localhardtokensessionbean.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.hardtoken;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Random;
import java.util.TreeMap;

import javax.ejb.CreateException;
import javax.ejb.EJBException;
import javax.ejb.FinderException;
import javax.naming.NamingException;
import javax.sql.DataSource;

import se.anatom.ejbca.BasePropertyDataLocal;
import se.anatom.ejbca.BasePropertyDataLocalHome;
import se.anatom.ejbca.BaseSessionBean;
import se.anatom.ejbca.SecConst;
import se.anatom.ejbca.authorization.AuthorizationDeniedException;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
import se.anatom.ejbca.hardtoken.hardtokenprofiles.EIDProfile;
import se.anatom.ejbca.hardtoken.hardtokenprofiles.HardTokenProfile;
import se.anatom.ejbca.hardtoken.hardtokentypes.HardToken;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.log.ILogSessionLocal;
import se.anatom.ejbca.log.ILogSessionLocalHome;
import se.anatom.ejbca.log.LogEntry;
import se.anatom.ejbca.ra.IUserAdminSessionRemote;
import se.anatom.ejbca.ra.UserAdminData;
import se.anatom.ejbca.util.CertTools;

/**
 * Stores data used by web server clients.
 * Uses JNDI name for datasource as defined in env 'Datasource' in ejb-jar.xml.
 *
 * @version $Id: LocalHardTokenSessionBean.java,v 1.0 2003/01/19 09:40:14 herrvendil Exp $
 */
public class LocalHardTokenSessionBean extends BaseSessionBean  {

    /** Var holding JNDI name of datasource */
    private String dataSource = "";

    /** The local home interface of hard token issuer entity bean. */
    private HardTokenIssuerDataLocalHome hardtokenissuerhome = null;

    /** The local home interface of hard token entity bean. */
    private HardTokenDataLocalHome hardtokendatahome = null;

	/** The local home interface of hard token entity bean. */
	private HardTokenProfileDataLocalHome hardtokenprofilehome = null;

    /** The local home interface of hard token certificate map entity bean. */
    private HardTokenCertificateMapLocalHome hardtokencertificatemaphome = null;
    
    /** The local home interface of hard token property entity bean. */
    private BasePropertyDataLocalHome hardtokenpropertyhome = null;

    /** The local interface of authorization session bean */
    private IAuthorizationSessionLocal authorizationsession = null;

    /** The local interface of certificate store session bean */
    private ICertificateStoreSessionLocal certificatestoresession = null;

    /** The remote interface of  log session bean */
    private ILogSessionLocal logsession = null;




     /**
     * Default create for SessionBean without any creation Arguments.
     * @throws CreateException if bean instance can't be created
     */


    public void ejbCreate() throws CreateException {
        debug(">ejbCreate()");
      try{
        dataSource = (String)lookup("java:comp/env/DataSource", java.lang.String.class);
        debug("DataSource=" + dataSource);
        hardtokenissuerhome = (HardTokenIssuerDataLocalHome) lookup("java:comp/env/ejb/HardTokenIssuerData", HardTokenIssuerDataLocalHome.class);
        hardtokendatahome = (HardTokenDataLocalHome) lookup("java:comp/env/ejb/HardTokenData", HardTokenDataLocalHome.class);
        hardtokencertificatemaphome = (HardTokenCertificateMapLocalHome) lookup("java:comp/env/ejb/HardTokenCertificateMap", HardTokenCertificateMapLocalHome.class);
		hardtokenprofilehome = (HardTokenProfileDataLocalHome) lookup("java:comp/env/ejb/HardTokenProfileData", HardTokenProfileDataLocalHome.class); 
		hardtokenpropertyhome = (BasePropertyDataLocalHome) lookup("java:comp/env/ejb/HardTokenPropertyData", BasePropertyDataLocalHome.class);
								
        debug("<ejbCreate()");
      }catch(Exception e){
         throw new EJBException(e);
      }
    }
    

    /** Gets connection to Datasource used for manual SQL searches
     * @return Connection
     */
    private Connection getConnection() throws SQLException, NamingException {
        DataSource ds = (DataSource)getInitialContext().lookup(dataSource);
        return ds.getConnection();
    } //getConnection


    /** Gets connection to log session bean
     * @return Connection
     */
    private ILogSessionLocal getLogSession() {
        if(logsession == null){
          try{
            ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) lookup("java:comp/env/ejb/LogSessionLocal",ILogSessionLocalHome.class);
            logsession = logsessionhome.create();
          }catch(Exception e){
             throw new EJBException(e);
          }
        }
        return logsession;
    } //getLogSession

    /** Gets connection to certificate store session bean
     * @return Connection
     */
    private ICertificateStoreSessionLocal getCertificateStoreSession() {
        if(certificatestoresession == null){
          try{
            ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) lookup("java:comp/env/ejb/CertificateStoreSessionLocal",ICertificateStoreSessionLocalHome.class);
            certificatestoresession = certificatestoresessionhome.create();
          }catch(Exception e){
             throw new EJBException(e);
          }
        }
        return certificatestoresession;
    } //getCertificateStoreSession

    /** Gets connection to authorization session bean
     * @return IAuthorizationSessionLocal
     */
    private IAuthorizationSessionLocal getAuthorizationSession(Admin admin) {
        if(authorizationsession == null){
          try{
            IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) lookup("java:comp/env/ejb/AuthorizationSessionLocal",IAuthorizationSessionLocalHome.class);
            authorizationsession = authorizationsessionhome.create();
          }catch(Exception e){
             throw new EJBException(e);
          }
        }
        return authorizationsession;
    } //getAuthorizationSession





