View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.changepw;
21  
22  
23  import java.io.IOException;
24  import java.net.InetSocketAddress;
25  import java.util.ArrayList;
26  import java.util.List;
27  
28  import javax.security.auth.kerberos.KerberosPrincipal;
29  
30  import org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler;
31  import org.apache.directory.server.constants.ServerDNConstants;
32  import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
33  import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
34  import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
35  import org.apache.directory.server.protocol.shared.DirectoryBackedService;
36  import org.apache.mina.transport.socket.nio.DatagramAcceptorConfig;
37  import org.apache.mina.transport.socket.nio.SocketAcceptorConfig;
38  
39  
40  /**
41   * Contains the configuration parameters for the Change Password protocol provider.
42   *
43   * @org.apache.xbean.XBean
44   *
45   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
46   * @version $Rev: 682235 $, $Date: 2008-08-04 02:43:52 +0200 (Mo, 04 Aug 2008) $
47   */
48  public class ChangePasswordServer extends DirectoryBackedService
49  {
50      private static final long serialVersionUID = 3509208713288140629L;
51  
52      /** The default change password principal name. */
53      private static final String SERVICE_PRINCIPAL_DEFAULT = "kadmin/changepw@EXAMPLE.COM";
54  
55      /** The default change password realm. */
56      private static final String REALM_DEFAULT = "EXAMPLE.COM";
57  
58      /** The default change password port. */
59      private static final int IP_PORT_DEFAULT = 464;
60  
61      /** The default encryption types. */
62      public static final String[] ENCRYPTION_TYPES_DEFAULT = new String[]
63          { "des-cbc-md5" };
64  
65      /** The default changepw buffer size. */
66      private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * 60000;
67  
68      /** The default empty addresses. */
69      private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
70  
71      /** The default change password password policy for password length. */
72      public static final int DEFAULT_PASSWORD_LENGTH = 6;
73  
74      /** The default change password password policy for category count. */
75      public static final int DEFAULT_CATEGORY_COUNT = 3;
76  
77      /** The default change password password policy for token size. */
78      public static final int DEFAULT_TOKEN_SIZE = 3;
79  
80      /** The default service PID. */
81      private static final String SERVICE_PID_DEFAULT = "org.apache.directory.server.changepw";
82  
83      /** The default service name. */
84      private static final String SERVICE_NAME_DEFAULT = "ApacheDS Change Password Service";
85  
86      /** The encryption types. */
87      private EncryptionType[] encryptionTypes;
88  
89      /** The primary realm. */
90      private String primaryRealm = REALM_DEFAULT;
91  
92      /** The service principal name. */
93      private String servicePrincipal = SERVICE_PRINCIPAL_DEFAULT;
94  
95      /** The allowable clock skew. */
96      private long allowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;
97  
98      /** Whether empty addresses are allowed. */
99      private boolean isEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED;
100 
101     /** The policy for password length. */
102     private int policyPasswordLength;
103 
104     /** The policy for category count. */
105     private int policyCategoryCount;
106 
107     /** The policy for token size. */
108     private int policyTokenSize;
109 
110 
111     /**
112      * Creates a new instance of ChangePasswordConfiguration.
113      */
114     public ChangePasswordServer()
115     {
116         super.setServiceName( SERVICE_NAME_DEFAULT );
117         super.setIpPort( IP_PORT_DEFAULT );
118         super.setServiceId( SERVICE_PID_DEFAULT );
119         super.setSearchBaseDn( ServerDNConstants.USER_EXAMPLE_COM_DN );
120 
121         prepareEncryptionTypes();
122     }
123 
124 
125     /**
126      * Returns the primary realm.
127      *
128      * @return The primary realm.
129      */
130     public String getPrimaryRealm()
131     {
132         return primaryRealm;
133     }
134 
135 
136     /**
137      * @param primaryRealm The primaryRealm to set.
138      */
139     public void setPrimaryRealm( String primaryRealm )
140     {
141         this.primaryRealm = primaryRealm;
142     }
143 
144 
145     /**
146      * Returns the encryption types.
147      *
148      * @return The encryption types.
149      */
150     public EncryptionType[] getEncryptionTypes()
151     {
152         return encryptionTypes;
153     }
154 
155 
156     /**
157      * @param encryptionTypes The encryptionTypes to set.
158      */
159     public void setEncryptionTypes( EncryptionType[] encryptionTypes )
160     {
161         this.encryptionTypes = encryptionTypes;
162     }
163 
164 
165     /**
166      * Returns the allowable clock skew.
167      *
168      * @return The allowable clock skew.
169      */
170     public long getAllowableClockSkew()
171     {
172         return allowableClockSkew;
173     }
174 
175 
176     /**
177      * @param allowableClockSkew The allowableClockSkew to set.
