return the authentication context factory * @throws ConfigXMLParseException if the resource failed to be parsed */ public static SecurityFactory<AuthenticationContext> parseAuthenticationClientConfiguration() throws ConfigXMLParseException { final ClientConfiguration clientConfiguration = ClientConfiguration.getInstance(); if (clientConfiguration != null) try (final ConfigurationXMLStreamReader streamReader = clientConfiguration.readConfiguration(KNOWN_NAMESPACES.keySet())) { if (streamReader != null) { xmlLog.tracef("Parsing configuration from %s for namespace %s", streamReader.getUri(), streamReader.getNamespaceURI()); return parseAuthenticationClientConfiguration(streamReader); } else { if (xmlLog.isTraceEnabled()) { xmlLog.tracef("No configuration found for known namespaces '%s'", namespacesToString()); } } } xmlLog.trace("Fallback to parse legacy configuration."); // Try legacy configuration next return parseLegacyConfiguration(); }
String alias = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); switch (reader.getAttributeLocalName(i)) { case "provider-name": { throw missingAttribute(reader, "key-store-name"); final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "key-store-credential": { if (keyStoreCredential != null) throw reader.unexpectedElement(); keyStoreCredential = parseKeyStoreRefType(reader, xmlVersion, keyStoresMap, credentialStoresMap, providers); break; ExceptionSupplier<Password, ConfigXMLParseException> credential = parseClearPassword(reader, providers); keyStoreCredential = () -> new PasswordEntry(credential.get()); break; ExceptionSupplier<CredentialSource, ConfigXMLParseException> credentialSourceSupplier = parseCredentialStoreRefType(reader, credentialStoresMap); keyStoreCredential = () -> { try { xmlLog.tracef("Using KeyStore [%s] containing aliases %s", finalKeyStoreName, aliasesToString(keyStore.aliases())); if (xmlLog.isTraceEnabled()) xmlLog.tracef("Filtered aliases %s", aliasesToString(keyStore.aliases())); if (keyStore.size() < 1) throw xmlLog.keyStoreEntryMissing(location, finalAlias);
static void parseAuthenticationConfigurationType(ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<AuthenticationConfiguration, ConfigXMLParseException>> authenticationConfigurationsMap, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, final Supplier<Provider[]> providers) throws ConfigXMLParseException { final String name = requireSingleAttribute(reader, "name"); if (authenticationConfigurationsMap.containsKey(name)) { throw xmlLog.xmlDuplicateAuthenticationConfigurationName(name, reader); configuration = andThenOp(configuration, parent -> parent.useProviders(providerSupplier)); int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { if (isSet(foundBits, 0)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 0); final String hostName = parseNameType(reader); configuration = andThenOp(configuration, parentConfig -> parentConfig.useHost(hostName)); xmlLog.xmlDeprecatedElement(reader.getLocalName(), reader.getLocation()); break; if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); final int port = parsePortType(reader); configuration = andThenOp(configuration, parentConfig -> parentConfig.usePort(port)); xmlLog.xmlDeprecatedElement(reader.getLocalName(), reader.getLocation()); break; if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2);
final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { if (isSet(foundBits, 0)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 0); parseEmptyType(reader); rule = rule.matchNoUser(); break; if (isSet(foundBits, 0)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 0); rule = rule.matchUser(parseNameType(reader)); break; if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); rule = rule.matchProtocol(parseNameType(reader)); break; if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); rule = rule.matchHost(parseNameType(reader)); break; if (isSet(foundBits, 3)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 3); rule = rule.matchPath(parseNameType(reader));
private static void parseSslContextsType(final ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<SecurityFactory<SSLContext>, ConfigXMLParseException>> sslContextsMap, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, final Supplier<Provider[]> providers) throws ConfigXMLParseException { requireNoAttributes(reader); while (reader.hasNext()) { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "ssl-context": { parseSslContextType(reader, xmlVersion, sslContextsMap, keyStoresMap, credentialStoresMap, providers); break; } case "default-ssl-context": { final String name = parseNameType(reader); sslContextsMap.put(name, () -> SSLContext::getDefault); break; } default: { throw reader.unexpectedElement(); } } } else if (tag == END_ELEMENT) { return; } else { throw reader.unexpectedContent(); } } throw reader.unexpectedDocumentEnd(); }
