/*
    * Copyright 2000-2001,2004 The Apache Software Foundation.
    * 
    * Licensed under the Apache License, Version 2.0 (the "License");
    * you may not use this file except in compliance with the License.
    * You may obtain a copy of the License at
    * 
    *      http://www.apache.org/licenses/LICENSE-2.0
    * 
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  
  package org.apache.jetspeed.services.security;
  
  import org.apache.turbine.services.Service;
  
  import org.apache.jetspeed.om.security.JetspeedUser;
  
  /***
   * <p> The <code>UserManagement</code> interface describes a contract between 
   * the portal and security provider required for Jetspeed Credentials Management.
   * This interface enables an application to be independent of the underlying 
   * user management technology.
   *
   * @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
   * @version $Id: CredentialsManagement.java,v 1.3 2004/02/23 03:58:11 jford Exp $
   */
  
  public interface CredentialsManagement extends Service  
  {
      public String SERVICE_NAME = "CredentialsManagement";
  
      /***
       * Allows for a user to change their own password.
       *
       * @param user the user to change the password for.
       * @param oldPassword the current password supplied by the user.
       * @param newPassword the current password requested by the user.
       * @exception UserException when the security provider has a general failure retrieving a user.
       * @exception UnknownUserException when the security provider cannot match
       *            the principal identity to a user.
       * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege 
       */
      void changePassword( JetspeedUser user,
                           String oldPassword, 
                           String newPassword )
          throws JetspeedSecurityException;
  
      /***
       * Forcibly sets new password for a User.
       *
       * Provides an administrator the ability to change the forgotten or
       * compromised passwords. Certain implementatations of this feature
       * would require administrative level access to the authenticating
       * server / program.
       *     
       * @param user the user to change the password for.
       * @param password the new password.   
       * @exception UserException when the security provider has a general failure retrieving a user.
       * @exception UnknownUserException when the security provider cannot match
       *            the principal identity to a user.
       * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege 
       */
      void forcePassword( JetspeedUser user, String password )
          throws JetspeedSecurityException;
  
  
      /***
       * This method provides client-side encryption of passwords.
       *
       * If <code>secure.passwords</code> are enabled in JetspeedSecurity properties,
       * the password will be encrypted, if not, it will be returned unchanged.
       * The <code>secure.passwords.algorithm</code> property can be used
       * to chose which digest algorithm should be used for performing the
       * encryption. <code>SHA</code> is used by default.
       *
       * @param password the password to process
       * @return processed password
       */
      String encryptPassword( String password )
          throws JetspeedSecurityException;
  
  }