001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.config.beans; 021 022 023import java.util.ArrayList; 024import java.util.List; 025 026import org.apache.directory.server.config.ConfigurationElement; 027 028 029/** 030 * A class used to store the KdcServer configuration. 031 * 032 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 033 */ 034public class KdcServerBean extends DSBasedServerBean 035{ 036 /** The default allowable clockskew */ 037 private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5L * 60000L; 038 039 /** The default for allowing empty addresses */ 040 private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true; 041 042 /** The default for allowing forwardable tickets */ 043 private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true; 044 045 /** The default for requiring encrypted timestamps */ 046 private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true; 047 048 /** The default for allowing postdated tickets */ 049 private static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true; 050 051 /** The default for allowing proxiable tickets */ 052 private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true; 053 054 /** The default for allowing renewable tickets */ 055 private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true; 056 057 /** The default for the maximum renewable lifetime */ 058 private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 60000 * 10080; 059 060 /** The default for the maximum ticket lifetime */ 061 private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 60000 * 1440; 062 063 /** The default kdc realm */ 064 private static final String DEFAULT_REALM = "EXAMPLE.COM"; 065 066 /** The default for verifying the body checksum */ 067 private static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true; 068 069 /** The allowable clock skew. */ 070 @ConfigurationElement(attributeType = "ads-krbAllowableClockSkew") 071 private long krbAllowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW; 072 073 /** Whether empty addresses are allowed. */ 074 @ConfigurationElement(attributeType = "ads-krbEmptyAddressesAllowed") 075 private boolean krbEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED; 076 077 /** Whether forwardable addresses are allowed. */ 078 @ConfigurationElement(attributeType = "ads-krbForwardableAllowed") 079 private boolean krbForwardableAllowed = DEFAULT_TGS_FORWARDABLE_ALLOWED; 080 081 /** Whether pre-authentication by encrypted timestamp is required. */ 082 @ConfigurationElement(attributeType = "ads-krbPAEncTimestampRequired") 083 private boolean krbPAEncTimestampRequired = DEFAULT_PA_ENC_TIMESTAMP_REQUIRED; 084 085 /** Whether postdated tickets are allowed. */ 086 @ConfigurationElement(attributeType = "ads-krbPostdatedAllowed") 087 private boolean krbPostdatedAllowed = DEFAULT_TGS_POSTDATED_ALLOWED; 088 089 /** Whether proxiable addresses are allowed. */ 090 @ConfigurationElement(attributeType = "ads-krbProxiableAllowed") 091 private boolean krbProxiableAllowed = DEFAULT_TGS_PROXIABLE_ALLOWED; 092 093 /** Whether renewable tickets are allowed. */ 094 @ConfigurationElement(attributeType = "ads-krbRenewableAllowed") 095 private boolean krbRenewableAllowed = DEFAULT_TGS_RENEWABLE_ALLOWED; 096 097 /** The maximum renewable lifetime. */ 098 @ConfigurationElement(attributeType = "ads-krbMaximumRenewableLifetime") 099 private long krbMaximumRenewableLifetime = DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME; 100 101 /** The maximum ticket lifetime. */ 102 @ConfigurationElement(attributeType = "ads-krbMaximumTicketLifetime") 103 private long krbMaximumTicketLifetime = DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME; 104 105 /** The primary realm */ 106 @ConfigurationElement(attributeType = "ads-krbPrimaryRealm") 107 private String krbPrimaryRealm = DEFAULT_REALM; 108 109 /** Whether to verify the body checksum. */ 110 @ConfigurationElement(attributeType = "ads-krbBodyChecksumVerified") 111 private boolean krbBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM; 112 113 /** The encryption types. */ 114 @ConfigurationElement(attributeType = "ads-krbEncryptionTypes") 115 private List<String> krbEncryptionTypes = new ArrayList<>(); 116 117 118 /** 119 * Create a new KdcServerBean instance 120 */ 121 public KdcServerBean() 122 { 123 super(); 124 125 // Enabled by default 126 setEnabled( true ); 127 } 128 129 130 /** 131 * Returns the allowable clock skew. 132 * 133 * @return The allowable clock skew. 134 */ 135 public long getKrbAllowableClockSkew() 136 { 137 return krbAllowableClockSkew; 138 } 139 140 141 /** 142 * @param krbAllowableClockSkew the allowableClockSkew to set 143 */ 144 public void setKrbAllowableClockSkew( long krbAllowableClockSkew ) 145 { 146 this.krbAllowableClockSkew = krbAllowableClockSkew; 147 } 148 149 150 /** 151 * Returns the encryption types. 152 * 153 * @return The encryption types. 154 */ 155 public List<String> getKrbEncryptionTypes() 156 { 157 return krbEncryptionTypes; 158 } 159 160 161 /** 162 * Initialize the encryptionTypes set 163 * 164 * @param krbEncryptionTypes the encryptionTypes to set 165 */ 166 public void addKrbEncryptionTypes( String... krbEncryptionTypes ) 167 { 168 for ( String encryptionType : krbEncryptionTypes ) 169 { 170 this.krbEncryptionTypes.add( encryptionType ); 171 } 172 } 173 174 175 /** 176 * @return the isEmptyAddressesAllowed 177 */ 178 public boolean isKrbEmptyAddressesAllowed() 179 { 180 return krbEmptyAddressesAllowed; 181 } 182 183 184 /** 185 * @param krbEmptyAddressesAllowed the krbEmptyAddressesAllowed to set 186 */ 187 public void setKrbEmptyAddressesAllowed( boolean krbEmptyAddressesAllowed ) 188 { 189 this.krbEmptyAddressesAllowed = krbEmptyAddressesAllowed; 190 } 191 192 193 /** 194 * @return the krbForwardableAllowed 195 */ 196 public boolean isKrbForwardableAllowed() 197 { 198 return krbForwardableAllowed; 199 } 200 201 202 /** 203 * @param krbForwardableAllowed the krbForwardableAllowed to set 204 */ 205 public void setKrbForwardableAllowed( boolean krbForwardableAllowed ) 206 { 207 this.krbForwardableAllowed = krbForwardableAllowed; 208 } 209 210 211 /** 212 * Returns whether pre-authentication by encrypted timestamp is required. 213 * 214 * @return Whether pre-authentication by encrypted timestamp is required. 215 */ 216 public boolean isKrbPaEncTimestampRequired() 217 { 218 return krbPAEncTimestampRequired; 219 } 220 221 222 /** 223 * @param krbPaEncTimestampRequired the krbPaEncTimestampRequired to set 224 */ 225 public void setKrbPaEncTimestampRequired( boolean krbPaEncTimestampRequired ) 226 { 227 this.krbPAEncTimestampRequired = krbPaEncTimestampRequired; 228 } 229 230 231 /** 232 * @return the krbPostdatedAllowed 233 */ 234 public boolean isKrbPostdatedAllowed() 235 { 236 return krbPostdatedAllowed; 237 } 238 239 240 /** 241 * @param krbPostdatedAllowed the krbPostdatedAllowed to set 242 */ 243 public void setKrbPostdatedAllowed( boolean krbPostdatedAllowed ) 244 { 245 this.krbPostdatedAllowed = krbPostdatedAllowed; 246 } 247 248 249 /** 250 * @return the krbProxiableAllowed 251 */ 252 public boolean isKrbProxiableAllowed() 253 { 254 return krbProxiableAllowed; 255 } 256 257 258 /** 259 * @param krbProxiableAllowed the krbProxiableAllowed to set 260 */ 261 public void setKrbProxiableAllowed( boolean krbProxiableAllowed ) 262 { 263 this.krbProxiableAllowed = krbProxiableAllowed; 264 } 