1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.kerberos.shared.store.operations;
21
22
23 import java.io.IOException;
24 import java.text.ParseException;
25 import java.util.Map;
26
27 import javax.naming.NamingException;
28 import javax.naming.directory.InvalidAttributeValueException;
29 import javax.security.auth.kerberos.KerberosPrincipal;
30
31 import org.apache.directory.server.core.CoreSession;
32 import org.apache.directory.server.core.entry.ServerEntry;
33 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
34 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
35 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
36 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
37 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
38 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
39 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
40 import org.apache.directory.server.protocol.shared.store.DirectoryServiceOperation;
41 import org.apache.directory.shared.ldap.entry.EntryAttribute;
42 import org.apache.directory.shared.ldap.name.LdapDN;
43
44
45
46
47
48
49
50
51 public class GetPrincipal implements DirectoryServiceOperation
52 {
53 private static final long serialVersionUID = 4598007518413451945L;
54
55
56 private final KerberosPrincipal principal;
57
58
59
60
61
62
63
64 public GetPrincipal( KerberosPrincipal principal )
65 {
66 this.principal = principal;
67 }
68
69
70
71
72
73
74 public Object execute( CoreSession session, LdapDN base ) throws Exception
75 {
76 if ( principal == null )
77 {
78 return null;
79 }
80
81 return getEntry( StoreUtils.findPrincipalEntry( session, base, principal.getName() ) );
82 }
83
84
85
86
87
88
89
90
91
92
93 private PrincipalStoreEntry getEntry( ServerEntry entry ) throws Exception
94 {
95 PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
96
97 modifier.setDistinguishedName( entry.getDn().getUpName() );
98
99 String principal = entry.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).getString();
100 modifier.setPrincipal( new KerberosPrincipal( principal ) );
101
102 String keyVersionNumber = entry.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).getString();
103 modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
104
105 if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ) != null )
106 {
107 String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ).getString();
108 modifier.setDisabled( "true".equalsIgnoreCase( val ) );
109 }
110
111 if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ) != null )
112 {
113 String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ).getString();
114 modifier.setLockedOut( "true".equalsIgnoreCase( val ) );
115 }
116
117 if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ) != null )
118 {
119 String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ).getString();
120 try
121 {
122 modifier.setExpiration( KerberosTime.getTime( val ) );
123 }
124 catch ( ParseException e )
125 {
126 throw new InvalidAttributeValueException( "Account expiration attribute "
127 + KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT + " contained an invalid value for generalizedTime: "
128 + val );
129 }
130 }
131
132 if ( entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
133 {
134 String samType = entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).getString();
135 modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
136 }
137
138 if ( entry.get( KerberosAttribute.KRB5_KEY_AT ) != null )
139 {
140 EntryAttribute krb5key = entry.get( KerberosAttribute.KRB5_KEY_AT );
141
142 try
143 {
144 Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
145 modifier.setKeyMap( keyMap );
146 }
147 catch ( IOException ioe )
148 {
149 throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KRB5_KEY_AT
150 + "' contained an invalid value for krb5key." );
151 }
152 }
153
154 return modifier.getEntry();
155 }
156 }