/**
* Export all the keys of the specified identity into the keytab.
*
* @param keytab The keytab
* @param identity The identity
* @throws KrbException
*/
static void exportToKeytab(Keytab keytab, KrbIdentity identity) throws KrbException {
// Add principal to keytab.
PrincipalName principal = identity.getPrincipal();
KerberosTime timestamp = KerberosTime.now();
for (EncryptionType encType : identity.getKeys().keySet()) {
EncryptionKey ekey = identity.getKeys().get(encType);
int keyVersion = ekey.getKvno();
keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
}
}
/**
* Create principal.
*
* @param principal The principal name to be created
* @param kOptions The KOptions with principal info
*/
static KrbIdentity createIdentity(String principal, KOptions kOptions) throws KrbException {
KrbIdentity kid = new KrbIdentity(principal);
kid.setCreatedTime(KerberosTime.now());
if (kOptions.contains(KadminOption.EXPIRE)) {
Date date = kOptions.getDateOption(KadminOption.EXPIRE);
kid.setExpireTime(new KerberosTime(date.getTime()));
} else {
kid.setExpireTime(new KerberosTime(253402300799900L));
}
if (kOptions.contains(KadminOption.KVNO)) {
kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO));
} else {
kid.setKeyVersion(1);
}
kid.setDisabled(false);
kid.setLocked(false);
return kid;
}
/** * A class to represent a kerberos identity. * * @author <a href="mailto:[email protected]">Apache Directory Project</a> */ public class KrbIdentity { /** the principal */ private PrincipalName principal; /** the key version */ private int keyVersion = 1; /** KDC flags */ private int kdcFlags = 0; /** flag to indicate if this identity was disabled */ private boolean disabled; /** flag to indicate if this identity was locked */ private boolean locked; /** the expiration time of the identity, default set to never expire */ private KerberosTime expireTime = KerberosTime.NEVER; /** the creation time of the identity */ private KerberosTime createdTime = KerberosTime.now(); /** the keys associated with this identity */ private Map<EncryptionType, EncryptionKey> keys = new HashMap<EncryptionType, EncryptionKey>(); public KrbIdentity(String principalName) { this.principal = new PrincipalName(principalName); } public String getPrincipalName() { return principal.getName(); } public void setPrincipalName(String newPrincipalName) { principal = new PrincipalName(newPrincipalName); } public PrincipalName getPrincipal() { return principal; } public void setPrincipal(PrincipalName principal) { this.principal = principal; } public KerberosTime getExpireTime() { return expireTime; } public void setExpireTime(KerberosTime expireTime) { this.expireTime = expireTime; } public KerberosTime getCreatedTime() { return createdTime; } public void setCreatedTime(KerberosTime createdTime) { this.createdTime = createdTime; } public boolean isDisabled() { return disabled; } public void setDisabled(boolean disabled) { this.disabled = disabled; } public boolean isLocked() { return locked; } public void setLocked(boolean locked) { this.locked = locked; } public void addKey(EncryptionKey encKey) { keys.put(encKey.getKeyType(), encKey); } public void addKeys(List<EncryptionKey> encKeys) { for (EncryptionKey key : encKeys) { keys.put(key.getKeyType(), key); } } public Map<EncryptionType, EncryptionKey> getKeys() { return keys; } public EncryptionKey getKey(EncryptionType encType) { return keys.get(encType); } public int getKdcFlags() { return kdcFlags; } public void setKdcFlags(int kdcFlags) { this.kdcFlags = kdcFlags; } public int getKeyVersion() { return keyVersion; } public void setKeyVersion(int keyVersion) { this.keyVersion = keyVersion; } @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (obj instanceof KrbIdentity) { KrbIdentity other = (KrbIdentity) obj; if (principal == null) { if (other.principal != null) { return false; } } else if (!principal.equals(other.principal)) { return false; } return true; } return false; } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((principal == null) ? 0 : principal.hashCode()); return result; } }