View Javadoc
1   /*
2    *   Licensed to the Apache Software Foundation (ASF) under one
3    *   or more contributor license agreements.  See the NOTICE file
4    *   distributed with this work for additional information
5    *   regarding copyright ownership.  The ASF licenses this file
6    *   to you under the Apache License, Version 2.0 (the
7    *   "License"); you may not use this file except in compliance
8    *   with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing,
13   *   software distributed under the License is distributed on an
14   *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *   KIND, either express or implied.  See the License for the
16   *   specific language governing permissions and limitations
17   *   under the License.
18   *
19   */
20  package org.apache.directory.server.config.beans;
21  
22  
23  import java.util.ArrayList;
24  import java.util.List;
25  
26  import org.apache.directory.server.config.ConfigurationElement;
27  
28  
29  /**
30   * A class used to store the KdcServer configuration.
31   *
32   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
33   */
34  public class KdcServerBean extends DSBasedServerBean
35  {
36      /** The default allowable clockskew */
37      private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5L * 60000L;
38  
39      /** The default for allowing empty addresses */
40      private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
41  
42      /** The default for allowing forwardable tickets */
43      private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;
44  
45      /** The default for requiring encrypted timestamps */
46      private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;
47  
48      /** The default for allowing postdated tickets */
49      private static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;
50  
51      /** The default for allowing proxiable tickets */
52      private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;
53  
54      /** The default for allowing renewable tickets */
55      private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;
56  
57      /** The default for the maximum renewable lifetime */
58      private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 60000 * 10080;
59  
60      /** The default for the maximum ticket lifetime */
61      private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 60000 * 1440;
62  
63      /** The default kdc realm */
64      private static final String DEFAULT_REALM = "EXAMPLE.COM";
65  
66      /** The default for verifying the body checksum */
67      private static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;
68  
69      /** The allowable clock skew. */
70      @ConfigurationElement(attributeType = "ads-krbAllowableClockSkew")
71      private long krbAllowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;
72  
73      /** Whether empty addresses are allowed. */
74      @ConfigurationElement(attributeType = "ads-krbEmptyAddressesAllowed")
75      private boolean krbEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED;
76  
77      /** Whether forwardable addresses are allowed. */
78      @ConfigurationElement(attributeType = "ads-krbForwardableAllowed")
79      private boolean krbForwardableAllowed = DEFAULT_TGS_FORWARDABLE_ALLOWED;
80  
81      /** Whether pre-authentication by encrypted timestamp is required. */
82      @ConfigurationElement(attributeType = "ads-krbPAEncTimestampRequired")
83      private boolean krbPAEncTimestampRequired = DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;
84  
85      /** Whether postdated tickets are allowed. */
86      @ConfigurationElement(attributeType = "ads-krbPostdatedAllowed")
87      private boolean krbPostdatedAllowed = DEFAULT_TGS_POSTDATED_ALLOWED;
88  
89      /** Whether proxiable addresses are allowed. */
90      @ConfigurationElement(attributeType = "ads-krbProxiableAllowed")
91      private boolean krbProxiableAllowed = DEFAULT_TGS_PROXIABLE_ALLOWED;
92  
93      /** Whether renewable tickets are allowed. */
94      @ConfigurationElement(attributeType = "ads-krbRenewableAllowed")
95      private boolean krbRenewableAllowed = DEFAULT_TGS_RENEWABLE_ALLOWED;
96  
97      /** The maximum renewable lifetime. */
98      @ConfigurationElement(attributeType = "ads-krbMaximumRenewableLifetime")
99      private long krbMaximumRenewableLifetime = DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;
100 
101     /** The maximum ticket lifetime. */
102     @ConfigurationElement(attributeType = "ads-krbMaximumTicketLifetime")
103     private long krbMaximumTicketLifetime = DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;
104 
105     /** The primary realm */
106     @ConfigurationElement(attributeType = "ads-krbPrimaryRealm")
107     private String krbPrimaryRealm = DEFAULT_REALM;
108 
109     /** Whether to verify the body checksum. */
110     @ConfigurationElement(attributeType = "ads-krbBodyChecksumVerified")
111     private boolean krbBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM;
112 
113     /** The encryption types. */
114     @ConfigurationElement(attributeType = "ads-krbEncryptionTypes")
115     private List<String> krbEncryptionTypes = new ArrayList<>();
116 
117 
118     /**
119      * Create a new KdcServerBean instance
120      */
121     public KdcServerBean()
122     {
123         super();
124 
125         // Enabled by default
126         setEnabled( true );
127     }
128 
129 
130     /**
131      * Returns the allowable clock skew.
