|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright 2014 SURFnet bv |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
7
|
|
|
* you may not use this file except in compliance with the License. |
|
8
|
|
|
* You may obtain a copy of the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
14
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15
|
|
|
* See the License for the specific language governing permissions and |
|
16
|
|
|
* limitations under the License. |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Surfnet\Stepup\Identity\Api; |
|
20
|
|
|
|
|
21
|
|
|
use Broadway\Domain\AggregateRoot; |
|
22
|
|
|
use Surfnet\Stepup\Exception\DomainException; |
|
23
|
|
|
use Surfnet\Stepup\Identity\Entity\VerifiedSecondFactor; |
|
24
|
|
|
use Surfnet\Stepup\Identity\Value\CommonName; |
|
25
|
|
|
use Surfnet\Stepup\Identity\Value\ContactInformation; |
|
26
|
|
|
use Surfnet\Stepup\Identity\Value\DocumentNumber; |
|
27
|
|
|
use Surfnet\Stepup\Identity\Value\Email; |
|
28
|
|
|
use Surfnet\Stepup\Identity\Value\EmailVerificationWindow; |
|
29
|
|
|
use Surfnet\Stepup\Identity\Value\GssfId; |
|
30
|
|
|
use Surfnet\Stepup\Identity\Value\IdentityId; |
|
31
|
|
|
use Surfnet\Stepup\Identity\Value\Institution; |
|
32
|
|
|
use Surfnet\Stepup\Identity\Value\Locale; |
|
33
|
|
|
use Surfnet\Stepup\Identity\Value\Location; |
|
34
|
|
|
use Surfnet\Stepup\Identity\Value\NameId; |
|
35
|
|
|
use Surfnet\Stepup\Identity\Value\PhoneNumber; |
|
36
|
|
|
use Surfnet\Stepup\Identity\Value\RegistrationAuthorityRole; |
|
37
|
|
|
use Surfnet\Stepup\Identity\Value\SecondFactorId; |
|
38
|
|
|
use Surfnet\Stepup\Identity\Value\SecondFactorIdentifier; |
|
39
|
|
|
use Surfnet\Stepup\Identity\Value\StepupProvider; |
|
40
|
|
|
use Surfnet\Stepup\Identity\Value\U2fKeyHandle; |
|
41
|
|
|
use Surfnet\Stepup\Identity\Value\YubikeyPublicId; |
|
42
|
|
|
use Surfnet\StepupBundle\Value\SecondFactorType; |
|
43
|
|
|
|
|
44
|
|
|
interface Identity extends AggregateRoot |
|
45
|
|
|
{ |
|
46
|
|
|
/** |
|
47
|
|
|
* @param IdentityId $id |
|
48
|
|
|
* @param Institution $institution |
|
49
|
|
|
* @param NameId $nameId |
|
50
|
|
|
* @param CommonName $commonName |
|
51
|
|
|
* @param Email $email |
|
52
|
|
|
* @param Locale $preferredLocale |
|
53
|
|
|
* @return Identity |
|
54
|
|
|
*/ |
|
55
|
|
|
public static function create( |
|
56
|
|
|
IdentityId $id, |
|
57
|
|
|
Institution $institution, |
|
58
|
|
|
NameId $nameId, |
|
59
|
|
|
CommonName $commonName, |
|
60
|
|
|
Email $email, |
|
61
|
|
|
Locale $preferredLocale |
|
62
|
|
|
); |
|
63
|
|
|
|
|
64
|
|
|
/** |
|
65
|
|
|
* Construct a new aggregate root. Aggregate roots can only be affected by events, so no parameters are allowed. |
|
66
|
|
|
*/ |
|
67
|
|
|
public function __construct(); |
|
|
|