requireNoAttributes(reader); ExceptionSupplier<RuleNode<AuthenticationConfiguration>, ConfigXMLParseException> authFactory = () -> null; ExceptionSupplier<RuleNode<SecurityFactory<SSLContext>>, ConfigXMLParseException> sslFactory = () -> null; final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "authentication-rules": { if (isSet(foundBits, 0)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 0); authFactory = parseRulesType(reader, xmlVersion, authenticationConfigurationsMap, (r, m) -> parseAuthenticationRuleType(r, xmlVersion, m)); break; if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); sslFactory = parseRulesType(reader, xmlVersion, sslContextsMap, (r,m) -> parseSslContextRuleType(r, xmlVersion, m)); break; if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); parseAuthenticationConfigurationsType(reader, xmlVersion, authenticationConfigurationsMap, keyStoresMap, credentialStoresMap, providersSupplier); break; if (isSet(foundBits, 3)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 3); parseSslContextsType(reader, xmlVersion, sslContextsMap, keyStoresMap, credentialStoresMap, providersSupplier); break;
private static ExceptionSupplier<CredentialSource, ConfigXMLParseException> parseCredentialsType(final ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, Supplier<Provider[]> providers) throws ConfigXMLParseException { ExceptionUnaryOperator<CredentialSource, ConfigXMLParseException> function = parent -> CredentialSource.NONE; requireNoAttributes(reader); while (reader.hasNext()) { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "key-store-reference": { final ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> supplier = parseKeyStoreRefType(reader, xmlVersion, keyStoresMap, credentialStoresMap, providers); function = andThenOp(function, credentialSource -> credentialSource.with(new KeyStoreCredentialSource(new FixedSecurityFactory<KeyStore.Entry>(supplier.get())))); break; final ExceptionSupplier<CredentialSource, ConfigXMLParseException> supplier = parseCredentialStoreRefType(reader, credentialStoresMap); function = andThenOp(function, credentialSource -> credentialSource.with(supplier.get())); break; ExceptionSupplier<Password, ConfigXMLParseException> password = parseClearPassword(reader, providers); function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(new PasswordCredential(password.get())))); break; KeyPair keyPair = parseKeyPair(reader, xmlVersion); function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(new KeyPairCredential(keyPair)))); break; X509CertificateChainPrivateCredential credential = parseCertificateType(reader, xmlVersion); function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(credential))); break; PublicKey publicKey = parsePem(reader, PublicKey.class);
private static void parseSslContextType(final ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<SecurityFactory<SSLContext>, ConfigXMLParseException>> sslContextsMap, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, final Supplier<Provider[]> providers) throws ConfigXMLParseException { final String name = requireSingleAttribute(reader, "name"); if (sslContextsMap.containsKey(name)) { throw xmlLog.xmlDuplicateSslContextName(name, reader); final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "key-store-ssl-certificate": { if (isSet(foundBits, 0)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 0); keyManagerSupplier = parseKeyStoreSslCertificate(reader, xmlVersion, keyStoresMap, credentialStoresMap, providers); break; if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); cipherSuiteSelector = parseCipherSuiteSelectorType(reader); break; if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); protocolSelector = parseProtocolSelectorNamesType(reader); break; if (isSet(foundBits, 3)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 3); providerName = parseNameType(reader); break;
throw missingAttribute(reader, "name"); final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "attributes": { if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); parseAttributesType(reader, xmlVersion, attributesMap); break; if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); credentialSourceSupplier = parseCredentialsType(reader, xmlVersion, keyStoresMap, credentialStoresMap, providersSupplier); break; if (isSet(foundBits, 3)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 3); Supplier<Provider[]> supplier = parseProvidersType(reader, xmlVersion); if (supplier != null) { providersSupplier.setSupplier(supplier);
static Supplier<Provider[]> parseProvidersType(ConfigurationXMLStreamReader reader, final Version xmlVersion) throws ConfigXMLParseException { requireNoAttributes(reader); final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "global": { if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); parseEmptyType(reader); providerSupplier = providerSupplier == null ? INSTALLED_PROVIDERS : ProviderUtil.aggregate(providerSupplier, INSTALLED_PROVIDERS); break; if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); final String moduleName = parseModuleRefType(reader); Supplier<Provider[]> serviceLoaderSupplier = (moduleName == null) ? ELYTRON_PROVIDER_SUPPLIER :
