001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.kerberos.shared.store; 021 022 023import java.util.HashMap; 024import java.util.Map; 025 026import javax.security.auth.kerberos.KerberosPrincipal; 027 028import org.apache.directory.api.ldap.model.entry.Attribute; 029import org.apache.directory.api.ldap.model.entry.Value; 030import org.apache.directory.server.i18n.I18n; 031import org.apache.directory.shared.kerberos.KerberosTime; 032import org.apache.directory.shared.kerberos.codec.KerberosDecoder; 033import org.apache.directory.shared.kerberos.codec.types.EncryptionType; 034import org.apache.directory.shared.kerberos.codec.types.SamType; 035import org.apache.directory.shared.kerberos.components.EncryptionKey; 036import org.apache.directory.shared.kerberos.exceptions.KerberosException; 037 038 039/** 040 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 041 */ 042public class PrincipalStoreEntryModifier 043{ 044 // principal 045 private String distinguishedName; 046 private String commonName; 047 private KerberosPrincipal principal; 048 private String realmName; 049 050 // uidObject 051 private String userId; 052 053 // KDCEntry 054 // must 055 private int keyVersionNumber; 056 // may 057 private KerberosTime validStart; 058 private KerberosTime validEnd; 059 private KerberosTime passwordEnd; 060 private int maxLife; 061 private int maxRenew; 062 private int kdcFlags; 063 private SamType samType; 064 065 private boolean disabled = false; 066 private boolean lockedOut = false; 067 private KerberosTime expiration = KerberosTime.INFINITY; 068 069 private Map<EncryptionType, EncryptionKey> keyMap; 070 071 072 /** 073 * Returns the {@link PrincipalStoreEntry}. 074 * 075 * @return The {@link PrincipalStoreEntry}. 076 */ 077 public PrincipalStoreEntry getEntry() 078 { 079 return new PrincipalStoreEntry( distinguishedName, commonName, userId, principal, keyVersionNumber, validStart, 080 validEnd, passwordEnd, maxLife, maxRenew, kdcFlags, keyMap, realmName, samType, disabled, lockedOut, 081 expiration ); 082 } 083 084 085 /** 086 * Sets whether the account is disabled. 087 * 088 * @param disabled 089 */ 090 public void setDisabled( boolean disabled ) 091 { 092 this.disabled = disabled; 093 } 094 095 096 /** 097 * Sets whether the account is locked-out. 098 * 099 * @param lockedOut 100 */ 101 public void setLockedOut( boolean lockedOut ) 102 { 103 this.lockedOut = lockedOut; 104 } 105 106 107 /** 108 * Sets the expiration time. 109 * 110 * @param expiration 111 */ 112 public void setExpiration( KerberosTime expiration ) 113 { 114 this.expiration = expiration; 115 } 116 117 118 /** 119 * Sets the distinguished name (Dn). 120 * 121 * @param distinguishedName 122 */ 123 public void setDistinguishedName( String distinguishedName ) 124 { 125 this.distinguishedName = distinguishedName; 126 } 127 128 129 /** 130 * Sets the common name (cn). 131 * 132 * @param commonName 133 */ 134 public void setCommonName( String commonName ) 135 { 136 this.commonName = commonName; 137 } 138 139 140 /** 141 * Sets the user ID. 142 * 143 * @param userId 144 */ 145 public void setUserId( String userId ) 146 { 147 this.userId = userId; 148 } 149 150 151 /** 152 * Sets the KDC flags. 153 * 154 * @param kdcFlags 155 */ 156 public void setKDCFlags( int kdcFlags ) 157 { 158 this.kdcFlags = kdcFlags; 159 } 160 161 162 /** 163 * Sets the key map. 164 * 165 * @param keyMap 166 */ 167 public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap ) 168 { 169 this.keyMap = keyMap; 170 } 171 172 173 /** 174 * Sets the key version number. 175 * 176 * @param keyVersionNumber 177 */ 178 public void setKeyVersionNumber( int keyVersionNumber ) 179 { 180 this.keyVersionNumber = keyVersionNumber; 181 } 182 183 184 /** 185 * Sets the ticket maximum life time. 186 * 187 * @param maxLife 188 */ 189 public void setMaxLife( int maxLife ) 190 { 191 this.maxLife = maxLife; 192 } 193 194 195 /** 196 * Sets the ticket maximum renew time. 197 * 198 * @param maxRenew 199 */ 200 public void setMaxRenew( int maxRenew ) 201 { 202 this.maxRenew = maxRenew; 203 } 204 205 206 /** 207 * Sets the end-of-life for the password. 208 * 209 * @param passwordEnd 210 */ 211 public void setPasswordEnd( KerberosTime passwordEnd ) 212 { 213 this.passwordEnd = passwordEnd; 214 } 215 216 217 /** 218 * Sets the principal. 219 * 220 * @param principal 221 */ 222 public void setPrincipal( KerberosPrincipal principal ) 223 { 224 this.principal = principal; 225 } 226 227 228 /** 229 * Sets the realm. 230 * 231 * @param realmName 232 */ 233 public void setRealmName( String realmName ) 234 { 235 this.realmName = realmName; 236 } 237 238 239 /** 240 * Sets the end of validity. 241 * 242 * @param validEnd 243 */ 244 public void setValidEnd( KerberosTime validEnd ) 245 { 246 this.validEnd = validEnd; 247 } 248 249 250 /** 251 * Sets the start of validity. 252 * 253 * @param validStart 254 */ 255 public void setValidStart( KerberosTime validStart ) 256 { 257 this.validStart = validStart; 258 } 259 260 261 /** 262 * Sets the single-use authentication (SAM) type. 263 * 264 * @param samType 265 */ 266 public void setSamType( SamType samType ) 267 { 268 this.samType = samType; 269 } 270 271 272 /** 273 * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys. 274 * 275 * @param krb5key 276 * @return The map of encryption types to encryption keys. 277 * @throws KerberosException If the key cannot be converted to a map 278 */ 279 public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) 280 throws KerberosException 281 { 282 Map<EncryptionType, EncryptionKey> map = new HashMap<>(); 283 284 for ( Value val : krb5key ) 285 { 286 if ( val.isHumanReadable() ) 287 { 288 throw new IllegalStateException( I18n.err( I18n.ERR_626 ) ); 289 } 290 291 byte[] encryptionKeyBytes = val.getBytes(); 292 EncryptionKey encryptionKey = KerberosDecoder.decodeEncryptionKey( encryptionKeyBytes ); 293 map.put( encryptionKey.getKeyType(), encryptionKey ); 294 } 295 296 return map; 297 } 298}