View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.shared.store.operations;
21  
22  
23  import java.io.IOException;
24  import java.text.ParseException;
25  import java.util.Map;
26  
27  import javax.naming.NamingException;
28  import javax.naming.directory.InvalidAttributeValueException;
29  import javax.security.auth.kerberos.KerberosPrincipal;
30  
31  import org.apache.directory.server.core.CoreSession;
32  import org.apache.directory.server.core.entry.ServerEntry;
33  import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
34  import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
35  import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
36  import org.apache.directory.server.kerberos.shared.messages.value.SamType;
37  import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
38  import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
39  import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
40  import org.apache.directory.server.protocol.shared.store.DirectoryServiceOperation;
41  import org.apache.directory.shared.ldap.entry.EntryAttribute;
42  import org.apache.directory.shared.ldap.name.LdapDN;
43  
44  
45  /**
46   * Encapsulates the action of looking up a principal in an embedded ApacheDS DIT.
47   *
48   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
49   * @version $Rev: 682235 $, $Date: 2008-08-04 02:43:52 +0200 (Mo, 04 Aug 2008) $
50   */
51  public class GetPrincipal implements DirectoryServiceOperation
52  {
53      private static final long serialVersionUID = 4598007518413451945L;
54  
55      /** The name of the principal to get. */
56      private final KerberosPrincipal principal;
57  
58  
59      /**
60       * Creates the action to be used against the embedded ApacheDS DIT.
61       * 
62       * @param principal The principal to search for in the directory.
63       */
64      public GetPrincipal( KerberosPrincipal principal )
65      {
66          this.principal = principal;
67      }
68  
69  
70      /**
71       * Note that the base is a relative path from the existing context.
72       * It is not a DN.
73       */
74      public Object execute( CoreSession session, LdapDN base ) throws Exception
75      {
76          if ( principal == null )
77          {
78              return null;
79          }
80  
81          return getEntry( StoreUtils.findPrincipalEntry( session, base, principal.getName() ) );
82      }
83  
84  
85      /**
86       * Marshals an a PrincipalStoreEntry from an Attributes object.
87       *
88       * @param dn the distinguished name of the Kerberos principal
89       * @param attrs the attributes of the Kerberos principal
90       * @return the entry for the principal
91       * @throws NamingException if there are any access problems
92       */
93      private PrincipalStoreEntry getEntry( ServerEntry entry ) throws Exception
94      {
95          PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
96  
97          modifier.setDistinguishedName( entry.getDn().getUpName() );
98  
99          String principal = entry.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).getString();
100         modifier.setPrincipal( new KerberosPrincipal( principal ) );
101 
102         String keyVersionNumber = entry.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).getString();
103         modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
104 
105         if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ) != null )
106         {
107             String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ).getString();
108             modifier.setDisabled( "true".equalsIgnoreCase( val ) );
109         }
110 
111         if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ) != null )
112         {
113             String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ).getString();
114             modifier.setLockedOut( "true".equalsIgnoreCase( val ) );
115         }
116 
117         if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ) != null )
118         {
119             String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ).getString();
120             try
121             {
122                 modifier.setExpiration( KerberosTime.getTime( val ) );
123             }
124             catch ( ParseException e )
125             {
126                 throw new InvalidAttributeValueException( "Account expiration attribute "
127                     + KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT + " contained an invalid value for generalizedTime: "
128                     + val );
129             }
130         }
131 
132         if ( entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
133         {
134             String samType = entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).getString();
135             modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
136         }
137 
138         if ( entry.get( KerberosAttribute.KRB5_KEY_AT ) != null )
139         {
140             EntryAttribute krb5key = entry.get( KerberosAttribute.KRB5_KEY_AT );
141             
142             try
143             {
144                 Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
145                 modifier.setKeyMap( keyMap );
146             }
147             catch ( IOException ioe )
148             {
149                 throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KRB5_KEY_AT
150                     + "' contained an invalid value for krb5key." );
151             }
152         }
153 
154         return modifier.getEntry();
155     }
156 }