001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2015 ForgeRock AS. 015 */ 016package org.forgerock.audit.secure; 017 018import javax.crypto.SecretKey; 019 020/** 021 * Represents a storage for secure keys, to be used for signing files. 022 */ 023public interface SecureStorage { 024 025 /** 026 * Writes the current signature key. 027 * 028 * @param key 029 * The secret key 030 * @throws SecureStorageException 031 * If an errors occurs. 032 */ 033 void writeCurrentSignatureKey(SecretKey key) throws SecureStorageException; 034 035 /** 036 * Reads the current key. 037 * 038 * @return the current key 039 * @throws SecureStorageException 040 * If an errors occurs. 041 */ 042 SecretKey readCurrentKey() throws SecureStorageException; 043 044 /** 045 * Writes the current key. 046 * 047 * @param key the current key 048 * @throws SecureStorageException 049 * If an errors occurs. 050 */ 051 void writeCurrentKey(SecretKey key) throws SecureStorageException; 052 053 /** 054 * Reads the initial key. 055 * 056 * @return the initial key 057 * @throws SecureStorageException 058 * If an errors occurs. 059 */ 060 SecretKey readInitialKey() throws SecureStorageException; 061 062 /** 063 * Writes the initial key. 064 * 065 * @param key the initial key 066 * @throws SecureStorageException 067 * If an errors occurs. 068 */ 069 void writeInitialKey(SecretKey key) throws SecureStorageException; 070 071 /** 072 * Signs the provided data. 073 * 074 * @param signedData 075 * The data to sign. 076 * @return the signed data 077 * @throws SecureStorageException 078 */ 079 byte[] sign(byte[] signedData) throws SecureStorageException; 080 081 /** 082 * Verifies that signed data corresponds to signature. 083 * 084 * @param signedData 085 * the data to verify 086 * @param signature 087 * the signature 088 * @return {@code true} if data corresponds, {@code false} otherwise 089 * @throws SecureStorageException 090 */ 091 boolean verify(byte[] signedData, byte[] signature) throws SecureStorageException; 092 093 /** 094 * Returns the password used to access the storage. 095 * 096 * @return the password 097 */ 098 String getPassword(); 099 100}