MapCredentialStore.java

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2016 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.credential.store.impl;

import static org.wildfly.security._private.ElytronMessages.log;

import java.io.IOException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;

import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.CredentialStoreSpi;
import org.wildfly.security.credential.store.UnsupportedCredentialTypeException;

/**
 * A map-backed credential store implementation.
 *
 * @author <a href="mailto:david.lloyd@redhat.com">David M. Lloyd</a>
 */
public final class MapCredentialStore extends CredentialStoreSpi {
    public static final String MAP_CREDENTIAL_STORE = "MapCredentialStore";
    private final Map<String, CredentialSource> credentialSources;
    private final boolean modifiable;

    /**
     * Construct a new instance.
     *
     * @param credentialSources the credential sources map to use as the backing map for this store (must not be {@code null})
     * @param modifiable {@code true} to allow modifications via the API, {@code false} otherwise
     */
    public MapCredentialStore(final ConcurrentMap<String, CredentialSource> credentialSources, final boolean modifiable) {
        this.credentialSources = credentialSources;
        this.modifiable = modifiable;
    }

    /**
     * Construct a new unmodifiable instance.
     *
     * @param credentialSources the credential sources map to use (must not be {@code null})
     */
    public MapCredentialStore(final Map<String, CredentialSource> credentialSources) {
        this.credentialSources = credentialSources;
        this.modifiable = false;
    }

    /**
     * Construct a new, modifiable instance backed by a new concurrent map.
     */
    public MapCredentialStore() {
        this(new ConcurrentHashMap<String, CredentialSource>(), true);
    }

    public void initialize(final Map<String, String> attributes, final CredentialStore.ProtectionParameter protectionParameter, Provider[] providers) throws CredentialStoreException {
        if (protectionParameter != null) {
            throw log.invalidProtectionParameter(protectionParameter);
        }
        // no operation
    }

    public boolean isModifiable() {
        return modifiable;
    }

    public Set<String> getAliases() throws UnsupportedOperationException, CredentialStoreException {
        return new HashSet<>(credentialSources.keySet());
    }

    public boolean exists(final String credentialAlias, final Class<? extends Credential> credentialType) throws CredentialStoreException {
        try {
            return credentialSources.getOrDefault(credentialAlias, CredentialSource.NONE).getCredentialAcquireSupport(credentialType).mayBeSupported();
        } catch (IOException e) {
            throw log.cannotAcquireCredentialFromStore(e);
        }
    }

    public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException, UnsupportedCredentialTypeException {
        if (isModifiable()) {
            credentialSources.compute(credentialAlias, (alias, old) -> {
                if (old instanceof IdentityCredentials) {
                    return ((IdentityCredentials) old).withCredential(credential);
                }
                final IdentityCredentials newVal = IdentityCredentials.NONE.withCredential(credential);
                if (old == null) {
                    return newVal;
                } else {
                    return old.with(newVal);
                }
            });
        } else {
            throw log.nonModifiableCredentialStore("store");
        }
    }

    public <C extends Credential> C retrieve(final String credentialAlias, final Class<C> credentialType, final String credentialAlgorithm, final AlgorithmParameterSpec parameterSpec, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
        try {
            return credentialSources.getOrDefault(credentialAlias, CredentialSource.NONE).getCredential(credentialType, credentialAlgorithm, parameterSpec);
        } catch (IOException e) {
            throw log.cannotAcquireCredentialFromStore(e);
        }
    }

    public void remove(final String credentialAlias, final Class<? extends Credential> credentialType, final String credentialAlgorithm, final AlgorithmParameterSpec parameterSpec) throws CredentialStoreException {
        if (isModifiable()) {
            credentialSources.computeIfPresent(credentialAlias, (alias, old) -> old.without(credentialType, credentialAlgorithm, parameterSpec));
        } else {
            throw log.nonModifiableCredentialStore("remove");
        }
    }
}