Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.kerberos.shared.store;
021
022
023import java.util.HashMap;
024import java.util.Map;
025
026import javax.security.auth.kerberos.KerberosPrincipal;
027
028import org.apache.directory.api.ldap.model.entry.Attribute;
029import org.apache.directory.api.ldap.model.entry.Value;
030import org.apache.directory.server.i18n.I18n;
031import org.apache.directory.shared.kerberos.KerberosTime;
032import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
033import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
034import org.apache.directory.shared.kerberos.codec.types.SamType;
035import org.apache.directory.shared.kerberos.components.EncryptionKey;
036import org.apache.directory.shared.kerberos.exceptions.KerberosException;
037
038
039/**
040 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
041 */
042public class PrincipalStoreEntryModifier
043{
044    // principal
045    private String distinguishedName;
046    private String commonName;
047    private KerberosPrincipal principal;
048    private String realmName;
049
050    // uidObject
051    private String userId;
052
053    // KDCEntry
054    // must
055    private int keyVersionNumber;
056    // may
057    private KerberosTime validStart;
058    private KerberosTime validEnd;
059    private KerberosTime passwordEnd;
060    private int maxLife;
061    private int maxRenew;
062    private int kdcFlags;
063    private SamType samType;
064
065    private boolean disabled = false;
066    private boolean lockedOut = false;
067    private KerberosTime expiration = KerberosTime.INFINITY;
068
069    private Map<EncryptionType, EncryptionKey> keyMap;
070
071
072    /**
073     * Returns the {@link PrincipalStoreEntry}.
074     *
075     * @return The {@link PrincipalStoreEntry}.
076     */
077    public PrincipalStoreEntry getEntry()
078    {
079        return new PrincipalStoreEntry( distinguishedName, commonName, userId, principal, keyVersionNumber, validStart,
080            validEnd, passwordEnd, maxLife, maxRenew, kdcFlags, keyMap, realmName, samType, disabled, lockedOut,
081            expiration );
082    }
083
084
085    /**
086     * Sets whether the account is disabled.
087     *
088     * @param disabled
089     */
090    public void setDisabled( boolean disabled )
091    {
092        this.disabled = disabled;
093    }
094
095
096    /**
097     * Sets whether the account is locked-out.
098     *
099     * @param lockedOut
100     */
101    public void setLockedOut( boolean lockedOut )
102    {
103        this.lockedOut = lockedOut;
104    }
105
106
107    /**
108     * Sets the expiration time.
109     *
110     * @param expiration
111     */
112    public void setExpiration( KerberosTime expiration )
113    {
114        this.expiration = expiration;
115    }
116
117
118    /**
119     * Sets the distinguished name (Dn).
120     *
121     * @param distinguishedName
122     */
123    public void setDistinguishedName( String distinguishedName )
124    {
125        this.distinguishedName = distinguishedName;
126    }
127
128
129    /**
130     * Sets the common name (cn).
131     *
132     * @param commonName
133     */
134    public void setCommonName( String commonName )
135    {
136        this.commonName = commonName;
137    }
138
139
140    /**
141     * Sets the user ID.
142     *
143     * @param userId
144     */
145    public void setUserId( String userId )
146    {
147        this.userId = userId;
148    }
149
150
151    /**
152     * Sets the KDC flags.
153     *
154     * @param kdcFlags
155     */
156    public void setKDCFlags( int kdcFlags )
157    {
158        this.kdcFlags = kdcFlags;
159    }
160
161
162    /**
163     * Sets the key map.
164     *
165     * @param keyMap
166     */
167    public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap )
168    {
169        this.keyMap = keyMap;
170    }
171
172
173    /**
174     * Sets the key version number.
175     *
176     * @param keyVersionNumber
177     */
178    public void setKeyVersionNumber( int keyVersionNumber )
179    {
180        this.keyVersionNumber = keyVersionNumber;
181    }
182
183
184    /**
185     * Sets the ticket maximum life time.
186     *
187     * @param maxLife
188     */
189    public void setMaxLife( int maxLife )
190    {
191        this.maxLife = maxLife;
192    }
193
194
195    /**
196     * Sets the ticket maximum renew time.
197     *
198     * @param maxRenew
199     */
200    public void setMaxRenew( int maxRenew )
201    {
202        this.maxRenew = maxRenew;
203    }
204
205
206    /**
207     * Sets the end-of-life for the password.
208     *
209     * @param passwordEnd
210     */
211    public void setPasswordEnd( KerberosTime passwordEnd )
212    {
213        this.passwordEnd = passwordEnd;
214    }
215
216
217    /**
218     * Sets the principal.
219     *
220     * @param principal
221     */
222    public void setPrincipal( KerberosPrincipal principal )
223    {
224        this.principal = principal;
225    }
226
227
228    /**
229     * Sets the realm.
230     *
231     * @param realmName
232     */
233    public void setRealmName( String realmName )
234    {
235        this.realmName = realmName;
236    }
237
238
239    /**
240     * Sets the end of validity.
241     *
242     * @param validEnd
243     */
244    public void setValidEnd( KerberosTime validEnd )
245    {
246        this.validEnd = validEnd;
247    }
248
249
250    /**
251     * Sets the start of validity.
252     *
253     * @param validStart
254     */
255    public void setValidStart( KerberosTime validStart )
256    {
257        this.validStart = validStart;
258    }
259
260
261    /**
262     * Sets the single-use authentication (SAM) type.
263     *
264     * @param samType
265     */
266    public void setSamType( SamType samType )
267    {
268        this.samType = samType;
269    }
270
271
272    /**
273     * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys.
274     *
275     * @param krb5key
276     * @return The map of encryption types to encryption keys.
277     * @throws KerberosException If the key cannot be converted to a map
278     */
279    public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) 
280            throws KerberosException
281    {
282        Map<EncryptionType, EncryptionKey> map = new HashMap<>();
283
284        for ( Value val : krb5key )
285        {
286            if ( val.isHumanReadable() )
287            {
288                throw new IllegalStateException( I18n.err( I18n.ERR_626 ) );
289            }
290
291            byte[] encryptionKeyBytes = val.getBytes();
292            EncryptionKey encryptionKey = KerberosDecoder.decodeEncryptionKey( encryptionKeyBytes );
293            map.put( encryptionKey.getKeyType(), encryptionKey );
294        }
295
296        return map;
297    }
298}