View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.sam;
21  
22  
23  import javax.naming.directory.DirContext;
24  import javax.security.auth.kerberos.KerberosKey;
25  import javax.security.auth.kerberos.KerberosPrincipal;
26  
27  import org.apache.directory.server.kerberos.shared.messages.value.SamType;
28  
29  
30  /**
31   * Single-use Authentication Mechanism verifier (subsystem) interface.
32   * SamVerifiers are modules that can be configured and are dynamically
33   * loaded as needed.  Implementations have a few requirements and things
34   * implementors should know:
35   *
36   * <ul>
37   *   <li>A public default constructor is required,</li>
38   *   <li>after instantitation environment properties are supplied,</li>
39   *   <li>next the KeyIntegrityChecker is set for the verifier,</li>
40   *   <li>finally the verifier is started up by calling startup(),
41   *       incidentally this is where all initialization work should be
42   *       done using the environment properties supplied.
43   *   </li>
44   * </ul>
45   *
46   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
47   * @version $Rev: 540371 $
48   */
49  public interface SamVerifier
50  {
51      /**
52       * Starts one of many pluggable SAM type subsystem.
53       * 
54       * @throws SamException
55       */
56      void startup() throws SamException;
57  
58  
59      /**
60       * Shuts down one of many pluggable SAM type subsystem.
61       */
62      void shutdown();
63  
64  
65      /**
66       * SamVerifiers require a KeyIntegrityChecker to calculate the integrity of
67       * a generated KerberosKey.  The Kerberos service exposes this interface
68       * and supplies it to the verifier to check generated keys to conduct the
69       * verification workflow.
70       *
71       * @param keyChecker The integrity checker that validates whether or not a
72       * key can decrypt-decode preauth data (an encryped-encoded generalized
73       * timestamp).
74       */
75      void setIntegrityChecker( KeyIntegrityChecker keyChecker );
76  
77  
78      /**
79       * Verifies the single use password supplied.
80       *
81       * @param principal The kerberos principal to use.
82       * @param sad Single-use authentication data (encrypted generalized timestamp).
83       * @return The {@link KerberosKey}.
84       * @throws SamException 
85       */
86      KerberosKey verify( KerberosPrincipal principal, byte[] sad ) throws SamException;
87  
88  
89      /**
90       * Gets the registered SAM algorithm type implemented by this SamVerifier.
91       *
92       * @return The type value for the SAM algorithm used to verify the SUP.
93       */
94      SamType getSamType();
95  
96  
97      /**
98       * Sets the user context where users are stored for the primary realm.
99       *  
100      * @param userContext
101      */
102     void setUserContext( DirContext userContext );
103 }