SecurityIdentity(final SecurityIdentity old, final Credential credential, final boolean isPrivate) { this.securityDomain = old.securityDomain; this.principal = old.principal; this.realmInfo = old.realmInfo; this.authorizationIdentity = old.authorizationIdentity; this.defaultRoles = old.defaultRoles; this.roleMappers = old.roleMappers; this.creationTime = old.creationTime; this.verifier = old.verifier; this.publicCredentials = isPrivate ? old.publicCredentials : old.publicCredentials.withCredential(credential); this.privateCredentials = isPrivate ? old.privateCredentials.withCredential(credential) : old.privateCredentials; this.withSuppliedIdentities = old.withSuppliedIdentities; this.withIdentities = old.withIdentities; }
@Override void addPrivateCredential(final Credential credential) { final InactiveState newState = new InactiveState(capturedIdentity, mechanismConfigurationSelector, mechanismInformation, privateCredentials.withCredential(credential), publicCredentials); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPrivateCredential(credential); } }
@Override void addPublicCredential(final Credential credential) { final InactiveState newState = new InactiveState(capturedIdentity, mechanismConfigurationSelector, mechanismInformation, privateCredentials, publicCredentials.withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
/** * Create a new configuration which is the same as this configuration, but which uses the given credential to authenticate. * * @param credential the credential to authenticate * @return the new configuration */ public AuthenticationConfiguration useCredential(Credential credential) { if (credential == null) return this; final CredentialSource credentialSource = this.credentialSource; if (credentialSource == CredentialSource.NONE) { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, IdentityCredentials.NONE.withCredential(credential)); } else if (credentialSource instanceof IdentityCredentials) { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, ((IdentityCredentials) credentialSource).withCredential(credential)); } else { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, credentialSource.with(IdentityCredentials.NONE.withCredential(credential))); } }
public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException, UnsupportedCredentialTypeException { if (isModifiable()) { credentialSources.compute(credentialAlias, (alias, old) -> { if (old instanceof IdentityCredentials) { return ((IdentityCredentials) old).withCredential(credential); } final IdentityCredentials newVal = IdentityCredentials.NONE.withCredential(credential); if (old == null) { return newVal; } else { return old.with(newVal); } }); } else { throw log.nonModifiableCredentialStore("store"); } }
/** * Set a single server credential. Any previously set credential source will be overwritten. * * @param credential the credential to set (must not be {@code null}) * @return this builder */ public Builder setServerCredential(Credential credential) { checkNotNullParam("credential", credential); return setServerCredentialSource(IdentityCredentials.NONE.withCredential(credential)); }
private static IdentityCredentials getSingleCredential(Object rawCredential) { if (rawCredential == null) { return IdentityCredentials.NONE; } else if (rawCredential instanceof Credential) { return IdentityCredentials.NONE.withCredential((Credential) rawCredential); } else if (rawCredential instanceof GSSCredential) { return IdentityCredentials.NONE.withCredential(new GSSKerberosCredential((GSSCredential) rawCredential)); } else if (rawCredential instanceof Password) { return IdentityCredentials.NONE.withCredential(new PasswordCredential((Password) rawCredential)); } else if (rawCredential instanceof X509Certificate) { return IdentityCredentials.NONE.withCredential(new X509CertificateChainPublicCredential((X509Certificate) rawCredential)); } else if (rawCredential instanceof X509Certificate[]) { return IdentityCredentials.NONE.withCredential(new X509CertificateChainPublicCredential((X509Certificate[]) rawCredential)); } else if (rawCredential instanceof X500PrivateCredential) { final X500PrivateCredential credential = (X500PrivateCredential) rawCredential; return IdentityCredentials.NONE.withCredential(new X509CertificateChainPrivateCredential(credential.getPrivateKey(), credential.getCertificate())); } else if (rawCredential instanceof String) { return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, ((String) rawCredential).toCharArray()))); } else if (rawCredential instanceof char[]) { // todo: automatically decode to other credential types return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, (char[]) rawCredential))); } else if (rawCredential instanceof byte[]) { // todo: automatically decode to other credential types return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, new String((byte[]) rawCredential, StandardCharsets.UTF_8).toCharArray()))); } else { return IdentityCredentials.NONE; } }
/** * Create a new configuration which is the same as this configuration, but which uses the given {@link BearerTokenCredential} to authenticate. * * @param credential the bearer token credential to use * @return the new configuration */ public AuthenticationConfiguration useBearerTokenCredential(BearerTokenCredential credential) { return credential == null ? this : useCredentials(getCredentialSource().with(IdentityCredentials.NONE.withCredential(credential))); }
@Override void addPrivateCredential(final Credential credential) { final InitialState newState = new InitialState(getSourceIdentity(), getMechanismConfiguration(), mechanismConfigurationSelector, getPrivateCredentials().withCredential(credential), getPublicCredentials()); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } } }
void addPublicCredential(final Credential credential) { final InitialState newState = new InitialState(getSourceIdentity(), getMechanismConfiguration(), mechanismConfigurationSelector, getPrivateCredentials(), getPublicCredentials().withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override void addPrivateCredential(final Credential credential) { final RealmAssignedState newState = new RealmAssignedState(getSourceIdentity(), getMechanismConfiguration(), getMechanismRealmConfiguration(), getPrivateCredentials().withCredential(credential), getPublicCredentials()); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } } }
