001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 *
019 */
020 package org.apache.directory.server.kerberos.sam;
021
022
023 import javax.security.auth.kerberos.KerberosKey;
024
025
026 /**
027 * Checks the integrity of a kerberos key to decode-decrypt an encrypted
028 * generalized timestamp representing the pre-auth data.
029 *
030 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
031 * @version $Rev: 437036 $
032 */
033 public interface KeyIntegrityChecker
034 {
035 /**
036 * Checks the integrity of a KerberosKey to decrypt-decode and compare an
037 * encrypted encoded generalized timestamp representing the preauth data.
038 *
039 * @param preauthData the generalized timestamp encrypted with client hotp
040 * generated KerberosKey
041 * @param key the KerberosKey generated from server side hotp value
042 * @return true if the key can decrypt-decode and make sense out of the
043 * timestamp verifying that it is in skew, false otherwise
044 */
045 boolean checkKeyIntegrity( byte[] preauthData, KerberosKey key );
046 }