001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2015 ForgeRock AS.
015 */
016package org.forgerock.audit.secure;
017
018import javax.crypto.SecretKey;
019
020/**
021 * Represents a storage for secure keys, to be used for signing files.
022 */
023public interface SecureStorage {
024
025    /**
026     * Writes the current signature key.
027     *
028     * @param key
029     *          The secret key
030     * @throws SecureStorageException
031     *          If an errors occurs.
032     */
033    void writeCurrentSignatureKey(SecretKey key) throws SecureStorageException;
034
035    /**
036     * Reads the current key.
037     *
038     * @return the current key
039     * @throws SecureStorageException
040     *          If an errors occurs.
041     */
042    SecretKey readCurrentKey() throws SecureStorageException;
043
044    /**
045     * Writes the current key.
046     *
047     * @param key the current key
048     * @throws SecureStorageException
049     *          If an errors occurs.
050     */
051    void writeCurrentKey(SecretKey key) throws SecureStorageException;
052
053    /**
054     * Reads the initial key.
055     *
056     * @return the initial key
057     * @throws SecureStorageException
058     *          If an errors occurs.
059     */
060    SecretKey readInitialKey() throws SecureStorageException;
061
062    /**
063     * Writes the initial key.
064     *
065     * @param key the initial key
066     * @throws SecureStorageException
067     *          If an errors occurs.
068     */
069    void writeInitialKey(SecretKey key) throws SecureStorageException;
070
071    /**
072     * Signs the provided data.
073     *
074     * @param signedData
075     *          The data to sign.
076     * @return the signed data
077     * @throws SecureStorageException
078     */
079    byte[] sign(byte[] signedData) throws SecureStorageException;
080
081    /**
082     * Verifies that signed data corresponds to signature.
083     *
084     * @param signedData
085     *          the data to verify
086     * @param signature
087     *          the signature
088     * @return {@code true} if data corresponds, {@code false} otherwise
089     * @throws SecureStorageException
090     */
091    boolean verify(byte[] signedData, byte[] signature) throws SecureStorageException;
092
093    /**
094     * Returns the password used to access the storage.
095     *
096     * @return the password
097     */
098    String getPassword();
099
100}