Package org.wildfly.security.credential.store

Class CredentialStoreSpi

java.lang.Object
org.wildfly.security.credential.store.CredentialStoreSpi
Direct Known Subclasses:
KeyStoreCredentialStore, MapCredentialStore, PropertiesCredentialStore, VaultCredentialStore
public abstract class CredentialStoreSpi extends Object
SPI for credential store provider to implement.
Author:
Peter Skopek

  • Field Details

  • Constructor Details

    • CredentialStoreSpi

      protected CredentialStoreSpi()
      Construct a new instance of this SPI.

  • Method Details

    • initialize

      public abstract void initialize(Map<String,String> attributes, CredentialStore.ProtectionParameter protectionParameter, Provider[] providers) throws CredentialStoreException
      Initialize credential store service with given attributes. This procedure should set initialized after successful initialization.
      Parameters:
      attributes - attributes to used to pass information to credential store service
      protectionParameter - the store-wide protection parameter to apply, or null for none
      providers - providers to be injected into SPI implementation to get custom object instances of various type from, or null for none
      Throws:
      CredentialStoreException - if initialization fails due to any reason

    • isInitialized

      public boolean isInitialized()
      Checks whether underlying credential store service is initialized.
      Returns:
      true in case of initialization passed successfully, false otherwise.

    • isModifiable

      public abstract boolean isModifiable()
      Check if credential store service supports modification of its store
      Returns:
      true in case of modification of the store is supported, false otherwise

    • exists

      public boolean exists(String credentialAlias, Class<? extends Credential> credentialType) throws CredentialStoreException
      Check whether credential store service has an entry associated with the given credential alias of specified credential type. The default implementation simply attempts to retrieve the credential without a protection parameter, and returns true if any credential was returned. Credential stores which use a protection parameter should override this method.
      Parameters:
      credentialAlias - key to check existence
      credentialType - to class of credential to look for
      Returns:
      true in case key exist in store otherwise false
      Throws:
      CredentialStoreException - when there is a problem with credential store

    • store

      public abstract void store(String credentialAlias, Credential credential, CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException, UnsupportedCredentialTypeException
      Store credential to the credential store service under the given alias. If given alias already contains specific credential type type the credential replaces older one. Note: CredentialStoreSpi supports storing of multiple entries (credential types) per alias. Each must be of different credential type, or differing algorithm, or differing parameters.
      Parameters:
      credentialAlias - to store the credential to the store
      credential - instance of Credential to store
      protectionParameter - the protection parameter to apply to the entry, or null for none
      Throws:
      CredentialStoreException - when the credential cannot be stored
      UnsupportedCredentialTypeException - when the credentialType is not supported

    • retrieve

      public abstract <C extends Credential> C retrieve(String credentialAlias, Class<C> credentialType, String credentialAlgorithm, AlgorithmParameterSpec parameterSpec, CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException
      Retrieve the credential stored in the store under the given alias, matching the given criteria.
      Type Parameters:
      C - the credential type
      Parameters:
      credentialAlias - to find the credential in the store
      credentialType - the credential type class (must not be null)
      credentialAlgorithm - the credential algorithm to match, or null to match any algorithm
      parameterSpec - the parameter specification to match, or null to match any parameters
      protectionParameter - the protection parameter to use to access the entry, or null for none
      Returns:
      instance of Credential stored in the store, or null if the credential is not found
      Throws:
      CredentialStoreException - if the credential cannot be retrieved due to an error

    • remove

      public abstract void remove(String credentialAlias, Class<? extends Credential> credentialType, String credentialAlgorithm, AlgorithmParameterSpec parameterSpec) throws CredentialStoreException
      Remove the credentialType with from given alias from the credential store service.
      Parameters:
      credentialAlias - alias to remove
      credentialType - the credential type class to match (must not be null)
      credentialAlgorithm - the credential algorithm to match, or null to match all algorithms
      parameterSpec - the credential parameters to match, or null to match all parameters
      Throws:
      CredentialStoreException - if the credential cannot be removed due to an error

    • flush

      public void flush() throws CredentialStoreException
      Flush the credential store contents to storage. If the credential store does not support or require explicit flushing, this method should do nothing and simply return.
      Throws:
      CredentialStoreException - if the flush fails for some reason.

    • getAliases

      public Set<String> getAliases() throws UnsupportedOperationException, CredentialStoreException
      Returns credential aliases stored in this store as Set<String>. It is not mandatory to override this method (throws UnsupportedOperationException by default).
      Returns:
      Set<String> of all keys stored in this store
      Throws:
      UnsupportedOperationException - when this method is not supported by the underlying credential store
      CredentialStoreException - if there is any problem with internal store

    • getCredentialTypesForAlias

      public Set<String> getCredentialTypesForAlias(String credentialAlias) throws UnsupportedOperationException
      Returns credential types stored in this store with given alias as Set<String>. It is not mandatory to override this method (throws UnsupportedOperationException by default).
      Parameters:
      credentialAlias - to find the credentials types in the store
      Returns:
      Set<String> of all credential types stored in this store with credential alias
      Throws:
      UnsupportedOperationException - when this method is not supported by the underlying credential store

    • validateAttribute

      public void validateAttribute(Map<String,String> attributes, List<String> validAttributes) throws CredentialStoreException
      Validate given attributes in credential store implementation.
      Parameters:
      attributes - attributes to used to pass information to credential store service.
      validAttributes - valid attributes based on credential store implementation.
      Throws:
      CredentialStoreException - if validation fails