|
|
|
68
|
|
|
|
|
69
|
|
|
/** |
|
70
|
|
|
* @param CommonName $commonName |
|
71
|
|
|
* @return void |
|
72
|
|
|
*/ |
|
73
|
|
|
public function rename(CommonName $commonName); |
|
74
|
|
|
|
|
75
|
|
|
/** |
|
76
|
|
|
* @param Email $email |
|
77
|
|
|
* @return void |
|
78
|
|
|
*/ |
|
79
|
|
|
public function changeEmail(Email $email); |
|
80
|
|
|
|
|
81
|
|
|
/** |
|
82
|
|
|
* @param SecondFactorId $secondFactorId |
|
83
|
|
|
* @param YubikeyPublicId $yubikeyPublicId |
|
84
|
|
|
* @return void |
|
85
|
|
|
*/ |
|
86
|
|
|
public function bootstrapYubikeySecondFactor( |
|
87
|
|
|
SecondFactorId $secondFactorId, |
|
88
|
|
|
YubikeyPublicId $yubikeyPublicId |
|
89
|
|
|
); |
|
90
|
|
|
|
|
91
|
|
|
/** |
|
92
|
|
|
* @param SecondFactorId $secondFactorId |
|
93
|
|
|
* @param YubikeyPublicId $yubikeyPublicId |
|
94
|
|
|
* @param EmailVerificationWindow $emailVerificationWindow |
|
95
|
|
|
* @return void |
|
96
|
|
|
*/ |
|
97
|
|
|
public function provePossessionOfYubikey( |
|
98
|
|
|
SecondFactorId $secondFactorId, |
|
99
|
|
|
YubikeyPublicId $yubikeyPublicId, |
|
100
|
|
|
EmailVerificationWindow $emailVerificationWindow |
|
101
|
|
|
); |
|
102
|
|
|
|
|
103
|
|
|
/** |
|
104
|
|
|
* @param SecondFactorId $secondFactorId |
|
105
|
|
|
* @param PhoneNumber $phoneNumber |
|
106
|
|
|
* @param EmailVerificationWindow $emailVerificationWindow |
|
107
|
|
|
* @return void |
|
108
|
|
|
*/ |
|
109
|
|
|
public function provePossessionOfPhone( |
|
110
|
|
|
SecondFactorId $secondFactorId, |
|
111
|
|
|
PhoneNumber $phoneNumber, |
|
112
|
|
|
EmailVerificationWindow $emailVerificationWindow |
|
113
|
|
|
); |
|
114
|
|
|
|
|
115
|
|
|
/** |
|
116
|
|
|
* @param SecondFactorId $secondFactorId |
|
117
|
|
|
* @param StepupProvider $provider |
|
118
|
|
|
* @param GssfId $gssfId |
|
119
|
|
|
* @param EmailVerificationWindow $emailVerificationWindow |
|
120
|
|
|
* @return void |
|
121
|
|
|
*/ |
|
122
|
|
|
public function provePossessionOfGssf( |
|
123
|
|
|
SecondFactorId $secondFactorId, |
|
124
|
|
|
StepupProvider $provider, |
|
125
|
|
|
GssfId $gssfId, |
|
126
|
|
|
EmailVerificationWindow $emailVerificationWindow |
|
127
|
|
|
); |
|
128
|
|
|
|
|
129
|
|
|
/** |
|
130
|
|
|
* @param SecondFactorId $secondFactorId |
|
131
|
|
|
* @param U2fKeyHandle $keyHandle |
|
132
|
|
|
* @param EmailVerificationWindow $emailVerificationWindow |
|
133
|
|
|
* @return void |
|
134
|
|
|
*/ |
|
135
|
|
|
public function provePossessionOfU2fDevice( |
|
136
|
|
|
SecondFactorId $secondFactorId, |
|
137
|
|
|
U2fKeyHandle $keyHandle, |
|
138
|
|
|
EmailVerificationWindow $emailVerificationWindow |
|
139
|
|
|
); |
|
140
|
|
|
|
|
141
|
|
|
/** |
|
142
|
|
|
* @param string $verificationNonce |
|
143
|
|
|
* @return void |
|
144
|
|
|
*/ |
|
145
|
|
|