DeferredSupplier<Provider[]> providersSupplier = new DeferredSupplier<>(providers); for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); switch (reader.getAttributeLocalName(i)) { case "type": { throw missingAttribute(reader, "type"); throw missingAttribute(reader, "name"); final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "key-store-credential": { final ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> entryFactory = parseKeyStoreRefType(reader, xmlVersion, keyStoresMap, credentialStoresMap, providersSupplier); passwordFactory = () -> { final KeyStore.Entry entry = entryFactory.get(); ExceptionSupplier<CredentialSource, ConfigXMLParseException> credentialSourceSupplier = parseCredentialStoreRefType(reader, credentialStoresMap); passwordFactory = () -> { try { final ExceptionSupplier<Password, ConfigXMLParseException> clearPassword = parseClearPassword(reader, providersSupplier); passwordFactory = () -> ((ClearPassword)clearPassword.get()).getPassword(); break; fileSource = parseNameType(reader);
String[] names = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); if (reader.getAttributeLocalName(i).equals("names")) { String s = reader.getAttributeValueResolved(i); throw missingAttribute(reader, "names");
int number = -1; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); if (reader.getAttributeLocalName(i).equals("number")) { String s = reader.getAttributeValueResolved(i); number = Integer.parseInt(s); } catch (NumberFormatException ignored) { throw invalidPortNumber(reader, i); throw invalidPortNumber(reader, i); throw missingAttribute(reader, "number");
} else { try { captured = ElytronXmlParser.parseAuthenticationClientConfiguration(authConfigUri).create(); } catch (GeneralSecurityException | ConfigXMLParseException e) { throw new IOException("Failed to parse authentication configuration " + authConfig, e);
URI tokenEndpointUri = requireSingleURIAttribute(reader, "token-endpoint-uri"); ExceptionSupplier<OAuth2CredentialSource.Builder, ConfigXMLParseException> builderSupplier = null; builderSupplier = () -> { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "resource-owner-credentials": { builderSupplier = parseOAuth2ResourceOwnerCredentials(reader, builderSupplier, credentialStoresMap, xmlVersion); break; builderSupplier = parseOAuth2ClientCredentials(reader, builderSupplier, credentialStoresMap, xmlVersion); break;
private static X509CertificateChainPrivateCredential parseCertificateType(final ConfigurationXMLStreamReader reader, final Version xmlVersion) throws ConfigXMLParseException { requireNoAttributes(reader); PrivateKey privateKey = null; X509Certificate[] certificates = null; final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "private-key-pem": { if (privateKey != null) throw reader.unexpectedElement(); privateKey = parsePem(reader, PrivateKey.class); break; certificates = parseMultiPem(reader, X509Certificate.class, X509Certificate[]::new); break;
int maxCertPath = 0; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); switch (reader.getAttributeLocalName(i)) { case "path": { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "resource": { resourceSource = parseResourceType(reader, xmlVersion); break; uriSource = parseUriType(reader); break;
private static void parseAuthenticationConfigurationsType(final ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<AuthenticationConfiguration, ConfigXMLParseException>> authenticationConfigurationsMap, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, final Supplier<Provider[]> providers) throws ConfigXMLParseException { requireNoAttributes(reader); while (reader.hasNext()) { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "configuration": { parseAuthenticationConfigurationType(reader, xmlVersion, authenticationConfigurationsMap, keyStoresMap, credentialStoresMap, providers); break; } default: { throw reader.unexpectedElement(); } } } else if (tag == END_ELEMENT) { return; } else { throw reader.unexpectedContent(); } } throw reader.unexpectedDocumentEnd(); }
String password = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); switch (reader.getAttributeLocalName(i)) { case "name": { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); if (!xmlVersion.isAtLeast(Version.VERSION_1_1)) { throw reader.unexpectedElement(); credentialSourceSupplier = parseCredentialStoreRefType(reader, credentialStoresMap); } else { throw reader.unexpectedElement();
/** * Parse an XML element of type {@code key-stores-type} from an XML reader. * * @param reader the XML stream reader * @param xmlVersion the version of parsed XML * @param keyStoresMap the map of key stores to use * @throws ConfigXMLParseException if the resource failed to be parsed */ static void parseKeyStoresType(ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, final Supplier<Provider[]> providers) throws ConfigXMLParseException { requireNoAttributes(reader); while (reader.hasNext()) { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); switch (reader.getLocalName()) { case "key-store": { parseKeyStoreType(reader, xmlVersion, keyStoresMap, credentialStoresMap, providers); break; } default: throw reader.unexpectedElement(); } } else if (tag == END_ELEMENT) { return; } else { throw reader.unexpectedContent(); } } throw reader.unexpectedDocumentEnd(); }