/** * A utility to handle a callback which is unsupported. Optional callbacks will be ignored, otherwise the * exception will be thrown. In the case of optional callbacks, this method <em>will</em> return. * * @param callback the callback which is not supported * @throws UnsupportedCallbackException if the callback is not optional */ public static void unsupported(Callback callback) throws UnsupportedCallbackException { if (! isOptional(callback)) { throw new FastUnsupportedCallbackException(callback); } } }
/** * Determine whether a callback is optional. * * @param callback the callback * @return {@code true} if it is optional, {@code false} if it is not optional or optionality could not be determined */ public static boolean isOptional(Callback callback) { return callback instanceof ExtendedCallback && ((ExtendedCallback) callback).isOptional(); }
/** * Determine whether the given credential type is supported. Will be {@code false} if the credential type requires * an algorithm name; in this case, use {@link #isCredentialTypeSupported(Class, String)} instead. * * @param credentialType the credential type (must not be {@code null}) * @return {@code true} if the credential type is supported, {@code false} otherwise */ public boolean isCredentialTypeSupported(final Class<? extends Credential> credentialType) { return isCredentialTypeSupported(credentialType, null); }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { Callback[] theCallbacks = callbacks; SecurityIdentityCallback securityIdentityCallback = null; for (Callback current : callbacks) { if (current instanceof AuthenticationCompleteCallback && ((AuthenticationCompleteCallback) current).succeeded()) { theCallbacks = new Callback[callbacks.length + 1]; System.arraycopy(callbacks, 0, theCallbacks, 0, callbacks.length); theCallbacks[theCallbacks.length - 1] = (securityIdentityCallback = new SecurityIdentityCallback()); } } delegate.handle(theCallbacks); if (securityIdentityCallback != null) { securityIdentity = securityIdentityCallback.getSecurityIdentity(); } }
/** * Convenience method to handle a channel binding callback. * * @param channelBindingCallback the callback (must not be {@code null}) * @param serverCerts the server certificate chain * @throws UnsupportedCallbackException if the server certificates are not present or unsupported and the callback is not optional */ public static void handleChannelBindingCallback(ChannelBindingCallback channelBindingCallback, X509Certificate[] serverCerts) throws UnsupportedCallbackException { if (serverCerts != null && serverCerts.length > 0) { // tls-server-end-point try { final byte[] bindingData = getChannelBindingData(serverCerts[0]); if (bindingData != null) { channelBindingCallback.setBindingData(bindingData); channelBindingCallback.setBindingType(TLS_SERVER_ENDPOINT); return; } } catch (CertificateEncodingException | NoSuchAlgorithmException e) { // fail silently } } CallbackUtil.unsupported(channelBindingCallback); }
public boolean isOptional() { return getCredential() != null; } }
public ScramServer createServer(final CallbackHandler callbackHandler, final SecureRandom random, final ChannelBindingCallback bindingCallback, final int minimumIterationCount, final int maximumIterationCount, final Supplier<Provider[]> providers) throws AuthenticationMechanismException { final byte[] bindingData; final String bindingType; if (bindingCallback != null) { bindingData = bindingCallback.getBindingData(); bindingType = bindingCallback.getBindingType(); } else { if (plus) return null; bindingData = null; bindingType = null; } return new ScramServer(this, callbackHandler, random, bindingData, bindingType, minimumIterationCount, maximumIterationCount, providers); }
/** * Get the acquired evidence, if it is set and of the given type and algorithm, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param algorithmName the algorithm name * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria are not met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType, String algorithmName) { return applyToEvidence(evidenceType, algorithmName, Function.identity()); }
/** * Get the acquired credential, if it is set and of the given type, and if so, return the credential cast to the type. * * @param credentialType the credential type class (must not be {@code null}) * @param <C> the credential type * @return the credential, or {@code null} if the criteria wasn't met */ public <C extends Credential> C getCredential(Class<C> credentialType) { return applyToCredential(credentialType, Function.identity()); }
/** * Set the parameter specification. * * @param parameterSpec the parameter specification, or {@code null} if no parameter specification is available */ public void setParameterSpec(final AlgorithmParameterSpec parameterSpec) { if (! isParameterSupported(parameterSpec)) { throw log.invalidCredentialTypeSpecified(); } this.parameterSpec = parameterSpec; }
/** * Authorizes and caches the given <code>securityIdentity</code>. * * @param securityIdentity the identity to authorize and cache. If null, the corresponding identity will be removed from the cache */ public void setAuthorized(SecurityIdentity securityIdentity) { if (authorized = securityIdentity != null) { createDomainCache().put(securityIdentity); } else { createDomainCache().remove(); } }
public SaslServer createSaslServer(final String mechanism, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException { return delegate.createSaslServer(mechanism, protocol, serverName, props, new SocketAddressQueryCallbackHandler(cbh, localAddress, peerAddress)); } }
/** * Get the message for this exception, formatted with the callback. * * @return the message for this exception, with the callback (not {@code null}) */ public String getMessage() { final String message = super.getMessage(); return message != null ? String.format("%s: %s", getCallback(), message) : String.valueOf(getCallback()); } }
/** * Set the credential. The credential must be of the supported type and algorithm. * * @param credential the credential, or {@code null} to indicate that no credential is available * @throws IllegalArgumentException if the given credential is not supported */ public void setCredential(final Credential credential) { if (credential != null && ! isCredentialSupported(credential)) { throw ElytronMessages.log.credentialNotSupported(); } this.credential = credential; }
public void dispose() throws SaslException { try { super.dispose(); } finally { try { cbh.handle(new Callback[] { SecurityLayerDisposedCallback.getInstance() }); } catch (Throwable ignored) { } } } };
/** * Get the acquired evidence, if it is set and of the given type, and if so, return the evidence cast to the type. * * @param evidenceType the evidence type class (must not be {@code null}) * @param <C> the evidence type * @return the evidence, or {@code null} if the criteria wasn't met */ public <C extends Evidence> C getEvidence(Class<C> evidenceType) { return applyToEvidence(evidenceType, Function.identity()); }
/** * Get the acquired credential, if it is set and of the given type and algorithm, and if so, return the credential cast to the type. * * @param credentialType the credential type class (must not be {@code null}) * @param algorithmName the algorithm name * @param <C> the credential type * @return the credential, or {@code null} if the criteria are not met */ public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName) { return applyToCredential(credentialType, algorithmName, Function.identity()); }
/** * Returns a cached {@link SecurityIdentity}, if present in the cache. * * @return the cached identity or null if there is no entry in the cache */ public SecurityIdentity getIdentity() { CachedIdentity cachedIdentity = createDomainCache().get(); if (cachedIdentity != null) { return cachedIdentity.getSecurityIdentity(); } return null; }
public SaslClient createSaslClient(final String[] mechanisms, final String authorizationId, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException { return delegate.createSaslClient(mechanisms, authorizationId, protocol, serverName, props, new SocketAddressQueryCallbackHandler(cbh, localAddress, peerAddress)); }
/** * Get the acquired credential, if it is set and of the given type, algorithm, and parameters, and if so, return the credential cast to the type. * * @param credentialType the credential type class (must not be {@code null}) * @param algorithmName the algorithm name * @param parameterSpec the parameter specification to match, or {@code null} if any parameters are allowed or parameters are not used by * the credential type * @param <C> the credential type * @return the credential, or {@code null} if the criteria are not met */ public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) { return applyToCredential(credentialType, algorithmName, parameterSpec, Function.identity()); }