1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.directory.server.kerberos.shared.store.operations;
22
23
24 import java.io.IOException;
25 import java.util.ArrayList;
26 import java.util.List;
27 import java.util.Map;
28
29 import javax.naming.NamingException;
30 import javax.naming.directory.InvalidAttributeValueException;
31 import javax.security.auth.kerberos.KerberosPrincipal;
32
33 import org.apache.directory.server.core.CoreSession;
34 import org.apache.directory.server.core.entry.ServerAttribute;
35 import org.apache.directory.server.core.entry.ServerEntry;
36 import org.apache.directory.server.core.entry.ServerStringValue;
37 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
38 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
39 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
40 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
41 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
42 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
43 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
44 import org.apache.directory.server.protocol.shared.store.DirectoryServiceOperation;
45 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
46 import org.apache.directory.shared.ldap.constants.SchemaConstants;
47 import org.apache.directory.shared.ldap.entry.Value;
48 import org.apache.directory.shared.ldap.filter.EqualityNode;
49 import org.apache.directory.shared.ldap.filter.ExprNode;
50 import org.apache.directory.shared.ldap.filter.SearchScope;
51 import org.apache.directory.shared.ldap.message.AliasDerefMode;
52 import org.apache.directory.shared.ldap.name.LdapDN;
53 import org.apache.directory.shared.ldap.schema.AttributeType;
54
55
56
57
58
59
60
61
62 public class GetAllPrincipals implements DirectoryServiceOperation
63 {
64 private static final long serialVersionUID = -1214321426487445132L;
65
66 private ExprNode filter;
67
68
69 private ExprNode getFilter( CoreSession session ) throws Exception
70 {
71 if ( filter != null )
72 {
73 return filter;
74 }
75
76 AttributeTypeRegistry registry = session.getDirectoryService().getRegistries().getAttributeTypeRegistry();
77 AttributeType type = registry.lookup( "objectClass" );
78 Value<String> value = new ServerStringValue( type, "krb5Principal" );
79 filter = new EqualityNode<String>( "objectClass", value );
80
81 return filter;
82 }
83
84
85 public Object execute( CoreSession session, LdapDN searchBaseDn ) throws Exception
86 {
87 List<PrincipalStoreEntry> answers = new ArrayList<PrincipalStoreEntry>();
88
89 try
90 {
91 EntryFilteringCursor cursor = session.search( searchBaseDn, SearchScope.ONELEVEL, getFilter( session ),
92 AliasDerefMode.DEREF_ALWAYS, null );
93
94 cursor.beforeFirst();
95 while ( cursor.next() )
96 {
97 ServerEntry result = cursor.get();
98 PrincipalStoreEntry entry = getEntry( result );
99 answers.add( entry );
100 }
101
102 cursor.close();
103
104 PrincipalStoreEntry[] entries = new PrincipalStoreEntry[answers.size()];
105
106 return answers.toArray( entries );
107 }
108 catch ( NamingException e )
109 {
110 e.printStackTrace();
111
112 return null;
113 }
114 }
115
116
117
118
119
120
121
122
123
124 private PrincipalStoreEntry getEntry( ServerEntry attrs ) throws Exception
125 {
126 PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
127
128 String principal = ( String ) attrs.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).get().get();
129 String keyVersionNumber = ( String ) attrs.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).get().get();
130
131 String commonName = ( String ) attrs.get( SchemaConstants.CN_AT ).get().get();
132
133 if ( attrs.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
134 {
135 String samType = ( String ) attrs.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).get().get();
136
137 modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
138 }
139
140 if ( attrs.get( KerberosAttribute.KRB5_KEY_AT ) != null )
141 {
142 ServerAttribute krb5key = ( ServerAttribute ) attrs.get( KerberosAttribute.KRB5_KEY_AT );
143 try
144 {
145 Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
146 modifier.setKeyMap( keyMap );
147 }
148 catch ( IOException ioe )
149 {
150 throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KRB5_KEY_AT
151 + "' contained an invalid value for krb5key." );
152 }
153 }
154
155 modifier.setCommonName( commonName );
156 modifier.setPrincipal( new KerberosPrincipal( principal ) );
157 modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
158
159 return modifier.getEntry();
160 }
161 }