Package org.wildfly.security.auth.server

Class IdentityCredentials

  • All Implemented Interfaces:
    Iterable<Credential>, CredentialSource
    public abstract class IdentityCredentials
extends Object
implements Iterable<Credential>, CredentialSource
    The public or private credentials retained by an identity, which can be used for authentication forwarding. This credentials set can contain zero or one credential of a given type and algorithm name. If the credential type does not support algorithm names, then the set can contain zero or one credential of that type. The credential set may be iterated; iteration order is not prescribed and may change if the implementation is changed.
    Author:
    David M. Lloyd

    • Method Detail

      • contains

        public final boolean contains​(Class<? extends Credential> credentialType)
        Determine whether a credential of the given type is present in this set.
        Parameters:
        credentialType - the credential type class (must not be null)
        Returns:
        true if a matching credential is contained in this set, false otherwise

      • getCredentialAcquireSupport

        public final SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType,
                                                      String algorithmName,
                                                      AlgorithmParameterSpec parameterSpec)
        Description copied from interface: CredentialSource
        Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
        Specified by:
        getCredentialAcquireSupport in interface CredentialSource
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
        Returns:
        the level of support for this credential type (not null)

      • getCredentialAcquireSupport

        public final SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType,
                                                      String algorithmName)
        Description copied from interface: CredentialSource
        Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
        Specified by:
        getCredentialAcquireSupport in interface CredentialSource
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        Returns:
        the level of support for this credential type (not null)

      • getCredentialAcquireSupport

        public final SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType)
        Description copied from interface: CredentialSource
        Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
        Specified by:
        getCredentialAcquireSupport in interface CredentialSource
        Parameters:
        credentialType - the credential type class (must not be null)
        Returns:
        the level of support for this credential type (not null)

      • contains

        public abstract boolean contains​(Class<? extends Credential> credentialType,
                                 String algorithmName,
                                 AlgorithmParameterSpec parameterSpec)
        Determine whether a credential of the given type and algorithm are present in this set.
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the parameter specification or null if any parameter specification is acceptable
        Returns:
        true if a matching credential is contained in this set, false otherwise

      • contains

        public final boolean contains​(Class<? extends Credential> credentialType,
                              String algorithmName)
        Determine whether a credential of the given type and algorithm are present in this set.
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        Returns:
        true if a matching credential is contained in this set, false otherwise

      • containsMatching

        public final boolean containsMatching​(Credential credential)
        Determine whether a credential of the type, algorithm, and parameters of the given credential is present in this set.
        Parameters:
        credential - the credential to check against (must not be null)
        Returns:
        true if a matching credential is contained in this set, false otherwise

      • getCredential

        public final <C extends Credential> C getCredential​(Class<C> credentialType)
        Acquire a credential of the given type.
        Specified by:
        getCredential in interface CredentialSource
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class (must not be null)
        Returns:
        the credential, or null if no such credential exists

      • getCredential

        public final <C extends Credential> C getCredential​(Class<C> credentialType,
                                                    String algorithmName)
        Acquire a credential of the given type and algorithm name.
        Specified by:
        getCredential in interface CredentialSource
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        Returns:
        the credential, or null if no such credential exists

      • getCredential

        public abstract <C extends Credential> C getCredential​(Class<C> credentialType,
                                                       String algorithmName,
                                                       AlgorithmParameterSpec parameterSpec)
        Acquire a credential of the given type and algorithm name.
        Specified by:
        getCredential in interface CredentialSource
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the parameter specification or null if any parameter specification is acceptable
        Returns:
        the credential, or null if no such credential exists

      • applyToCredential

        public final <C extends Credential,​R> R applyToCredential​(Class<C> credentialType,
                                                                Function<C,​R> function)
        Apply the given function to the acquired credential, if it is set and of the given type.
        Specified by:
        applyToCredential in interface CredentialSource
        Type Parameters:
        C - the credential type
        R - the return type
        Parameters:
        credentialType - the credential type class (must not be null)
        function - the function to apply (must not be null)
        Returns:
        the result of the function, or null if the criteria are not met

      • applyToCredential

        public final <C extends Credential,​R> R applyToCredential​(Class<C> credentialType,
                                                                String algorithmName,
                                                                Function<C,​R> function)
        Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
        Specified by:
        applyToCredential in interface CredentialSource
        Type Parameters:
        C - the credential type
        R - the return type
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name
        function - the function to apply (must not be null)
        Returns:
        the result of the function, or null if the criteria are not met

      • applyToCredential

        public <C extends Credential,​R> R applyToCredential​(Class<C> credentialType,
                                                          String algorithmName,
                                                          AlgorithmParameterSpec parameterSpec,
                                                          Function<C,​R> function)
        Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
        Specified by:
        applyToCredential in interface CredentialSource
        Type Parameters:
        C - the credential type
        R - the return type
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name
        function - the function to apply (must not be null)
        parameterSpec - the parameter specification or null if any parameter specification is acceptable
        Returns:
        the result of the function, or null if the criteria are not met

