protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcConfiguration.java - directory-server - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */
 package org.apache.directory.server.kerberos.kdc;


 import java.util.ArrayList;
 import java.util.List;

 import javax.security.auth.kerberos.KerberosPrincipal;

 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.protocol.shared.ServiceConfiguration;


 /**
  * Contains the configuration parameters for the Kerberos protocol provider.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
 public class KdcConfiguration extends ServiceConfiguration
 {
     private static final long serialVersionUID = 522567370475574165L;

     /** The default kdc port */
     private static final int DEFAULT_IP_PORT = 88;

     /** The default kdc search base DN */
     public static final String DEFAULT_SEARCH_BASEDN = "ou=users,dc=example,dc=com";

     /** The default kdc service pid */
     private static final String DEFAULT_PID = "org.apache.directory.server.kerberos";

     /** The default kdc service name */
     private static final String DEFAULT_NAME = "ApacheDS Kerberos Service";

     /** The default kdc service principal */
     private static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";

     /** The default kdc realm */
     private static final String DEFAULT_REALM = "EXAMPLE.COM";

     /** The default allowable clockskew */
     private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * MINUTE;

     /** The default encryption types */
     private static final String[] DEFAULT_ENCRYPTION_TYPES = new String[]
         { "des-cbc-md5" };

     /** The default for allowing empty addresses */
     private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;

     /** The default for requiring encrypted timestamps */
     private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;

     /** The default for the maximum ticket lifetime */
     private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = MINUTE * 1440;

     /** The default for the maximum renewable lifetime */
     private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = MINUTE * 10080;

     /** The default for allowing forwardable tickets */
     private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;

     /** The default for allowing proxiable tickets */
     private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;

     /** The default for allowing postdatable tickets */
     private static final boolean DEFAULT_TGS_POSTDATE_ALLOWED = true;

     /** The default for allowing renewable tickets */
     private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;

     /** The encryption types. */
     private EncryptionType[] encryptionTypes;

     /** The primary realm */
     private String primaryRealm = DEFAULT_REALM;

     /** The service principal name. */
     private String servicePrincipal = DEFAULT_PRINCIPAL;

     /** The allowable clock skew. */
     private long allowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;

     /** Whether pre-authentication by encrypted timestamp is required. */
     private boolean isPaEncTimestampRequired = DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;

     /** The maximum ticket lifetime. */
     private long maximumTicketLifetime = DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;

     /** The maximum renewable lifetime. */
     private long maximumRenewableLifetime = DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;

     /** Whether empty addresses are allowed. */
     private boolean isEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED;

     /** Whether forwardable addresses are allowed. */
     private boolean isForwardableAllowed = DEFAULT_TGS_FORWARDABLE_ALLOWED;

     /** Whether proxiable addresses are allowed. */
     private boolean isProxiableAllowed = DEFAULT_TGS_PROXIABLE_ALLOWED;

     /** Whether postdating is allowed. */
     private boolean isPostdateAllowed = DEFAULT_TGS_POSTDATE_ALLOWED;

     /** Whether renewable tickets are allowed. */
     private boolean isRenewableAllowed = DEFAULT_TGS_RENEWABLE_ALLOWED;


     /**
      * Creates a new instance of KdcConfiguration.
      */
     public KdcConfiguration()
     {
         super.setServiceName( DEFAULT_NAME );
         super.setIpPort( DEFAULT_IP_PORT );
         super.setServicePid( DEFAULT_PID );
         super.setSearchBaseDn( DEFAULT_SEARCH_BASEDN );

         prepareEncryptionTypes();
     }


     /**
      * Returns the allowable clock skew.
      *
      * @return The allowable clock skew.
      */
     public long getAllowableClockSkew()
     {
         return allowableClockSkew;
     }


     /**
      * @return the isEmptyAddressesAllowed
      */
     public boolean isEmptyAddressesAllowed()
     {
         return isEmptyAddressesAllowed;
     }


     /**
      * @return the isForwardableAllowed
      */
     public boolean isForwardableAllowed()
     {
         return isForwardableAllowed;
     }


     /**
      * @return the isPostdateAllowed
      */
     public boolean isPostdateAllowed()
     {
         return isPostdateAllowed;
     }


     /**
      * @return the isProxiableAllowed
      */
     public boolean isProxiableAllowed()
     {
         return isProxiableAllowed;
     }


     /**
      * @return the isRenewableAllowed
      */
     public boolean isRenewableAllowed()
     {
         return isRenewableAllowed;
     }


