Interface SecurityProviderRegistrar
- All Superinterfaces:
NamedResource,OptionalFeature,PropertyResolver,SecurityProviderChoice
- All Known Implementing Classes:
AbstractSecurityProviderRegistrar,BouncyCastleSecurityProviderRegistrar,EdDSASecurityProviderRegistrar
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final StringBase name for configuration properties related to security providersstatic final StringProperty used to configure whether the provider is enabled regardless of whether it is supported.static final StringProperty used to configure whether to use the provider's name rather than itsProviderinstancestatic final StringAll the entities that are used in calls toisSecurityEntitySupported(Class, String)Fields inherited from interface org.apache.sshd.common.NamedResource
BY_NAME_COMPARATOR, NAME_EXTRACTORFields inherited from interface org.apache.sshd.common.OptionalFeature
FALSE, TRUEFields inherited from interface org.apache.sshd.common.PropertyResolver
EMPTYFields inherited from interface org.apache.sshd.common.util.security.SecurityProviderChoice
EMPTY -
Method Summary
Modifier and TypeMethodDescriptionstatic SecurityProviderRegistrarfindSecurityProviderRegistrarBySecurityEntity(Predicate<? super SecurityProviderRegistrar> entitySelector, Collection<? extends SecurityProviderRegistrar> registrars) default Stringdefault Stringdefault StringgetDefaultSecurityEntitySupportValue(Class<?> entityType) static StringgetEffectiveSecurityEntityName(Class<?> entityType, String name) Determines the "pure" security entity name - e.g., forCiphers it strips the trailing transformation specification in order to extract the base cipher name - e.g., "AES/CBC/NoPadding" => "AES"default PropertyResolverA map of properties that can be used to configure the SSH server or client.static booleandefault booleandefault booleanisCipherSupported(String transformation) default booleandefault booleanisKeyAgreementSupported(String algorithm) default booleanisKeyFactorySupported(String algorithm) default booleanisKeyPairGeneratorSupported(String algorithm) default booleanisMacSupported(String algorithm) default booleanisMessageDigestSupported(String algorithm) default booleandefault booleanisSecurityEntitySupported(Class<?> entityType, String name) static booleanisSecurityEntitySupported(PropertyResolver resolver, String propName, Class<?> entityType, String name, String defaultValue) static booleanisSecurityEntitySupported(SecurityProviderRegistrar registrar, Class<?> entityType, String name, String defaultValue) Checks whether the requested entity type algorithm/name is listed as supported by the registrar's configurationdefault booleanisSignatureSupported(String algorithm) static booleanAttempts to register the security provider represented by the registrar if not already registered.Methods inherited from interface org.apache.sshd.common.NamedResource
getNameMethods inherited from interface org.apache.sshd.common.OptionalFeature
isSupportedMethods inherited from interface org.apache.sshd.common.PropertyResolver
getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getString, getStringProperty, isEmptyMethods inherited from interface org.apache.sshd.common.util.security.SecurityProviderChoice
getSecurityProvider
-
Field Details
-
CONFIG_PROP_BASE
Base name for configuration properties related to security providers- See Also:
-
ENABLED_PROPERTY
Property used to configure whether the provider is enabled regardless of whether it is supported.- See Also:
-
NAMED_PROVIDER_PROPERTY
Property used to configure whether to use the provider's name rather than itsProviderinstance- See Also:
-
ALL_OPTIONS_VALUE
- See Also:
-
ALL_OPTIONS_WILDCARD
- See Also:
-
NO_OPTIONS_VALUE
- See Also:
-
SECURITY_ENTITIES
All the entities that are used in calls toisSecurityEntitySupported(Class, String)
-
-
Method Details
-
getBasePropertyName
-
getConfigurationPropertyName
-
isEnabled
default boolean isEnabled()- Returns:
trueif the provider is enabled regardless of whether it is supported - default=true. Note: checks if the provider has been programmatically disabled viaSecurityUtils.setAPrioriDisabledProvider(String, boolean)- See Also:
-
getParentPropertyResolver
- Specified by:
getParentPropertyResolverin interfacePropertyResolver- Returns:
- The parent resolver that can be used to query for missing properties -
nullif no parent
-
getProperties
Description copied from interface:PropertyResolverA map of properties that can be used to configure the SSH server or client. This map will never be changed by either the server or client and is not supposed to be changed at runtime (changes are not bound to have any effect on a running client or server), though it may affect the creation of sessions later as these values are usually not cached.
