localhardtokensessionbean.java

一套JAVA的CA证书签发系统.

             Collection copieslocal = hardtokenpropertyhome.findIdsByPropertyAndValue(HardTokenPropertyEntityBean.PROPERTY_COPYOF , tokensn);         
             if(copieslocal.size() >0 ){
               copies = new ArrayList();
		       Iterator iter = copieslocal.iterator();
               while(iter.hasNext()){
           	      copies.add(((BasePropertyDataLocal) iter.next()).getId());         	
               }
             }
		   }catch(FinderException fe){}
         }         
         
         if(htd != null){
           returnval = new HardTokenData(htd.getTokenSN(),htd.getUsername(), htd.getCreateTime(),htd.getModifyTime(),htd.getTokenType(),htd.getHardToken(), copyof, copies);
           getLogSession().log(admin, htd.getSignificantIssuerDN().hashCode(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),htd.getUsername(), null, LogEntry.EVENT_INFO_HARDTOKENVIEWED,"Hard token with sn " + tokensn + " viewed.");
         }
       }catch(FinderException e){}

       debug("<getHardToken()");
       return returnval;
    } // getHardToken

      /**
       * returns hard token data for the specified user
       *
       * @param admin, the administrator calling the function
       * @param username, The username owning the tokens.
       *
       * @return a Collection of all hard token user data.
       * @throws EJBException if a communication or other error occurs.
       */
    public Collection getHardTokens(Admin admin, String username){
       debug("<getHardToken(username :" + username +")");
       ArrayList returnval = new ArrayList();
       HardTokenDataLocal htd = null;
       try{
         Collection result = hardtokendatahome.findByUsername(username);
         Iterator i = result.iterator();
         while(i.hasNext()){
           htd = (HardTokenDataLocal) i.next();
           // Find Copyof
           String copyof = null;
           try{
           	copyof = hardtokenpropertyhome.findByProperty(htd.getTokenSN(), HardTokenPropertyEntityBean.PROPERTY_COPYOF).getValue();         
           }catch(FinderException fe){}         
                     
           
           ArrayList copies = null;
           if(copyof == null){
           	//  Find Copies           	
           	 try{
           		Collection copieslocal = hardtokenpropertyhome.findIdsByPropertyAndValue(HardTokenPropertyEntityBean.PROPERTY_COPYOF , htd.getTokenSN());         
           		if(copieslocal.size() >0 ){
           			copies = new ArrayList();
           			Iterator iter = copieslocal.iterator();
           			while(iter.hasNext()){
           				copies.add(((BasePropertyDataLocal) iter.next()).getId());         	
           			}
           		}
           	 }catch(FinderException fe){}
           }                   
           
           returnval.add(new HardTokenData(htd.getTokenSN(),htd.getUsername(), htd.getCreateTime(),htd.getModifyTime(),htd.getTokenType(),htd.getHardToken(),copyof, copies));
           getLogSession().log(admin, htd.getSignificantIssuerDN().hashCode(), LogEntry.MODULE_HARDTOKEN, new java.util.Date(),htd.getUsername(), null, LogEntry.EVENT_INFO_HARDTOKENVIEWED,"Hard token with sn " + htd.getTokenSN() + " viewed.");
         }
       }catch(FinderException e){}

       debug("<getHardToken()");
       return returnval;
    } // getHardTokens
    
    /**
     *  Method that searches the database for a tokensn. It returns all hardtokens
     * with a serialnumber that begins with the given searchpattern.
     * 
     *  @param admin the administrator calling the function
     *  @param searchpattern of begining of hard token sn
     *  @return a Collection of username(String) matching the search string
     * 
     */
    
    public Collection findHardTokenByTokenSerialNumber(Admin admin, String searchpattern){
    	debug(">findHardTokenByTokenSerialNumber()");
    	ArrayList returnval = new ArrayList();
    	Connection con = null;
    	PreparedStatement ps = null;
    	ResultSet rs = null;
    	int count = 1; // return true as default.


    	try{
    		// Construct SQL query.
    		con = getConnection();
    		ps = con.prepareStatement("select distinct username from HardTokenData where  tokenSN LIKE '" + searchpattern + "%'");
    		// Execute query.
    		rs = ps.executeQuery();
    		// Assemble result.
    		while(rs.next() && returnval.size() <= IUserAdminSessionRemote.MAXIMUM_QUERY_ROWCOUNT){
    			returnval.add(rs.getString(1));
    		}
    		debug("<findHardTokenByTokenSerialNumber()");
    		return returnval;