      • withCredential

        public abstract IdentityCredentials withCredential​(Credential credential)
        Return a copy of this credential set, but with the given credential added to it.
        Parameters:
        credential - the credential to append (must not be null)
        Returns:
        the new credential set (not null)

      • with

        public abstract IdentityCredentials with​(IdentityCredentials other)
        Return a copy of this credential set with the given credential set added to it.
        Parameters:
        other - the credential set to append (must not be null)
        Returns:
        the new credential set (not null)

      • withoutMatching

        public IdentityCredentials withoutMatching​(Credential credential)
        Return a copy of this credential set without any credentials with a type, algorithm name, and parameters matching that of the given credential. If the credential type, algorithm name, and parameters are not found in this set, return this instance.
        Parameters:
        credential - the credential to match against (must not be null)
        Returns:
        the new credential set (not null)

      • without

        public final IdentityCredentials without​(Class<? extends Credential> credentialType)
        Return a copy of this credential set without any credentials of the given type. If the credential type is not found in this set, return this instance.
        Specified by:
        without in interface CredentialSource
        Parameters:
        credentialType - the credential type to remove (must not be null)
        Returns:
        the new credential set (not null)

      • without

        public final IdentityCredentials without​(Class<? extends Credential> credentialType,
                                         String algorithmName)
        Return a copy of this credential set without any credentials of the given type and algorithm name. If the credential type and algorithm name is not found in this set, return this instance.
        Specified by:
        without in interface CredentialSource
        Parameters:
        credentialType - the credential type to remove (must not be null)
        algorithmName - the algorithm name to remove, or null to match any algorithm name
        Returns:
        the new credential set (not null)

      • without

        public IdentityCredentials without​(Class<? extends Credential> credentialType,
                                   String algorithmName,
                                   AlgorithmParameterSpec parameterSpec)
        Return a copy of this credential set without any credentials of the given type, algorithm name and parameter spec. If the credential type and algorithm name is not found in this set, return this instance.
        Specified by:
        without in interface CredentialSource
        Parameters:
        credentialType - the credential type to remove (must not be null)
        algorithmName - the algorithm name to remove, or null to match any algorithm name
        parameterSpec - the parameter spec to remove, or null to match any parameter spec
        Returns:
        the new credential set (not null)

      • without

        public abstract IdentityCredentials without​(Predicate<? super Credential> predicate)
        Return a copy of this credential set without any credentials that match the predicate. If no credentials match the predicate, return this instance.
        Parameters:
        predicate - the predicate to test (must not be null)
        Returns:
        the new credential set (not null)

      • without

        public final <C extends CredentialIdentityCredentials without​(Class<C> credentialType,
                                                                Predicate<? super C> predicate)
        Return a copy of this credential set without any credentials of the given type that match the predicate. If no credentials match the predicate, return this instance.
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class
        predicate - the predicate to test (must not be null)
        Returns:
        the new credential set (not null)

      • canVerify

        public boolean canVerify​(Class<? extends Evidence> evidenceClass,
                         String algorithmName)
        Test whether some of the credentials in this set can verify an evidence of given class and algorithm name.
        Parameters:
        evidenceClass - the class of the evidence (must not be null)
        algorithmName - the algorithm name (may be null if the type of evidence does not support algorithm names)
        Returns:
        true if the evidence can be verified

      • canVerify

        public boolean canVerify​(Evidence evidence)
        Test whether some of the credentials in this set can verify an evidence.
        Parameters:
        evidence - the evidence (must not be null)
        Returns:
        true if the evidence can be verified

      • verify

        public boolean verify​(Evidence evidence)
        Verify the given evidence.
        Parameters:
        evidence - the evidence to verify (must not be null)
        Returns:
        true if the evidence is verified, false otherwise

      • verify

        public boolean verify​(Supplier<Provider[]> providerSupplier,
                      Evidence evidence)
        Verify the given evidence.
        Parameters:
        providerSupplier - the provider supplier to use for verification purposes (must not be null)
        evidence - the evidence to verify (must not be null)
        Returns:
        true if the evidence is verified, false otherwise

      • verify

        public boolean verify​(Supplier<Provider[]> providerSupplier,
                      Evidence evidence,
                      Charset hashCharset)
        Verify the given evidence.
        Parameters:
        providerSupplier - the provider supplier to use for verification purposes (must not be null)
        evidence - the evidence to verify (must not be null)
        Returns:
        true if the evidence is verified, false otherwise

      • size

        public abstract int size()
        Get the size of this credential set.
        Returns:
        the size of this credential set