/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at
 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Copyright 2010 Sun Microsystems, Inc.
 */

package org.opends.sdk.requests;



import org.opends.sdk.ConnectionSecurityLayer;
import org.opends.sdk.ErrorResultException;
import org.opends.sdk.responses.BindResult;



/**
 * An authentication client which can be used to bind to a server. Specifically,
 * a bind client manages the state associated with multi-stage authentication
 * attempts and responds to any challenges returned by the server.
 */
public interface BindClient
{
  /**
   * Disposes of any system resources or security-sensitive information that
   * this bind client might be using. Invoking this method invalidates this
   * instance.
   */
  void dispose();



  /**
   * Evaluates the provided bind result and returns {@code true} if
   * authentication has completed successfully, or {@code false} if additional
   * authentication steps are required (for example during a multi-stage SASL
   * authentication attempt).
   * <p>
   * If additional steps are required then implementations must update their
   * internal state based on information contained in the bind result (for
   * example, using the server provided SASL credentials).
   *
   * @param result
   *          The bind result to be evaluated.
   * @return {@code true} if authentication has completed successfully, of
   *         {@code false} if additional steps are required.
   * @throws ErrorResultException
   *           If the evaluation failed for some reason and authentication
   *           cannot continue.
   */
  boolean evaluateResult(BindResult result) throws ErrorResultException;



  /**
   * Returns a connection security layer, but only if this bind client has
   * negotiated integrity and/or privacy protection for the underlying
   * connection. This method should only be called once authentication has
   * completed.
   *
   * @return A connection security layer, or {@code null} if none was
   *         negotiated.
   */
  ConnectionSecurityLayer getConnectionSecurityLayer();



  /**
   * Returns the next bind request which should be used for the next stage of
   * authentication. Initially, this will be a copy of the original bind request
   * used to create this bind client.
   *
   * @return The next bind request which should be used for the next stage of
   *         authentication.
   */
  GenericBindRequest nextBindRequest();

}