    	}catch(Exception e){
    		throw new EJBException(e);
    	}finally{
    		try{
    			if(rs != null) rs.close();
    			if(ps != null) ps.close();
    			if(con!= null) con.close();
    		}catch(SQLException se){
    			error("Error at cleanup: ", se);
    		}
    	}
    	    	
    }

       /**
       * Adds a mapping between a hard token and a certificate
       *
       * @param admin, the administrator calling the function
       * @param tokensn, The serialnumber of token.
       * @param certificate, the certificate to map to.
       *
       * @return true if addition went successful. False if map already exists.
       * @throws EJBException if a communication or other error occurs.
       */
    public void addHardTokenCertificateMapping(Admin admin, String tokensn, X509Certificate certificate){
        String certificatesn = certificate.getSerialNumber().toString(16);
        debug(">addHardTokenCertificateMapping(certificatesn : "+ certificatesn  +", tokensn : " + tokensn + ")");
        int caid = CertTools.getIssuerDN(certificate).hashCode(); 
        try {
            hardtokencertificatemaphome.create(CertTools.getFingerprintAsString(certificate),tokensn);
            getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENCERTIFICATEMAP,"Certificate mapping added, certificatesn: "  + certificatesn +", tokensn: " + tokensn + " added.");
        }
        catch (Exception e) {
          getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENCERTIFICATEMAP,"Error adding certificate mapping, certificatesn: "  + certificatesn +", tokensn: " + tokensn);
        }
        debug("<addHardTokenCertificateMapping()");
    } // addHardTokenCertificateMapping

      /**
       * Removes a mapping between a hard token and a certificate
       *
       * @param admin, the administrator calling the function
       * @param certificate, the certificate to map to.
       *
       *
       * @throws EJBException if a communication or other error occurs.
       */
    public void removeHardTokenCertificateMapping(Admin admin, X509Certificate certificate){
       String certificatesn = certificate.getSerialNumber().toString(16);
       debug(">removeHardTokenCertificateMapping(Certificatesn: " + certificatesn + ")");
	   int caid = CertTools.getIssuerDN(certificate).hashCode();
      try{
        HardTokenCertificateMapLocal htcm =hardtokencertificatemaphome.findByPrimaryKey(CertTools.getFingerprintAsString(certificate));
        htcm.remove();
        getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENCERTIFICATEMAP, "Certificate mapping with certificatesn: "  + certificatesn +" removed.");
      }catch(Exception e){
         try{
           getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENCERTIFICATEMAP, "Error removing certificate mapping with certificatesn " + certificatesn + ".");
         }catch(Exception re){
            throw new EJBException(e);
         }
      }
      debug("<removeHardTokenCertificateMapping()");
    } // removeHardTokenCertificateMapping
    
    
    /**
     * Removes all mappings between a hard token and a certificate
     *
     * @param admin, the administrator calling the function
     * @param tokensn, the serial number to remove.
     *
     *
     * @throws EJBException if a communication or other error occurs.
     */
    private void removeHardTokenCertificateMappings(Admin admin, String tokensn){     
      debug(">removeHardTokenCertificateMappings(tokensn: " + tokensn + ")");
	  int caid = admin.getCAId();
      try{
      	Iterator result = hardtokencertificatemaphome.findByTokenSN(tokensn).iterator();
      	while(result.hasNext()){
          HardTokenCertificateMapLocal htcm = (HardTokenCertificateMapLocal) result.next();
          htcm.remove();
         
      	}
      	 getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENCERTIFICATEMAP, "All certificate mappings with tokensn: "  + tokensn +" removed");
        }catch(Exception e){
           try{
             getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENCERTIFICATEMAP, "Error removing certificate mapping with tokensn " + tokensn + ".");
           }catch(Exception re){
              throw new EJBException(e);
           }
         }
         debug("<removeHardTokenCertificateMappings()");
     } // removeHardTokenCertificateMapping

