org.wildfly.security.sasl.util

Class SaslMechanismInformation

java.lang.Object

org.wildfly.security.sasl.util.SaslMechanismInformation

public final class SaslMechanismInformation
extends Object

A collection of predicates and other information which can be used to filter SASL mechanisms.

Author:

David M. Lloyd

See Also:

FilterMechanismSaslClientFactory, FilterMechanismSaslServerFactory

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SaslMechanismInformation.Names

Field Summary

Fields

Modifier and Type	Field and Description
static Predicate<String>	BINDING A predicate which is true when a mechanism which uses channel binding is being used.
static Predicate<String>	DIGEST A predicate which is true when a DIGEST-family mechanism is being used.
static Predicate<String>	EAP A predicate which is true when an EAP-family mechanism is being used.
static Predicate<String>	GS2 A predicate which is true when a GS2-family mechanism is being used.
static Predicate<String>	HASH_MD5 A predicate which is true when the mechanism uses MD5.
static Predicate<String>	HASH_SHA A predicate which is true when the mechanism uses SHA.
static Predicate<String>	HASH_SHA_256 A predicate which is true when the mechanism uses SHA-256.
static Predicate<String>	HASH_SHA_384 A predicate which is true when the mechanism uses SHA-384.
static Predicate<String>	HASH_SHA_512 A predicate which is true when the mechanism uses SHA-512.
static Predicate<String>	HASH_SHA_512_256 A predicate which is true when the mechanism uses SHA-512/256.
static Predicate<String>	IEC_ISO_9798 A predicate which is true when a IEC/ISO-9798-family mechanism is being used.
static Predicate<String>	MUTUAL A predicate which is true when the mechanism supports mutual authentication.
static Predicate<String>	RECOMMENDED A predicate which is true when the name being tested is a recommended mechanism as of the time of this release.
static Predicate<String>	SCRAM A predicate which is true when a SCRAM-family mechanism is being used.

Constructor Summary

Constructors

Constructor and Description
SaslMechanismInformation()

Method Summary

Modifier and Type	Method and Description
static boolean	doesNotRequireClientCredentials(String mechName) Determine whether a mechanism does not need the client to present credentials.
static boolean	doesNotUsePrincipal(String mechName) Determine whether the given mechanism name is known to not use any sort of Principal for authentication.
static Set<String>	getSupportedClientCredentialAlgorithms(String mechName, Class<? extends Credential> credentialType) Get the supported algorithm names for a SASL client mechanism and credential type.
static Set<Class<? extends Credential>>	getSupportedClientCredentialTypes(String mechName) Get the supported credential types for the given SASL client mechanism.
static Set<Class<? extends Password>>	getSupportedClientPasswordTypes(String mechName) Get the supported password types for the given SASL client mechanism.
static Set<String>	getSupportedServerCredentialAlgorithms(String mechName, Class<? extends Credential> credentialType) Get the supported algorithm names for a SASL server mechanism and credential type.
static Set<Class<? extends Credential>>	getSupportedServerCredentialTypes(String mechName) Get the supported credential types for the given SASL server mechanism.
static Set<String>	getSupportedServerEvidenceAlgorithms(String mechName, Class<? extends AlgorithmEvidence> evidenceType) Get the supported algorithm names for a SASL server mechanism and evidence type.
static Set<Class<? extends Evidence>>	getSupportedServerEvidenceTypes(String mechName) Get the supported evidence types for the given SASL server mechanism.
static Set<Class<? extends Password>>	getSupportedServerPasswordTypes(String mechName) Get the supported password types for the given SASL server mechanism.
static boolean	needsServerCredentials(String mechName) Determine whether a mechanism needs server-side credentials in order to authenticate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HASH_MD5

public static final Predicate<String> HASH_MD5

A predicate which is true when the mechanism uses MD5.

HASH_SHA

public static final Predicate<String> HASH_SHA

A predicate which is true when the mechanism uses SHA.

HASH_SHA_256

public static final Predicate<String> HASH_SHA_256

A predicate which is true when the mechanism uses SHA-256.

HASH_SHA_384

public static final Predicate<String> HASH_SHA_384

A predicate which is true when the mechanism uses SHA-384.

HASH_SHA_512

public static final Predicate<String> HASH_SHA_512

A predicate which is true when the mechanism uses SHA-512.

HASH_SHA_512_256

public static final Predicate<String> HASH_SHA_512_256

A predicate which is true when the mechanism uses SHA-512/256.

GS2

public static final Predicate<String> GS2

A predicate which is true when a GS2-family mechanism is being used.

SCRAM

public static final Predicate<String> SCRAM

A predicate which is true when a SCRAM-family mechanism is being used.

DIGEST

public static final Predicate<String> DIGEST

A predicate which is true when a DIGEST-family mechanism is being used.

IEC_ISO_9798

public static final Predicate<String> IEC_ISO_9798

A predicate which is true when a IEC/ISO-9798-family mechanism is being used.

