Interface LocalCredentialVerificator
-
- All Superinterfaces:
CredentialExchange
,CredentialVerificator
,pl.edu.icm.unity.types.DescribedObject
,pl.edu.icm.unity.types.NamedObject
,StringConfigurable
- All Known Implementing Classes:
AbstractLocalVerificator
public interface LocalCredentialVerificator extends CredentialVerificator
Verificator of local credentials. Such verificators must have local credential name set. Additionally local verificators are responsible for credential handling, i.e. storing the raw credential or its configuration in DB and verification of the credential state.Those two aspects are merged into one implementation on purpose: both local credential verification and storage of credential data in database is tightly bound together. E.g. password hashed and salted in the DB must be verified using the same hashing and salting.
The information about the supported
CredentialType
is created automatically from the name and description of this object implementation.- Author:
- K. Benedyczak
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialVerificator
CredentialVerificator.VerificatorType
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description pl.edu.icm.unity.types.authn.CredentialPublicInformation
checkCredentialState(java.lang.String currentCredential)
java.lang.String
getCredentialName()
java.lang.String
invalidate(java.lang.String currentCredential)
This method is called only for credentials supporting invalidation.boolean
isCredentialDefinitionChagneOutdatingCredentials(java.lang.String newCredentialDefinition)
Should check if change of credential definition (config) from the currently set to the given as argument may render credential instances invalid or not.boolean
isCredentialSet(pl.edu.icm.unity.types.basic.EntityParam entity)
Check if credential is setboolean
isSupportingInvalidation()
java.lang.String
prepareCredential(java.lang.String rawCredential, java.lang.String currentCredential, boolean verifyNew)
Prepares the credential for DB insertion.void
setCredentialName(java.lang.String credential)
Sets credential definition name for this verificator.java.util.Optional<java.lang.String>
updateCredentialAfterConfigurationChange(java.lang.String currentCredential)
Returns optionally changed argument credential, which can be transformed after the change of configuration.-
Methods inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialExchange
getExchangeId
-
Methods inherited from interface pl.edu.icm.unity.engine.api.authn.CredentialVerificator
getType, setIdentityResolver, setInstanceName
-
Methods inherited from interface pl.edu.icm.unity.engine.api.utils.StringConfigurable
getSerializedConfiguration, setSerializedConfiguration
-
-
-
-
Method Detail
-
getCredentialName
java.lang.String getCredentialName()
- Returns:
- the name of the credential definition associated with this verificator
-
setCredentialName
void setCredentialName(java.lang.String credential)
Sets credential definition name for this verificator. This is only required to perform resolving of the client's identity, to get a proper credential. It is irrelevant for credential's storage.
-
prepareCredential
java.lang.String prepareCredential(java.lang.String rawCredential, java.lang.String currentCredential, boolean verifyNew) throws pl.edu.icm.unity.exceptions.IllegalCredentialException, pl.edu.icm.unity.exceptions.InternalException
Prepares the credential for DB insertion. The credential value can be arbitrary, typically in JSON. Output also. For instance the input can be a password, output a hashed and salted version- Parameters:
rawCredential
- the new credential valuecurrentCredential
- the existing credential, encoded in the database specific way. May be empty or null, when there is no existing credential recorded in DB.verifyNew
- we can set new credential without its verification- Returns:
- string which will be persisted in the database and will be used for verification
- Throws:
pl.edu.icm.unity.exceptions.IllegalCredentialException
- if the new credential is not validpl.edu.icm.unity.exceptions.InternalException
-
checkCredentialState
pl.edu.icm.unity.types.authn.CredentialPublicInformation checkCredentialState(java.lang.String currentCredential) throws pl.edu.icm.unity.exceptions.InternalException
- Parameters:
currentCredential
- current credential as recorded in database- Returns:
- the current state of the credential, wrt the configuration of the verificator
- Throws:
pl.edu.icm.unity.exceptions.InternalException
-
updateCredentialAfterConfigurationChange
java.util.Optional<java.lang.String> updateCredentialAfterConfigurationChange(java.lang.String currentCredential)
Returns optionally changed argument credential, which can be transformed after the change of configuration. It can be assumed that argument credential was created with some old configuration and that the current object is configured with the new one.
-
isSupportingInvalidation
boolean isSupportingInvalidation()
- Returns:
- If the instances can be put into the
LocalCredentialState.outdated
state.
-
invalidate
java.lang.String invalidate(java.lang.String currentCredential)
This method is called only for credentials supporting invalidation.- Parameters:
currentCredential
- the current credential value as stored in DB.- Returns:
- the invalidated credential value, to be stored in database.
-
isCredentialSet
boolean isCredentialSet(pl.edu.icm.unity.types.basic.EntityParam entity) throws pl.edu.icm.unity.exceptions.EngineException
Check if credential is set- Throws:
pl.edu.icm.unity.exceptions.EngineException
-
isCredentialDefinitionChagneOutdatingCredentials
boolean isCredentialDefinitionChagneOutdatingCredentials(java.lang.String newCredentialDefinition)
Should check if change of credential definition (config) from the currently set to the given as argument may render credential instances invalid or not.
-
-