public function verifyEmail($verificationNonce); |
|
146
|
|
|
|
|
147
|
|
|
/** |
|
148
|
|
|
* Attempts to vet another identity's verified second factor. |
|
149
|
|
|
* |
|
150
|
|
|
* @param Identity $registrant |
|
151
|
|
|
* @param SecondFactorId $registrantsSecondFactorId |
|
152
|
|
|
* @param SecondFactorType $registrantsSecondFactorType |
|
153
|
|
|
* @param SecondFactorIdentifier $registrantsSecondFactorIdentifier |
|
154
|
|
|
* @param string $registrationCode |
|
155
|
|
|
* @param DocumentNumber $documentNumber |
|
156
|
|
|
* @param bool $identityVerified |
|
157
|
|
|
* @return void |
|
158
|
|
|
* @throws DomainException |
|
159
|
|
|
*/ |
|
160
|
|
|
public function vetSecondFactor( |
|
161
|
|
|
Identity $registrant, |
|
162
|
|
|
SecondFactorId $registrantsSecondFactorId, |
|
163
|
|
|
SecondFactorType $registrantsSecondFactorType, |
|
164
|
|
|
SecondFactorIdentifier $registrantsSecondFactorIdentifier, |
|
|
|
|
|
|
165
|
|
|
$registrationCode, |
|
166
|
|
|
DocumentNumber $documentNumber, |
|
167
|
|
|
$identityVerified |
|
168
|
|
|
); |
|
169
|
|
|
|
|
170
|
|
|
/** |
|
171
|
|
|
* Makes the identity comply with an authority's vetting of a verified second factor. |
|
172
|
|
|
* |
|
173
|
|
|
* @param SecondFactorId $secondFactorId |
|
174
|
|
|
* @param SecondFactorType $secondFactorType |
|
175
|
|
|
* @param SecondFactorIdentifier $secondFactorIdentifier |
|
176
|
|
|
* @param string $registrationCode |
|
177
|
|
|
* @param DocumentNumber $documentNumber |
|
178
|
|
|
* @throws DomainException |
|
179
|
|
|
* @return void |
|
180
|
|
|
*/ |
|
181
|
|
|
public function complyWithVettingOfSecondFactor( |
|
182
|
|
|
SecondFactorId $secondFactorId, |
|
183
|
|
|
SecondFactorType $secondFactorType, |
|
184
|
|
|
SecondFactorIdentifier $secondFactorIdentifier, |
|
185
|
|
|
$registrationCode, |
|
186
|
|
|
DocumentNumber $documentNumber |
|
187
|
|
|
); |
|
188
|
|
|
|
|
189
|
|
|
/** |
|
190
|
|
|
* @param SecondFactorId $secondFactorId |
|
191
|
|
|
* @return void |
|
192
|
|
|
*/ |
|
193
|
|
|
public function revokeSecondFactor(SecondFactorId $secondFactorId); |
|
194
|
|
|
|
|
195
|
|
|
/** |
|
196
|
|
|
* @param SecondFactorId $secondFactorId |
|
197
|
|
|
* @param IdentityId $authorityId |
|
198
|
|
|
* @return void |
|
199
|
|
|
*/ |
|
200
|
|
|
public function complyWithSecondFactorRevocation(SecondFactorId $secondFactorId, IdentityId $authorityId); |
|
201
|
|
|
|
|
202
|
|
|
/** |
|
203
|
|
|
* @param Institution $institution |
|
204
|
|
|
* @param RegistrationAuthorityRole $role |
|
205
|
|
|
* @param Location $location |
|
206
|
|
|
* @param ContactInformation $contactInformation |
|
207
|
|
|
* @return void |
|
208
|
|
|
*/ |
|
209
|
|
|
public function accreditWith( |
|
210
|
|
|
RegistrationAuthorityRole $role, |
|
211
