001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *  
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *  
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License. 
018     *  
019     */
020    package org.apache.directory.server.kerberos.sam;
021    
022    
023    import javax.naming.directory.DirContext;
024    import javax.security.auth.kerberos.KerberosKey;
025    import javax.security.auth.kerberos.KerberosPrincipal;
026    
027    import org.apache.directory.server.kerberos.shared.messages.value.SamType;
028    
029    
030    /**
031     * Single-use Authentication Mechanism verifier (subsystem) interface.
032     * SamVerifiers are modules that can be configured and are dynamically
033     * loaded as needed.  Implementations have a few requirements and things
034     * implementors should know:
035     *
036     * <ul>
037     *   <li>A public default constructor is required,</li>
038     *   <li>after instantitation environment properties are supplied,</li>
039     *   <li>next the KeyIntegrityChecker is set for the verifier,</li>
040     *   <li>finally the verifier is started up by calling startup(),
041     *       incidentally this is where all initialization work should be
042     *       done using the environment properties supplied.
043     *   </li>
044     * </ul>
045     *
046     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
047     * @version $Rev: 540371 $
048     */
049    public interface SamVerifier
050    {
051        /**
052         * Starts one of many pluggable SAM type subsystem.
053         * 
054         * @throws SamException
055         */
056        void startup() throws SamException;
057    
058    
059        /**
060         * Shuts down one of many pluggable SAM type subsystem.
061         */
062        void shutdown();
063    
064    
065        /**
066         * SamVerifiers require a KeyIntegrityChecker to calculate the integrity of
067         * a generated KerberosKey.  The Kerberos service exposes this interface
068         * and supplies it to the verifier to check generated keys to conduct the
069         * verification workflow.
070         *
071         * @param keyChecker The integrity checker that validates whether or not a
072         * key can decrypt-decode preauth data (an encryped-encoded generalized
073         * timestamp).
074         */
075        void setIntegrityChecker( KeyIntegrityChecker keyChecker );
076    
077    
078        /**
079         * Verifies the single use password supplied.
080         *
081         * @param principal The kerberos principal to use.
082         * @param sad Single-use authentication data (encrypted generalized timestamp).
083         * @return The {@link KerberosKey}.
084         * @throws SamException 
085         */
086        KerberosKey verify( KerberosPrincipal principal, byte[] sad ) throws SamException;
087    
088    
089        /**
090         * Gets the registered SAM algorithm type implemented by this SamVerifier.
091         *
092         * @return The type value for the SAM algorithm used to verify the SUP.
093         */
094        SamType getSamType();
095    
096    
097        /**
098         * Sets the user context where users are stored for the primary realm.
099         *  
100         * @param userContext
101         */
102        void setUserContext( DirContext userContext );
103    }