1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.config.beans;
21
22
23 import java.util.ArrayList;
24 import java.util.List;
25
26 import org.apache.directory.server.config.ConfigurationElement;
27
28
29
30
31
32
33
34 public class KdcServerBean extends DSBasedServerBean
35 {
36
37 private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5L * 60000L;
38
39
40 private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
41
42
43 private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;
44
45
46 private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;
47
48
49 private static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;
50
51
52 private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;
53
54
55 private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;
56
57
58 private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 60000 * 10080;
59
60
61 private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 60000 * 1440;
62
63
64 private static final String DEFAULT_REALM = "EXAMPLE.COM";
65
66
67 private static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;
68
69
70 @ConfigurationElement(attributeType = "ads-krbAllowableClockSkew")
71 private long krbAllowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;
72
73
74 @ConfigurationElement(attributeType = "ads-krbEmptyAddressesAllowed")
75 private boolean krbEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED;
76
77
78 @ConfigurationElement(attributeType = "ads-krbForwardableAllowed")
79 private boolean krbForwardableAllowed = DEFAULT_TGS_FORWARDABLE_ALLOWED;
80
81
82 @ConfigurationElement(attributeType = "ads-krbPAEncTimestampRequired")
83 private boolean krbPAEncTimestampRequired = DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;
84
85
86 @ConfigurationElement(attributeType = "ads-krbPostdatedAllowed")
87 private boolean krbPostdatedAllowed = DEFAULT_TGS_POSTDATED_ALLOWED;
88
89
90 @ConfigurationElement(attributeType = "ads-krbProxiableAllowed")
91 private boolean krbProxiableAllowed = DEFAULT_TGS_PROXIABLE_ALLOWED;
92
93
94 @ConfigurationElement(attributeType = "ads-krbRenewableAllowed")
95 private boolean krbRenewableAllowed = DEFAULT_TGS_RENEWABLE_ALLOWED;
96
97
98 @ConfigurationElement(attributeType = "ads-krbMaximumRenewableLifetime")
99 private long krbMaximumRenewableLifetime = DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;
100
101
102 @ConfigurationElement(attributeType = "ads-krbMaximumTicketLifetime")
103 private long krbMaximumTicketLifetime = DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;
104
105
106 @ConfigurationElement(attributeType = "ads-krbPrimaryRealm")
107 private String krbPrimaryRealm = DEFAULT_REALM;
108
109
110 @ConfigurationElement(attributeType = "ads-krbBodyChecksumVerified")
111 private boolean krbBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM;
112
113
114 @ConfigurationElement(attributeType = "ads-krbEncryptionTypes")
115 private List<String> krbEncryptionTypes = new ArrayList<>();
116
117
118
119
120
121 public KdcServerBean()
122 {
123 super();
124
125
126 setEnabled( true );
127 }
128
129
130
131
132
133
134
135 public long getKrbAllowableClockSkew()
136 {
137 return krbAllowableClockSkew;
138 }
139
140
141
142
143
144 public void setKrbAllowableClockSkew( long krbAllowableClockSkew )
145 {
146 this.krbAllowableClockSkew = krbAllowableClockSkew;
147 }
148
149
150
151
152
153
154
155 public List<String> getKrbEncryptionTypes()
156 {
157 return krbEncryptionTypes;
158 }
159
160
161
162
163
164
165
166 public void addKrbEncryptionTypes( String... krbEncryptionTypes )
167 {
168 for ( String encryptionType : krbEncryptionTypes )
169 {
170 this.krbEncryptionTypes.add( encryptionType );
171 }
172 }
173
174
175
176
177
178 public boolean isKrbEmptyAddressesAllowed()
179 {
180 return krbEmptyAddressesAllowed;
181 }
182
183
184
185
186
187 public void setKrbEmptyAddressesAllowed( boolean krbEmptyAddressesAllowed )
188 {
189 this.krbEmptyAddressesAllowed = krbEmptyAddressesAllowed;
190 }
191
192
193
194
195
196 public boolean isKrbForwardableAllowed()
197 {
