📄 caadminsessionbean.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package se.anatom.ejbca.ca.caadmin;import java.io.UnsupportedEncodingException;import java.security.KeyStore;import java.security.PrivateKey;import java.security.PublicKey;import java.security.cert.CertPath;import java.security.cert.CertPathValidator;import java.security.cert.CertPathValidatorException;import java.security.cert.CertPathValidatorResult;import java.security.cert.Certificate;import java.security.cert.CertificateExpiredException;import java.security.cert.CertificateFactory;import java.security.cert.CertificateNotYetValidException;import java.security.cert.PKIXCertPathValidatorResult;import java.security.cert.PKIXParameters;import java.security.cert.TrustAnchor;import java.security.cert.X509Certificate;import java.sql.Connection;import java.sql.SQLException;import java.util.ArrayList;import java.util.Collection;import java.util.Date;import java.util.HashMap;import java.util.HashSet;import java.util.Iterator;import javax.ejb.CreateException;import javax.ejb.EJBException;import javax.naming.InitialContext;import javax.naming.NamingException;import javax.sql.DataSource;import org.bouncycastle.asn1.ASN1Set;import org.bouncycastle.jce.PKCS10CertificationRequest;import se.anatom.ejbca.BaseSessionBean;import se.anatom.ejbca.SecConst;import se.anatom.ejbca.authorization.AuthorizationDeniedException;import se.anatom.ejbca.authorization.AvailableAccessRules;import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;import se.anatom.ejbca.ca.auth.UserAuthData;import se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;import se.anatom.ejbca.ca.caadmin.extendedcaservices.OCSPCAService;import se.anatom.ejbca.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;import se.anatom.ejbca.ca.crl.ICreateCRLSessionLocal;import se.anatom.ejbca.ca.crl.ICreateCRLSessionLocalHome;import se.anatom.ejbca.ca.crl.RevokedCertInfo;import se.anatom.ejbca.ca.exception.CADoesntExistsException;import se.anatom.ejbca.ca.exception.CAExistsException;import se.anatom.ejbca.ca.exception.CATokenAuthenticationFailedException;import se.anatom.ejbca.ca.exception.CATokenOfflineException;import se.anatom.ejbca.ca.exception.IllegalKeyStoreException;import se.anatom.ejbca.ca.sign.ISignSessionLocal;import se.anatom.ejbca.ca.sign.ISignSessionLocalHome;import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;import se.anatom.ejbca.ca.store.certificateprofiles.CertificateProfile;import se.anatom.ejbca.exception.EjbcaException;import se.anatom.ejbca.log.Admin;import se.anatom.ejbca.log.ILogSessionLocal;import se.anatom.ejbca.log.ILogSessionLocalHome;import se.anatom.ejbca.log.LogEntry;import se.anatom.ejbca.protocol.IRequestMessage;import se.anatom.ejbca.protocol.IResponseMessage;import se.anatom.ejbca.protocol.PKCS10RequestMessage;import se.anatom.ejbca.protocol.X509ResponseMessage;import se.anatom.ejbca.ra.IUserAdminSessionLocal;import se.anatom.ejbca.ra.IUserAdminSessionLocalHome;import se.anatom.ejbca.util.CertTools;import se.anatom.ejbca.util.KeyTools;/** * Administrates and manages CAs in EJBCA system. * * @version $Id: CAAdminSessionBean.java,v 1.25 2004/05/31 14:29:06 anatom Exp $ */public class CAAdminSessionBean extends BaseSessionBean { /** Var holding JNDI name of datasource */ private String dataSource = ""; /** The local home interface of CAData.*/ private CADataLocalHome cadatahome; /** The local interface of the log session bean */ private ILogSessionLocal logsession; /** The local interface of the authorization session bean */ private IAuthorizationSessionLocal authorizationsession; /** The local interface of the user admin session bean */ private IUserAdminSessionLocal useradminsession; /** The local interface of the certificate store session bean */ private ICertificateStoreSessionLocal certificatestoresession; /** The local interface of the sign session bean */ private ISignSessionLocal signsession; /** The local interface of the job runner session bean used to create crls.