Package org.wildfly.security.auth.server

Class IdentityCredentials

java.lang.Object
org.wildfly.security.auth.server.IdentityCredentials
All Implemented Interfaces:
Iterable<Credential>, CredentialSource
public abstract class IdentityCredentials extends Object implements Iterable<Credential>, CredentialSource
The public or private credentials retained by an identity, which can be used for authentication forwarding. This credentials set can contain zero or one credential of a given type and algorithm name. If the credential type does not support algorithm names, then the set can contain zero or one credential of that type. The credential set may be iterated; iteration order is not prescribed and may change if the implementation is changed.
Author:
David M. Lloyd

  • Field Details

  • Method Details

    • contains

      public final boolean contains(Class<? extends Credential> credentialType)
      Determine whether a credential of the given type is present in this set.
      Parameters:
      credentialType - the credential type class (must not be null)
      Returns:
      true if a matching credential is contained in this set, false otherwise

    • getCredentialAcquireSupport

      public final SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
      Description copied from interface: CredentialSource
      Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
      Specified by:
      getCredentialAcquireSupport in interface CredentialSource
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
      Returns:
      the level of support for this credential type (not null)

    • getCredentialAcquireSupport

      public final SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName)
      Description copied from interface: CredentialSource
      Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
      Specified by:
      getCredentialAcquireSupport in interface CredentialSource
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      Returns:
      the level of support for this credential type (not null)

    • getCredentialAcquireSupport

      public final SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType)
      Description copied from interface: CredentialSource
      Determine whether a given credential is definitely obtainable, possibly obtainable, or definitely not obtainable.
      Specified by:
      getCredentialAcquireSupport in interface CredentialSource
      Parameters:
      credentialType - the credential type class (must not be null)
      Returns:
      the level of support for this credential type (not null)

    • contains

      public abstract boolean contains(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
      Determine whether a credential of the given type and algorithm are present in this set.
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      parameterSpec - the parameter specification or null if any parameter specification is acceptable
      Returns:
      true if a matching credential is contained in this set, false otherwise

    • contains

      public final boolean contains(Class<? extends Credential> credentialType, String algorithmName)
      Determine whether a credential of the given type and algorithm are present in this set.
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      Returns:
      true if a matching credential is contained in this set, false otherwise

    • containsMatching

      public final boolean containsMatching(Credential credential)
      Determine whether a credential of the type, algorithm, and parameters of the given credential is present in this set.
      Parameters:
      credential - the credential to check against (must not be null)
      Returns:
      true if a matching credential is contained in this set, false otherwise

    • getCredential

      public final <C extends Credential> C getCredential(Class<C> credentialType)
      Acquire a credential of the given type.
      Specified by:
      getCredential in interface CredentialSource
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class (must not be null)
      Returns:
      the credential, or null if no such credential exists

    • getCredential

      public final <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName)
      Acquire a credential of the given type and algorithm name.
      Specified by:
      getCredential in interface CredentialSource
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      Returns:
      the credential, or null if no such credential exists

    • getCredential

      public abstract <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
      Acquire a credential of the given type and algorithm name.
      Specified by:
      getCredential in interface CredentialSource
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
      parameterSpec - the parameter specification or null if any parameter specification is acceptable
      Returns:
      the credential, or null if no such credential exists

    • applyToCredential

      public final <C extends Credential, R> R applyToCredential(Class<C> credentialType, Function<C,R> function)
      Apply the given function to the acquired credential, if it is set and of the given type.
      Specified by:
      applyToCredential in interface CredentialSource
      Type Parameters:
      C - the credential type
      R - the return type
      Parameters:
      credentialType - the credential type class (must not be null)
      function - the function to apply (must not be null)
      Returns:
      the result of the function, or null if the criteria are not met

    • applyToCredential

      public final <C extends Credential, R> R applyToCredential(Class<C> credentialType, String algorithmName, Function<C,R> function)
      Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
      Specified by:
      applyToCredential in interface CredentialSource
      Type Parameters:
      C - the credential type
      R - the return type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name
      function - the function to apply (must not be null)
      Returns:
      the result of the function, or null if the criteria are not met

    • applyToCredential

      public <C extends Credential, R> R applyToCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec, Function<C,R> function)
      Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
      Specified by:
      applyToCredential in interface CredentialSource
      Type Parameters:
      C - the credential type
      R - the return type
      Parameters:
      credentialType - the credential type class (must not be null)
      algorithmName - the algorithm name
      function - the function to apply (must not be null)
      parameterSpec - the parameter specification or null if any parameter specification is acceptable
      Returns:
      the result of the function, or null if the criteria are not met

    • withCredential

      public abstract IdentityCredentials withCredential(Credential credential)
      Return a copy of this credential set, but with the given credential added to it.
      Parameters:
      credential - the credential to append (must not be null)
      Returns:
      the new credential set (not null)

