Interface LocalCredentialVerificator

  • All Superinterfaces:
    CredentialExchange, CredentialVerificator, pl.edu.icm.unity.types.DescribedObject, pl.edu.icm.unity.types.NamedObject, StringConfigurable
    All Known Implementing Classes:
    AbstractLocalVerificator

    public interface LocalCredentialVerificator
    extends CredentialVerificator
    Verificator of local credentials. Such verificators must have local credential name set. Additionally local verificators are responsible for credential handling, i.e. storing the raw credential or its configuration in DB and verification of the credential state.

    Those two aspects are merged into one implementation on purpose: both local credential verification and storage of credential data in database is tightly bound together. E.g. password hashed and salted in the DB must be verified using the same hashing and salting.

    The information about the supported CredentialType is created automatically from the name and description of this object implementation.

    Author:
    K. Benedyczak
    • Method Detail

      • getCredentialName

        java.lang.String getCredentialName()
        Returns:
        the name of the credential definition associated with this verificator
      • setCredentialName

        void setCredentialName​(java.lang.String credential)
        Sets credential definition name for this verificator. This is only required to perform resolving of the client's identity, to get a proper credential. It is irrelevant for credential's storage.
      • prepareCredential

        java.lang.String prepareCredential​(java.lang.String rawCredential,
                                           java.lang.String currentCredential,
                                           boolean verifyNew)
                                    throws pl.edu.icm.unity.exceptions.IllegalCredentialException,
                                           pl.edu.icm.unity.exceptions.InternalException
        Prepares the credential for DB insertion. The credential value can be arbitrary, typically in JSON. Output also. For instance the input can be a password, output a hashed and salted version
        Parameters:
        rawCredential - the new credential value
        currentCredential - the existing credential, encoded in the database specific way. May be empty or null, when there is no existing credential recorded in DB.
        verifyNew - we can set new credential without its verification
        Returns:
        string which will be persisted in the database and will be used for verification
        Throws:
        pl.edu.icm.unity.exceptions.IllegalCredentialException - if the new credential is not valid
        pl.edu.icm.unity.exceptions.InternalException
      • checkCredentialState

        pl.edu.icm.unity.types.authn.CredentialPublicInformation checkCredentialState​(java.lang.String currentCredential)
                                                                               throws pl.edu.icm.unity.exceptions.InternalException
        Parameters:
        currentCredential - current credential as recorded in database
        Returns:
        the current state of the credential, wrt the configuration of the verificator
        Throws:
        pl.edu.icm.unity.exceptions.InternalException
      • updateCredentialAfterConfigurationChange

        java.util.Optional<java.lang.String> updateCredentialAfterConfigurationChange​(java.lang.String currentCredential)
        Returns optionally changed argument credential, which can be transformed after the change of configuration. It can be assumed that argument credential was created with some old configuration and that the current object is configured with the new one.
      • isSupportingInvalidation

        boolean isSupportingInvalidation()
        Returns:
        If the instances can be put into the LocalCredentialState.outdated state.
      • invalidate

        java.lang.String invalidate​(java.lang.String currentCredential)
        This method is called only for credentials supporting invalidation.
        Parameters:
        currentCredential - the current credential value as stored in DB.
        Returns:
        the invalidated credential value, to be stored in database.
      • isCredentialSet

        boolean isCredentialSet​(pl.edu.icm.unity.types.basic.EntityParam entity)
                         throws pl.edu.icm.unity.exceptions.EngineException
        Check if credential is set
        Throws:
        pl.edu.icm.unity.exceptions.EngineException
      • isCredentialDefinitionChagneOutdatingCredentials

        boolean isCredentialDefinitionChagneOutdatingCredentials​(java.lang.String newCredentialDefinition)
        Should check if change of credential definition (config) from the currently set to the given as argument may render credential instances invalid or not.