EAP

public static final Predicate<String> EAP

A predicate which is true when an EAP-family mechanism is being used.

MUTUAL

public static final Predicate<String> MUTUAL

A predicate which is true when the mechanism supports mutual authentication.

BINDING

public static final Predicate<String> BINDING

A predicate which is true when a mechanism which uses channel binding is being used.

RECOMMENDED

public static final Predicate<String> RECOMMENDED

A predicate which is true when the name being tested is a recommended mechanism as of the time of this release.

Constructor Detail

SaslMechanismInformation

public SaslMechanismInformation()

Method Detail

getSupportedClientCredentialTypes

public static Set<Class<? extends Credential>> getSupportedClientCredentialTypes(String mechName)

Get the supported credential types for the given SASL client mechanism. If an empty set is returned, then no credentials are used by the mechanism or the mechanism is not known.

Parameters:

mechName - the mechanism name

Returns:

the set of allowed client credentials

getSupportedClientPasswordTypes

public static Set<Class<? extends Password>> getSupportedClientPasswordTypes(String mechName)

Get the supported password types for the given SASL client mechanism. If an empty set is returned, then no passwords are used by the mechanism or nothing is known about the mechanism.

Parameters:

mechName - the mechanism name

Returns:

the set of allowed client password types

getSupportedServerCredentialTypes

public static Set<Class<? extends Credential>> getSupportedServerCredentialTypes(String mechName)

Get the supported credential types for the given SASL server mechanism. If an empty set is returned, then no credentials are used by the mechanism or the mechanism is unknown.

Parameters:

mechName - the mechanism name

Returns:

the set of allowed server credential types

getSupportedServerPasswordTypes

public static Set<Class<? extends Password>> getSupportedServerPasswordTypes(String mechName)

Get the supported password types for the given SASL server mechanism. If an empty set is returned, then no passwords are used by the mechanism or nothing is known about the mechanism

Parameters:

mechName - the mechanism name

Returns:

the set of allowed server password types

getSupportedClientCredentialAlgorithms

public static Set<String> getSupportedClientCredentialAlgorithms(String mechName,
                                                                 Class<? extends Credential> credentialType)

Get the supported algorithm names for a SASL client mechanism and credential type. If the mechanism or credential type is not recognized, or if the given credential type does not use algorithms for the given mechanism name, an empty set is returned. If all algorithms are supported, a set containing the special string "*" is returned.

Parameters:

mechName - the SASL mechanism name

credentialType - the proposed credential type

Returns:

the set of algorithms, or an empty set if all algorithms have unknown support

getSupportedServerCredentialAlgorithms

public static Set<String> getSupportedServerCredentialAlgorithms(String mechName,
                                                                 Class<? extends Credential> credentialType)

Get the supported algorithm names for a SASL server mechanism and credential type. If the mechanism or credential type is not recognized, or if the given credential type does not use algorithms for the given mechanism name, an empty set is returned. If all algorithms are supported, a set containing the special string "*" is returned.

Parameters:

mechName - the SASL mechanism name

credentialType - the proposed credential type

Returns:

the set of algorithms, or an empty set if all algorithms have equal or unknown support

getSupportedServerEvidenceTypes

public static Set<Class<? extends Evidence>> getSupportedServerEvidenceTypes(String mechName)

Get the supported evidence types for the given SASL server mechanism. If an empty set is returned, then no evidence is used by the mechanism.

Parameters:

mechName - the mechanism name

Returns:

the set of allowed server credential types

getSupportedServerEvidenceAlgorithms

public static Set<String> getSupportedServerEvidenceAlgorithms(String mechName,
                                                               Class<? extends AlgorithmEvidence> evidenceType)

Get the supported algorithm names for a SASL server mechanism and evidence type. If the mechanism or evidence type is not recognized, or if the given evidence type does not have an algorithm restriction for the given mechanism name, an empty set is returned.

Parameters:

mechName - the SASL mechanism name

evidenceType - the proposed evidence type

Returns:

the set of algorithms, or an empty set if all algorithms have equal or unknown support

needsServerCredentials

public static boolean needsServerCredentials(String mechName)

Determine whether a mechanism needs server-side credentials in order to authenticate. This may include credential verification or acquisition, or both.

Parameters:

mechName - the mechanism name

Returns:

true if the mechanism uses credentials, false otherwise

doesNotUsePrincipal

public static boolean doesNotUsePrincipal(String mechName)

Determine whether the given mechanism name is known to not use any sort of Principal for authentication.

Parameters:

mechName - the mechanism name (must not be null)

Returns:

true if the mechanism does not use a principal, false if it does or it is not known

doesNotRequireClientCredentials

public static boolean doesNotRequireClientCredentials(String mechName)

Determine whether a mechanism does not need the client to present credentials.

Parameters:

mechName - the mechanism name

Returns:

true if the mechanism does not require client credentials, false if it it does or it is not known