Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.kerberos.shared.store;
021
022
023import java.util.HashMap;
024import java.util.Map;
025
026import javax.security.auth.kerberos.KerberosPrincipal;
027
028import org.apache.directory.api.ldap.model.entry.Attribute;
029import org.apache.directory.api.ldap.model.entry.Value;
030import org.apache.directory.server.i18n.I18n;
031import org.apache.directory.shared.kerberos.KerberosTime;
032import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
033import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
034import org.apache.directory.shared.kerberos.codec.types.SamType;
035import org.apache.directory.shared.kerberos.components.EncryptionKey;
036import org.apache.directory.shared.kerberos.exceptions.KerberosException;
037
038
039/**
040 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
041 */
042public class PrincipalStoreEntryModifier
043{
044    // principal
045    private String distinguishedName;
046    private KerberosPrincipal principal;
047
048    // KDCEntry
049    // must
050    private int keyVersionNumber;
051    // may
052    private SamType samType;
053
054    private boolean disabled = false;
055    private boolean lockedOut = false;
056    private KerberosTime expiration = KerberosTime.INFINITY;
057
058    private Map<EncryptionType, EncryptionKey> keyMap;
059
060
061    /**
062     * Returns the {@link PrincipalStoreEntry}.
063     *
064     * @return The {@link PrincipalStoreEntry}.
065     */
066    public PrincipalStoreEntry getEntry()
067    {
068        return new PrincipalStoreEntry( distinguishedName, principal, keyVersionNumber,
069            keyMap, samType, disabled, lockedOut, expiration );
070    }
071
072
073    /**
074     * Sets whether the account is disabled.
075     *
076     * @param disabled
077     */
078    public void setDisabled( boolean disabled )
079    {
080        this.disabled = disabled;
081    }
082
083
084    /**
085     * Sets whether the account is locked-out.
086     *
087     * @param lockedOut
088     */
089    public void setLockedOut( boolean lockedOut )
090    {
091        this.lockedOut = lockedOut;
092    }
093
094
095    /**
096     * Sets the expiration time.
097     *
098     * @param expiration
099     */
100    public void setExpiration( KerberosTime expiration )
101    {
102        this.expiration = expiration;
103    }
104
105
106    /**
107     * Sets the distinguished name (Dn).
108     *
109     * @param distinguishedName
110     */
111    public void setDistinguishedName( String distinguishedName )
112    {
113        this.distinguishedName = distinguishedName;
114    }
115
116
117    /**
118     * Sets the key map.
119     *
120     * @param keyMap
121     */
122    public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap )
123    {
124        this.keyMap = keyMap;
125    }
126
127
128    /**
129     * Sets the key version number.
130     *
131     * @param keyVersionNumber
132     */
133    public void setKeyVersionNumber( int keyVersionNumber )
134    {
135        this.keyVersionNumber = keyVersionNumber;
136    }
137
138
139    /**
140     * Sets the principal.
141     *
142     * @param principal
143     */
144    public void setPrincipal( KerberosPrincipal principal )
145    {
146        this.principal = principal;
147    }
148
149
150    /**
151     * Sets the single-use authentication (SAM) type.
152     *
153     * @param samType
154     */
155    public void setSamType( SamType samType )
156    {
157        this.samType = samType;
158    }
159
160
161    /**
162     * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys.
163     *
164     * @param krb5key
165     * @return The map of encryption types to encryption keys.
166     * @throws KerberosException If the key cannot be converted to a map
167     */
168    public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) 
169            throws KerberosException
170    {
171        Map<EncryptionType, EncryptionKey> map = new HashMap<>();
172
173        for ( Value val : krb5key )
174        {
175            if ( val.isHumanReadable() )
176            {
177                throw new IllegalStateException( I18n.err( I18n.ERR_626 ) );
178            }
179
180            byte[] encryptionKeyBytes = val.getBytes();
181            EncryptionKey encryptionKey = KerberosDecoder.decodeEncryptionKey( encryptionKeyBytes );
182            map.put( encryptionKey.getKeyType(), encryptionKey );
183        }
184
185        return map;
186    }
187}