265 266 267 /** 268 * @return the krbRenewableAllowed 269 */ 270 public boolean isKrbRenewableAllowed() 271 { 272 return krbRenewableAllowed; 273 } 274 275 276 /** 277 * @param krbRenewableAllowed the krbRenewableAllowed to set 278 */ 279 public void setKrbRenewableAllowed( boolean krbRenewableAllowed ) 280 { 281 this.krbRenewableAllowed = krbRenewableAllowed; 282 } 283 284 285 /** 286 * @return the krbMaximumRenewableLifetime 287 */ 288 public long getKrbMaximumRenewableLifetime() 289 { 290 return krbMaximumRenewableLifetime; 291 } 292 293 294 /** 295 * @param krbMaximumRenewableLifetime the krbMaximumRenewableLifetime to set 296 */ 297 public void setKrbMaximumRenewableLifetime( long krbMaximumRenewableLifetime ) 298 { 299 this.krbMaximumRenewableLifetime = krbMaximumRenewableLifetime; 300 } 301 302 303 /** 304 * @return the krbMaximumTicketLifetime 305 */ 306 public long getKrbMaximumTicketLifetime() 307 { 308 return krbMaximumTicketLifetime; 309 } 310 311 312 /** 313 * @param krbMaximumTicketLifetime the krbMaximumTicketLifetime to set 314 */ 315 public void setKrbMaximumTicketLifetime( long krbMaximumTicketLifetime ) 316 { 317 this.krbMaximumTicketLifetime = krbMaximumTicketLifetime; 318 } 319 320 321 /** 322 * Returns the primary realm. 323 * 324 * @return The primary realm. 325 */ 326 public String getKrbPrimaryRealm() 327 { 328 return krbPrimaryRealm; 329 } 330 331 332 /** 333 * @param krbPrimaryRealm the krbPrimaryRealm to set 334 */ 335 public void setKrbPrimaryRealm( String krbPrimaryRealm ) 336 { 337 this.krbPrimaryRealm = krbPrimaryRealm; 338 } 339 340 341 /** 342 * @return the krbBodyChecksumVerified 343 */ 344 public boolean isKrbBodyChecksumVerified() 345 { 346 return krbBodyChecksumVerified; 347 } 348 349 350 /** 351 * @param krbBodyChecksumVerified the krbBodyChecksumVerified to set 352 */ 353 public void setKrbBodyChecksumVerified( boolean krbBodyChecksumVerified ) 354 { 355 this.krbBodyChecksumVerified = krbBodyChecksumVerified; 356 } 357 358 359 /** 360 * {@inheritDoc} 361 */ 362 @Override 363 public String toString( String tabs ) 364 { 365 StringBuilder sb = new StringBuilder(); 366 367 sb.append( tabs ).append( "KDCServer :\n" ); 368 sb.append( super.toString( tabs + " " ) ); 369 sb.append( toString( tabs, " body checksum verified", krbBodyChecksumVerified ) ); 370 sb.append( toString( tabs, " empty address alowed", krbEmptyAddressesAllowed ) ); 371 sb.append( toString( tabs, " forwardable allowed", krbForwardableAllowed ) ); 372 sb.append( toString( tabs, " PA encode timestamp required", krbPAEncTimestampRequired ) ); 373 sb.append( toString( tabs, " postdated allowed", krbPostdatedAllowed ) ); 374 sb.append( toString( tabs, " proxiable allowed", krbProxiableAllowed ) ); 375 sb.append( toString( tabs, " renew allowed", krbRenewableAllowed ) ); 376 sb.append( toString( tabs, " allowable clock skew", krbAllowableClockSkew ) ); 377 sb.append( toString( tabs, " KDC principal", "krbtgt/" + krbPrimaryRealm + "@" + krbPrimaryRealm ) ); 378 sb.append( toString( tabs, " maximum renewable lifetime", krbMaximumRenewableLifetime ) ); 379 sb.append( toString( tabs, " maximum ticket lifetime", krbMaximumTicketLifetime ) ); 380 sb.append( toString( tabs, " primary realm", krbPrimaryRealm ) ); 381 382 if ( ( krbEncryptionTypes != null ) && !krbEncryptionTypes.isEmpty() ) 383 { 384 sb.append( tabs ).append( " encryption types :\n" ); 385 386 for ( String encryptionType : krbEncryptionTypes ) 387 { 388 sb.append( toString( tabs, " encryption type", encryptionType ) ); 389 } 390 } 391 392 return sb.toString(); 393 } 394 395 396 /** 397 * {@inheritDoc} 398 */ 399 @Override 400 public String toString() 401 { 402 return toString( "" ); 403 } 404}