001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *  
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *  
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License. 
018     *  
019     */
020    package org.apache.directory.server.kerberos.shared.store.operations;
021    
022    
023    import java.io.IOException;
024    import java.text.ParseException;
025    import java.util.Map;
026    
027    import javax.naming.NamingException;
028    import javax.naming.directory.InvalidAttributeValueException;
029    import javax.security.auth.kerberos.KerberosPrincipal;
030    
031    import org.apache.directory.server.core.CoreSession;
032    import org.apache.directory.server.i18n.I18n;
033    import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
034    import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
035    import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
036    import org.apache.directory.server.kerberos.shared.messages.value.SamType;
037    import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
038    import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
039    import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
040    import org.apache.directory.server.protocol.shared.store.DirectoryServiceOperation;
041    import org.apache.directory.shared.ldap.entry.EntryAttribute;
042    import org.apache.directory.shared.ldap.entry.ServerEntry;
043    import org.apache.directory.shared.ldap.name.DN;
044    
045    
046    /**
047     * Encapsulates the action of looking up a principal in an embedded ApacheDS DIT.
048     *
049     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
050     * @version $Rev: 927146 $, $Date: 2010-03-24 19:39:54 +0100 (Wed, 24 Mar 2010) $
051     */
052    public class GetPrincipal implements DirectoryServiceOperation
053    {
054        private static final long serialVersionUID = 4598007518413451945L;
055    
056        /** The name of the principal to get. */
057        private final KerberosPrincipal principal;
058    
059    
060        /**
061         * Creates the action to be used against the embedded ApacheDS DIT.
062         * 
063         * @param principal The principal to search for in the directory.
064         */
065        public GetPrincipal( KerberosPrincipal principal )
066        {
067            this.principal = principal;
068        }
069    
070    
071        /**
072         * Note that the base is a relative path from the existing context.
073         * It is not a DN.
074         */
075        public Object execute( CoreSession session, DN base ) throws Exception
076        {
077            if ( principal == null )
078            {
079                return null;
080            }
081    
082            return getEntry( StoreUtils.findPrincipalEntry( session, base, principal.getName() ) );
083        }
084    
085    
086        /**
087         * Marshals an a PrincipalStoreEntry from an Attributes object.
088         *
089         * @param dn the distinguished name of the Kerberos principal
090         * @param attrs the attributes of the Kerberos principal
091         * @return the entry for the principal
092         * @throws NamingException if there are any access problems
093         */
094        private PrincipalStoreEntry getEntry( ServerEntry entry ) throws Exception
095        {
096            PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
097    
098            modifier.setDistinguishedName( entry.getDn().getName() );
099    
100            String principal = entry.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).getString();
101            modifier.setPrincipal( new KerberosPrincipal( principal ) );
102    
103            String keyVersionNumber = entry.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).getString();
104            modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
105    
106            if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ) != null )
107            {
108                String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ).getString();
109                modifier.setDisabled( "true".equalsIgnoreCase( val ) );
110            }
111    
112            if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ) != null )
113            {
114                String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ).getString();
115                modifier.setLockedOut( "true".equalsIgnoreCase( val ) );
116            }
117    
118            if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ) != null )
119            {
120                String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ).getString();
121                try
122                {
123                    modifier.setExpiration( KerberosTime.getTime( val ) );
124                }
125                catch ( ParseException e )
126                {
127                    throw new InvalidAttributeValueException( "Account expiration attribute "
128                        + KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT + " contained an invalid value for generalizedTime: "
129                        + val );
130                }
131            }
132    
133            if ( entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
134            {
135                String samType = entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).getString();
136                modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
137            }
138    
139            if ( entry.get( KerberosAttribute.KRB5_KEY_AT ) != null )
140            {
141                EntryAttribute krb5key = entry.get( KerberosAttribute.KRB5_KEY_AT );
142                
143                try
144                {
145                    Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
146                    modifier.setKeyMap( keyMap );
147                }
148                catch ( IOException ioe )
149                {
150                    throw new InvalidAttributeValueException( I18n.err( I18n.ERR_623, KerberosAttribute.KRB5_KEY_AT ) );
151                }
152            }
153    
154            return modifier.getEntry();
155        }
156    }