1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 package org.apache.directory.server.kerberos.sam; 21 22 23 import javax.naming.directory.DirContext; 24 import javax.security.auth.kerberos.KerberosKey; 25 import javax.security.auth.kerberos.KerberosPrincipal; 26 27 import org.apache.directory.server.kerberos.shared.messages.value.SamType; 28 29 30 /** 31 * Single-use Authentication Mechanism verifier (subsystem) interface. 32 * SamVerifiers are modules that can be configured and are dynamically 33 * loaded as needed. Implementations have a few requirements and things 34 * implementors should know: 35 * 36 * <ul> 37 * <li>A public default constructor is required,</li> 38 * <li>after instantitation environment properties are supplied,</li> 39 * <li>next the KeyIntegrityChecker is set for the verifier,</li> 40 * <li>finally the verifier is started up by calling startup(), 41 * incidentally this is where all initialization work should be 42 * done using the environment properties supplied. 43 * </li> 44 * </ul> 45 * 46 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 47 * @version $Rev: 540371 $ 48 */ 49 public interface SamVerifier 50 { 51 /** 52 * Starts one of many pluggable SAM type subsystem. 53 * 54 * @throws SamException 55 */ 56 void startup() throws SamException; 57 58 59 /** 60 * Shuts down one of many pluggable SAM type subsystem. 61 */ 62 void shutdown(); 63 64 65 /** 66 * SamVerifiers require a KeyIntegrityChecker to calculate the integrity of 67 * a generated KerberosKey. The Kerberos service exposes this interface 68 * and supplies it to the verifier to check generated keys to conduct the 69 * verification workflow. 70 * 71 * @param keyChecker The integrity checker that validates whether or not a 72 * key can decrypt-decode preauth data (an encryped-encoded generalized 73 * timestamp). 74 */ 75 void setIntegrityChecker( KeyIntegrityChecker keyChecker ); 76 77 78 /** 79 * Verifies the single use password supplied. 80 * 81 * @param principal The kerberos principal to use. 82 * @param sad Single-use authentication data (encrypted generalized timestamp). 83 * @return The {@link KerberosKey}. 84 * @throws SamException 85 */ 86 KerberosKey verify( KerberosPrincipal principal, byte[] sad ) throws SamException; 87 88 89 /** 90 * Gets the registered SAM algorithm type implemented by this SamVerifier. 91 * 92 * @return The type value for the SAM algorithm used to verify the SUP. 93 */ 94 SamType getSamType(); 95 96 97 /** 98 * Sets the user context where users are stored for the primary realm. 99 * 100 * @param userContext 101 */ 102 void setUserContext( DirContext userContext ); 103 }