localauthorizationsessionbean.java

一套JAVA的CA证书签发系统.

    /**
     * Replaces a groups accessrules with a new set of rules
     *
     */
    public void replaceAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules){
    	if(!(admingroupname.equals(DEFAULTGROUPNAME) && caid == ILogSessionLocal.INTERNALCAID)){
    		try{
    			AdminGroupDataLocal agdl = admingrouphome.findByGroupNameAndCAId(admingroupname, caid);
    			Collection currentrules = agdl.getAdminGroup().getAccessRules();
    			ArrayList removerules = new ArrayList();
    			Iterator iter = currentrules.iterator();
    			while(iter.hasNext()){
    				removerules.add(((AccessRule) iter.next()).getAccessRule());
    			}    			    			
    			agdl.removeAccessRules(removerules);
    			agdl.addAccessRules(accessrules);
    			signalForAuthorizationTreeUpdate();
    			logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Replaced accessrules from admingroup : " + admingroupname );
    		}catch(Exception e){
    			logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Error replacing accessrules from admingroup : " + admingroupname );
    		}
    	}     	
    } // replaceAccessRules

     /**
     * Adds a Collection of AdminEnity to the admingroup. Changes their values if they already exists.
     *
     */

    public void addAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities){ 
      if(!(admingroupname.equals(DEFAULTGROUPNAME) && caid == ILogSessionLocal.INTERNALCAID)){
        try{
          (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).addAdminEntities(adminentities);
          signalForAuthorizationTreeUpdate();
          logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Added administrator entities to administratorgroup " + admingroupname);
        }catch(Exception e){
          error("Can't add admin entities: ",e);
          logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES,"Error adding administrator entities to administratorgroup " + admingroupname);
        }
      }  
    } // addAdminEntity


     /**
     * Removes a Collection of AdminEntity from the administrator group.
     *
     */
    public void removeAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities){
      if(!(admingroupname.equals(DEFAULTGROUPNAME) && caid == ILogSessionLocal.INTERNALCAID)){
        try{
          (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).removeAdminEntities(adminentities);
          signalForAuthorizationTreeUpdate();
          logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Removed administrator entities from administratorgroup " + admingroupname);
        }catch(Exception e){
          error("Can't add admin entities: ",e);
          logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES,"Error removing administrator entities from administratorgroup " + admingroupname);
        }
      }  
    } // removeAdminEntity



    /**
     * Method used to collect an administrators available access rules based on which rule
     * he himself is authorized to.
     *
     * @param admin is the administrator calling the method.
     * @return a Collection of String containing available accessrules.
     */
    
   public Collection getAuthorizedAvailableAccessRules(Admin admin){
       AvailableAccessRules aar = null;
       try{
         aar = new AvailableAccessRules(admin, authorizer, getRaAdminSession(), customaccessrules);
       }catch(Exception e){
          throw new EJBException(e);   
       }
         
       return aar.getAvailableAccessRules(admin);
   }

    /**
     * Method used to return an Collection of Integers indicating which CAids a administrator
     * is authorized to access.
     */       
    public Collection getAuthorizedCAIds(Admin admin){
       return authorizer.getAuthorizedCAIds(admin);   
    }

    
    /**
     * Method used to return an Collection of Integers indicating which end entity profiles
     * the administrator is authorized to view.
     *
     * @param admin, the administrator 
     * @rapriviledge should be one of the end entity profile authorization constans defined in AvailableAccessRules.
     */       
    public Collection getAuthorizedEndEntityProfileIds(Admin admin, String rapriviledge){
       return authorizer.getAuthorizedEndEntityProfileIds(admin, rapriviledge);   
    }    
    /**
     * Method to check if an end entity profile exists in any end entity profile rules. Used to avoid desyncronization of profilerules.
     *
     * @param profileid the profile id to search for.
     * @return true if profile exists in any of the accessrules.
     */

    public boolean existsEndEntityProfileInRules(Admin admin, int profileid){   
        debug(">existsEndEntityProfileInRules()");
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int count = 1; // return true as default.