132      *
133      * @return The allowable clock skew.
134      */
135     public long getKrbAllowableClockSkew()
136     {
137         return krbAllowableClockSkew;
138     }
139 
140 
141     /**
142      * @param krbAllowableClockSkew the allowableClockSkew to set
143      */
144     public void setKrbAllowableClockSkew( long krbAllowableClockSkew )
145     {
146         this.krbAllowableClockSkew = krbAllowableClockSkew;
147     }
148 
149 
150     /**
151      * Returns the encryption types.
152      *
153      * @return The encryption types.
154      */
155     public List<String> getKrbEncryptionTypes()
156     {
157         return krbEncryptionTypes;
158     }
159 
160 
161     /**
162      * Initialize the encryptionTypes set
163      * 
164      * @param krbEncryptionTypes the encryptionTypes to set
165      */
166     public void addKrbEncryptionTypes( String... krbEncryptionTypes )
167     {
168         for ( String encryptionType : krbEncryptionTypes )
169         {
170             this.krbEncryptionTypes.add( encryptionType );
171         }
172     }
173 
174 
175     /**
176      * @return the isEmptyAddressesAllowed
177      */
178     public boolean isKrbEmptyAddressesAllowed()
179     {
180         return krbEmptyAddressesAllowed;
181     }
182 
183 
184     /**
185      * @param krbEmptyAddressesAllowed the krbEmptyAddressesAllowed to set
186      */
187     public void setKrbEmptyAddressesAllowed( boolean krbEmptyAddressesAllowed )
188     {
189         this.krbEmptyAddressesAllowed = krbEmptyAddressesAllowed;
190     }
191 
192 
193     /**
194      * @return the krbForwardableAllowed
195      */
196     public boolean isKrbForwardableAllowed()
197     {
198         return krbForwardableAllowed;
199     }
200 
201 
202     /**
203      * @param krbForwardableAllowed the krbForwardableAllowed to set
204      */
205     public void setKrbForwardableAllowed( boolean krbForwardableAllowed )
206     {
207         this.krbForwardableAllowed = krbForwardableAllowed;
208     }
209 
210 
211     /**
212      * Returns whether pre-authentication by encrypted timestamp is required.
213      *
214      * @return Whether pre-authentication by encrypted timestamp is required.
215      */
216     public boolean isKrbPaEncTimestampRequired()
217     {
218         return krbPAEncTimestampRequired;
219     }
220 
221 
222     /**
223      * @param krbPaEncTimestampRequired the krbPaEncTimestampRequired to set
224      */
225     public void setKrbPaEncTimestampRequired( boolean krbPaEncTimestampRequired )
226     {
227         this.krbPAEncTimestampRequired = krbPaEncTimestampRequired;
228     }
229 
230 
231     /**
232      * @return the krbPostdatedAllowed
233      */
234     public boolean isKrbPostdatedAllowed()
235     {
236         return krbPostdatedAllowed;
237     }
238 
239 
240     /**
241      * @param krbPostdatedAllowed the krbPostdatedAllowed to set
242      */
243     public void setKrbPostdatedAllowed( boolean krbPostdatedAllowed )
244     {
245         this.krbPostdatedAllowed = krbPostdatedAllowed;
246     }
247 
248 
249     /**
250      * @return the krbProxiableAllowed
251      */
252     public boolean isKrbProxiableAllowed()
253     {
254         return krbProxiableAllowed;
255     }
256 
257 
258     /**
259      * @param krbProxiableAllowed the krbProxiableAllowed to set
260      */
261     public void setKrbProxiableAllowed( boolean krbProxiableAllowed )
262     {
263         this.krbProxiableAllowed = krbProxiableAllowed;
264     }
265 
266 
267     /**
268      * @return the krbRenewableAllowed
269      */
270     public boolean isKrbRenewableAllowed()
271     {
272         return krbRenewableAllowed;
273     }
274 
275 
276     /**
277      * @param krbRenewableAllowed the krbRenewableAllowed to set
278      */
279     public void setKrbRenewableAllowed( boolean krbRenewableAllowed )
280     {
281         this.krbRenewableAllowed = krbRenewableAllowed;
282     }
283 
284 
285     /**
286      * @return the krbMaximumRenewableLifetime
287      */
288     public long getKrbMaximumRenewableLifetime()
289     {
290         return krbMaximumRenewableLifetime;
291     }
292 
293 
294     /**
295      * @param krbMaximumRenewableLifetime the krbMaximumRenewableLifetime to set
296      */
297     public void setKrbMaximumRenewableLifetime( long krbMaximumRenewableLifetime )
298     {
299         this.krbMaximumRenewableLifetime = krbMaximumRenewableLifetime;
300     }
301 
302 
303     /**
304      * @return the krbMaximumTicketLifetime
305      */
306     public long getKrbMaximumTicketLifetime()
307     {
308         return krbMaximumTicketLifetime;
309     }
310 
311 
312     /**
313      * @param krbMaximumTicketLifetime the krbMaximumTicketLifetime to set
314      */
315     public void setKrbMaximumTicketLifetime( long krbMaximumTicketLifetime )
316     {
317         this.krbMaximumTicketLifetime = krbMaximumTicketLifetime;
318     }
319 
320 
321     /**
322      * Returns the primary realm.