198 return krbForwardableAllowed;
199 }
200
201
202
203
204
205 public void setKrbForwardableAllowed( boolean krbForwardableAllowed )
206 {
207 this.krbForwardableAllowed = krbForwardableAllowed;
208 }
209
210
211
212
213
214
215
216 public boolean isKrbPaEncTimestampRequired()
217 {
218 return krbPAEncTimestampRequired;
219 }
220
221
222
223
224
225 public void setKrbPaEncTimestampRequired( boolean krbPaEncTimestampRequired )
226 {
227 this.krbPAEncTimestampRequired = krbPaEncTimestampRequired;
228 }
229
230
231
232
233
234 public boolean isKrbPostdatedAllowed()
235 {
236 return krbPostdatedAllowed;
237 }
238
239
240
241
242
243 public void setKrbPostdatedAllowed( boolean krbPostdatedAllowed )
244 {
245 this.krbPostdatedAllowed = krbPostdatedAllowed;
246 }
247
248
249
250
251
252 public boolean isKrbProxiableAllowed()
253 {
254 return krbProxiableAllowed;
255 }
256
257
258
259
260
261 public void setKrbProxiableAllowed( boolean krbProxiableAllowed )
262 {
263 this.krbProxiableAllowed = krbProxiableAllowed;
264 }
265
266
267
268
269
270 public boolean isKrbRenewableAllowed()
271 {
272 return krbRenewableAllowed;
273 }
274
275
276
277
278
279 public void setKrbRenewableAllowed( boolean krbRenewableAllowed )
280 {
281 this.krbRenewableAllowed = krbRenewableAllowed;
282 }
283
284
285
286
287
288 public long getKrbMaximumRenewableLifetime()
289 {
290 return krbMaximumRenewableLifetime;
291 }
292
293
294
295
296
297 public void setKrbMaximumRenewableLifetime( long krbMaximumRenewableLifetime )
298 {
299 this.krbMaximumRenewableLifetime = krbMaximumRenewableLifetime;
300 }
301
302
303
304
305
306 public long getKrbMaximumTicketLifetime()
307 {
308 return krbMaximumTicketLifetime;
309 }
310
311
312
313
314
315 public void setKrbMaximumTicketLifetime( long krbMaximumTicketLifetime )
316 {
317 this.krbMaximumTicketLifetime = krbMaximumTicketLifetime;
318 }
319
320
321
322
323
324
325
326 public String getKrbPrimaryRealm()
327 {
328 return krbPrimaryRealm;
329 }
330
331
332
333
334
335 public void setKrbPrimaryRealm( String krbPrimaryRealm )
336 {
337 this.krbPrimaryRealm = krbPrimaryRealm;
338 }
339
340
341
342
343
344 public boolean isKrbBodyChecksumVerified()
345 {
346 return krbBodyChecksumVerified;
347 }
348
349
350
351
352
353 public void setKrbBodyChecksumVerified( boolean krbBodyChecksumVerified )
354 {
355 this.krbBodyChecksumVerified = krbBodyChecksumVerified;
356 }
357
358
359
360
361
362 @Override
363 public String toString( String tabs )
364 {
365 StringBuilder sb = new StringBuilder();
366
367 sb.append( tabs ).append( "KDCServer :\n" );
368 sb.append( super.toString( tabs + " " ) );
369 sb.append( toString( tabs, " body checksum verified", krbBodyChecksumVerified ) );
370 sb.append( toString( tabs, " empty address alowed", krbEmptyAddressesAllowed ) );
371 sb.append( toString( tabs, " forwardable allowed", krbForwardableAllowed ) );
372 sb.append( toString( tabs, " PA encode timestamp required", krbPAEncTimestampRequired ) );
373 sb.append( toString( tabs, " postdated allowed", krbPostdatedAllowed ) );
374 sb.append( toString( tabs, " proxiable allowed", krbProxiableAllowed ) );
375 sb.append( toString( tabs, " renew allowed", krbRenewableAllowed ) );
376 sb.append( toString( tabs, " allowable clock skew", krbAllowableClockSkew ) );
377 sb.append( toString( tabs, " KDC principal", "krbtgt/" + krbPrimaryRealm + "@" + krbPrimaryRealm ) );
378 sb.append( toString( tabs, " maximum renewable lifetime", krbMaximumRenewableLifetime ) );
379 sb.append( toString( tabs, " maximum ticket lifetime", krbMaximumTicketLifetime ) );
380 sb.append( toString( tabs, " primary realm", krbPrimaryRealm ) );
381
382 if ( ( krbEncryptionTypes != null ) && !krbEncryptionTypes.isEmpty() )
383 {
384 sb.append( tabs ).append( " encryption types :\n" );
385
386 for ( String encryptionType : krbEncryptionTypes )
387 {
388 sb.append( toString( tabs, " encryption type", encryptionType ) );
389 }
390 }
391
392 return sb.toString();
393 }
394
395
396
397
398
399 @Override
400 public String toString()
401 {
402 return toString( "" );
403 }
404 }