Package pl.edu.icm.unity.engine.api.authn.local

Interface LocalCredentialVerificator

All Superinterfaces:
CredentialExchange, CredentialVerificator, DescribedObject, NamedObject, StringConfigurable
All Known Implementing Classes:
AbstractLocalVerificator
public interface LocalCredentialVerificator extends CredentialVerificator
Verificator of local credentials. Such verificators must have local credential name set. Additionally local verificators are responsible for credential handling, i.e. storing the raw credential or its configuration in DB and verification of the credential state.

Those two aspects are merged into one implementation on purpose: both local credential verification and storage of credential data in database is tightly bound together. E.g. password hashed and salted in the DB must be verified using the same hashing and salting.

The information about the supported CredentialType is created automatically from the name and description of this object implementation.

Author:
K. Benedyczak

  • Method Details

    • getCredentialName

      String getCredentialName()
      Returns:
      the name of the credential definition associated with this verificator

    • setCredentialName

      void setCredentialName(String credential)
      Sets credential definition name for this verificator. This is only required to perform resolving of the client's identity, to get a proper credential. It is irrelevant for credential's storage.

    • prepareCredential

      String prepareCredential(String rawCredential, String currentCredential, boolean verifyNew) throws IllegalCredentialException, InternalException
      Prepares the credential for DB insertion. The credential value can be arbitrary, typically in JSON. Output also. For instance the input can be a password, output a hashed and salted version
      Parameters:
      rawCredential - the new credential value
      currentCredential - the existing credential, encoded in the database specific way. May be empty or null, when there is no existing credential recorded in DB.
      verifyNew - we can set new credential without its verification
      Returns:
      string which will be persisted in the database and will be used for verification
      Throws:
      IllegalCredentialException - if the new credential is not valid
      InternalException

    • checkCredentialState

      CredentialPublicInformation checkCredentialState(String currentCredential) throws InternalException
      Parameters:
      currentCredential - current credential as recorded in database
      Returns:
      the current state of the credential, wrt the configuration of the verificator
      Throws:
      InternalException

    • updateCredentialAfterConfigurationChange

      Optional<String> updateCredentialAfterConfigurationChange(String currentCredential)
      Returns optionally changed argument credential, which can be transformed after the change of configuration. It can be assumed that argument credential was created with some old configuration and that the current object is configured with the new one.

    • isSupportingInvalidation

      boolean isSupportingInvalidation()
      Returns:
      If the instances can be put into the LocalCredentialState.outdated state.

    • invalidate

      String invalidate(String currentCredential)
      This method is called only for credentials supporting invalidation.
      Parameters:
      currentCredential - the current credential value as stored in DB.
      Returns:
      the invalidated credential value, to be stored in database.

    • isCredentialSet

      boolean isCredentialSet(EntityParam entity) throws EngineException
      Check if credential is set
      Throws:
      EngineException

    • isCredentialDefinitionChagneOutdatingCredentials

      boolean isCredentialDefinitionChagneOutdatingCredentials(String newCredentialDefinition)
      Should check if change of credential definition (config) from the currently set to the given as argument may render credential instances invalid or not.