001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *  
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *  
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License. 
018     *  
019     */
020    package org.apache.directory.server.kerberos.shared.store;
021    
022    
023    import java.io.IOException;
024    import java.util.HashMap;
025    import java.util.Map;
026    
027    import javax.naming.NamingException;
028    import javax.security.auth.kerberos.KerberosPrincipal;
029    
030    import org.apache.directory.server.i18n.I18n;
031    import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
032    import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder;
033    import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
034    import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
035    import org.apache.directory.server.kerberos.shared.messages.value.SamType;
036    import org.apache.directory.shared.ldap.entry.StringValue;
037    import org.apache.directory.shared.ldap.entry.EntryAttribute;
038    import org.apache.directory.shared.ldap.entry.Value;
039    
040    
041    /**
042     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
043     * @version $Rev: 928945 $, $Date: 2010-03-30 01:59:49 +0200 (Tue, 30 Mar 2010) $
044     */
045    public class PrincipalStoreEntryModifier
046    {
047        // principal
048        private String distinguishedName;
049        private String commonName;
050        private KerberosPrincipal principal;
051        private String realmName;
052    
053        // uidObject
054        private String userId;
055    
056        // KDCEntry
057        // must
058        private int keyVersionNumber;
059        // may
060        private KerberosTime validStart;
061        private KerberosTime validEnd;
062        private KerberosTime passwordEnd;
063        private int maxLife;
064        private int maxRenew;
065        private int kdcFlags;
066        private SamType samType;
067    
068        private boolean disabled = false;
069        private boolean lockedOut = false;
070        private KerberosTime expiration = KerberosTime.INFINITY;
071    
072        private Map<EncryptionType, EncryptionKey> keyMap;
073    
074    
075        /**
076         * Returns the {@link PrincipalStoreEntry}.
077         *
078         * @return The {@link PrincipalStoreEntry}.
079         */
080        public PrincipalStoreEntry getEntry()
081        {
082            return new PrincipalStoreEntry( distinguishedName, commonName, userId, principal, keyVersionNumber, validStart,
083                validEnd, passwordEnd, maxLife, maxRenew, kdcFlags, keyMap, realmName, samType, disabled, lockedOut,
084                expiration );
085        }
086    
087    
088        /**
089         * Sets whether the account is disabled.
090         *
091         * @param disabled
092         */
093        public void setDisabled( boolean disabled )
094        {
095            this.disabled = disabled;
096        }
097    
098    
099        /**
100         * Sets whether the account is locked-out.
101         *
102         * @param lockedOut
103         */
104        public void setLockedOut( boolean lockedOut )
105        {
106            this.lockedOut = lockedOut;
107        }
108    
109    
110        /**
111         * Sets the expiration time.
112         *
113         * @param expiration
114         */
115        public void setExpiration( KerberosTime expiration )
116        {
117            this.expiration = expiration;
118        }
119    
120    
121        /**
122         * Sets the distinguished name (DN).
123         *
124         * @param distinguishedName
125         */
126        public void setDistinguishedName( String distinguishedName )
127        {
128            this.distinguishedName = distinguishedName;
129        }
130    
131    
132        /**
133         * Sets the common name (cn).
134         *
135         * @param commonName
136         */
137        public void setCommonName( String commonName )
138        {
139            this.commonName = commonName;
140        }
141    
142    
143        /**
144         * Sets the user ID.
145         *
146         * @param userId
147         */
148        public void setUserId( String userId )
149        {
150            this.userId = userId;
151        }
152    
153    
154        /**
155         * Sets the KDC flags.
156         *
157         * @param kdcFlags
158         */
159        public void setKDCFlags( int kdcFlags )
160        {
161            this.kdcFlags = kdcFlags;
162        }
163    
164    
165        /**
166         * Sets the key map.
167         *
168         * @param keyMap
169         */
170        public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap )
171        {
172            this.keyMap = keyMap;
173        }
174    
175    
176        /**
177         * Sets the key version number.
178         *
179         * @param keyVersionNumber
180         */
181        public void setKeyVersionNumber( int keyVersionNumber )
182        {
183            this.keyVersionNumber = keyVersionNumber;
184        }
185    
186    
187        /**
188         * Sets the ticket maximum life time.
189         *
190         * @param maxLife
191         */
192        public void setMaxLife( int maxLife )
193        {
194            this.maxLife = maxLife;
195        }
196    
197    
198        /**
199         * Sets the ticket maximum renew time.
200         *
201         * @param maxRenew
202         */
203        public void setMaxRenew( int maxRenew )
204        {
205            this.maxRenew = maxRenew;
206        }
207    
208    
209        /**
210         * Sets the end-of-life for the password.
211         *
212         * @param passwordEnd
213         */
214        public void setPasswordEnd( KerberosTime passwordEnd )
215        {
216            this.passwordEnd = passwordEnd;
217        }
218    
219    
220        /**
221         * Sets the principal.
222         *
223         * @param principal
224         */
225        public void setPrincipal( KerberosPrincipal principal )
226        {
227            this.principal = principal;
228        }
229    
230    
231        /**
232         * Sets the realm.
233         *
234         * @param realmName
235         */
236        public void setRealmName( String realmName )
237        {
238            this.realmName = realmName;
239        }
240    
241    
242        /**
243         * Sets the end of validity.
244         *
245         * @param validEnd
246         */
247        public void setValidEnd( KerberosTime validEnd )
248        {
249            this.validEnd = validEnd;
250        }
251    
252    
253        /**
254         * Sets the start of validity.
255         *
256         * @param validStart
257         */
258        public void setValidStart( KerberosTime validStart )
259        {
260            this.validStart = validStart;
261        }
262    
263    
264        /**
265         * Sets the single-use authentication (SAM) type.
266         *
267         * @param samType
268         */
269        public void setSamType( SamType samType )
270        {
271            this.samType = samType;
272        }
273    
274    
275        /**
276         * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys.
277         *
278         * @param krb5key
279         * @return The map of encryption types to encryption keys.
280         * @throws NamingException
281         * @throws IOException
282         */
283        public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( EntryAttribute krb5key ) throws Exception
284        {
285            Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>();
286    
287            for ( Value<?> val : krb5key )
288            {
289                if ( val instanceof StringValue )
290                {
291                    throw new IllegalStateException( I18n.err( I18n.ERR_626 ) );
292                }
293    
294                byte[] encryptionKeyBytes = val.getBytes();
295                EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( encryptionKeyBytes );
296                map.put( encryptionKey.getKeyType(), encryptionKey );
297            }
298    
299            return map;
300        }
301    }