[ELY-764] Allow the protocol to be specified.

src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java

@@ -73,6 +73,7 @@
 import org.wildfly.security.password.interfaces.ClearPassword;
 import org.wildfly.security.sasl.util.FilterMechanismSaslClientFactory;
 import org.wildfly.security.sasl.util.PropertiesSaslClientFactory;
+import org.wildfly.security.sasl.util.ProtocolSaslClientFactory;
 import org.wildfly.security.sasl.util.SecurityProviderSaslClientFactory;
 import org.wildfly.security.sasl.util.ServerNameSaslClientFactory;
 import org.wildfly.security.ssl.CipherSuiteSelector;
@@ -134,6 +135,10 @@ String getHost() {
             return null;
         }
 
+        String getProtocol() {
+            return null;
+        }
+
         int getPort() {
             return -1;
         }
@@ -221,6 +226,10 @@ String getHost() {
         return parent.getHost();
     }
 
+    String getProtocol() {
+        return parent.getProtocol();
+    }
+
     int getPort() {
         return parent.getPort();
     }
@@ -305,7 +314,9 @@ AuthenticationConfiguration without(Class<?> clazz) {
     }
 
     AuthenticationConfiguration without(Class<?> clazz1, Class<?> clazz2) {
-        if (clazz1.isInstance(this) || clazz2.isInstance(this)) return parent;
+        if (clazz1.isInstance(this) && clazz2.isInstance(this)) return parent;
+        if (clazz1.isInstance(this)) return parent.without(clazz2);
+        if (clazz2.isInstance(this)) return parent.without(clazz1);
         AuthenticationConfiguration newParent = parent.without(clazz1, clazz2);
         if (parent == newParent) return this;
         return reparent(newParent);
@@ -620,10 +631,25 @@ public final AuthenticationConfiguration useTrustManager(X509TrustManager trustM
      * @return the new configuration
      */
     public final AuthenticationConfiguration useHost(String hostName) {
-        if (hostName != null && hostName.isEmpty()) hostName = null;
+        if (hostName == null || hostName.isEmpty()) {
+            return without(SetHostAuthenticationConfiguration.class);
+        }
         return new SetHostAuthenticationConfiguration(this, hostName);
     }
 
+    /**
+     * Create a new configuration which is the same as this configuration, but which specifies a different protocol to be passed to the authentication mechanisms.
+     *
+     * @param protocol the protocol to pass to the authentication mechanisms.
+     * @return the new configuration
+     */
+    public final AuthenticationConfiguration useProtocol(String protocol) {
+        if (protocol == null || protocol.isEmpty()) {
+            return without(SetProtocolAuthenticationConfiguration.class);
+        }
+        return new SetProtocolAuthenticationConfiguration(this, protocol);
+    }
+
     /**
      * Create a new configuration which is the same as this configuration, but which connects to a different port.
      *
@@ -808,6 +834,10 @@ private SaslClientFactory getSaslClientFactory() {
                     if (host != null) {
                         saslClientFactory = new ServerNameSaslClientFactory(saslClientFactory, host);
                     }
+                    String protocol = getProtocol();
+                    if (protocol != null) {
+                        saslClientFactory = new ProtocolSaslClientFactory(saslClientFactory, protocol);
+                    }
                     saslClientFactory = new FilterMechanismSaslClientFactory(saslClientFactory, this::filterOneSaslMechanism);
 
                     this.saslClientFactory = saslClientFactory;

src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java

@@ -606,6 +606,13 @@ static ExceptionUnaryOperator<RuleNode<AuthenticationConfiguration>, GeneralSecu
                         configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactory(new ServiceLoaderSaslClientFactory(module.getClassLoader())));
                         break;
                     }
+                    case "set-protocol": {
+                        if (isSet(foundBits, 14)) throw reader.unexpectedElement();
+                        foundBits = setBit(foundBits, 14);
+                        final String protocol = parseNameType(reader);
+                        configuration = andThenOp(configuration, parentConfig -> parentConfig.useProtocol(protocol));
+                        break;
+                    }
                     default: {
                         throw reader.unexpectedElement();
                     }
@@ -1545,7 +1552,7 @@ public X509CertificateChainPrivateCredential create() throws GeneralSecurityExce
             final KeyStore.Entry entry = entrySecurityFactory.create();
             if (entry instanceof KeyStore.PrivateKeyEntry) {
                 final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
-                final X509Certificate[] certificateChain = X500.asX509CertificateArray((Object[])privateKeyEntry.getCertificateChain());
+                final X509Certificate[] certificateChain = X500.asX509CertificateArray(privateKeyEntry.getCertificateChain());
                 return new X509CertificateChainPrivateCredential(privateKeyEntry.getPrivateKey(), certificateChain);
             }
             throw xmlLog.invalidKeyStoreEntryType("unknown", KeyStore.PrivateKeyEntry.class, entry.getClass());

src/main/java/org/wildfly/security/auth/client/SetProtocolAuthenticationConfiguration.java

@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wildfly.security.auth.client;
+
+/**
+ * An {@link AuthenticationConfiguration} that sets the protocol reported to the authentication mechanisms.
+ *
+ * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
+ */
+public class SetProtocolAuthenticationConfiguration extends AuthenticationConfiguration {
+
+    private final String protocol;
+    SetProtocolAuthenticationConfiguration(final AuthenticationConfiguration parent, final String protocol) {
+        super(parent);
+        this.protocol = protocol;
+    }
+
+    @Override
+    String getProtocol() {
+        return protocol;
+    }
+
+    @Override
+    AuthenticationConfiguration reparent(AuthenticationConfiguration newParent) {
+        return new SetProtocolAuthenticationConfiguration(newParent, protocol);
+    }
+
+}

src/main/resources/schema/elytron-1_0.xsd

@@ -147,6 +147,7 @@
             <xsd:all>
                 <xsd:element name="set-host" type="name-type" minOccurs="0"/>
                 <xsd:element name="set-port" type="port-number-simple-type" minOccurs="0"/>
+                <xsd:element name="set-protocol" type="name-type" minOccurs="0"/>
                 <xsd:choice minOccurs="0">
                     <xsd:element name="set-user-name" type="name-type" minOccurs="0"/>
                     <xsd:element name="set-anonymous" type="empty-type" minOccurs="0"/>

src/test/java/org/wildfly/security/auth/client/XmlConfigurationTest.java

@@ -62,6 +62,7 @@ public void testRuleConfiguration() throws Exception {
             "            <match-host name=\"test2\"/>\n" +
             "            <match-userinfo name=\"fred\"/>\n" +
             "            <set-host name=\"localhost\"/>\n" +
+            "            <set-protocol name=\"HTTP\"/>\n" +
             "            <set-user-name name=\"jane\"/>\n" +
             "            <allow-all-sasl-mechanisms />\n" +
             "            <set-mechanism-realm name=\"mainRealm\"/>\n" +