wildfly-security · fjuma · Nov 17, 2016 · Nov 17, 2016 · Nov 17, 2016 · Nov 17, 2016
diff --git a/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java b/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java
diff --git a/src/main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java b/src/main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java
@@ -26,6 +26,7 @@
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.Collection;
+import java.util.function.UnaryOperator;
 
 import javax.net.ssl.SSLContext;
 import javax.security.auth.callback.CallbackHandler;
@@ -269,12 +270,24 @@ public Principal getPrincipal(AuthenticationConfiguration configuration) {
      *
      * @param uri the target URI (must not be {@code null})
      * @param configuration the authentication configuration (must not be {@code null})
-     * @param clientFactory the SASL client factory to delegate to (must not be {@code null})
      * @param offeredMechanisms the available mechanisms (must not be {@code null})
      * @return the SASL client, or {@code null} if no clients were available or could be configured
      */
-    public SaslClient createSaslClient(URI uri, AuthenticationConfiguration configuration, SaslClientFactory clientFactory, Collection<String> offeredMechanisms) throws SaslException {
-        return configuration.createSaslClient(uri, clientFactory, offeredMechanisms);
+    public SaslClient createSaslClient(URI uri, AuthenticationConfiguration configuration,  Collection<String> offeredMechanisms) throws SaslException {
+        return createSaslClient(uri, configuration, offeredMechanisms, UnaryOperator.identity());
+    }
+
+    /**
+     * Create a SASL client using the given URI and configuration from the given SASL client factory.
+     *
+     * @param uri the target URI (must not be {@code null})
+     * @param configuration the authentication configuration (must not be {@code null})
+     * @param offeredMechanisms the available mechanisms (must not be {@code null})
+     * @param factoryOperator A {@link UnaryOperator<SaslClientFactory>} to apply to the factory used.
+     * @return the SASL client, or {@code null} if no clients were available or could be configured
+     */
+    public SaslClient createSaslClient(URI uri, AuthenticationConfiguration configuration,  Collection<String> offeredMechanisms, UnaryOperator<SaslClientFactory> factoryOperator) throws SaslException {
+        return configuration.createSaslClient(uri, offeredMechanisms, factoryOperator);
     }
 
     /**

diff --git a/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java
@@ -75,6 +75,7 @@
 import org.wildfly.security.password.PasswordFactory;
 import org.wildfly.security.password.interfaces.ClearPassword;
 import org.wildfly.security.password.spec.ClearPasswordSpec;
+import org.wildfly.security.sasl.util.ServiceLoaderSaslClientFactory;
 import org.wildfly.security.ssl.CipherSuiteSelector;
 import org.wildfly.security.ssl.ProtocolSelector;
 import org.wildfly.security.ssl.SSLContextBuilder;
@@ -579,6 +580,7 @@ static ExceptionUnaryOperator<RuleNode<AuthenticationConfiguration>, GeneralSecu
                     case "use-system-providers": {
                         if (isSet(foundBits, 12)) throw reader.unexpectedElement();
                         foundBits = setBit(foundBits, 12);
+                        parseEmptyType(reader);
                         configuration = andThenOp(configuration, parentConfig -> parentConfig.useProviders(Security::getProviders));
                         break;
                     }
@@ -589,6 +591,21 @@ static ExceptionUnaryOperator<RuleNode<AuthenticationConfiguration>, GeneralSecu
                         configuration = andThenOp(configuration, parentConfig -> parentConfig.useProviders(new ServiceLoaderSupplier<Provider>(Provider.class, module.getClassLoader())));
                         break;
                     }
+                    // these two are a <choice> which is why they share a bit #; you can have only one of them
+                    case "use-provider-sasl-factory": {
+                        if (isSet(foundBits, 13)) throw reader.unexpectedElement();
+                        foundBits = setBit(foundBits, 13);
+                        parseEmptyType(reader);
+                        configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactoryFromProviders());
+                        break;
+                    }
+                    case "use-module-sasl-factory": {
+                        if (isSet(foundBits, 13)) throw reader.unexpectedElement();
+                        foundBits = setBit(foundBits, 13);
+                        final Module module = parseModuleRefType(reader);
+                        configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactory(new ServiceLoaderSaslClientFactory(module.getClassLoader())));
+                        break;
+                    }
                     default: {
                         throw reader.unexpectedElement();
                     }
@@ -1528,7 +1545,7 @@ public X509CertificateChainPrivateCredential create() throws GeneralSecurityExce
             final KeyStore.Entry entry = entrySecurityFactory.create();
             if (entry instanceof KeyStore.PrivateKeyEntry) {
                 final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
-                final X509Certificate[] certificateChain = X500.asX509CertificateArray((Object[]) privateKeyEntry.getCertificateChain());
+                final X509Certificate[] certificateChain = X500.asX509CertificateArray((Object[])privateKeyEntry.getCertificateChain());
                 return new X509CertificateChainPrivateCredential(privateKeyEntry.getPrivateKey(), certificateChain);
             }
             throw xmlLog.invalidKeyStoreEntryType("unknown", KeyStore.PrivateKeyEntry.class, entry.getClass());

