Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ELY-762] Move SaslClientFactory handling to AuthenticationConfiguration #558

Merged
merged 5 commits into from
Nov 17, 2016
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.function.UnaryOperator;

import javax.net.ssl.SSLContext;
import javax.security.auth.callback.CallbackHandler;
Expand Down Expand Up @@ -269,12 +270,24 @@ public Principal getPrincipal(AuthenticationConfiguration configuration) {
*
* @param uri the target URI (must not be {@code null})
* @param configuration the authentication configuration (must not be {@code null})
* @param clientFactory the SASL client factory to delegate to (must not be {@code null})
* @param offeredMechanisms the available mechanisms (must not be {@code null})
* @return the SASL client, or {@code null} if no clients were available or could be configured
*/
public SaslClient createSaslClient(URI uri, AuthenticationConfiguration configuration, SaslClientFactory clientFactory, Collection<String> offeredMechanisms) throws SaslException {
return configuration.createSaslClient(uri, clientFactory, offeredMechanisms);
public SaslClient createSaslClient(URI uri, AuthenticationConfiguration configuration, Collection<String> offeredMechanisms) throws SaslException {
return createSaslClient(uri, configuration, offeredMechanisms, UnaryOperator.identity());
}

/**
* Create a SASL client using the given URI and configuration from the given SASL client factory.
*
* @param uri the target URI (must not be {@code null})
* @param configuration the authentication configuration (must not be {@code null})
* @param offeredMechanisms the available mechanisms (must not be {@code null})
* @param factoryOperator A {@link UnaryOperator<SaslClientFactory>} to apply to the factory used.
* @return the SASL client, or {@code null} if no clients were available or could be configured
*/
public SaslClient createSaslClient(URI uri, AuthenticationConfiguration configuration, Collection<String> offeredMechanisms, UnaryOperator<SaslClientFactory> factoryOperator) throws SaslException {
return configuration.createSaslClient(uri, offeredMechanisms, factoryOperator);
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.sasl.util.ServiceLoaderSaslClientFactory;
import org.wildfly.security.ssl.CipherSuiteSelector;
import org.wildfly.security.ssl.ProtocolSelector;
import org.wildfly.security.ssl.SSLContextBuilder;
Expand Down Expand Up @@ -579,6 +580,7 @@ static ExceptionUnaryOperator<RuleNode<AuthenticationConfiguration>, GeneralSecu
case "use-system-providers": {
if (isSet(foundBits, 12)) throw reader.unexpectedElement();
foundBits = setBit(foundBits, 12);
parseEmptyType(reader);
configuration = andThenOp(configuration, parentConfig -> parentConfig.useProviders(Security::getProviders));
break;
}
Expand All @@ -589,6 +591,21 @@ static ExceptionUnaryOperator<RuleNode<AuthenticationConfiguration>, GeneralSecu
configuration = andThenOp(configuration, parentConfig -> parentConfig.useProviders(new ServiceLoaderSupplier<Provider>(Provider.class, module.getClassLoader())));
break;
}
// these two are a <choice> which is why they share a bit #; you can have only one of them
case "use-provider-sasl-factory": {
if (isSet(foundBits, 13)) throw reader.unexpectedElement();
foundBits = setBit(foundBits, 13);
parseEmptyType(reader);
configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactoryFromProviders());
break;
}
case "use-module-sasl-factory": {
if (isSet(foundBits, 13)) throw reader.unexpectedElement();
foundBits = setBit(foundBits, 13);
final Module module = parseModuleRefType(reader);
configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactory(new ServiceLoaderSaslClientFactory(module.getClassLoader())));
break;
}
default: {
throw reader.unexpectedElement();
}
Expand Down Expand Up @@ -1528,7 +1545,7 @@ public X509CertificateChainPrivateCredential create() throws GeneralSecurityExce
final KeyStore.Entry entry = entrySecurityFactory.create();
if (entry instanceof KeyStore.PrivateKeyEntry) {
final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
final X509Certificate[] certificateChain = X500.asX509CertificateArray((Object[]) privateKeyEntry.getCertificateChain());
final X509Certificate[] certificateChain = X500.asX509CertificateArray((Object[])privateKeyEntry.getCertificateChain());
return new X509CertificateChainPrivateCredential(privateKeyEntry.getPrivateKey(), certificateChain);
}
throw xmlLog.invalidKeyStoreEntryType("unknown", KeyStore.PrivateKeyEntry.class, entry.getClass());
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
/*
* JBoss, Home of Professional Open Source.
* Copyright 2016 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.security.auth.client;

import java.security.Provider;
import java.util.function.Supplier;

import javax.security.sasl.SaslClientFactory;

/**
* An {@link AuthenticationConfiguration} to return a {@link SaslClientFactory}.
*
* @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
*/
public class SetSaslClientFactoryAuthenticationConfiguration extends AuthenticationConfiguration {

private final Supplier<SaslClientFactory> saslClientFactorySupplier;

SetSaslClientFactoryAuthenticationConfiguration(final AuthenticationConfiguration parent, final Supplier<SaslClientFactory> saslClientFactorySupplier) {
super(parent);
this.saslClientFactorySupplier = saslClientFactorySupplier;
}

@Override
SaslClientFactory getSaslClientFactory(Supplier<Provider[]> providers) {
return saslClientFactorySupplier.get();
}

@Override
AuthenticationConfiguration reparent(AuthenticationConfiguration newParent) {
return new SetSaslClientFactoryAuthenticationConfiguration(newParent, saslClientFactorySupplier);
}

}
4 changes: 4 additions & 0 deletions src/main/resources/schema/elytron-1_0.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,10 @@
<xsd:element name="use-system-providers" type="empty-type"/>
<xsd:element name="use-module-providers" type="module-ref-type"/>
</xsd:choice>
<xsd:choice minOccurs="0">
<xsd:element name="use-provider-sasl-factory" type="empty-type" />
<xsd:element name="use-module-sasl-factory" type="module-ref-type" />
</xsd:choice>
</xsd:all>
</xsd:sequence>
</xsd:complexType>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ public void testRuleConfiguration() throws Exception {
" <property key=\"key-one\" value=\"value-one\"/>\n" +
" <property key=\"key-two\" value=\"value-two\"/>\n" +
" </set-mechanism-properties>\n" +
" <use-provider-sasl-factory/>\n" +
" </rule>\n" +
" </rules>\n" +
"</authentication-client>\n").getBytes(StandardCharsets.UTF_8);
Expand Down