        String whereclause = "accessRule  LIKE '" + AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + "%'";

        try{
           // Construct SQL query.
            con = getConnection();
            ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause);
            // Execute query.
            rs = ps.executeQuery();
            // Assemble result.
            if(rs.next()){
              count = rs.getInt(1);
            }
            debug("<existsEndEntityProfileInRules()");
            return count > 0;

        }catch(Exception e){
          throw new EJBException(e);
        }finally{
           try{
             if(rs != null) rs.close();
             if(ps != null) ps.close();
             if(con!= null) con.close();
           }catch(SQLException se){
               error("Error when cleaning up: ", se);
           }
        }       
    }

    /**
     * Method to check if a ca exists in any ca specific rules. Used to avoid desyncronization of CA rules when ca is removed
     * @param caid the ca id to search for.
     * @return true if ca exists in any of the accessrules.
     */

    public boolean existsCAInRules(Admin admin, int caid){
      return existsCAInAdminGroups(caid) && existsCAInAccessRules(caid);         
    } // existsCAInRules   
    
    
    /**
     * Help function to existsCAInRules, checks if caid axists among admingroups.
     */
    private boolean existsCAInAdminGroups(int caid){
        debug(">existsCAInAdminGroups()");
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int count = 1; // return true as default.

        String whereclause = "cAId = '" + caid +"'";

        try{
           // Construct SQL query.
            con = getConnection();
            ps = con.prepareStatement("select COUNT(*) from AdminGroupData where " + whereclause);
            // Execute query.
            rs = ps.executeQuery();
            // Assemble result.
            if(rs.next()){
              count = rs.getInt(1);
            }
            debug("<existsCAInAdminGroupss()");
            return count > 0;

        }catch(Exception e){
          throw new EJBException(e);
        }finally{
           try{
             if(rs != null) rs.close();
             if(ps != null) ps.close();
             if(con!= null) con.close();
           }catch(SQLException se){
               error("Error when cleaning up: ", se);
           }
        }               
    }
    
    /**
     * Help function to existsCAInRules, checks if caid axists among accessrules.
     */ 
    private boolean existsCAInAccessRules(int caid){
        debug(">existsCAInAccessRules()");
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int count = 1; // return true as default.

        String whereclause = "accessRule  LIKE '" + AvailableAccessRules.CABASE + "/" + caid + "%'";

        try{
           // Construct SQL query.
            con = getConnection();
            ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause);
            // Execute query.
            rs = ps.executeQuery();
            // Assemble result.
            if(rs.next()){
              count = rs.getInt(1);
            }
            debug("<existsCAInAccessRules()");
            return count > 0;

        }catch(Exception e){
          throw new EJBException(e);
        }finally{
           try{
             if(rs != null) rs.close();
             if(ps != null) ps.close();
             if(con!= null) con.close();
           }catch(SQLException se){
               error("Error when cleaning up: ", se);
           }
        }    
    }
    
    /**
     * Returns a reference to the AuthorizationTreeUpdateDataBean
     */ 
    private AuthorizationTreeUpdateDataLocal getAuthorizationTreeUpdateData(){
     AuthorizationTreeUpdateDataLocal atu = null; 
       try{
          atu = authorizationtreeupdatehome.findByPrimaryKey(new Integer(AuthorizationTreeUpdateDataLocalHome.AUTHORIZATIONTREEUPDATEDATA));
       }catch(FinderException e){
          try{
            atu = authorizationtreeupdatehome.create();  
          }catch(CreateException ce){
             error("Error creating AuthorizationTreeUpdateDataBean :", ce);
             throw new EJBException(ce);
          }   
       }
       return atu;    
    }
     
        
    /** 
     * Method used check if a reconstruction of authorization tree is needed in the
     * authorization beans. 
     *
     * @returns true if update is needed.
     */
    
    private boolean updateNeccessary(){                 
       return getAuthorizationTreeUpdateData().updateNeccessary(this.authorizationtreeupdate) && lastupdatetime < ((new java.util.Date()).getTime() - IAuthorizationSessionRemote.MINTIMEBETWEENUPDATES);      
    } // updateNeccessary
    
    /**
     * method updating authorization tree.
     */
    private void updateAuthorizationTree(Admin admin){        
      authorizer.buildAccessTree(getAdminGroups(admin));  
      this.authorizationtreeupdate= getAuthorizationTreeUpdateData().getAuthorizationTreeUpdateNumber();
      this.lastupdatetime = (new java.util.Date()).getTime();  
    }

    /** 
     * Method incrementing the authorizationtreeupdatenumber and thereby signaling 
     * to other beans that they should reconstruct their accesstrees. 
     *
     */    
    private void signalForAuthorizationTreeUpdate(){              
       getAuthorizationTreeUpdateData().incrementAuthorizationTreeUpdateNumber();
    }
    
	private int findFreeAdminGroupId(){
	  Random random = new Random((new Date()).getTime());
	  int id = random.nextInt();
	  boolean foundfree = false;

	  while(!foundfree){
		try{		  
			this.admingrouphome.findByPrimaryKey(new Integer(id));
			id = random.nextInt();
		}catch(FinderException e){
		   foundfree = true;
		}
	  }
	  return id;
	} // findFreeCertificateProfileId
    
} // LocalAvailableAccessRulesDataBean