-
Notifications
You must be signed in to change notification settings - Fork 268
/
FileSystemSecurityRealmBuilder.java
197 lines (178 loc) · 6.72 KB
/
FileSystemSecurityRealmBuilder.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
/*
* JBoss, Home of Professional Open Source
* Copyright 2021 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.security.auth.realm;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.util.function.Supplier;
import javax.crypto.SecretKey;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.password.spec.Encoding;
/**
* A builder class that creates {@link FileSystemSecurityRealm} instances.
*
* @author <a href="mailto:araskar@redhat.com">Ashpan Raskar</a>
*/
public class FileSystemSecurityRealmBuilder {
private Path root;
private NameRewriter nameRewriter;
private int levels = 2;
private boolean encoded = true;
private Charset hashCharset;
private Encoding hashEncoding;
private SecretKey secretKey;
private PrivateKey privateKey;
private PublicKey publicKey;
private Supplier<Provider[]> providers;
FileSystemSecurityRealmBuilder() {
}
/**
* Set the root path to be used by the realm.
*
* @param root the root path of the identity store (must not be {@code null})
* @return this builder.enc
*/
public FileSystemSecurityRealmBuilder setRoot(final Path root) {
Assert.checkNotNullParam("root", root);
this.root = root;
return this;
}
/**
* Set the name rewriter to be used by the realm.
*
* @param nameRewriter the name rewriter to apply to looked up names (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setNameRewriter(final NameRewriter nameRewriter) {
Assert.checkNotNullParam("nameRewriter", nameRewriter);
this.nameRewriter = nameRewriter;
return this;
}
/**
* Set the number of levels to be used by the realm.
*
* @param levels the number of levels of directory hashing to apply
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setLevels(final int levels) {
Assert.checkMinimumParameter("levels", 0, levels);
this.levels = levels;
return this;
}
/**
* Set whether the identity name should be encoded for the filename in the realm.
*
* @param encoded whether identity names should be BASE32 encoded before using as filename (only applies if the security realm is unencrypted)
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setEncoded(final boolean encoded) {
this.encoded = encoded;
return this;
}
/**
* Set the character set to be used by the realm.
*
* @param hashCharset the character set to use when converting password strings to a byte array. Uses UTF-8 by default. (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setHashCharset(final Charset hashCharset) {
Assert.checkNotNullParam("hashCharset", hashCharset);
this.hashCharset = hashCharset;
return this;
}
/**
* Set the string format for hashed passwords to be used by the realm.
*
* @param hashEncoding the string format for the hashed passwords. Uses Base64 by default. (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setHashEncoding(final Encoding hashEncoding) {
Assert.checkNotNullParam("hashEncoding", hashEncoding);
this.hashEncoding = hashEncoding;
return this;
}
/**
* Set the SecretKey to be used by the realm.
*
* @param secretKey the symmetric SecretKey used to encrypt and decrypt the Security Realm (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setSecretKey(final SecretKey secretKey) {
Assert.checkNotNullParam("secretKey", secretKey);
this.secretKey = secretKey;
return this;
}
/**
* Set the providers to be used by the realm.
*
* @param providers the provider to be used (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setProviders(final Supplier<Provider[]> providers) {
Assert.checkNotNullParam("providers", providers);
this.providers = providers;
return this;
}
/**
* Set the PrivateKey to be used by the realm.
*
* @param privateKey the asymmetric PrivateKey used to sign the identity files used for file integrity (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setPrivateKey(final PrivateKey privateKey) {
Assert.checkNotNullParam("privateKey", privateKey);
this.privateKey = privateKey;
return this;
}
/**
* Set the PublicKey to be used by the realm.
*
* @param publicKey the asymmetric PublicKey used to verify the identity files used for file integrity (must not be {@code null})
* @return this builder.
*/
public FileSystemSecurityRealmBuilder setPublicKey(final PublicKey publicKey) {
Assert.checkNotNullParam("publicKey", publicKey);
this.publicKey = publicKey;
return this;
}
/**
* Builds a new {@link FileSystemSecurityRealm} instance based on configuration defined for this {@link FileSystemSecurityRealmBuilder} instance.
*
* @return the built realm
*/
public FileSystemSecurityRealm build() {
encoded = secretKey == null && encoded;
if (nameRewriter == null) {
nameRewriter = NameRewriter.IDENTITY_REWRITER;
}
if (hashEncoding == null) {
hashEncoding = Encoding.BASE64;
}
if (hashCharset == null) {
hashCharset = StandardCharsets.UTF_8;
}
if (privateKey == null ^ publicKey == null) {
throw ElytronMessages.log.invalidKeyPairArgument(root.toString());
}
return new FileSystemSecurityRealm(root, nameRewriter, levels, encoded, hashEncoding, hashCharset, providers, secretKey, privateKey, publicKey);
}
}