178      */
179     public void setAllowableClockSkew( long allowableClockSkew )
180     {
181         this.allowableClockSkew = allowableClockSkew;
182     }
183 
184 
185     /**
186      * Returns the Change Password service principal.
187      *
188      * @return The Change Password service principal.
189      */
190     public KerberosPrincipal getServicePrincipal()
191     {
192         return new KerberosPrincipal( servicePrincipal );
193     }
194 
195 
196     /**
197      * @param servicePrincipal The Change Password service principal to set.
198      */
199     public void setServicePrincipal( String servicePrincipal )
200     {
201         this.servicePrincipal = servicePrincipal;
202     }
203 
204 
205     /**
206      * Returns whether empty addresses are allowed.
207      *
208      * @return Whether empty addresses are allowed.
209      */
210     public boolean isEmptyAddressesAllowed()
211     {
212         return isEmptyAddressesAllowed;
213     }
214 
215 
216     /**
217      * @param isEmptyAddressesAllowed The isEmptyAddressesAllowed to set.
218      */
219     public void setEmptyAddressesAllowed( boolean isEmptyAddressesAllowed )
220     {
221         this.isEmptyAddressesAllowed = isEmptyAddressesAllowed;
222     }
223 
224 
225     /**
226      * Returns the password length.
227      *
228      * @return The password length.
229      */
230     public int getPasswordLengthPolicy()
231     {
232         return policyPasswordLength;
233     }
234 
235 
236     /**
237      * Returns the category count.
238      *
239      * @return The category count.
240      */
241     public int getCategoryCountPolicy()
242     {
243         return policyCategoryCount;
244     }
245 
246 
247     /**
248      * Returns the token size.
249      *
250      * @return The token size.
251      */
252     public int getTokenSizePolicy()
253     {
254         return policyTokenSize;
255     }
256 
257 
258     /**
259      * @throws IOException if we cannot bind to the specified ports
260      */
261     public void start() throws IOException
262     {
263         PrincipalStore store = new DirectoryPrincipalStore( getDirectoryService() );
264         
265         if ( getDatagramAcceptor() != null )
266         {
267             DatagramAcceptorConfig udpConfig = new DatagramAcceptorConfig();
268             getDatagramAcceptor().bind( new InetSocketAddress( getIpPort() ),
269                     new ChangePasswordProtocolHandler( this, store ), udpConfig );
270         }
271 
272         if ( getSocketAcceptor() != null )
273         {
274             SocketAcceptorConfig tcpConfig = new SocketAcceptorConfig();
275             tcpConfig.setDisconnectOnUnbind( false );
276             tcpConfig.setReuseAddress( true );
277             getSocketAcceptor().bind( new InetSocketAddress( getIpPort() ),
278                     new ChangePasswordProtocolHandler( this, store ), tcpConfig );
279         }
280     }
281 
282 
283     public void stop()
284     {
285         if ( getDatagramAcceptor() != null )
286         {
287             getDatagramAcceptor().unbind( new InetSocketAddress( getIpPort() ));
288         }
289         if ( getSocketAcceptor() != null )
290         {
291             getSocketAcceptor().unbind( new InetSocketAddress( getIpPort() ));
292         }
293     }
294 
295 
296     private void prepareEncryptionTypes()
297     {
298         String[] encryptionTypeStrings = ENCRYPTION_TYPES_DEFAULT;
299         List<EncryptionType> encTypes = new ArrayList<EncryptionType>();
300 
301         for ( String enc : encryptionTypeStrings )
302         {
303             for ( EncryptionType type : EncryptionType.getEncryptionTypes() )
304             {
305                 if ( type.toString().equalsIgnoreCase( enc ) )
306                 {
307                     encTypes.add( type );
308                 }
309             }
310         }
311 
312         encryptionTypes = encTypes.toArray( new EncryptionType[encTypes.size()] );
313     }
314 
315 
316     /**
317      * Sets the policy's minimum?? password length.
318      *
319      * @param policyPasswordLength the minimum password length requirement
320      */
321     public void setPolicyPasswordLength( int policyPasswordLength )
322     {
323         this.policyPasswordLength = policyPasswordLength;
324     }
325 
326 
327     /**
328      * Sets the policy category count - what's this?
329      *
330      * @param policyCategoryCount the policy category count
331      */
332     public void setPolicyCategoryCount( int policyCategoryCount )
333     {
334         this.policyCategoryCount = policyCategoryCount;
335     }
336 
337 
338     /**
339      * Sets the policy token size - what's this?
340      *
341      * @param policyTokenSize the policy token size
342      */
343     public void setPolicyTokenSize( int policyTokenSize )
344     {
345         this.policyTokenSize = policyTokenSize;
346     }
347 }