*/ private ICreateCRLSessionLocal jobrunner; /** * Default create for SessionBean without any creation Arguments. * @throws CreateException if bean instance can't be created */ public void ejbCreate() throws CreateException { debug(">ejbCreate()"); dataSource = (String)lookup("java:comp/env/DataSource", java.lang.String.class); debug("DataSource=" + dataSource); cadatahome = (CADataLocalHome)lookup("java:comp/env/ejb/CADataLocal"); // Install BouncyCastle provider CertTools.installBCProvider(); debug("<ejbCreate()"); } /** Gets connection to Datasource used for manual SQL searches * @return Connection */ private Connection getConnection() throws SQLException, NamingException { DataSource ds = (DataSource)getInitialContext().lookup(dataSource); return ds.getConnection(); } //getConnection /** Gets connection to log session bean */ private ILogSessionLocal getLogSession() { if(logsession == null){ try{ ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) lookup("java:comp/env/ejb/LogSessionLocal",ILogSessionLocalHome.class); logsession = logsessionhome.create(); }catch(Exception e){ throw new EJBException(e); } } return logsession; } //getLogSession /** Gets connection to authorization session bean * @return Connection */ private IAuthorizationSessionLocal getAuthorizationSession() { if(authorizationsession == null){ try{ IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) lookup("java:comp/env/ejb/AuthorizationSessionLocal",IAuthorizationSessionLocalHome.class); authorizationsession = authorizationsessionhome.create(); }catch(Exception e){ throw new EJBException(e); } } return authorizationsession; } //getAuthorizationSession /** Gets connection to crl create session bean * @return Connection */ private ICreateCRLSessionLocal getCRLCreateSession() { if(jobrunner == null){ try{ ICreateCRLSessionLocalHome home = (ICreateCRLSessionLocalHome) lookup("java:comp/env/ejb/CreateCRLSessionLocal", ICreateCRLSessionLocalHome.class); jobrunner = home.create(); }catch(Exception e){ throw new EJBException(e); } } return jobrunner; } /** Gets connection to user admin session bean * @return Connection */ private IUserAdminSessionLocal getUserAdminSession() { if(useradminsession == null){ try{ IUserAdminSessionLocalHome useradminsessionhome = (IUserAdminSessionLocalHome) lookup("java:comp/env/ejb/UserAdminSessionLocal",IUserAdminSessionLocalHome.class); useradminsession = useradminsessionhome.create(); }catch(Exception e){ throw new EJBException(e); } } return useradminsession; } //getUserAdminSession /** Gets connection to certificate store session bean * @return Connection */ private ICertificateStoreSessionLocal getCertificateStoreSession() { if(certificatestoresession == null){ try{ ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) lookup("java:comp/env/ejb/CertificateStoreSessionLocal",ICertificateStoreSessionLocalHome.class); certificatestoresession = certificatestoresessionhome.create(); }catch(Exception e){ throw new EJBException(e); } } return certificatestoresession; } //getCertificateStoreSession /** Gets connection to sign session bean * @return Connection */ private ISignSessionLocal getSignSession() { if(signsession == null){ try{ ISignSessionLocalHome signsessionhome = (ISignSessionLocalHome) lookup("java:comp/env/ejb/SignSessionLocal",ISignSessionLocalHome.class); signsession = signsessionhome.create(); }catch(Exception e){ throw new EJBException(e); } } return signsession; } //getCertificateStoreSession /** * @see se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocal */ public void createCA(Admin admin, CAInfo cainfo) throws CAExistsException, AuthorizationDeniedException, CATokenOfflineException, CATokenAuthenticationFailedException{ Collection certpublishers = null; int castatus = SecConst.CA_OFFLINE; // Check that administrat has superadminsitrator rights. try{ getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator"); }catch(AuthorizationDeniedException ade){ getLogSession().log (admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,"Administrator isn't authorized to create CA",ade); throw new AuthorizationDeniedException("Administrator not authorized to create CA"); } // Check that CA doesn't already exists try{ int caid = cainfo.getCAId(); if(caid >=0 && caid <= CAInfo.SPECIALCAIDBORDER){ getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,"CA already exists."); throw new CAExistsException(); } cadatahome.findByPrimaryKey(new Integer(caid));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -