Package org.apache.sshd.common.util.security

Interface SecurityProviderRegistrar

All Superinterfaces:
NamedResource, OptionalFeature, PropertyResolver, SecurityProviderChoice
All Known Implementing Classes:
AbstractSecurityProviderRegistrar, BouncyCastleSecurityProviderRegistrar, EdDSASecurityProviderRegistrar, SunJCESecurityProviderRegistrar
public interface SecurityProviderRegistrar extends SecurityProviderChoice, OptionalFeature, PropertyResolver
Author:
Apache MINA SSHD Project

  • Field Details

  • Method Details

    • getBasePropertyName

      default String getBasePropertyName()

    • getConfigurationPropertyName

      default String getConfigurationPropertyName(String name)

    • isEnabled

      default boolean isEnabled()
      Returns:
      true if the provider is enabled regardless of whether it is supported - default=true. Note: checks if the provider has been programmatically disabled via SecurityUtils.setAPrioriDisabledProvider(String, boolean)
      See Also:

    • getParentPropertyResolver

      default PropertyResolver getParentPropertyResolver()
      Specified by:
      getParentPropertyResolver in interface PropertyResolver
      Returns:
      The parent resolver that can be used to query for missing properties - null if no parent

    • getProperties

      default Map<String,Object> getProperties()
      Description copied from interface: PropertyResolver

      A map of properties that can be used to configure the SSH server or client. This map will never be changed by either the server or client and is not supposed to be changed at runtime (changes are not bound to have any effect on a running client or server), though it may affect the creation of sessions later as these values are usually not cached.

      Note: the type of the mapped property should match the expected configuration value type - Long, Integer, Boolean, String, etc.... If it doesn't, the toString() result of the mapped value is used to convert it to the required type. E.g., if the mapped value is the string "1234" and the expected value is a long then it will be parsed into one. Also, if the mapped value is an Integer but a long is expected, then it will be converted into one.

      Specified by:
      getProperties in interface PropertyResolver
      Returns:
      a valid Map containing configuration values, never null. Note: may be immutable.

    • isCipherSupported

      default boolean isCipherSupported(String transformation)
      Parameters:
      transformation - The requested Cipher transformation
      Returns:
      true if this security provider supports the transformation
      See Also:

    • isKeyFactorySupported

      default boolean isKeyFactorySupported(String algorithm)
      Parameters:
      algorithm - The KeyFactory algorithm
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • isMessageDigestSupported

      default boolean isMessageDigestSupported(String algorithm)
      Parameters:
      algorithm - The MessageDigest algorithm
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • isKeyPairGeneratorSupported

      default boolean isKeyPairGeneratorSupported(String algorithm)
      Parameters:
      algorithm - The KeyPairGenerator algorithm
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • isKeyAgreementSupported

      default boolean isKeyAgreementSupported(String algorithm)
      Parameters:
      algorithm - The KeyAgreement algorithm
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • isMacSupported

      default boolean isMacSupported(String algorithm)
      Parameters:
      algorithm - The Mac algorithm
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • isSignatureSupported

      default boolean isSignatureSupported(String algorithm)
      Parameters:
      algorithm - The Signature algorithm
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • isCertificateFactorySupported

      default boolean isCertificateFactorySupported(String type)
      Parameters:
      type - The CertificateFactory type
      Returns:
      true if this security provider supports the algorithm
      See Also:

    • getEdDSASupport

      default Optional<EdDSASupport<?,?>> getEdDSASupport()
      Returns:
      the EdDSA support implementation associated with the security provider (if applicable)

    • getDefaultSecurityEntitySupportValue

      default String getDefaultSecurityEntitySupportValue(Class<?> entityType)
      Parameters:
      entityType - The requested entity type - its simple name serves to build the configuration property name.
      Returns:
      Configuration value to use if no specific configuration provided - default=empty
      See Also:

    • isSecurityEntitySupported

      default boolean isSecurityEntitySupported(Class<?> entityType, String name)

    • isNamedProviderUsed

      default boolean isNamedProviderUsed()
      Specified by:
      isNamedProviderUsed in interface SecurityProviderChoice
      Returns:
      true if to use the provider's name rather than its Provider instance - default=true
      See Also:

    • isAllOptionsValue

      static boolean isAllOptionsValue(String v)
      Parameters:
      v - Value to be examined
      Returns:
      true if the value equals (case insensitive) to either ALL_OPTIONS_VALUE or ALL_OPTIONS_WILDCARD

    • isSecurityEntitySupported

      static boolean isSecurityEntitySupported(SecurityProviderRegistrar registrar, Class<?> entityType, String name, String defaultValue)
      Checks whether the requested entity type algorithm/name is listed as supported by the registrar's configuration
      Parameters:
      registrar - The SecurityProviderRegistrar
      entityType - The requested entity type - its simple name serves to build the configuration property name.
      name - The requested algorithm/name - Note: if the requested entity is a Cipher then the argument is assumed to be a possible "/" separated transformation and parsed as such in order to retrieve the pure cipher name
      defaultValue - Configuration value to use if no specific configuration provided
      Returns:
      true registrar is supported and the value is listed (case insensitive) or * the property is one of the "all" markers
      See Also:

    • isSecurityEntitySupported

      static boolean isSecurityEntitySupported(PropertyResolver resolver, String propName, Class<?> entityType, String name, String defaultValue)

    • getEffectiveSecurityEntityName

      static String getEffectiveSecurityEntityName(Class<?> entityType, String name)
      Determines the "pure" security entity name - e.g., for Ciphers it strips the trailing transformation specification in order to extract the base cipher name - e.g., "AES/CBC/NoPadding" => "AES"
      Parameters:
      entityType - The security entity type - ignored if null
      name - The effective name - ignored if null/empty
      Returns:
      The resolved name

    • registerSecurityProvider

      static boolean registerSecurityProvider(SecurityProviderRegistrar registrar)
      Attempts to register the security provider represented by the registrar if not already registered. Note: if isNamedProviderUsed() is true then the generated provider will be added to the system's list of known providers.
      Parameters:
      registrar - The SecurityProviderRegistrar
      Returns:
      true if no provider was previously registered
      See Also:

    • findSecurityProviderRegistrarBySecurityEntity

      static SecurityProviderRegistrar findSecurityProviderRegistrarBySecurityEntity(Predicate<? super SecurityProviderRegistrar> entitySelector, Collection<? extends SecurityProviderRegistrar> registrars)