     /**
      * @return the maximumRenewableLifetime
      */
     public long getMaximumRenewableLifetime()
     {
         return maximumRenewableLifetime;
     }


     /**
      * @return the maximumTicketLifetime
      */
     public long getMaximumTicketLifetime()
     {
         return maximumTicketLifetime;
     }


     /**
      * @param allowableClockSkew the allowableClockSkew to set
      */
     public void setAllowableClockSkew( long allowableClockSkew )
     {
         this.allowableClockSkew = allowableClockSkew;
     }


     /**
      * @param encryptionTypes the encryptionTypes to set
      */
     public void setEncryptionTypes( EncryptionType[] encryptionTypes )
     {
         this.encryptionTypes = encryptionTypes;
     }


     /**
      * @param isEmptyAddressesAllowed the isEmptyAddressesAllowed to set
      */
     public void setEmptyAddressesAllowed( boolean isEmptyAddressesAllowed )
     {
         this.isEmptyAddressesAllowed = isEmptyAddressesAllowed;
     }


     /**
      * @param isForwardableAllowed the isForwardableAllowed to set
      */
     public void setForwardableAllowed( boolean isForwardableAllowed )
     {
         this.isForwardableAllowed = isForwardableAllowed;
     }


     /**
      * @param isPaEncTimestampRequired the isPaEncTimestampRequired to set
      */
     public void setPaEncTimestampRequired( boolean isPaEncTimestampRequired )
     {
         this.isPaEncTimestampRequired = isPaEncTimestampRequired;
     }


     /**
      * @param isPostdateAllowed the isPostdateAllowed to set
      */
     public void setPostdateAllowed( boolean isPostdateAllowed )
     {
         this.isPostdateAllowed = isPostdateAllowed;
     }


     /**
      * @param isProxiableAllowed the isProxiableAllowed to set
      */
     public void setProxiableAllowed( boolean isProxiableAllowed )
     {
         this.isProxiableAllowed = isProxiableAllowed;
     }


     /**
      * @param isRenewableAllowed the isRenewableAllowed to set
      */
     public void setRenewableAllowed( boolean isRenewableAllowed )
     {
         this.isRenewableAllowed = isRenewableAllowed;
     }


     /**
      * @param kdcPrincipal the kdcPrincipal to set
      */
     public void setKdcPrincipal( String kdcPrincipal )
     {
         this.servicePrincipal = kdcPrincipal;
     }


     /**
      * @param maximumRenewableLifetime the maximumRenewableLifetime to set
      */
     public void setMaximumRenewableLifetime( long maximumRenewableLifetime )
     {
         this.maximumRenewableLifetime = maximumRenewableLifetime;
     }


     /**
      * @param maximumTicketLifetime the maximumTicketLifetime to set
      */
     public void setMaximumTicketLifetime( long maximumTicketLifetime )
     {
         this.maximumTicketLifetime = maximumTicketLifetime;
     }


     /**
      * @param primaryRealm the primaryRealm to set
      */
     public void setPrimaryRealm( String primaryRealm )
     {
         this.primaryRealm = primaryRealm;
     }


     /**
      * Returns the primary realm.
      *
      * @return The primary realm.
      */
     public String getPrimaryRealm()
     {
         return primaryRealm;
     }


     /**
      * Returns the service principal for this KDC service.
      *
      * @return The service principal for this KDC service.
      */
     public KerberosPrincipal getServicePrincipal()
     {
         return new KerberosPrincipal( servicePrincipal );
     }


     /**
      * Returns the encryption types.
      *
      * @return The encryption types.
      */
     public EncryptionType[] getEncryptionTypes()
     {
         return encryptionTypes;
     }


     /**
      * Returns whether pre-authentication by encrypted timestamp is required.
      *
      * @return Whether pre-authentication by encrypted timestamp is required.
      */
     public boolean isPaEncTimestampRequired()
     {
         return isPaEncTimestampRequired;
     }


     private void prepareEncryptionTypes()
     {
         String[] encryptionTypeStrings = DEFAULT_ENCRYPTION_TYPES;

         List<EncryptionType> encTypes = new ArrayList<EncryptionType>();

         for ( String enc : encryptionTypeStrings )
         {
         	EncryptionType et = EncryptionType.getByName( enc );

         	if ( et != EncryptionType.UNKNOWN )
         	{
         		encTypes.add( et );
         	}
         }

         encryptionTypes = encTypes.toArray( new EncryptionType[encTypes.size()] );
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.server.kerberos.kdc;


	import java.util.ArrayList;
	import java.util.List;

	import javax.security.auth.kerberos.KerberosPrincipal;

	import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
	import org.apache.directory.server.protocol.shared.ServiceConfiguration;


