iauthorizationsessionremote.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.authorization;

import java.rmi.RemoteException;
import java.security.cert.X509Certificate;
import java.util.Collection;

import se.anatom.ejbca.log.Admin;


/**
 *
 * @version $Id: IAuthorizationSessionRemote.java,v 1.4 2004/04/16 07:38:57 anatom Exp $
 */
public interface IAuthorizationSessionRemote extends javax.ejb.EJBObject {
    

    // Methods used with AvailableAccessRulesData Entity beans.
    /**
     * Constant indicating minimum time between updates. In milliseconds
     */
    public static final long MINTIMEBETWEENUPDATES = 60000*1;
    
    /**
     * Method to initialize authorization bean, must be called directly after creation of bean.
     */
    public void initialize(Admin admin, int caid) throws RemoteException, AdminGroupExistsException;

     /**
     * Method to check if a user is authorized to a certain resource.
     *
     * @param admin the administrator about to be authorized, see se.anatom.ejbca.log.Admin class.
     * @param resource the resource to check authorization for.
     */
    public boolean isAuthorized(Admin admin, String resource) throws  AuthorizationDeniedException, RemoteException;

     /**
     * Method to check if a user is authorized to a certain resource without performing any logging.
     *
     * @param admin the administrator about to be authorized, see se.anatom.ejbca.log.Admin class.
     * @param resource the resource to check authorization for. 
     */
    public boolean isAuthorizedNoLog(Admin admin, String resource) throws AuthorizationDeniedException, RemoteException;

	/**
	 * Method to check if a group is authorized to a resource. 
	 */
	public boolean isGroupAuthorized(Admin admin, int admingrouppk, String resource) throws AuthorizationDeniedException, RemoteException;

	/**
	 * Method to check if a group is authorized to a resource without any logging. 
	 */
	public boolean isGroupAuthorizedNoLog(Admin admin, int admingrouppk, String resource) throws AuthorizationDeniedException, RemoteException;


	/**
	 * Method to check if an administrator exists in the specified admingroup. 
	 */
	public boolean existsAdministratorInGroup(Admin admin, int admingrouppk) throws RemoteException;

    /**
     * Method to validate and check revokation status of a users certificate.
     *
     * @param certificate the users X509Certificate.
     *
     */

    public void authenticate(X509Certificate certificate) throws AuthenticationFailedException, RemoteException;

   /**
    * Method to add an admingroup.
    *
    * @param admingroupname name of new admingroup, have to be unique.
    * @throws AdminGroupExistsException if admingroup already exists.
    */
    public void addAdminGroup(Admin admin, String admingroupname, int caid) throws AdminGroupExistsException , RemoteException;

    /**
     * Method to remove a admingroup.
     */
    public void removeAdminGroup(Admin admin, String admingroupname, int caid) throws RemoteException;

    /**
     * Metod to rename a admingroup
     *
     * @throws AdminGroupExistsException if admingroup already exists.
     */
    public void renameAdminGroup(Admin admin, String oldname, int caid, String newname) throws AdminGroupExistsException , RemoteException;
    

    /**
     * Method to get a reference to a admingroup.
     */

    public AdminGroup getAdminGroup(Admin admin, String admingroupname, int caid) throws RemoteException;

         
    /**
     * Returns a Collection of AdminGroups the administrator is authorized to. 
     */
    
     public Collection getAuthorizedAdminGroupNames(Admin admin) throws RemoteException;

     /**
     * Adds a Collection of AccessRule to an an admin group.
     *
     */
    public void addAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) throws RemoteException;


     /**
     * Removes a Collection of (Sting) containing accessrules to remove from admin group.
     *
     */
    public void removeAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) throws RemoteException;

    /**
     * Replaces a groups accessrules with a new set of rules
     *
     */
    public void replaceAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) throws RemoteException;    
    
     /**
     * Adds a Collection of AdminEnity to the admingroup. Changes their values if they already exists.
     *
     */

    public void addAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities) throws RemoteException;


     /**
     * Removes a Collection of AdminEntity from the administrator group.
     *
     */
    public void removeAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities) throws RemoteException;    
    
    /**
     * Method used to collect an administrators available access rules based on which rule
     * he himself is authorized to.
     *
     * @param admin is the administrator calling the method.
     * @return a Collection of String containing available accessrules.
     */
    
   public Collection getAuthorizedAvailableAccessRules(Admin admin) throws RemoteException;
   
    /**
     * Method used to return an Collection of Integers indicating which CAids a administrator
     * is authorized to access.
     */       
    public Collection getAuthorizedCAIds(Admin admin) throws RemoteException;


    /**
     * Method used to return an Collection of Integers indicating which end entity profiles
     * the administrator is authorized to view.
     *
     * @param admin, the administrator 
     * @rapriviledge should be one of the end entity profile authorization constans defined in AvailableAccessRules.
     */ 
    public Collection getAuthorizedEndEntityProfileIds(Admin admin, String rapriviledge) throws RemoteException;
    
    /**
     * Method to check if an end entity profile exists in any end entity profile rules. Used to avoid desyncronization of profilerules.
     *
     * @param profileid the profile id to search for.
     * @return true if profile exists in any of the accessrules.
     */

    public boolean existsEndEntityProfileInRules(Admin admin, int profileid) throws RemoteException;

    /**
     * Method to check if a ca exists in any ca specific rules. Used to avoid desyncronization of CA rules when ca is removed
     * @param caid the ca id to search for.
     * @return true if ca exists in any of the accessrules.
     */

    public boolean existsCAInRules(Admin admin, int profileid) throws RemoteException;
    
   
}