View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.sam;
21  
22  
23  import javax.naming.directory.DirContext;
24  import javax.security.auth.kerberos.KerberosKey;
25  import javax.security.auth.kerberos.KerberosPrincipal;
26  
27  import org.apache.directory.shared.kerberos.codec.types.SamType;
28  
29  
30  /**
31   * Single-use Authentication Mechanism verifier (subsystem) interface.
32   * SamVerifiers are modules that can be configured and are dynamically
33   * loaded as needed.  Implementations have a few requirements and things
34   * implementors should know:
35   *
36   * <ul>
37   *   <li>A public default constructor is required,</li>
38   *   <li>after instantitation environment properties are supplied,</li>
39   *   <li>next the KeyIntegrityChecker is set for the verifier,</li>
40   *   <li>finally the verifier is started up by calling startup(),
41   *       incidentally this is where all initialization work should be
42   *       done using the environment properties supplied.
43   *   </li>
44   * </ul>
45   *
46   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
47   */
48  public interface SamVerifier
49  {
50      /**
51       * Starts one of many pluggable SAM type subsystem.
52       * 
53       * @throws SamException If the SamVerifier instance cannot be started
54       */
55      void startup() throws SamException;
56  
57  
58      /**
59       * Shuts down one of many pluggable SAM type subsystem.
60       */
61      void shutdown();
62  
63  
64      /**
65       * SamVerifiers require a KeyIntegrityChecker to calculate the integrity of
66       * a generated KerberosKey.  The Kerberos service exposes this interface
67       * and supplies it to the verifier to check generated keys to conduct the
68       * verification workflow.
69       *
70       * @param keyChecker The integrity checker that validates whether or not a
71       * key can decrypt-decode preauth data (an encryped-encoded generalized
72       * timestamp).
73       */
74      void setIntegrityChecker( KeyIntegrityChecker keyChecker );
75  
76  
77      /**
78       * Verifies the single use password supplied.
79       *
80       * @param principal The kerberos principal to use.
81       * @param sad Single-use authentication data (encrypted generalized timestamp).
82       * @return The {@link KerberosKey}.
83       * @throws SamException If the verification failed
84       */
85      KerberosKey verify( KerberosPrincipal principal, byte[] sad ) throws SamException;
86  
87  
88      /**
89       * Gets the registered SAM algorithm type implemented by this SamVerifier.
90       *
91       * @return The type value for the SAM algorithm used to verify the SUP.
92       */
93      SamType getSamType();
94  
95  
96      /**
97       * Sets the user context where users are stored for the primary realm.
98       *  
99       * @param userContext The User context
100      */
101     void setUserContext( DirContext userContext );
102 }