Package org.wildfly.security.credential.store

Class CredentialStoreSpi

  • public abstract class CredentialStoreSpi
extends Object
    SPI for credential store provider to implement.
    Author:
    Peter Skopek

    • Constructor Detail

      • CredentialStoreSpi

        protected CredentialStoreSpi()
        Construct a new instance of this SPI.

    • Method Detail

      • initialize

        public abstract void initialize​(Map<String,​String> attributes,
                                CredentialStore.ProtectionParameter protectionParameter,
                                Provider[] providers)
                         throws CredentialStoreException
        Initialize credential store service with given attributes. This procedure should set initialized after successful initialization.
        Parameters:
        attributes - attributes to used to pass information to credential store service
        protectionParameter - the store-wide protection parameter to apply, or null for none
        providers - providers to be injected into SPI implementation to get custom object instances of various type from, or null for none
        Throws:
        CredentialStoreException - if initialization fails due to any reason

      • isInitialized

        public boolean isInitialized()
        Checks whether underlying credential store service is initialized.
        Returns:
        true in case of initialization passed successfully, false otherwise.

      • isModifiable

        public abstract boolean isModifiable()
        Check if credential store service supports modification of its store
        Returns:
        true in case of modification of the store is supported, false otherwise

      • exists

        public boolean exists​(String credentialAlias,
                      Class<? extends Credential> credentialType)
               throws CredentialStoreException
        Check whether credential store service has an entry associated with the given credential alias of specified credential type. The default implementation simply attempts to retrieve the credential without a protection parameter, and returns true if any credential was returned. Credential stores which use a protection parameter should override this method.
        Parameters:
        credentialAlias - key to check existence
        credentialType - to class of credential to look for
        Returns:
        true in case key exist in store otherwise false
        Throws:
        CredentialStoreException - when there is a problem with credential store

      • retrieve

        public abstract <C extends Credential> C retrieve​(String credentialAlias,
                                                  Class<C> credentialType,
                                                  String credentialAlgorithm,
                                                  AlgorithmParameterSpec parameterSpec,
                                                  CredentialStore.ProtectionParameter protectionParameter)
                                           throws CredentialStoreException
        Retrieve the credential stored in the store under the given alias, matching the given criteria.
        Type Parameters:
        C - the credential type
        Parameters:
        credentialAlias - to find the credential in the store
        credentialType - the credential type class (must not be null)
        credentialAlgorithm - the credential algorithm to match, or null to match any algorithm
        parameterSpec - the parameter specification to match, or null to match any parameters
        protectionParameter - the protection parameter to use to access the entry, or null for none
        Returns:
        instance of Credential stored in the store, or null if the credential is not found
        Throws:
        CredentialStoreException - if the credential cannot be retrieved due to an error

      • remove

        public abstract void remove​(String credentialAlias,
                            Class<? extends Credential> credentialType,
                            String credentialAlgorithm,
                            AlgorithmParameterSpec parameterSpec)
                     throws CredentialStoreException
        Remove the credentialType with from given alias from the credential store service.
        Parameters:
        credentialAlias - alias to remove
        credentialType - the credential type class to match (must not be null)
        credentialAlgorithm - the credential algorithm to match, or null to match all algorithms
        parameterSpec - the credential parameters to match, or null to match all parameters
        Throws:
        CredentialStoreException - if the credential cannot be removed due to an error

      • flush

        public void flush()
           throws CredentialStoreException
        Flush the credential store contents to storage. If the credential store does not support or require explicit flushing, this method should do nothing and simply return.
        Throws:
        CredentialStoreException - if the flush fails for some reason.

      • getCredentialTypesForAlias

        public Set<String> getCredentialTypesForAlias​(String credentialAlias)
                                       throws UnsupportedOperationException
        Returns credential types stored in this store with given alias as Set<String>. It is not mandatory to override this method (throws UnsupportedOperationException by default).
        Parameters:
        credentialAlias - to find the credentials types in the store
        Returns:
        Set<String> of all credential types stored in this store with credential alias
        Throws:
        UnsupportedOperationException - when this method is not supported by the underlying credential store

      • validateAttribute

        public void validateAttribute​(Map<String,​String> attributes,
                              List<String> validAttributes)
                       throws CredentialStoreException
        Validate given attributes in credential store implementation.
        Parameters:
        attributes - attributes to used to pass information to credential store service.
        validAttributes - valid attributes based on credential store implementation.
        Throws:
        CredentialStoreException - if validation fails