@Override void addPublicCredential(final Credential credential) { final RealmAssignedState newState = new RealmAssignedState(getSourceIdentity(), getMechanismConfiguration(), getMechanismRealmConfiguration(), getPrivateCredentials(), getPublicCredentials().withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException { if (credentials.contains(credentialType)) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' cached, returning cached credential for principal='%s'", credentialType.getName(), principal.getName()); } return credentials.getCredential(credentialType); } Credential credential = identity.getCredential(credentialType); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' obtained from identity - caching for principal='%s'", credentialType.getName(), principal.getName()); } credentials = credentials.withCredential(credential); } return credentials.getCredential(credentialType); }
@Override public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { if (credentials.contains(credentialType, algorithmName, parameterSpec)) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' with algorithmName='%' cached, returning cached credential for principal='%s'", credentialType.getName(), algorithmName, principal.getName()); } return credentials.getCredential(credentialType, algorithmName, parameterSpec); } Credential credential = identity.getCredential(credentialType, algorithmName, parameterSpec); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' with algorithmName='%' obtained from identity - caching for principal='%s'", credentialType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); } return credentials.getCredential(credentialType, algorithmName, parameterSpec); }
@Override public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { if (credentials.contains(credentialType, algorithmName, parameterSpec)) { if (log.isTraceEnabled()) { log.tracef("getCredentialAcquireSupport credentialType='%s' with algorithmName='%' known for pincipal='%s'", credentialType.getName(), algorithmName, principal.getName()); } return credentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); } Credential credential = identity.getCredential(credentialType, algorithmName, parameterSpec); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredentialAcquireSupport Credential for credentialType='%s' with algorithmName='%' obtained from identity - caching for principal='%s'", credentialType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); } return credentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); }
@Override void addPublicCredential(final Credential credential) { final NameAssignedState newState = new NameAssignedState(getSourceIdentity(), getRealmInfo(), getRealmIdentity(), getAuthenticationPrincipal(), getMechanismConfiguration(), getMechanismRealmConfiguration(), privateCredentials, publicCredentials.withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override void addPrivateCredential(final Credential credential) { final NameAssignedState newState = new NameAssignedState(getSourceIdentity(), getRealmInfo(), getRealmIdentity(), getAuthenticationPrincipal(), getMechanismConfiguration(), getMechanismRealmConfiguration(), privateCredentials.withCredential(credential), publicCredentials); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName) throws RealmUnavailableException { if (credentials.contains(credentialType, algorithmName)) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' with algorithmName='%' cached, returning cached credential for principal='%s'", credentialType.getName(), algorithmName, principal.getName()); } return credentials.getCredential(credentialType, algorithmName); } Credential credential = identity.getCredential(credentialType, algorithmName); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' with algorithmName='%' obtained from identity - caching.", credentialType.getName(), algorithmName); } credentials = credentials.withCredential(credential); } return credentials.getCredential(credentialType, algorithmName); }
@Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (evidence instanceof PasswordGuessEvidence) { if (credentials.canVerify(evidence)) { log.tracef("verifyEvidence For principal='%s' using cached credential", principal); return credentials.verify(evidence); } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { log.tracef("verifyEvidence Credential obtained from identity and cached for principal='%s'", principal); credentials = credentials.withCredential(credential); if (credential.canVerify(evidence)) { return credential.verify(evidence); } } char[] guess = ((PasswordGuessEvidence) evidence).getGuess(); Password password = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, guess); log.tracef("verifyEvidence Falling back to direct support of identity for principal='%s'", principal); if (identity.verifyEvidence(evidence)) { credentials = credentials.withCredential(new PasswordCredential(password)); return true; } return false; } return identity.verifyEvidence(evidence); }
public IdentityCredentials with(final IdentityCredentials other) { Assert.checkNotNullParam("other", other); if (other == NONE) { return this; } else if (other instanceof One) { return withCredential(((One) other).credential); } else if (other instanceof Two) { final Two otherTwo = (Two) other; return withCredential(otherTwo.credential1).withCredential(otherTwo.credential2); } else if (other instanceof Many) { Many otherMany = (Many) other; if (otherMany.containsMatching(credential1)) { if (otherMany.containsMatching(credential2)) { return otherMany; } else { return new Many(credential2, otherMany); } } else if (otherMany.containsMatching(credential2)) { return new Many(credential1, otherMany); } else { return new Many(credential1, credential2, otherMany); } } else { throw Assert.unreachableCode(); } }