	/**
	* Contains the configuration parameters for the Kerberos protocol provider.
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	* @version $Rev$, $Date$
	*/
	public class KdcConfiguration extends ServiceConfiguration
	{
	private static final long serialVersionUID = 522567370475574165L;

	/** The default kdc port */
	private static final int DEFAULT_IP_PORT = 88;

	/** The default kdc search base DN */
	public static final String DEFAULT_SEARCH_BASEDN = "ou=users,dc=example,dc=com";

	/** The default kdc service pid */
	private static final String DEFAULT_PID = "org.apache.directory.server.kerberos";

	/** The default kdc service name */
	private static final String DEFAULT_NAME = "ApacheDS Kerberos Service";

	/** The default kdc service principal */
	private static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";

	/** The default kdc realm */
	private static final String DEFAULT_REALM = "EXAMPLE.COM";

	/** The default allowable clockskew */
	private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * MINUTE;

	/** The default encryption types */
	private static final String[] DEFAULT_ENCRYPTION_TYPES = new String[]
	{ "des-cbc-md5" };

	/** The default for allowing empty addresses */
	private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;

	/** The default for requiring encrypted timestamps */
	private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;

	/** The default for the maximum ticket lifetime */
	private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = MINUTE * 1440;

	/** The default for the maximum renewable lifetime */
	private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = MINUTE * 10080;

	/** The default for allowing forwardable tickets */
	private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;

	/** The default for allowing proxiable tickets */
	private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;

	/** The default for allowing postdatable tickets */
	private static final boolean DEFAULT_TGS_POSTDATE_ALLOWED = true;

	/** The default for allowing renewable tickets */
	private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;

	/** The encryption types. */
	private EncryptionType[] encryptionTypes;

	/** The primary realm */
	private String primaryRealm = DEFAULT_REALM;

	/** The service principal name. */
	private String servicePrincipal = DEFAULT_PRINCIPAL;

	/** The allowable clock skew. */
	private long allowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;

	/** Whether pre-authentication by encrypted timestamp is required. */
	private boolean isPaEncTimestampRequired = DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;

	/** The maximum ticket lifetime. */
	private long maximumTicketLifetime = DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;

	/** The maximum renewable lifetime. */
	private long maximumRenewableLifetime = DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;

	/** Whether empty addresses are allowed. */
	private boolean isEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED;

	/** Whether forwardable addresses are allowed. */
	private boolean isForwardableAllowed = DEFAULT_TGS_FORWARDABLE_ALLOWED;

	/** Whether proxiable addresses are allowed. */
	private boolean isProxiableAllowed = DEFAULT_TGS_PROXIABLE_ALLOWED;

	/** Whether postdating is allowed. */
	private boolean isPostdateAllowed = DEFAULT_TGS_POSTDATE_ALLOWED;

	/** Whether renewable tickets are allowed. */
	private boolean isRenewableAllowed = DEFAULT_TGS_RENEWABLE_ALLOWED;


	/**
	* Creates a new instance of KdcConfiguration.
	*/
	public KdcConfiguration()
	{
	super.setServiceName( DEFAULT_NAME );
	super.setIpPort( DEFAULT_IP_PORT );
	super.setServicePid( DEFAULT_PID );
	super.setSearchBaseDn( DEFAULT_SEARCH_BASEDN );

	prepareEncryptionTypes();
	}


	/**
	* Returns the allowable clock skew.
	*
	* @return The allowable clock skew.
	*/
	public long getAllowableClockSkew()
	{
	return allowableClockSkew;
	}


	/**
	* @return the isEmptyAddressesAllowed
	*/
	public boolean isEmptyAddressesAllowed()
	{
	return isEmptyAddressesAllowed;
	}


	/**
	* @return the isForwardableAllowed
	*/
	public boolean isForwardableAllowed()
	{
	return isForwardableAllowed;
	}


	/**
	* @return the isPostdateAllowed
	*/
	public boolean isPostdateAllowed()
	{
	return isPostdateAllowed;
	}


	/**
	* @return the isProxiableAllowed
	*/
	public boolean isProxiableAllowed()
	{
	return isProxiableAllowed;
	}


	/**
	* @return the isRenewableAllowed
	*/
	public boolean isRenewableAllowed()
	{
	return isRenewableAllowed;
	}


