Examples of org.apache.directory.server.kerberos.shared.store.PrincipalStore

• org.apache.directory.server.kerberos.shared.store.PrincipalStore
  The store interface used by Kerberos services. @author Apache Directory Project @version $Rev:330489 $, $Date: 2009-04-05 22:46:12 +0200 (Dim, 05 avr 2009) $

    /**
     * @throws IOException if we cannot bind to the specified ports
     */
    public void start() throws IOException, LdapInvalidDnException
    {
        PrincipalStore store = new DirectoryPrincipalStore( getDirectoryService(), new Dn( this.getSearchBaseDn() ) );

        LOG.debug( "initializing the changepassword replay cache" );

        Cache cache = getDirectoryService().getCacheService().getCache( "changePwdReplayCache" );
        replayCache = new ReplayCacheImpl( cache );

    }


    private static void processPasswordChange( ChangePasswordContext changepwContext ) throws KerberosException
    {
        PrincipalStore store = changepwContext.getStore();
        Authenticator authenticator = changepwContext.getAuthenticator();
        String newPassword = Strings.utf8ToString( changepwContext.getPasswordData().getNewPasswd() );
        KerberosPrincipal byPrincipal = KerberosUtils.getKerberosPrincipal(
            authenticator.getCName(),
            authenticator.getCRealm() );

        KerberosPrincipal targetPrincipal = null;

        PrincipalName targName = changepwContext.getPasswordData().getTargName();

        if ( targName != null )
        {
            targetPrincipal = new KerberosPrincipal( targName.getNameString(), PrincipalNameType.KRB_NT_PRINCIPAL.getValue() );
        }
        else
        {
            targetPrincipal = byPrincipal;
        }

        // usec and seq-number must be present per MS but aren't in legacy kpasswd
        // seq-number must have same value as authenticator
        // ignore r-address

        store.changePassword( byPrincipal, targetPrincipal, newPassword, changepwContext.getTicket().getEncTicketPart().getFlags().isInitial() );
        LOG.debug( "Successfully modified password for {} BY {}.", targetPrincipal, byPrincipal );
    }

    private static void getServerEntry( ChangePasswordContext changepwContext ) throws KerberosException
    {
        Ticket ticket = changepwContext.getTicket();
        KerberosPrincipal principal =  KerberosUtils.getKerberosPrincipal( ticket.getSName(), ticket.getRealm() );
        PrincipalStore store = changepwContext.getStore();

        changepwContext.setServerEntry( KerberosUtils.getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
    }

    private static void monitorContext( ChangePasswordContext changepwContext ) throws KerberosException
    {
        try
        {
            PrincipalStore store = changepwContext.getStore();
            ApReq authHeader = changepwContext.getAuthHeader();
            Ticket ticket = changepwContext.getTicket();
            ReplayCache replayCache = changepwContext.getReplayCache();
            long clockSkew = changepwContext.getConfig().getAllowableClockSkew();

    private static void getTicketPrincipalEntry( TicketGrantingContext tgsContext ) throws KerberosException
    {
        PrincipalName principal = tgsContext.getTgt().getSName();
        PrincipalStore store = tgsContext.getStore();

        KerberosPrincipal principalWithRealm = KerberosUtils.getKerberosPrincipal( principal, tgsContext.getTgt()
            .getRealm() );
        PrincipalStoreEntry entry = getEntry( principalWithRealm, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN );
        tgsContext.setTicketPrincipalEntry( entry );

    public static void getRequestPrincipalEntry( TicketGrantingContext tgsContext ) throws KerberosException
    {
        KerberosPrincipal principal = KerberosUtils.getKerberosPrincipal(
            tgsContext.getRequest().getKdcReqBody().getSName(), tgsContext.getRequest().getKdcReqBody().getRealm() );
        PrincipalStore store = tgsContext.getStore();

        PrincipalStoreEntry entry = getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN );
        tgsContext.setRequestPrincipalEntry( entry );
    }

    /**
     * @throws IOException if we cannot bind to the sockets
     */
    public void start() throws IOException, LdapInvalidDnException
    {
        PrincipalStore store;

        store = new DirectoryPrincipalStore( getDirectoryService(), new Dn( this.getSearchBaseDn() ) );

        LOG.debug( "initializing the kerberos replay cache" );

        LOG_KRB.debug( "--> Getting the client Entry" );
        KdcReqBody kdcReqBody = authContext.getRequest().getKdcReqBody();
        KerberosPrincipal principal = KerberosUtils.getKerberosPrincipal(
            kdcReqBody.getCName(),
            kdcReqBody.getRealm() );
        PrincipalStore store = authContext.getStore();

        try
        {
            PrincipalStoreEntry storeEntry = KerberosUtils.getEntry( principal, store,
                ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN );

    private static void getServerEntry( AuthenticationContext authContext ) throws KerberosException,
        InvalidTicketException
    {
        PrincipalName principal = authContext.getRequest().getKdcReqBody().getSName();
        PrincipalStore store = authContext.getStore();

        LOG_KRB.debug( "--> Getting the server entry for {}" + principal );

        KerberosPrincipal principalWithRealm = new KerberosPrincipal( principal.getNameString() + "@"
            + authContext.getRequest().getKdcReqBody().getRealm() );

    private static void getClientEntry( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
    {
        KerberosPrincipal principal = authContext.getRequest().getClientPrincipal();
        PrincipalStore store = authContext.getStore();

        PrincipalStoreEntry storeEntry = getEntry( principal, store, ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN );
        authContext.setClientEntry( storeEntry );
    }