raaddusercommand.java

一套JAVA的CA证书签发系统.

                System.out.print("\n");


                System.out.print("Existing endentity profiles  : ");
                first = true;
                iter = endentityprofileids.iterator();
                while(iter.hasNext()){
                  if(first)                    
                    first= false;
                  else
                    System.out.print(", ");                      
                  System.out.print(endentityprofileidtonamemap.get(iter.next()));
                }
                
                System.out.print("\n");
                if( usehardtokens && hardtokenissueraliases.length > 0){                
                  System.out.print("Existing hardtoken issuers  : ");
                  for(int i=0; i < hardtokenissueraliases.length-1; i++){
                    System.out.print(hardtokenissueraliases[i] + ", ");
                  }
                  System.out.print(hardtokenissueraliases[hardtokenissueraliases.length-1] + "\n");               
                }

                System.out.println(
                    "If the user does not have a SubjectAltName or an email address,\n or you want the password to be auto-generated use the value 'null'. ");
                return;
            }

            String username = args[1];
            String password = args[2];
            String dn = args[3];
            String subjectaltname = args[4];
            String caname  = args[5];
            String email = args[6];
            int type  = Integer.parseInt(args[7]);
            String tokenname = args[8];
            int profileid =  SecConst.EMPTY_ENDENTITYPROFILE;
            int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER;
            int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER;
            boolean error = false;
            boolean usehardtokenissuer = false;

            int caid = 0;
            try{
              caid = caadminsession.getCAInfo(administrator, caname).getCAId();
            }catch(Exception e){               
            }
            
            if(args.length == 10){
              // Use certificate type, no end entity profile.
              certificatetypeid = certificatesession.getCertificateProfileId(administrator, args[9]);

            }

            if(args.length == 11){
              // Use certificate type and end entity profile.
              profileid = raadminsession.getEndEntityProfileId(administrator, args[10]);
              certificatetypeid = certificatesession.getCertificateProfileId(administrator, args[9]);
            }

            if(args.length == 12 && usehardtokens){
              // Use certificate type, end entity profile and hardtokenisseur.
              profileid = raadminsession.getEndEntityProfileId(administrator, args[10]);
              certificatetypeid = certificatesession.getCertificateProfileId(administrator, args[9]);
              hardtokenissuerid = hardtokensession.getHardTokenIssuerId(administrator,args[11]);
              usehardtokenissuer = true;
            }
            
            int tokenid =getTokenId(administrator, tokenname, usehardtokens, hardtokensession);
            if (tokenid == 0) {
                System.out.println("Error : Invalid token id.");
                error = true;
            }

            if (certificatetypeid == SecConst.PROFILE_NO_PROFILE) { // Certificate profile not found i database.
                System.out.println("Error : Couldn't find certificate profile in database.");
                error = true;
            }

            if(profileid == 0){ // End entity profile not found i database.
              System.out.println("Error : Couldn't find end entity profile in database." );
              error = true;
            }
            
            if(caid == 0){ // CA not found i database.
              System.out.println("Error : Couldn't find CA in database." );
              error = true;
            }
            
            if(usehardtokenissuer && hardtokenissuerid == SecConst.NO_HARDTOKENISSUER){
              System.out.println("Error : Couldn't find hard token issuer in database." );
              error = true;       
            }  

            if ((tokenid > SecConst.TOKEN_SOFT) &&
                    (hardtokenissuerid == SecConst.NO_HARDTOKENISSUER)) {
                System.out.println(
                    "Error : HardTokenIssuer has to be choosen when user with hard tokens is added.");
                error = true;
            }

            if (email.equalsIgnoreCase("NULL") &&
                    ((type & SecConst.USER_SENDNOTIFICATION) == SecConst.USER_SENDNOTIFICATION)) {
                System.out.println(
                    "Error : Email field cannot be null when send notification type is given.");
                error = true;
            }

            // Check if username already exists.
            try {
                if (getAdminSession().findUser(administrator, username) != null) {
                    ;
                    System.out.println("Error : User already exists in the database.");
                    error = true;
                }
            } catch (FinderException e) {
            }


            if(!error){
              System.out.println("Trying to add user:");
              System.out.println("Username: "+username);
              System.out.println("Password (hashed only): "+password);
              System.out.println("DN: "+dn);
              System.out.println("CA Name: "+caname);
              System.out.println("SubjectAltName: "+subjectaltname);
              System.out.println("Email: "+email);
              System.out.println("Type: "+type);
              System.out.println("Token: "+tokenname);
              System.out.println("Certificate profile: "+certificatetypeid);
              System.out.println("End entity profile: "+profileid);
			  if (password.toUpperCase().equals("NULL"))
				  password = null;
              if (subjectaltname.toUpperCase().equals("NULL"))
                  subjectaltname = null;
              if (email.toUpperCase().equals("NULL"))
                  email = null;
              try{
                getAdminSession().addUser(administrator, username, password, dn, subjectaltname, email, false, profileid, certificatetypeid,
                                         type, tokenid, hardtokenissuerid, caid);
                System.out.println("User '"+username+"' has been added.");
                System.out.println();
                System.out.println("Note: If batch processing should be possible, \nalso use 'ra setclearpwd "+username+" <pwd>'.");
              }catch(AuthorizationDeniedException e){
                  System.out.println("Error : " + e.getMessage());
              }catch(UserDoesntFullfillEndEntityProfile e){
                 System.out.println("Error : Given userdata doesn't fullfill end entity profile. : " +  e.getMessage());
              }
            }
        } catch (Exception e) {
            throw new ErrorAdminCommandException(e);
        }
    }

    // execute
    /**
     *  Returns the tokenid type of the user, returns 0 if invalid tokenname.    
     */
    
    private int getTokenId(Admin administrator, String tokenname, boolean usehardtokens, IHardTokenSessionRemote hardtokensession) throws RemoteException {
        int returnval = 0;
        
        // First check for soft token type
        for(int i=0;i< softtokennames.length;i++){
        	if(softtokennames[i].equals(tokenname)){
        		returnval = softtokenids[i];
        		break;
        	}        	
        }

        if (returnval == 0 && usehardtokens) {
             returnval = hardtokensession.getHardTokenProfileId(administrator , tokenname);
        }

        return returnval;
    }
}