TicketRsaKeyFileProvider.java

/**
 * diqube: Distributed Query Base.
 *
 * Copyright (C) 2015 Bastian Gloeckle
 *
 * This file is part of diqube.
 *
 * diqube is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package org.diqube.ticket;

import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.concurrent.CompletableFuture;

import org.diqube.thrift.base.thrift.Ticket;
import org.diqube.util.Triple;

/**
 * Provides information on what RSA keys should be used to sign/validate {@link Ticket}s.
 *
 * @author Bastian Gloeckle
 */
public interface TicketRsaKeyFileProvider {
  /**
   * Returns OpenSSL .pem files which contain either a RSA public key or a RSA public/private key pair. The public key
   * will be used by {@link TicketSignatureService} to validate any tickets.
   * 
   * For validating tickets the public keys of all returned files are inspected, but new tickets will be signed only
   * with the private key (if there is one) of the <b>first</b> returned file.
   * 
   * @return A {@link CompletableFuture} that completes to a list of {@link Triple}s: Left is the string denoting the
   *         source of the .pem file (= file name), middle is a supplier of a new {@link InputStream} to read from it
   *         and right is the password which is needed to decrypt the .pem stream (<code>null</code> if no password).
   */
  public CompletableFuture<List<Triple<String, IOExceptionSupplier<InputStream>, String>>> getPemFiles();

  /**
   * @return If <code>true</code> it is required that {@link #getPemFiles()} returns files that contain a private key,
   *         otherwise {@link TicketRsaKeyManager} will throw a corresponding exception. If <code>false</code>,
   *         {@link TicketRsaKeyManager} will throw an exception if it finds a file that contains a private key.
   */
  public boolean filesWithPrivateKeyAreRequired();

  public static interface IOExceptionSupplier<T> {
    T get() throws IOException;
  }
}