    • with

      public abstract IdentityCredentials with(IdentityCredentials other)
      Return a copy of this credential set with the given credential set added to it.
      Parameters:
      other - the credential set to append (must not be null)
      Returns:
      the new credential set (not null)

    • withoutMatching

      public IdentityCredentials withoutMatching(Credential credential)
      Return a copy of this credential set without any credentials with a type, algorithm name, and parameters matching that of the given credential. If the credential type, algorithm name, and parameters are not found in this set, return this instance.
      Parameters:
      credential - the credential to match against (must not be null)
      Returns:
      the new credential set (not null)

    • without

      public final IdentityCredentials without(Class<? extends Credential> credentialType)
      Return a copy of this credential set without any credentials of the given type. If the credential type is not found in this set, return this instance.
      Specified by:
      without in interface CredentialSource
      Parameters:
      credentialType - the credential type to remove (must not be null)
      Returns:
      the new credential set (not null)

    • without

      public final IdentityCredentials without(Class<? extends Credential> credentialType, String algorithmName)
      Return a copy of this credential set without any credentials of the given type and algorithm name. If the credential type and algorithm name is not found in this set, return this instance.
      Specified by:
      without in interface CredentialSource
      Parameters:
      credentialType - the credential type to remove (must not be null)
      algorithmName - the algorithm name to remove, or null to match any algorithm name
      Returns:
      the new credential set (not null)

    • without

      public IdentityCredentials without(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
      Return a copy of this credential set without any credentials of the given type, algorithm name and parameter spec. If the credential type and algorithm name is not found in this set, return this instance.
      Specified by:
      without in interface CredentialSource
      Parameters:
      credentialType - the credential type to remove (must not be null)
      algorithmName - the algorithm name to remove, or null to match any algorithm name
      parameterSpec - the parameter spec to remove, or null to match any parameter spec
      Returns:
      the new credential set (not null)

    • without

      public abstract IdentityCredentials without(Predicate<? super Credential> predicate)
      Return a copy of this credential set without any credentials that match the predicate. If no credentials match the predicate, return this instance.
      Parameters:
      predicate - the predicate to test (must not be null)
      Returns:
      the new credential set (not null)

    • without

      public final <C extends Credential> IdentityCredentials without(Class<C> credentialType, Predicate<? super C> predicate)
      Return a copy of this credential set without any credentials of the given type that match the predicate. If no credentials match the predicate, return this instance.
      Type Parameters:
      C - the credential type
      Parameters:
      credentialType - the credential type class
      predicate - the predicate to test (must not be null)
      Returns:
      the new credential set (not null)

    • spliterator

      public Spliterator<Credential> spliterator()
      Get a Spliterator for this credential set.
      Specified by:
      spliterator in interface Iterable<Credential>
      Returns:
      the spliterator (not null)

    • canVerify

      public boolean canVerify(Class<? extends Evidence> evidenceClass, String algorithmName)
      Test whether some of the credentials in this set can verify an evidence of given class and algorithm name.
      Parameters:
      evidenceClass - the class of the evidence (must not be null)
      algorithmName - the algorithm name (may be null if the type of evidence does not support algorithm names)
      Returns:
      true if the evidence can be verified

    • canVerify

      public boolean canVerify(Evidence evidence)
      Test whether some of the credentials in this set can verify an evidence.
      Parameters:
      evidence - the evidence (must not be null)
      Returns:
      true if the evidence can be verified

    • verify

      public boolean verify(Evidence evidence)
      Verify the given evidence.
      Parameters:
      evidence - the evidence to verify (must not be null)
      Returns:
      true if the evidence is verified, false otherwise

    • verify

      public boolean verify(Supplier<Provider[]> providerSupplier, Evidence evidence)
      Verify the given evidence.
      Parameters:
      providerSupplier - the provider supplier to use for verification purposes (must not be null)
      evidence - the evidence to verify (must not be null)
      Returns:
      true if the evidence is verified, false otherwise

    • verify

      @Deprecated public boolean verify(Evidence evidence, Charset hashCharset)
      Deprecated.
      use verify(Supplier, Evidence, Charset) instead
      Verify the given evidence.
      Parameters:
      evidence - the evidence to verify (must not be null)
      Returns:
      true if the evidence is verified, false otherwise

    • verify

      public boolean verify(Supplier<Provider[]> providerSupplier, Evidence evidence, Charset hashCharset)
      Verify the given evidence.
      Parameters:
      providerSupplier - the provider supplier to use for verification purposes (must not be null)
      evidence - the evidence to verify (must not be null)
      Returns:
      true if the evidence is verified, false otherwise

    • size

      public abstract int size()
      Get the size of this credential set.
      Returns:
      the size of this credential set