Search in sources :

Example 1 with X509CertificateChainPrivateCredential

use of org.wildfly.security.credential.X509CertificateChainPrivateCredential in project wildfly by wildfly.

the class SubjectUtil method convertToSecurityIdentity.

public static SecurityIdentity convertToSecurityIdentity(Subject subject, Principal principal, SecurityDomain domain, String roleCategory) {
    SecurityIdentity identity = null;
    for (Object obj : subject.getPrivateCredentials()) {
        if (obj instanceof SecurityIdentity) {
            identity = (SecurityIdentity) obj;
            break;
        }
    }
    if (identity == null) {
        identity = domain.createAdHocIdentity(principal);
    }
    // convert public credentials
    IdentityCredentials publicCredentials = IdentityCredentials.NONE;
    for (Object credential : subject.getPublicCredentials()) {
        if (credential instanceof PublicKey) {
            publicCredentials = publicCredentials.withCredential(new PublicKeyCredential((PublicKey) credential));
        } else if (credential instanceof X509Certificate) {
            publicCredentials = publicCredentials.withCredential(new X509CertificateChainPublicCredential((X509Certificate) credential));
        } else if (credential instanceof Credential) {
            publicCredentials = publicCredentials.withCredential((Credential) credential);
        }
    }
    if (!publicCredentials.equals(IdentityCredentials.NONE)) {
        identity = identity.withPublicCredentials(publicCredentials);
    }
    // convert private credentials
    IdentityCredentials privateCredentials = IdentityCredentials.NONE;
    for (Object credential : subject.getPrivateCredentials()) {
        if (credential instanceof Password) {
            privateCredentials = privateCredentials.withCredential(new PasswordCredential((Password) credential));
        } else if (credential instanceof SecretKey) {
            privateCredentials = privateCredentials.withCredential(new SecretKeyCredential((SecretKey) credential));
        } else if (credential instanceof KeyPair) {
            privateCredentials = privateCredentials.withCredential(new KeyPairCredential((KeyPair) credential));
        } else if (credential instanceof PrivateKey) {
            privateCredentials = privateCredentials.withCredential(new X509CertificateChainPrivateCredential((PrivateKey) credential));
        } else if (credential instanceof Credential) {
            privateCredentials = privateCredentials.withCredential((Credential) credential);
        }
    }
    if (!privateCredentials.equals(IdentityCredentials.NONE)) {
        identity = identity.withPrivateCredentials(privateCredentials);
    }
    return identity;
}
Also used : X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) Credential(org.wildfly.security.credential.Credential) KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) PublicKey(java.security.PublicKey) PasswordCredential(org.wildfly.security.credential.PasswordCredential) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) X509Certificate(java.security.cert.X509Certificate) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) SecretKey(javax.crypto.SecretKey) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials) Password(org.wildfly.security.password.Password)

Example 2 with X509CertificateChainPrivateCredential

use of org.wildfly.security.credential.X509CertificateChainPrivateCredential in project wildfly by wildfly.

the class SubjectUtil method fromSecurityIdentity.

public static Subject fromSecurityIdentity(final SecurityIdentity securityIdentity, Subject subject) {
    if (subject == null) {
        subject = new Subject();
    }
    // The first principal added must be the security identity principal
    // as logic in both CXF and JBoss WS look for the first non-Group principal
    subject.getPrincipals().add(securityIdentity.getPrincipal());
    Roles identityRoles = securityIdentity.getRoles();
    // Just add a simple principal for each role instead of aggregating them in a Group.
    // CXF can use such principals when identifying the subject's roles
    String principalName = securityIdentity.getPrincipal().getName();
    Set<Principal> principals = subject.getPrincipals();
    for (String role : identityRoles) {
        if (!principalName.equals(role)) {
            principals.add(new NamePrincipal(role));
        }
    }
    // process the identity's public and private credentials.
    for (Credential credential : securityIdentity.getPublicCredentials()) {
        if (credential instanceof PublicKeyCredential) {
            subject.getPublicCredentials().add(credential.castAs(PublicKeyCredential.class).getPublicKey());
        } else if (credential instanceof X509CertificateChainPublicCredential) {
            subject.getPublicCredentials().add(credential.castAs(X509CertificateChainPublicCredential.class).getCertificateChain());
        } else {
            subject.getPublicCredentials().add(credential);
        }
    }
    for (Credential credential : securityIdentity.getPrivateCredentials()) {
        if (credential instanceof PasswordCredential) {
            addPrivateCredential(subject, credential.castAs(PasswordCredential.class).getPassword());
        } else if (credential instanceof SecretKeyCredential) {
            addPrivateCredential(subject, credential.castAs(SecretKeyCredential.class).getSecretKey());
        } else if (credential instanceof KeyPairCredential) {
            addPrivateCredential(subject, credential.castAs(KeyPairCredential.class).getKeyPair());
        } else if (credential instanceof X509CertificateChainPrivateCredential) {
            addPrivateCredential(subject, credential.castAs(X509CertificateChainPrivateCredential.class).getCertificateChain());
        } else {
            addPrivateCredential(subject, credential);
        }
    }
    // add the identity itself as a private credential - integration code can interact with the SI instead of the Subject if desired.
    addPrivateCredential(subject, securityIdentity);
    return subject;
}
Also used : X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) Credential(org.wildfly.security.credential.Credential) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(org.wildfly.security.credential.PasswordCredential) Roles(org.wildfly.security.authz.Roles) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) Subject(javax.security.auth.Subject) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) Principal(java.security.Principal)

Aggregations

Credential (org.wildfly.security.credential.Credential)2 KeyPairCredential (org.wildfly.security.credential.KeyPairCredential)2 PasswordCredential (org.wildfly.security.credential.PasswordCredential)2 PublicKeyCredential (org.wildfly.security.credential.PublicKeyCredential)2 SecretKeyCredential (org.wildfly.security.credential.SecretKeyCredential)2 X509CertificateChainPrivateCredential (org.wildfly.security.credential.X509CertificateChainPrivateCredential)2 X509CertificateChainPublicCredential (org.wildfly.security.credential.X509CertificateChainPublicCredential)2 KeyPair (java.security.KeyPair)1 Principal (java.security.Principal)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 SecretKey (javax.crypto.SecretKey)1 Subject (javax.security.auth.Subject)1 NamePrincipal (org.wildfly.security.auth.principal.NamePrincipal)1 IdentityCredentials (org.wildfly.security.auth.server.IdentityCredentials)1 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)1 Roles (org.wildfly.security.authz.Roles)1 Password (org.wildfly.security.password.Password)1