001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.kerberos.shared.store; 021 022 023 import java.io.IOException; 024 import java.util.HashMap; 025 import java.util.Map; 026 027 import javax.naming.NamingException; 028 import javax.security.auth.kerberos.KerberosPrincipal; 029 030 import org.apache.directory.server.i18n.I18n; 031 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; 032 import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder; 033 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; 034 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime; 035 import org.apache.directory.server.kerberos.shared.messages.value.SamType; 036 import org.apache.directory.shared.ldap.entry.StringValue; 037 import org.apache.directory.shared.ldap.entry.EntryAttribute; 038 import org.apache.directory.shared.ldap.entry.Value; 039 040 041 /** 042 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 043 * @version $Rev: 928945 $, $Date: 2010-03-30 01:59:49 +0200 (Tue, 30 Mar 2010) $ 044 */ 045 public class PrincipalStoreEntryModifier 046 { 047 // principal 048 private String distinguishedName; 049 private String commonName; 050 private KerberosPrincipal principal; 051 private String realmName; 052 053 // uidObject 054 private String userId; 055 056 // KDCEntry 057 // must 058 private int keyVersionNumber; 059 // may 060 private KerberosTime validStart; 061 private KerberosTime validEnd; 062 private KerberosTime passwordEnd; 063 private int maxLife; 064 private int maxRenew; 065 private int kdcFlags; 066 private SamType samType; 067 068 private boolean disabled = false; 069 private boolean lockedOut = false; 070 private KerberosTime expiration = KerberosTime.INFINITY; 071 072 private Map<EncryptionType, EncryptionKey> keyMap; 073 074 075 /** 076 * Returns the {@link PrincipalStoreEntry}. 077 * 078 * @return The {@link PrincipalStoreEntry}. 079 */ 080 public PrincipalStoreEntry getEntry() 081 { 082 return new PrincipalStoreEntry( distinguishedName, commonName, userId, principal, keyVersionNumber, validStart, 083 validEnd, passwordEnd, maxLife, maxRenew, kdcFlags, keyMap, realmName, samType, disabled, lockedOut, 084 expiration ); 085 } 086 087 088 /** 089 * Sets whether the account is disabled. 090 * 091 * @param disabled 092 */ 093 public void setDisabled( boolean disabled ) 094 { 095 this.disabled = disabled; 096 } 097 098 099 /** 100 * Sets whether the account is locked-out. 101 * 102 * @param lockedOut 103 */ 104 public void setLockedOut( boolean lockedOut ) 105 { 106 this.lockedOut = lockedOut; 107 } 108 109 110 /** 111 * Sets the expiration time. 112 * 113 * @param expiration 114 */ 115 public void setExpiration( KerberosTime expiration ) 116 { 117 this.expiration = expiration; 118 } 119 120 121 /** 122 * Sets the distinguished name (DN). 123 * 124 * @param distinguishedName 125 */ 126 public void setDistinguishedName( String distinguishedName ) 127 { 128 this.distinguishedName = distinguishedName; 129 } 130 131 132 /** 133 * Sets the common name (cn). 134 * 135 * @param commonName 136 */ 137 public void setCommonName( String commonName ) 138 { 139 this.commonName = commonName; 140 } 141 142 143 /** 144 * Sets the user ID. 145 * 146 * @param userId 147 */ 148 public void setUserId( String userId ) 149 { 150 this.userId = userId; 151 } 152 153 154 /** 155 * Sets the KDC flags. 156 * 157 * @param kdcFlags 158 */ 159 public void setKDCFlags( int kdcFlags ) 160 { 161 this.kdcFlags = kdcFlags; 162 } 163 164 165 /** 166 * Sets the key map. 167 * 168 * @param keyMap 169 */ 170 public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap ) 171 { 172 this.keyMap = keyMap; 173 } 174 175 176 /** 177 * Sets the key version number. 178 * 179 * @param keyVersionNumber 180 */ 181 public void setKeyVersionNumber( int keyVersionNumber ) 182 { 183 this.keyVersionNumber = keyVersionNumber; 184 } 185 186 187 /** 188 * Sets the ticket maximum life time. 189 * 190 * @param maxLife 191 */ 192 public void setMaxLife( int maxLife ) 193 { 194 this.maxLife = maxLife; 195 } 196 197 198 /** 199 * Sets the ticket maximum renew time. 200 * 201 * @param maxRenew 202 */ 203 public void setMaxRenew( int maxRenew ) 204 { 205 this.maxRenew = maxRenew; 206 } 207 208 209 /** 210 * Sets the end-of-life for the password. 211 * 212 * @param passwordEnd 213 */ 214 public void setPasswordEnd( KerberosTime passwordEnd ) 215 { 216 this.passwordEnd = passwordEnd; 217 } 218 219 220 /** 221 * Sets the principal. 222 * 223 * @param principal 224 */ 225 public void setPrincipal( KerberosPrincipal principal ) 226 { 227 this.principal = principal; 228 } 229 230 231 /** 232 * Sets the realm. 233 * 234 * @param realmName 235 */ 236 public void setRealmName( String realmName ) 237 { 238 this.realmName = realmName; 239 } 240 241 242 /** 243 * Sets the end of validity. 244 * 245 * @param validEnd 246 */ 247 public void setValidEnd( KerberosTime validEnd ) 248 { 249 this.validEnd = validEnd; 250 } 251 252 253 /** 254 * Sets the start of validity. 255 * 256 * @param validStart 257 */ 258 public void setValidStart( KerberosTime validStart ) 259 { 260 this.validStart = validStart; 261 } 262 263 264 /** 265 * Sets the single-use authentication (SAM) type. 266 * 267 * @param samType 268 */ 269 public void setSamType( SamType samType ) 270 { 271 this.samType = samType; 272 } 273 274 275 /** 276 * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys. 277 * 278 * @param krb5key 279 * @return The map of encryption types to encryption keys. 280 * @throws NamingException 281 * @throws IOException 282 */ 283 public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( EntryAttribute krb5key ) throws Exception 284 { 285 Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>(); 286 287 for ( Value<?> val : krb5key ) 288 { 289 if ( val instanceof StringValue ) 290 { 291 throw new IllegalStateException( I18n.err( I18n.ERR_626 ) ); 292 } 293 294 byte[] encryptionKeyBytes = val.getBytes(); 295 EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( encryptionKeyBytes ); 296 map.put( encryptionKey.getKeyType(), encryptionKey ); 297 } 298 299 return map; 300 } 301 }