       /**
       * Returns all the X509Certificates places in a hard token.
       *
       * @param admin, the administrator calling the function
       * @param tokensn, The serialnumber of token.
       *
       * @return a collection of X509Certificates
       * @throws EJBException if a communication or other error occurs.
       */
    public Collection findCertificatesInHardToken(Admin admin, String tokensn){
       debug("<findCertificatesInHardToken(username :" + tokensn +")");
       ArrayList returnval = new ArrayList();
       HardTokenCertificateMapLocal htcm = null;
       try{
         Collection result = hardtokencertificatemaphome.findByTokenSN(tokensn);
         Iterator i = result.iterator();
         while(i.hasNext()){
           htcm = (HardTokenCertificateMapLocal) i.next();
           Certificate cert = getCertificateStoreSession().findCertificateByFingerprint(admin, htcm.getCertificateFingerprint()); 
           if (cert != null) {
               returnval.add(cert);
           }
         }
       }catch(Exception e){
          throw new EJBException(e);
       }

       debug("<findCertificatesInHardToken()");
       return returnval;
    } // findCertificatesInHardToken


    /**
     * Method used to signal to the log that token was generated successfully.
     *
     * @param admin, administrator performing action
     * @param tokensn, tokensn of token generated
     * @param username, username of user token was generated for.
     * @param significantissuerdn, indicates which CA the hard token should belong to.
     *
     */
    public void tokenGenerated(Admin admin, String tokensn, String username, String significantissuerdn){
	  int caid = CertTools.stringToBCDNString(significantissuerdn).hashCode(); 	
      try{
        getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),username, null, LogEntry.EVENT_INFO_HARDTOKENGENERATED, "Token with serialnumber : " + tokensn + " generated successfully.");
      }catch(Exception e){
        throw new EJBException(e);
      }
    } // tokenGenerated

    /**
     * Method used to signal to the log that error occured when generating token.
     *
     * @param admin, administrator performing action
     * @param tokensn, tokensn of token.
     * @param username, username of user token was generated for.
     * @param significantissuerdn, indicates which CA the hard token should belong to.
     *
     */
    public void errorWhenGeneratingToken(Admin admin, String tokensn, String username, String significantissuerdn){
      int caid = CertTools.stringToBCDNString(significantissuerdn).hashCode();	
      try{
        getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_HARDTOKENGENERATED, "Error when generating token with serialnumber : " + tokensn + ".");
      }catch(Exception e){
        throw new EJBException(e);
      }
    } // errorWhenGeneratingToken
    
    
	/**
	* Method to check if a certificate profile exists in any of the hard token profiles. 
	* Used to avoid desyncronization of certificate profile data.
	*
	* @param certificateprofileid the certificateprofileid to search for.
	* @return true if certificateprofileid exists in any of the hard token profiles.
	*/
   public boolean existsCertificateProfileInHardTokenProfiles(Admin admin, int id){
   	 HardTokenProfile profile = null;
	 Collection certprofiles=null;
	 boolean exists = false;
	 try{
	   Collection result = hardtokenprofilehome.findAll();
	   Iterator i = result.iterator();
	   while(i.hasNext() && !exists){
		 profile = ((HardTokenProfileDataLocal) i.next()).getHardTokenProfile();
		 if(profile instanceof EIDProfile){
		   certprofiles = ((EIDProfile) profile).getAllCertificateProfileIds();
		   if(certprofiles.contains(new Integer(id)))
		     exists = true;	
		 }
	   }
	 }catch(FinderException e){}

	 return exists;
   } // existsCertificateProfileInHardTokenProfiles
    
	private Integer findFreeHardTokenProfileId(){
	  Random ran = (new Random((new Date()).getTime()));
	  int id = ran.nextInt();
	  boolean foundfree = false;

	  while(!foundfree){
		try{
		  if(id > SecConst.TOKEN_SOFT)
			hardtokenprofilehome.findByPrimaryKey(new Integer(id));
		    id = ran.nextInt();
		}catch(FinderException e){
		   foundfree = true;
		}
	  }
	  return new Integer(id);
	} // findFreeHardTokenProfileId

    private Integer findFreeHardTokenIssuerId(){
      Random ran = (new Random((new Date()).getTime()));
      int id = ran.nextInt();
      boolean foundfree = false;

      while(!foundfree){
        try{
          if(id > 1)
            hardtokenissuerhome.findByPrimaryKey(new Integer(id));
            id = ran.nextInt();
        }catch(FinderException e){
           foundfree = true;
        }
      }
      return new Integer(id);
    } // findFreeHardTokenIssuerId


} // LocalHardTokenSessionBean