	/**
	 * Adds a hard token profile to the database.
	 *
	 * @throws HardTokenExistsException if hard token already exists.
	 * @throws EJBException if a communication or other error occurs.
	 */

	public void addHardTokenProfile(Admin admin, String name, HardTokenProfile profile) throws HardTokenProfileExistsException{
	   debug(">addHardTokenProfile(name: " + name + ")");
	   boolean success=false;	   
	   try{
		  hardtokenprofilehome.findByName(name);
	   }catch(FinderException e){
		 try{
		   hardtokenprofilehome.create(findFreeHardTokenProfileId(), name, profile);
		   success = true;
		 }catch(CreateException g){}		 
	   }
     
	   if(success)
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENPROFILEDATA,"Hard token profile " + name + " added.");
	   else
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN,  new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENPROFILEDATA,"Error adding hard token profile "+ name);
       
		if(!success)
		  throw new HardTokenProfileExistsException();
             
	   debug("<addHardTokenProfile()");
	} // addHardTokenProfile


	/**
	 * Adds a hard token profile to the database.
	 * Used for importing and exporting profiles from xml-files.
	 * 
	 * @throws HardTokenExistsException if hard token already exists.
	 * @throws EJBException if a communication or other error occurs.
	 */

	public void addHardTokenProfile(Admin admin, int profileid, String name, HardTokenProfile profile) throws HardTokenProfileExistsException{
	   debug(">addHardTokenProfile(name: " + name + ", id: " + profileid +")");
	   boolean success=false;	   
	   try{
		  hardtokenprofilehome.findByName(name);
	   }catch(FinderException e){
	   	 try{	   	 
			hardtokenprofilehome.findByPrimaryKey(new Integer(profileid));	
		 }catch(FinderException f){	
  	       try{
		     hardtokenprofilehome.create(new Integer(profileid), name, profile);
		     success = true;
		   }catch(CreateException g){}		 
	   	 }
	   }
     
	   if(success)
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENPROFILEDATA,"Hard token profile " + name + " added.");
	   else
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN,  new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENPROFILEDATA,"Error adding hard token profile "+ name);
       
       if(!success)
         throw new HardTokenProfileExistsException();
	   debug("<addHardTokenProfile()");	   
	} // addHardTokenProfile

	/**
	 * Updates hard token profile data
	 *	 
	 * @throws EJBException if a communication or other error occurs.
	 */

	public void changeHardTokenProfile(Admin admin, String name, HardTokenProfile profile){
	   debug(">changeHardTokenProfile(name: " + name + ")");
	   boolean success = false;	   
	   try{
		 HardTokenProfileDataLocal htp = hardtokenprofilehome.findByName(name);
		 htp.setHardTokenProfile(profile);		 
		 success = true;
	   }catch(FinderException e){}
      
	   if(success)
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENPROFILEDATA,"Hard token profile " +  name + " edited.");
	   else
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENPROFILEDATA,"Error editing hard token profile " + name + ".");

	   debug("<changeHardTokenProfile()");	   
	} // changeHardTokenProfile

	 /**
	 * Adds a hard token profile with the same content as the original profile,
	 *
	 * @throws HardTokenExistsException if hard token already exists.
	 * @throws EJBException if a communication or other error occurs.
	 */
	public void cloneHardTokenProfile(Admin admin, String oldname, String newname) throws HardTokenProfileExistsException{
	   debug(">cloneHardTokenProfile(name: " + oldname + ")");
	   HardTokenProfile profiledata = null;
	   boolean success = false;	   
	   try{
		 HardTokenProfileDataLocal htp = hardtokenprofilehome.findByName(oldname);
		 profiledata = (HardTokenProfile) htp.getHardTokenProfile().clone();

         try{         
		   addHardTokenProfile(admin, newname, profiledata);
		   getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENPROFILEDATA,"New hard token profile " + newname +  ", used profile " + oldname + " as template.");
         }catch(HardTokenProfileExistsException f){
		   getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN,  new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENPROFILEDATA,"Error adding hard token profile " + newname +  " using profile " + oldname + " as template.");
		   throw f;  
         }
		 		   
	   }catch(Exception e){		  
		  throw new EJBException(e);
	   }

	   debug("<cloneHardTokenProfile()");	   
	} // cloneHardTokenProfile

	 /**
	 * Removes a hard token profile from the database.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public void removeHardTokenProfile(Admin admin, String name){
	  debug(">removeHardTokenProfile(name: " + name + ")");	  
	  try{
		HardTokenProfileDataLocal htp = hardtokenprofilehome.findByName(name);		
		htp.remove();
		getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENPROFILEDATA,"Hard token profile " + name + " removed.");
	  }catch(Exception e){
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENPROFILEDATA,"Error removing hard token profile " + name + ".",e);
	  }
	  debug("<removeHardTokenProfile()");
	} // removeHardTokenProfile

	 /**
	 * Renames a hard token profile
	 *
	 * @throws HardTokenProfileExistsException if hard token already exists.
	 * @throws EJBException if a communication or other error occurs.
	 */
	public void renameHardTokenProfile(Admin admin, String oldname, String newname) throws HardTokenProfileExistsException{										 
	   debug(">renameHardTokenProfile(from " + oldname + " to " + newname + ")");
	   boolean success = false;	   
	   try{
		  hardtokenprofilehome.findByName(newname);
	   }catch(FinderException e){
		  try{
			 HardTokenProfileDataLocal htp = hardtokenprofilehome.findByName(oldname);
			 htp.setName(newname);			 			 
			 success = true;
		  }catch(FinderException g){}		 
	   }
       
	   if(success)
		 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENPROFILEDATA,"Hard token profile " + oldname + " renamed to " + newname +  "." );