View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  
21  package org.apache.directory.server.kerberos.shared.store.operations;
22  
23  
24  import java.io.IOException;
25  import java.util.ArrayList;
26  import java.util.List;
27  import java.util.Map;
28  
29  import javax.naming.NamingException;
30  import javax.naming.directory.InvalidAttributeValueException;
31  import javax.security.auth.kerberos.KerberosPrincipal;
32  
33  import org.apache.directory.server.core.CoreSession;
34  import org.apache.directory.server.core.entry.ServerAttribute;
35  import org.apache.directory.server.core.entry.ServerEntry;
36  import org.apache.directory.server.core.entry.ServerStringValue;
37  import org.apache.directory.server.core.filtering.EntryFilteringCursor;
38  import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
39  import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
40  import org.apache.directory.server.kerberos.shared.messages.value.SamType;
41  import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
42  import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
43  import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
44  import org.apache.directory.server.protocol.shared.store.DirectoryServiceOperation;
45  import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
46  import org.apache.directory.shared.ldap.constants.SchemaConstants;
47  import org.apache.directory.shared.ldap.entry.Value;
48  import org.apache.directory.shared.ldap.filter.EqualityNode;
49  import org.apache.directory.shared.ldap.filter.ExprNode;
50  import org.apache.directory.shared.ldap.filter.SearchScope;
51  import org.apache.directory.shared.ldap.message.AliasDerefMode;
52  import org.apache.directory.shared.ldap.name.LdapDN;
53  import org.apache.directory.shared.ldap.schema.AttributeType;
54  
55  
56  /**
57   * Command for getting all principals in a JNDI context.
58   *
59   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
60   * @version $Rev: 682235 $, $Date: 2008-08-04 02:43:52 +0200 (Mo, 04 Aug 2008) $
61   */
62  public class GetAllPrincipals implements DirectoryServiceOperation
63  {
64      private static final long serialVersionUID = -1214321426487445132L;
65  
66      private ExprNode filter;
67      
68      
69      private ExprNode getFilter( CoreSession session ) throws Exception
70      {
71          if ( filter != null )
72          {
73              return filter;
74          }
75       
76          AttributeTypeRegistry registry = session.getDirectoryService().getRegistries().getAttributeTypeRegistry();
77          AttributeType type = registry.lookup( "objectClass" );
78          Value<String> value = new ServerStringValue( type, "krb5Principal" );
79          filter = new EqualityNode<String>(  "objectClass", value );
80          
81          return filter;
82      }
83      
84  
85      public Object execute( CoreSession session, LdapDN searchBaseDn ) throws Exception
86      {
87          List<PrincipalStoreEntry> answers = new ArrayList<PrincipalStoreEntry>();
88  
89          try
90          {
91              EntryFilteringCursor cursor = session.search( searchBaseDn, SearchScope.ONELEVEL, getFilter( session ), 
92                  AliasDerefMode.DEREF_ALWAYS, null );
93  
94              cursor.beforeFirst();
95              while ( cursor.next() )
96              {
97                  ServerEntry result = cursor.get();
98                  PrincipalStoreEntry entry = getEntry( result );
99                  answers.add( entry );
100             }
101 
102             cursor.close();
103 
104             PrincipalStoreEntry[] entries = new PrincipalStoreEntry[answers.size()];
105 
106             return answers.toArray( entries );
107         }
108         catch ( NamingException e )
109         {
110             e.printStackTrace();
111 
112             return null;
113         }
114     }
115 
116 
117     /**
118      * Marshals an a PrincipalStoreEntry from an Attributes object.
119      *
120      * @param attrs the attributes of the Kerberos principal
121      * @return the entry for the principal
122      * @throws NamingException if there are any access problems
123      */
124     private PrincipalStoreEntry getEntry( ServerEntry attrs ) throws Exception
125     {
126         PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
127 
128         String principal = ( String ) attrs.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).get().get();
129         String keyVersionNumber = ( String ) attrs.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).get().get();
130 
131         String commonName = ( String ) attrs.get( SchemaConstants.CN_AT ).get().get();
132 
133         if ( attrs.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
134         {
135             String samType = ( String ) attrs.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).get().get();
136 
137             modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
138         }
139 
140         if ( attrs.get( KerberosAttribute.KRB5_KEY_AT ) != null )
141         {
142             ServerAttribute krb5key = ( ServerAttribute ) attrs.get( KerberosAttribute.KRB5_KEY_AT );
143             try
144             {
145                 Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
146                 modifier.setKeyMap( keyMap );
147             }
148             catch ( IOException ioe )
149             {
150                 throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KRB5_KEY_AT
151                     + "' contained an invalid value for krb5key." );
152             }
153         }
154 
155         modifier.setCommonName( commonName );
156         modifier.setPrincipal( new KerberosPrincipal( principal ) );
157         modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
158 
159         return modifier.getEntry();
160     }
161 }