Note: the type of the mapped property should match the expected configuration value type -
Long, Integer, Boolean, String, etc.... If it doesn't, thetoString()result of the mapped value is used to convert it to the required type. E.g., if the mapped value is the string "1234" and the expected value is alongthen it will be parsed into one. Also, if the mapped value is anIntegerbut alongis expected, then it will be converted into one.- Specified by:
getPropertiesin interfacePropertyResolver- Returns:
- a valid
Mapcontaining configuration values, nevernull. Note: may be immutable.
-
isCipherSupported
- Parameters:
transformation- The requestedCiphertransformation- Returns:
trueif this security provider supports the transformation- See Also:
-
isKeyFactorySupported
- Parameters:
algorithm- TheKeyFactoryalgorithm- Returns:
trueif this security provider supports the algorithm- See Also:
-
isMessageDigestSupported
- Parameters:
algorithm- TheMessageDigestalgorithm- Returns:
trueif this security provider supports the algorithm- See Also:
-
isKeyPairGeneratorSupported
- Parameters:
algorithm- TheKeyPairGeneratoralgorithm- Returns:
trueif this security provider supports the algorithm- See Also:
-
isKeyAgreementSupported
- Parameters:
algorithm- TheKeyAgreementalgorithm- Returns:
trueif this security provider supports the algorithm- See Also:
-
isMacSupported
- Parameters:
algorithm- TheMacalgorithm- Returns:
trueif this security provider supports the algorithm- See Also:
-
isSignatureSupported
- Parameters:
algorithm- TheSignaturealgorithm- Returns:
trueif this security provider supports the algorithm- See Also:
-
isCertificateFactorySupported
- Parameters:
type- TheCertificateFactorytype- Returns:
trueif this security provider supports the algorithm- See Also:
-
getDefaultSecurityEntitySupportValue
- Parameters:
entityType- The requested entity type - its simple name serves to build the configuration property name.- Returns:
- Configuration value to use if no specific configuration provided - default=empty
- See Also:
-
isSecurityEntitySupported
-
isNamedProviderUsed
default boolean isNamedProviderUsed()- Specified by:
isNamedProviderUsedin interfaceSecurityProviderChoice- Returns:
trueif to use the provider's name rather than itsProviderinstance - default=true- See Also:
-
isAllOptionsValue
- Parameters:
v- Value to be examined- Returns:
trueif the value equals (case insensitive) to eitherALL_OPTIONS_VALUEorALL_OPTIONS_WILDCARD
-
isSecurityEntitySupported
static boolean isSecurityEntitySupported(SecurityProviderRegistrar registrar, Class<?> entityType, String name, String defaultValue) Checks whether the requested entity type algorithm/name is listed as supported by the registrar's configuration- Parameters:
registrar- TheSecurityProviderRegistrarentityType- The requested entity type - its simple name serves to build the configuration property name.name- The requested algorithm/name - Note: if the requested entity is aCipherthen the argument is assumed to be a possible "/" separated transformation and parsed as such in order to retrieve the pure cipher namedefaultValue- Configuration value to use if no specific configuration provided- Returns:
trueregistrar is supported and the value is listed (case insensitive) or * the property is one of the "all" markers- See Also:
-
isSecurityEntitySupported
static boolean isSecurityEntitySupported(PropertyResolver resolver, String propName, Class<?> entityType, String name, String defaultValue) -
getEffectiveSecurityEntityName
Determines the "pure" security entity name - e.g., forCiphers it strips the trailing transformation specification in order to extract the base cipher name - e.g., "AES/CBC/NoPadding" => "AES"- Parameters:
entityType- The security entity type - ignored ifnullname- The effective name - ignored ifnull/empty- Returns:
- The resolved name
-
registerSecurityProvider
Attempts to register the security provider represented by the registrar if not already registered. Note: ifisNamedProviderUsed()istruethen the generated provider will be added to the system's list of known providers.- Parameters:
registrar- TheSecurityProviderRegistrar- Returns:
trueif no provider was previously registered- See Also:
-
findSecurityProviderRegistrarBySecurityEntity
static SecurityProviderRegistrar findSecurityProviderRegistrarBySecurityEntity(Predicate<? super SecurityProviderRegistrar> entitySelector, Collection<? extends SecurityProviderRegistrar> registrars)
-