001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 *
019 */
020 package org.apache.directory.server.kerberos.sam;
021
022
023 import javax.naming.directory.DirContext;
024 import javax.security.auth.kerberos.KerberosKey;
025 import javax.security.auth.kerberos.KerberosPrincipal;
026
027 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
028
029
030 /**
031 * Single-use Authentication Mechanism verifier (subsystem) interface.
032 * SamVerifiers are modules that can be configured and are dynamically
033 * loaded as needed. Implementations have a few requirements and things
034 * implementors should know:
035 *
036 * <ul>
037 * <li>A public default constructor is required,</li>
038 * <li>after instantitation environment properties are supplied,</li>
039 * <li>next the KeyIntegrityChecker is set for the verifier,</li>
040 * <li>finally the verifier is started up by calling startup(),
041 * incidentally this is where all initialization work should be
042 * done using the environment properties supplied.
043 * </li>
044 * </ul>
045 *
046 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
047 * @version $Rev: 540371 $
048 */
049 public interface SamVerifier
050 {
051 /**
052 * Starts one of many pluggable SAM type subsystem.
053 *
054 * @throws SamException
055 */
056 void startup() throws SamException;
057
058
059 /**
060 * Shuts down one of many pluggable SAM type subsystem.
061 */
062 void shutdown();
063
064
065 /**
066 * SamVerifiers require a KeyIntegrityChecker to calculate the integrity of
067 * a generated KerberosKey. The Kerberos service exposes this interface
068 * and supplies it to the verifier to check generated keys to conduct the
069 * verification workflow.
070 *
071 * @param keyChecker The integrity checker that validates whether or not a
072 * key can decrypt-decode preauth data (an encryped-encoded generalized
073 * timestamp).
074 */
075 void setIntegrityChecker( KeyIntegrityChecker keyChecker );
076
077
078 /**
079 * Verifies the single use password supplied.
080 *
081 * @param principal The kerberos principal to use.
082 * @param sad Single-use authentication data (encrypted generalized timestamp).
083 * @return The {@link KerberosKey}.
084 * @throws SamException
085 */
086 KerberosKey verify( KerberosPrincipal principal, byte[] sad ) throws SamException;
087
088
089 /**
090 * Gets the registered SAM algorithm type implemented by this SamVerifier.
091 *
092 * @return The type value for the SAM algorithm used to verify the SUP.
093 */
094 SamType getSamType();
095
096
097 /**
098 * Sets the user context where users are stored for the primary realm.
099 *
100 * @param userContext
101 */
102 void setUserContext( DirContext userContext );
103 }