diff --git a/...ava/org/wildfly/security/auth/client/SetSaslClientFactoryAuthenticationConfiguration.java b/...ava/org/wildfly/security/auth/client/SetSaslClientFactoryAuthenticationConfiguration.java
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wildfly.security.auth.client;
+
+import java.security.Provider;
+import java.util.function.Supplier;
+
+import javax.security.sasl.SaslClientFactory;
+
+/**
+ * An {@link AuthenticationConfiguration} to return a {@link SaslClientFactory}.
+ *
+ * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
+ */
+public class SetSaslClientFactoryAuthenticationConfiguration extends AuthenticationConfiguration {
+
+    private final Supplier<SaslClientFactory> saslClientFactorySupplier;
+
+    SetSaslClientFactoryAuthenticationConfiguration(final AuthenticationConfiguration parent, final Supplier<SaslClientFactory> saslClientFactorySupplier) {
+        super(parent);
+        this.saslClientFactorySupplier = saslClientFactorySupplier;
+    }
+
+    @Override
+    SaslClientFactory getSaslClientFactory(Supplier<Provider[]> providers) {
+        return saslClientFactorySupplier.get();
+    }
+
+    @Override
+    AuthenticationConfiguration reparent(AuthenticationConfiguration newParent) {
+        return new SetSaslClientFactoryAuthenticationConfiguration(newParent, saslClientFactorySupplier);
+    }
+
+}
diff --git a/src/main/resources/schema/elytron-1_0.xsd b/src/main/resources/schema/elytron-1_0.xsd
@@ -164,6 +164,10 @@
                     <xsd:element name="use-system-providers" type="empty-type"/>
                     <xsd:element name="use-module-providers" type="module-ref-type"/>
                 </xsd:choice>
+                <xsd:choice minOccurs="0">
+                    <xsd:element name="use-provider-sasl-factory" type="empty-type" />
+                    <xsd:element name="use-module-sasl-factory" type="module-ref-type" />
+                </xsd:choice>
             </xsd:all>
         </xsd:sequence>
     </xsd:complexType>

diff --git a/src/test/java/org/wildfly/security/auth/client/XmlConfigurationTest.java b/src/test/java/org/wildfly/security/auth/client/XmlConfigurationTest.java
@@ -69,6 +69,7 @@ public void testRuleConfiguration() throws Exception {
             "                <property key=\"key-one\" value=\"value-one\"/>\n" +
             "                <property key=\"key-two\" value=\"value-two\"/>\n" +
             "            </set-mechanism-properties>\n" +
+            "            <use-provider-sasl-factory/>\n" +
             "        </rule>\n" +
             "    </rules>\n" +
             "</authentication-client>\n").getBytes(StandardCharsets.UTF_8);