	/**
	* @return the maximumRenewableLifetime
	*/
	public long getMaximumRenewableLifetime()
	{
	return maximumRenewableLifetime;
	}


	/**
	* @return the maximumTicketLifetime
	*/
	public long getMaximumTicketLifetime()
	{
	return maximumTicketLifetime;
	}


	/**
	* @param allowableClockSkew the allowableClockSkew to set
	*/
	public void setAllowableClockSkew( long allowableClockSkew )
	{
	this.allowableClockSkew = allowableClockSkew;
	}


	/**
	* @param encryptionTypes the encryptionTypes to set
	*/
	public void setEncryptionTypes( EncryptionType[] encryptionTypes )
	{
	this.encryptionTypes = encryptionTypes;
	}


	/**
	* @param isEmptyAddressesAllowed the isEmptyAddressesAllowed to set
	*/
	public void setEmptyAddressesAllowed( boolean isEmptyAddressesAllowed )
	{
	this.isEmptyAddressesAllowed = isEmptyAddressesAllowed;
	}


	/**
	* @param isForwardableAllowed the isForwardableAllowed to set
	*/
	public void setForwardableAllowed( boolean isForwardableAllowed )
	{
	this.isForwardableAllowed = isForwardableAllowed;
	}


	/**
	* @param isPaEncTimestampRequired the isPaEncTimestampRequired to set
	*/
	public void setPaEncTimestampRequired( boolean isPaEncTimestampRequired )
	{
	this.isPaEncTimestampRequired = isPaEncTimestampRequired;
	}


	/**
	* @param isPostdateAllowed the isPostdateAllowed to set
	*/
	public void setPostdateAllowed( boolean isPostdateAllowed )
	{
	this.isPostdateAllowed = isPostdateAllowed;
	}


	/**
	* @param isProxiableAllowed the isProxiableAllowed to set
	*/
	public void setProxiableAllowed( boolean isProxiableAllowed )
	{
	this.isProxiableAllowed = isProxiableAllowed;
	}


	/**
	* @param isRenewableAllowed the isRenewableAllowed to set
	*/
	public void setRenewableAllowed( boolean isRenewableAllowed )
	{
	this.isRenewableAllowed = isRenewableAllowed;
	}


	/**
	* @param kdcPrincipal the kdcPrincipal to set
	*/
	public void setKdcPrincipal( String kdcPrincipal )
	{
	this.servicePrincipal = kdcPrincipal;
	}


	/**
	* @param maximumRenewableLifetime the maximumRenewableLifetime to set
	*/
	public void setMaximumRenewableLifetime( long maximumRenewableLifetime )
	{
	this.maximumRenewableLifetime = maximumRenewableLifetime;
	}


	/**
	* @param maximumTicketLifetime the maximumTicketLifetime to set
	*/
	public void setMaximumTicketLifetime( long maximumTicketLifetime )
	{
	this.maximumTicketLifetime = maximumTicketLifetime;
	}


	/**
	* @param primaryRealm the primaryRealm to set
	*/
	public void setPrimaryRealm( String primaryRealm )
	{
	this.primaryRealm = primaryRealm;
	}


	/**
	* Returns the primary realm.
	*
	* @return The primary realm.
	*/
	public String getPrimaryRealm()
	{
	return primaryRealm;
	}


	/**
	* Returns the service principal for this KDC service.
	*
	* @return The service principal for this KDC service.
	*/
	public KerberosPrincipal getServicePrincipal()
	{
	return new KerberosPrincipal( servicePrincipal );
	}


	/**
	* Returns the encryption types.
	*
	* @return The encryption types.
	*/
	public EncryptionType[] getEncryptionTypes()
	{
	return encryptionTypes;
	}


	/**
	* Returns whether pre-authentication by encrypted timestamp is required.
	*
	* @return Whether pre-authentication by encrypted timestamp is required.
	*/
	public boolean isPaEncTimestampRequired()
	{
	return isPaEncTimestampRequired;
	}


	private void prepareEncryptionTypes()
	{
	String[] encryptionTypeStrings = DEFAULT_ENCRYPTION_TYPES;

	List<EncryptionType> encTypes = new ArrayList<EncryptionType>();

	for ( String enc : encryptionTypeStrings )
	{
	EncryptionType et = EncryptionType.getByName( enc );

	if ( et != EncryptionType.UNKNOWN )
	{
	encTypes.add( et );
	}
	}

	encryptionTypes = encTypes.toArray( new EncryptionType[encTypes.size()] );
	}
	}