View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.shared.store;
21  
22  
23  import java.io.IOException;
24  import java.util.HashMap;
25  import java.util.Map;
26  
27  import javax.naming.NamingException;
28  import javax.security.auth.kerberos.KerberosPrincipal;
29  
30  import org.apache.directory.server.core.entry.ServerStringValue;
31  import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
32  import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder;
33  import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
34  import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
35  import org.apache.directory.server.kerberos.shared.messages.value.SamType;
36  import org.apache.directory.shared.ldap.entry.EntryAttribute;
37  import org.apache.directory.shared.ldap.entry.Value;
38  
39  
40  /**
41   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
42   * @version $Rev: 682235 $, $Date: 2008-08-04 02:43:52 +0200 (Mo, 04 Aug 2008) $
43   */
44  public class PrincipalStoreEntryModifier
45  {
46      // principal
47      private String distinguishedName;
48      private String commonName;
49      private KerberosPrincipal principal;
50      private String realmName;
51  
52      // uidObject
53      private String userId;
54  
55      // KDCEntry
56      // must
57      private int keyVersionNumber;
58      // may
59      private KerberosTime validStart;
60      private KerberosTime validEnd;
61      private KerberosTime passwordEnd;
62      private int maxLife;
63      private int maxRenew;
64      private int kdcFlags;
65      private SamType samType;
66  
67      private boolean disabled = false;
68      private boolean lockedOut = false;
69      private KerberosTime expiration = KerberosTime.INFINITY;
70  
71      private Map<EncryptionType, EncryptionKey> keyMap;
72  
73  
74      /**
75       * Returns the {@link PrincipalStoreEntry}.
76       *
77       * @return The {@link PrincipalStoreEntry}.
78       */
79      public PrincipalStoreEntry getEntry()
80      {
81          return new PrincipalStoreEntry( distinguishedName, commonName, userId, principal, keyVersionNumber, validStart,
82              validEnd, passwordEnd, maxLife, maxRenew, kdcFlags, keyMap, realmName, samType, disabled, lockedOut,
83              expiration );
84      }
85  
86  
87      /**
88       * Sets whether the account is disabled.
89       *
90       * @param disabled
91       */
92      public void setDisabled( boolean disabled )
93      {
94          this.disabled = disabled;
95      }
96  
97  
98      /**
99       * Sets whether the account is locked-out.
100      *
101      * @param lockedOut
102      */
103     public void setLockedOut( boolean lockedOut )
104     {
105         this.lockedOut = lockedOut;
106     }
107 
108 
109     /**
110      * Sets the expiration time.
111      *
112      * @param expiration
113      */
114     public void setExpiration( KerberosTime expiration )
115     {
116         this.expiration = expiration;
117     }
118 
119 
120     /**
121      * Sets the distinguished name (DN).
122      *
123      * @param distinguishedName
124      */
125     public void setDistinguishedName( String distinguishedName )
126     {
127         this.distinguishedName = distinguishedName;
128     }
129 
130 
131     /**
132      * Sets the common name (cn).
133      *
134      * @param commonName
135      */
136     public void setCommonName( String commonName )
137     {
138         this.commonName = commonName;
139     }
140 
141 
142     /**
143      * Sets the user ID.
144      *
145      * @param userId
146      */
147     public void setUserId( String userId )
148     {
149         this.userId = userId;
150     }
151 
152 
153     /**
154      * Sets the KDC flags.
155      *
156      * @param kdcFlags
157      */
158     public void setKDCFlags( int kdcFlags )
159     {
160         this.kdcFlags = kdcFlags;
161     }
162 
163 
164     /**
165      * Sets the key map.
166      *
167      * @param keyMap
168      */
169     public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap )
170     {
171         this.keyMap = keyMap;
172     }
173 
174 
175     /**
176      * Sets the key version number.
177      *
178      * @param keyVersionNumber
179      */
180     public void setKeyVersionNumber( int keyVersionNumber )
181     {
182         this.keyVersionNumber = keyVersionNumber;
183     }
184 
185 
186     /**
187      * Sets the ticket maximum life time.
188      *
189      * @param maxLife
190      */
191     public void setMaxLife( int maxLife )
192     {
193         this.maxLife = maxLife;
194     }
195 
196 
197     /**
198      * Sets the ticket maximum renew time.
199      *
200      * @param maxRenew
201      */
202     public void setMaxRenew( int maxRenew )
203     {
204         this.maxRenew = maxRenew;
205     }
206 
207 
208     /**
209      * Sets the end-of-life for the password.
210      *
211      * @param passwordEnd
212      */
213     public void setPasswordEnd( KerberosTime passwordEnd )
214     {
215         this.passwordEnd = passwordEnd;
216     }
217 
218 
219     /**
220      * Sets the principal.
221      *
222      * @param principal
223      */
224     public void setPrincipal( KerberosPrincipal principal )
225     {
226         this.principal = principal;
227     }
228 
229 
230     /**
231      * Sets the realm.
232      *
233      * @param realmName
234      */
235     public void setRealmName( String realmName )
236     {
237         this.realmName = realmName;
238     }
239 
240 
241     /**
242      * Sets the end of validity.
243      *
244      * @param validEnd
245      */
246     public void setValidEnd( KerberosTime validEnd )
247     {
248         this.validEnd = validEnd;
249     }
250 
251 
252     /**
253      * Sets the start of validity.
254      *
255      * @param validStart
256      */
257     public void setValidStart( KerberosTime validStart )
258     {
259         this.validStart = validStart;
260     }
261 
262 
263     /**
264      * Sets the single-use authentication (SAM) type.
265      *
266      * @param samType
267      */
268     public void setSamType( SamType samType )
269     {
270         this.samType = samType;
271     }
272 
273 
274     /**
275      * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys.
276      *
277      * @param krb5key
278      * @return The map of encryption types to encryption keys.
279      * @throws NamingException
280      * @throws IOException
281      */
282     public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( EntryAttribute krb5key ) throws Exception
283     {
284         Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>();
285 
286         for ( Value<?> val : krb5key )
287         {
288             if ( val instanceof ServerStringValue )
289             {
290                 throw new IllegalStateException( "Kerberos key should not be a String." );
291             }
292 
293             byte[] encryptionKeyBytes = ( byte[] ) val.get();
294             EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( encryptionKeyBytes );
295             map.put( encryptionKey.getKeyType(), encryptionKey );
296         }
297 
298         return map;
299     }
300 }