Package org.wildfly.security.sasl.util

Class SaslMechanismInformation

java.lang.Object
org.wildfly.security.sasl.util.SaslMechanismInformation
public final class SaslMechanismInformation extends Object
A collection of predicates and other information which can be used to filter SASL mechanisms.
Author:
David M. Lloyd
See Also:

  • Field Details

    • HASH_MD5

      public static final Predicate<String> HASH_MD5
      A predicate which is true when the mechanism uses MD5.

    • HASH_SHA

      public static final Predicate<String> HASH_SHA
      A predicate which is true when the mechanism uses SHA.

    • HASH_SHA_256

      public static final Predicate<String> HASH_SHA_256
      A predicate which is true when the mechanism uses SHA-256.

    • HASH_SHA_384

      public static final Predicate<String> HASH_SHA_384
      A predicate which is true when the mechanism uses SHA-384.

    • HASH_SHA_512

      public static final Predicate<String> HASH_SHA_512
      A predicate which is true when the mechanism uses SHA-512.

    • HASH_SHA_512_256

      public static final Predicate<String> HASH_SHA_512_256
      A predicate which is true when the mechanism uses SHA-512/256.

    • GS2

      public static final Predicate<String> GS2
      A predicate which is true when a GS2-family mechanism is being used.

    • SCRAM

      public static final Predicate<String> SCRAM
      A predicate which is true when a SCRAM-family mechanism is being used.

    • DIGEST

      public static final Predicate<String> DIGEST
      A predicate which is true when a DIGEST-family mechanism is being used.

    • IEC_ISO_9798

      public static final Predicate<String> IEC_ISO_9798
      A predicate which is true when a IEC/ISO-9798-family mechanism is being used.

    • EAP

      public static final Predicate<String> EAP
      A predicate which is true when an EAP-family mechanism is being used.

    • MUTUAL

      public static final Predicate<String> MUTUAL
      A predicate which is true when the mechanism supports mutual authentication.

    • BINDING

      public static final Predicate<String> BINDING
      A predicate which is true when a mechanism which uses channel binding is being used.

  • Constructor Details

    • SaslMechanismInformation

      public SaslMechanismInformation()

  • Method Details

    • getSupportedClientCredentialTypes

      public static Set<Class<? extends Credential>> getSupportedClientCredentialTypes(String mechName)
      Get the supported credential types for the given SASL client mechanism. If an empty set is returned, then no credentials are used by the mechanism or the mechanism is not known.
      Parameters:
      mechName - the mechanism name
      Returns:
      the set of allowed client credentials

    • getSupportedClientPasswordTypes

      public static Set<Class<? extends Password>> getSupportedClientPasswordTypes(String mechName)
      Get the supported password types for the given SASL client mechanism. If an empty set is returned, then no passwords are used by the mechanism or nothing is known about the mechanism.
      Parameters:
      mechName - the mechanism name
      Returns:
      the set of allowed client password types

    • getSupportedServerCredentialTypes

      public static Set<Class<? extends Credential>> getSupportedServerCredentialTypes(String mechName)
      Get the supported credential types for the given SASL server mechanism. If an empty set is returned, then no credentials are used by the mechanism or the mechanism is unknown.
      Parameters:
      mechName - the mechanism name
      Returns:
      the set of allowed server credential types

    • getSupportedServerPasswordTypes

      public static Set<Class<? extends Password>> getSupportedServerPasswordTypes(String mechName)
      Get the supported password types for the given SASL server mechanism. If an empty set is returned, then no passwords are used by the mechanism or nothing is known about the mechanism
      Parameters:
      mechName - the mechanism name
      Returns:
      the set of allowed server password types

    • getSupportedClientCredentialAlgorithms

      public static Set<String> getSupportedClientCredentialAlgorithms(String mechName, Class<? extends Credential> credentialType)
      Get the supported algorithm names for a SASL client mechanism and credential type. If the mechanism or credential type is not recognized, or if the given credential type does not use algorithms for the given mechanism name, an empty set is returned. If all algorithms are supported, a set containing the special string "*" is returned.
      Parameters:
      mechName - the SASL mechanism name
      credentialType - the proposed credential type
      Returns:
      the set of algorithms, or an empty set if all algorithms have unknown support

    • getSupportedServerCredentialAlgorithms

      public static Set<String> getSupportedServerCredentialAlgorithms(String mechName, Class<? extends Credential> credentialType)
      Get the supported algorithm names for a SASL server mechanism and credential type. If the mechanism or credential type is not recognized, or if the given credential type does not use algorithms for the given mechanism name, an empty set is returned. If all algorithms are supported, a set containing the special string "*" is returned.
      Parameters:
      mechName - the SASL mechanism name
      credentialType - the proposed credential type
      Returns:
      the set of algorithms, or an empty set if all algorithms have equal or unknown support

    • getSupportedServerEvidenceTypes

      public static Set<Class<? extends Evidence>> getSupportedServerEvidenceTypes(String mechName)
      Get the supported evidence types for the given SASL server mechanism. If an empty set is returned, then no evidence is used by the mechanism.
      Parameters:
      mechName - the mechanism name
      Returns:
      the set of allowed server credential types

    • getSupportedServerEvidenceAlgorithms

      public static Set<String> getSupportedServerEvidenceAlgorithms(String mechName, Class<? extends AlgorithmEvidence> evidenceType)
      Get the supported algorithm names for a SASL server mechanism and evidence type. If the mechanism or evidence type is not recognized, or if the given evidence type does not have an algorithm restriction for the given mechanism name, an empty set is returned.
      Parameters:
      mechName - the SASL mechanism name
      evidenceType - the proposed evidence type
      Returns:
      the set of algorithms, or an empty set if all algorithms have equal or unknown support

    • needsServerCredentials

      public static boolean needsServerCredentials(String mechName)
      Determine whether a mechanism needs server-side credentials in order to authenticate. This may include credential verification or acquisition, or both.
      Parameters:
      mechName - the mechanism name
      Returns:
      true if the mechanism uses credentials, false otherwise

    • doesNotUsePrincipal

      public static boolean doesNotUsePrincipal(String mechName)
      Determine whether the given mechanism name is known to not use any sort of Principal for authentication.
      Parameters:
      mechName - the mechanism name (must not be null)
      Returns:
      true if the mechanism does not use a principal, false if it does or it is not known

    • doesNotRequireClientCredentials

      public static boolean doesNotRequireClientCredentials(String mechName)
      Determine whether a mechanism does not need the client to present credentials.
      Parameters:
      mechName - the mechanism name
      Returns:
      true if the mechanism does not require client credentials, false if it it does or it is not known

    • isKnownMechanism

      public static boolean isKnownMechanism(String mechName)
      Determine whether a mechanism is known by WildFly Elytron. If the mechanism is not known the other methods in this class can not be relied upon.
      Parameters:
      mechName - the mechanism name
      Returns:
      true if the mechanism is known to WildFly Elytron, false if it is not known