|
|
|
Institution $institution, |
|
212
|
|
|
Location $location, |
|
213
|
|
|
ContactInformation $contactInformation |
|
214
|
|
|
); |
|
215
|
|
|
|
|
216
|
|
|
/** |
|
217
|
|
|
* @param RegistrationAuthorityRole $role |
|
218
|
|
|
* @return void |
|
219
|
|
|
*/ |
|
220
|
|
|
public function appointAs(RegistrationAuthorityRole $role); |
|
221
|
|
|
|
|
222
|
|
|
/** |
|
223
|
|
|
* @param Location $location |
|
224
|
|
|
* @param ContactInformation $contactInformation |
|
225
|
|
|
* @return void |
|
226
|
|
|
*/ |
|
227
|
|
|
public function amendRegistrationAuthorityInformation(Location $location, ContactInformation $contactInformation); |
|
228
|
|
|
|
|
229
|
|
|
/** |
|
230
|
|
|
* @return void |
|
231
|
|
|
*/ |
|
232
|
|
|
public function retractRegistrationAuthority(); |
|
233
|
|
|
|
|
234
|
|
|
/** |
|
235
|
|
|
* @param Locale $preferredLocale |
|
236
|
|
|
* @return void |
|
237
|
|
|
*/ |
|
238
|
|
|
public function expressPreferredLocale(Locale $preferredLocale); |
|
239
|
|
|
|
|
240
|
|
|
/** |
|
241
|
|
|
* @return void |
|
242
|
|
|
*/ |
|
243
|
|
|
public function forget(); |
|
244
|
|
|
|
|
245
|
|
|
/** |
|
246
|
|
|
* @return IdentityId |
|
247
|
|
|
*/ |
|
248
|
|
|
public function getId(); |
|
249
|
|
|
|
|
250
|
|
|
/** |
|
251
|
|
|
* @return NameId |
|
252
|
|
|
*/ |
|
253
|
|
|
public function getNameId(); |
|
254
|
|
|
|
|
255
|
|
|
/** |
|
256
|
|
|
* @return Institution |
|
257
|
|
|
*/ |
|
258
|
|
|
public function getInstitution(); |
|
259
|
|
|
|
|
260
|
|
|
/** |
|
261
|
|
|
* @return CommonName |
|
262
|
|
|
*/ |
|
263
|
|
|
public function getCommonName(); |
|
264
|
|
|
|
|
265
|
|
|
/** |
|
266
|
|
|
* @return Email |
|
267
|
|
|
*/ |
|
268
|
|
|
public function getEmail(); |
|
269
|
|
|
|
|
270
|
|
|
/** |
|
271
|
|
|
* @return Locale |
|
272
|
|
|
*/ |
|
273
|
|
|
public function getPreferredLocale(); |
|
274
|
|
|
|
|
275
|
|
|
/** |
|
276
|
|
|
* @param SecondFactorId $secondFactorId |
|
277
|
|
|
* @return VerifiedSecondFactor|null |
|
278
|
|
|
*/ |
|
279
|
|
|
public function getVerifiedSecondFactor(SecondFactorId $secondFactorId); |
|
280
|
|
|
|
|
281
|
|
|
/** |
|
282
|
|
|
* @return IdentityId We're deviating from Broadway's official API, as they accept toString-able VOs as IDs, and we |
|
283
|
|
|
* require the IdentityId VO in our SensitiveDataEventStoreDecorator. |
|
284
|
|
|
*/ |
|
285
|
|
|
public function getAggregateRootId(); |
|
286
|
|
|
} |
|
287
|
|
|
|
OpenConext /
Stepup-Middleware
Loading history...
For interface and abstract methods, it is impossible to infer the return type from the immediate code. In these cases, it is generally advisible to explicitly annotate these methods with a
@returndoc comment to communicate to implementors of these methods what they are expected to return.