use of org.wildfly.security.credential.X509CertificateChainPublicCredential in project wildfly by wildfly.
the class SubjectUtil method fromSecurityIdentity.
public static Subject fromSecurityIdentity(final SecurityIdentity securityIdentity, Subject subject) {
if (subject == null) {
subject = new Subject();
}
subject.getPrincipals().add(securityIdentity.getPrincipal());
// add the 'Roles' group to the subject containing the identity's mapped roles.
Group rolesGroup = new SimpleGroup("Roles");
for (String role : securityIdentity.getRoles()) {
rolesGroup.addMember(new NamePrincipal(role));
}
subject.getPrincipals().add(rolesGroup);
// add a 'CallerPrincipal' group containing the identity's principal.
Group callerPrincipalGroup = new SimpleGroup("CallerPrincipal");
callerPrincipalGroup.addMember(securityIdentity.getPrincipal());
subject.getPrincipals().add(callerPrincipalGroup);
// process the identity's public and private credentials.
for (Credential credential : securityIdentity.getPublicCredentials()) {
if (credential instanceof PublicKeyCredential) {
subject.getPublicCredentials().add(credential.castAs(PublicKeyCredential.class).getPublicKey());
} else if (credential instanceof X509CertificateChainPublicCredential) {
subject.getPublicCredentials().add(credential.castAs(X509CertificateChainPublicCredential.class).getCertificateChain());
} else {
subject.getPublicCredentials().add(credential);
}
}
for (Credential credential : securityIdentity.getPrivateCredentials()) {
if (credential instanceof PasswordCredential) {
addPrivateCredential(subject, credential.castAs(PasswordCredential.class).getPassword());
} else if (credential instanceof SecretKeyCredential) {
addPrivateCredential(subject, credential.castAs(SecretKeyCredential.class).getSecretKey());
} else if (credential instanceof KeyPairCredential) {
addPrivateCredential(subject, credential.castAs(KeyPairCredential.class).getKeyPair());
} else if (credential instanceof X509CertificateChainPrivateCredential) {
addPrivateCredential(subject, credential.castAs(X509CertificateChainPrivateCredential.class).getCertificateChain());
} else {
addPrivateCredential(subject, credential);
}
}
// add the identity itself as a private credential - integration code can interact with the SI instead of the Subject if desired.
addPrivateCredential(subject, securityIdentity);
return subject;
}
Aggregations