View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.shared.store;
21  
22  
23  import java.util.HashMap;
24  import java.util.Map;
25  
26  import javax.security.auth.kerberos.KerberosPrincipal;
27  
28  import org.apache.directory.api.ldap.model.entry.Attribute;
29  import org.apache.directory.api.ldap.model.entry.Value;
30  import org.apache.directory.server.i18n.I18n;
31  import org.apache.directory.shared.kerberos.KerberosTime;
32  import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
33  import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
34  import org.apache.directory.shared.kerberos.codec.types.SamType;
35  import org.apache.directory.shared.kerberos.components.EncryptionKey;
36  import org.apache.directory.shared.kerberos.exceptions.KerberosException;
37  
38  
39  /**
40   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
41   */
42  public class PrincipalStoreEntryModifier
43  {
44      // principal
45      private String distinguishedName;
46      private String commonName;
47      private KerberosPrincipal principal;
48      private String realmName;
49  
50      // uidObject
51      private String userId;
52  
53      // KDCEntry
54      // must
55      private int keyVersionNumber;
56      // may
57      private KerberosTime validStart;
58      private KerberosTime validEnd;
59      private KerberosTime passwordEnd;
60      private int maxLife;
61      private int maxRenew;
62      private int kdcFlags;
63      private SamType samType;
64  
65      private boolean disabled = false;
66      private boolean lockedOut = false;
67      private KerberosTime expiration = KerberosTime.INFINITY;
68  
69      private Map<EncryptionType, EncryptionKey> keyMap;
70  
71  
72      /**
73       * Returns the {@link PrincipalStoreEntry}.
74       *
75       * @return The {@link PrincipalStoreEntry}.
76       */
77      public PrincipalStoreEntry getEntry()
78      {
79          return new PrincipalStoreEntry( distinguishedName, commonName, userId, principal, keyVersionNumber, validStart,
80              validEnd, passwordEnd, maxLife, maxRenew, kdcFlags, keyMap, realmName, samType, disabled, lockedOut,
81              expiration );
82      }
83  
84  
85      /**
86       * Sets whether the account is disabled.
87       *
88       * @param disabled
89       */
90      public void setDisabled( boolean disabled )
91      {
92          this.disabled = disabled;
93      }
94  
95  
96      /**
97       * Sets whether the account is locked-out.
98       *
99       * @param lockedOut
100      */
101     public void setLockedOut( boolean lockedOut )
102     {
103         this.lockedOut = lockedOut;
104     }
105 
106 
107     /**
108      * Sets the expiration time.
109      *
110      * @param expiration
111      */
112     public void setExpiration( KerberosTime expiration )
113     {
114         this.expiration = expiration;
115     }
116 
117 
118     /**
119      * Sets the distinguished name (Dn).
120      *
121      * @param distinguishedName
122      */
123     public void setDistinguishedName( String distinguishedName )
124     {
125         this.distinguishedName = distinguishedName;
126     }
127 
128 
129     /**
130      * Sets the common name (cn).
131      *
132      * @param commonName
133      */
134     public void setCommonName( String commonName )
135     {
136         this.commonName = commonName;
137     }
138 
139 
140     /**
141      * Sets the user ID.
142      *
143      * @param userId
144      */
145     public void setUserId( String userId )
146     {
147         this.userId = userId;
148     }
149 
150 
151     /**
152      * Sets the KDC flags.
153      *
154      * @param kdcFlags
155      */
156     public void setKDCFlags( int kdcFlags )
157     {
158         this.kdcFlags = kdcFlags;
159     }
160 
161 
162     /**
163      * Sets the key map.
164      *
165      * @param keyMap
166      */
167     public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap )
168     {
169         this.keyMap = keyMap;
170     }
171 
172 
173     /**
174      * Sets the key version number.
175      *
176      * @param keyVersionNumber
177      */
178     public void setKeyVersionNumber( int keyVersionNumber )
179     {
180         this.keyVersionNumber = keyVersionNumber;
181     }
182 
183 
184     /**
185      * Sets the ticket maximum life time.
186      *
187      * @param maxLife
188      */
189     public void setMaxLife( int maxLife )
190     {
191         this.maxLife = maxLife;
192     }
193 
194 
195     /**
196      * Sets the ticket maximum renew time.
197      *
198      * @param maxRenew
199      */
200     public void setMaxRenew( int maxRenew )
201     {
202         this.maxRenew = maxRenew;
203     }
204 
205 
206     /**
207      * Sets the end-of-life for the password.
208      *
209      * @param passwordEnd
210      */
211     public void setPasswordEnd( KerberosTime passwordEnd )
212     {
213         this.passwordEnd = passwordEnd;
214     }
215 
216 
217     /**
218      * Sets the principal.
219      *
220      * @param principal
221      */
222     public void setPrincipal( KerberosPrincipal principal )
223     {
224         this.principal = principal;
225     }
226 
227 
228     /**
229      * Sets the realm.
230      *
231      * @param realmName
232      */
233     public void setRealmName( String realmName )
234     {
235         this.realmName = realmName;
236     }
237 
238 
239     /**
240      * Sets the end of validity.
241      *
242      * @param validEnd
243      */
244     public void setValidEnd( KerberosTime validEnd )
245     {
246         this.validEnd = validEnd;
247     }
248 
249 
250     /**
251      * Sets the start of validity.
252      *
253      * @param validStart
254      */
255     public void setValidStart( KerberosTime validStart )
256     {
257         this.validStart = validStart;
258     }
259 
260 
261     /**
262      * Sets the single-use authentication (SAM) type.
263      *
264      * @param samType
265      */
266     public void setSamType( SamType samType )
267     {
268         this.samType = samType;
269     }
270 
271 
272     /**
273      * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys.
274      *
275      * @param krb5key
276      * @return The map of encryption types to encryption keys.
277      * @throws KerberosException If the key cannot be converted to a map
278      */
279     public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) 
280             throws KerberosException
281     {
282         Map<EncryptionType, EncryptionKey> map = new HashMap<>();
283 
284         for ( Value val : krb5key )
285         {
286             if ( val.isHumanReadable() )
287             {
288                 throw new IllegalStateException( I18n.err( I18n.ERR_626 ) );
289             }
290 
291             byte[] encryptionKeyBytes = val.getBytes();
292             EncryptionKey encryptionKey = KerberosDecoder.decodeEncryptionKey( encryptionKeyBytes );
293             map.put( encryptionKey.getKeyType(), encryptionKey );
294         }
295 
296         return map;
297     }
298 }