001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.security.srp;
023:
024: import java.io.IOException;
025: import java.io.Serializable;
026: import java.io.ObjectStreamField;
027: import java.security.KeyException;
028:
029: /** An interface describing the requirements of a password verifier store.
030: This is an abstraction that allows the <username, verifier, salt> information
031: needed by the server to be plugged in from various sources. E.g., LDAP
032: servers, databases, files, etc.
033:
034: @author Scott.Stark@jboss.org
035: @version $Revision: 57210 $
036: */
037: public interface SRPVerifierStore {
038: public static class VerifierInfo implements Serializable {
039: /** The serial version UID @since 1.2.4.1 */
040: private static final long serialVersionUID = 7420301687504271098L;
041: private static final ObjectStreamField[] serialPersistentFields = {
042: new ObjectStreamField("username", String.class),
043: new ObjectStreamField("verifier", byte[].class),
044: new ObjectStreamField("salt", byte[].class),
045: new ObjectStreamField("g", byte[].class),
046: new ObjectStreamField("N", byte[].class),
047: new ObjectStreamField("hashAlgorithm", String.class),
048: new ObjectStreamField("cipherAlgorithm", String.class),
049: new ObjectStreamField("cipherIV", byte[].class) };
050:
051: /** The username the information applies to. Perhaps redundant but it
052: * makes the object self contained.
053: * @serialField username String username
054: */
055: public String username;
056: /** The SRP password verifier hash
057: * @serialField verifier byte[] password verifier
058: */
059: public byte[] verifier;
060: /** The random password salt originally used to verify the password
061: * @serialField salt originally used to verify the password
062: */
063: public byte[] salt;
064: /** The SRP algorithm primitive generator
065: * @serialField g primitive generator
066: */
067: public byte[] g;
068: /** The algorithm safe-prime modulus
069: * @serialField N safe-prime modulus
070: */
071: public byte[] N;
072: /** The algorithm to hash the session key to produce K. To be consistent
073: with the RFC2945 description this must be SHA_Interleave as implemented
074: by the JBossSX security provider. For compatibility with earlier JBossSX
075: SRP releases the algorithm must be SHA_ReverseInterleave. This name is
076: passed to java.security.MessageDigest.getInstance().
077: * @serialField hashAlgorithm algorithm to hash the session key
078: * @since 1.2.4.2
079: */
080: public String hashAlgorithm;
081: /** The algorithm to use for any encryption of data.
082: * @serialField cipherAlgorithm algorithm to use for any encryption
083: * @since 1.2.4.2
084: */
085: public String cipherAlgorithm;
086: /** The initialization vector to use for any encryption of data.
087: * @serialField cipherIV initialization vector to use for any encryption
088: * @since 1.6
089: */
090: public byte[] cipherIV;
091: }
092:
093: /** Get the indicated user's password verifier information.
094: */
095: public VerifierInfo getUserVerifier(String username)
096: throws KeyException, IOException;
097:
098: /** Set the indicated users' password verifier information. This is equivalent
099: to changing a user's password and should generally invalidate any existing
100: SRP sessions and caches.
101: */
102: public void setUserVerifier(String username, VerifierInfo info)
103: throws IOException;
104:
105: /** Verify an optional auxillary challenge sent from the client to the server. The
106: * auxChallenge object will have been decrypted if it was sent encrypted from the
107: * client. An example of a auxillary challenge would be the validation of a hardware
108: * token (SafeWord, SecureID, iButton) that the server validates to further strengthen
109: * the SRP password exchange.
110: */
111: public void verifyUserChallenge(String username, Object auxChallenge)
112: throws SecurityException;
113: }
|