1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 package org.apache.directory.server.kerberos.sam; 21 22 23 import javax.naming.directory.DirContext; 24 import javax.security.auth.kerberos.KerberosKey; 25 import javax.security.auth.kerberos.KerberosPrincipal; 26 27 import org.apache.directory.shared.kerberos.codec.types.SamType; 28 29 30 /** 31 * Single-use Authentication Mechanism verifier (subsystem) interface. 32 * SamVerifiers are modules that can be configured and are dynamically 33 * loaded as needed. Implementations have a few requirements and things 34 * implementors should know: 35 * 36 * <ul> 37 * <li>A public default constructor is required,</li> 38 * <li>after instantitation environment properties are supplied,</li> 39 * <li>next the KeyIntegrityChecker is set for the verifier,</li> 40 * <li>finally the verifier is started up by calling startup(), 41 * incidentally this is where all initialization work should be 42 * done using the environment properties supplied. 43 * </li> 44 * </ul> 45 * 46 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 47 */ 48 public interface SamVerifier 49 { 50 /** 51 * Starts one of many pluggable SAM type subsystem. 52 * 53 * @throws SamException If the SamVerifier instance cannot be started 54 */ 55 void startup() throws SamException; 56 57 58 /** 59 * Shuts down one of many pluggable SAM type subsystem. 60 */ 61 void shutdown(); 62 63 64 /** 65 * SamVerifiers require a KeyIntegrityChecker to calculate the integrity of 66 * a generated KerberosKey. The Kerberos service exposes this interface 67 * and supplies it to the verifier to check generated keys to conduct the 68 * verification workflow. 69 * 70 * @param keyChecker The integrity checker that validates whether or not a 71 * key can decrypt-decode preauth data (an encryped-encoded generalized 72 * timestamp). 73 */ 74 void setIntegrityChecker( KeyIntegrityChecker keyChecker ); 75 76 77 /** 78 * Verifies the single use password supplied. 79 * 80 * @param principal The kerberos principal to use. 81 * @param sad Single-use authentication data (encrypted generalized timestamp). 82 * @return The {@link KerberosKey}. 83 * @throws SamException If the verification failed 84 */ 85 KerberosKey verify( KerberosPrincipal principal, byte[] sad ) throws SamException; 86 87 88 /** 89 * Gets the registered SAM algorithm type implemented by this SamVerifier. 90 * 91 * @return The type value for the SAM algorithm used to verify the SUP. 92 */ 93 SamType getSamType(); 94 95 96 /** 97 * Sets the user context where users are stored for the primary realm. 98 * 99 * @param userContext The User context 100 */ 101 void setUserContext( DirContext userContext ); 102 }