TokenVendingMachine.java example

Explorer

reinvent2013-mobile-photo-share-master
- server
  - src
    - com
      - amazonaws
        geo
        server
        GeoDynamoDBServlet.java
        util
        Utilities.java
        tvm
        AESEncryption.java
        Configuration.java
        Constants.java
        TokenVendingMachineLogger.java
        Utilities.java
        anonymous
        AnonymousTokenVendingMachine.java
        DeviceAuthentication.java
        TemporaryCredentialManagement.java
        admin
        BaseAdmin.java
        CountDevices.java
        exception
        DataAccessException.java
        MissingParameterException.java
        UnauthorizedException.java
        servlet
        GetTokenServlet.java
        RegisterDeviceServlet.java
        RootServlet.java
        identity
        DeviceAuthentication.java
        IdentityTokenVendingMachine.java
        TemporaryCredentialManagement.java
        TokenVendingMachine.java
        UserAuthentication.java
        admin
        BaseAdmin.java
        CountDevices.java
        CountUsers.java
        DeleteUser.java
        DescribeUser.java
        ListUsers.java
        exception
        DataAccessException.java
        MissingParameterException.java
        UnauthorizedException.java
        servlet
        GetTokenServlet.java
        LoginServlet.java
        RegisterUserServlet.java
        RootServlet.java

/*
 * Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

package com.amazonaws.tvm.identity;

/**
 * This interface exposes key functions performed by Token Vending Machine. TVM
 * (Token Vending Machine) operates in 2 modes i.e. Anonymous and Identity.
 * Anonymous mode is suitable for use-cases which allows anybody and everybody
 * to get tokens necessary to access AWS resources. Identity mode is more useful
 * when application developer needs to track their customer and how much
 * resources each of them is using. This mode is also suitable to when
 * application developer wants to charge as per usage.
 */
public interface TokenVendingMachine {

    /**
     * Allows user device (e.g. mobile) to register with Token Vending Machine
     * (TVM). This function is useful in Anonymous mode
     * 
     * @param uid
     *            Unique device identifier
     * @param key
     *            Secret piece of information
     * @return status code indicating if the registration was successful or not
     * @throws Exception
     */
    int registerDevice(String uid, String key) throws Exception;

    /**
     * Allows users to register with Token Vending Machine (TVM). This function
     * is useful in Identity mode
     * 
     * @param username
     *            Unique alphanumeric string of length between 3 to 128
     *            characters with special characters limited to underscore (_)
     *            and period (.)
     * @param password
     *            String of length between 6 to 128 characters
     * @param endpoint
     *            DNS name of host machine
     * @return status code indicating if the registration was successful or not
     * @throws Exception
     */
    int registerUser(String username, String password, String endpoint) throws Exception;

    /**
     * Verify if the token request is valid. UID is authenticated. The timestamp
     * is checked to see it falls within the valid timestamp window. The
     * signature is computed and matched against the given signature. Useful in
     * Anonymous and Identity modes
     * 
     * @param uid
     *            Unique device identifier
     * @param signature
     *            Base64 encoded HMAC-SHA256 signature derived from key and
     *            timestamp
     * @param timestamp
     *            Timestamp of the request in ISO8601 format
     * @return status code indicating if token request is valid or not
     * @throws Exception
     */
    int validateTokenRequest(String uid, String signature, String timestamp) throws Exception;

    /**
     * Generate tokens for given UID. The tokens are encrypted using the key
     * corresponding to UID. Encrypted tokens are then wrapped in JSON object
     * before returning it. Useful in Anonymous and Identity modes
     * 
     * @param uid
     *            Unique device identifier
     * @return encrypted tokens as JSON object
     * @throws Exception
     */
    String getToken(String uid) throws Exception;

    /**
     * Verify if the login request is valid. Username and UID are authenticated.
     * The timestamp is checked to see it falls within the valid timestamp
     * window. The signature is computed and matched against the given
     * signature. Also its checked to see if the UID belongs to the username.
     * This function is useful in Identity mode
     * 
     * @param username
     *            Unique user identifier
     * @param uid
     *            Unique device identifier
     * @param signature
     *            Base64 encoded HMAC-SHA256 signature derived from hash of
     *            salted-password and timestamp
     * @param timestamp
     *            Timestamp of the request in ISO8601 format
     * @return status code indicating if login request is valid or not
     * @throws Exception
     */
    int validateLoginRequest(String username, String uid, String signature, String timestamp) throws Exception;

    /**
     * Generate key for device UID. The key is encrypted by hash of salted
     * password of the user. Encrypted key is then wrapped in JSON object before
     * returning it. This function is useful in Identity mode
     * 
     * @param username
     *            Unique user identifier
     * @param uid
     *            Unique device identifier
     * @return encrypted key as JSON object
     * @throws Exception
     */
    String getKey(String username, String uid) throws Exception;

}