323      *
324      * @return The primary realm.
325      */
326     public String getKrbPrimaryRealm()
327     {
328         return krbPrimaryRealm;
329     }
330 
331 
332     /**
333      * @param krbPrimaryRealm the krbPrimaryRealm to set
334      */
335     public void setKrbPrimaryRealm( String krbPrimaryRealm )
336     {
337         this.krbPrimaryRealm = krbPrimaryRealm;
338     }
339 
340 
341     /**
342      * @return the krbBodyChecksumVerified
343      */
344     public boolean isKrbBodyChecksumVerified()
345     {
346         return krbBodyChecksumVerified;
347     }
348 
349 
350     /**
351      * @param krbBodyChecksumVerified the krbBodyChecksumVerified to set
352      */
353     public void setKrbBodyChecksumVerified( boolean krbBodyChecksumVerified )
354     {
355         this.krbBodyChecksumVerified = krbBodyChecksumVerified;
356     }
357 
358 
359     /**
360      * {@inheritDoc}
361      */
362     @Override
363     public String toString( String tabs )
364     {
365         StringBuilder sb = new StringBuilder();
366 
367         sb.append( tabs ).append( "KDCServer :\n" );
368         sb.append( super.toString( tabs + "  " ) );
369         sb.append( toString( tabs, "  body checksum verified", krbBodyChecksumVerified ) );
370         sb.append( toString( tabs, "  empty address alowed", krbEmptyAddressesAllowed ) );
371         sb.append( toString( tabs, "  forwardable allowed", krbForwardableAllowed ) );
372         sb.append( toString( tabs, "  PA encode timestamp required", krbPAEncTimestampRequired ) );
373         sb.append( toString( tabs, "  postdated allowed", krbPostdatedAllowed ) );
374         sb.append( toString( tabs, "  proxiable allowed", krbProxiableAllowed ) );
375         sb.append( toString( tabs, "  renew allowed", krbRenewableAllowed ) );
376         sb.append( toString( tabs, "  allowable clock skew", krbAllowableClockSkew ) );
377         sb.append( toString( tabs, "  KDC principal", "krbtgt/" + krbPrimaryRealm + "@" + krbPrimaryRealm ) );
378         sb.append( toString( tabs, "  maximum renewable lifetime", krbMaximumRenewableLifetime ) );
379         sb.append( toString( tabs, "  maximum ticket lifetime", krbMaximumTicketLifetime ) );
380         sb.append( toString( tabs, "  primary realm", krbPrimaryRealm ) );
381 
382         if ( ( krbEncryptionTypes != null ) && !krbEncryptionTypes.isEmpty() )
383         {
384             sb.append( tabs ).append( "  encryption types :\n" );
385 
386             for ( String encryptionType : krbEncryptionTypes )
387             {
388                 sb.append( toString( tabs, "    encryption type", encryptionType ) );
389             }
390         }
391 
392         return sb.toString();
393     }
394 
395 
396     /**
397      * {@inheritDoc}
398      */
399     @Override
400     public String toString()
401     {
402         return toString( "" );
403     }
404 }