localcertificatestoresessionbean.java

一套JAVA的CA证书签发系统.

                Iterator iter = coll.iterator();
                while (iter.hasNext()) {
                    ret.add( ((CertificateDataLocal)iter.next()).getCertificate() );
                }
            }
            debug("<findCertificatesBySubjectAndIssuer(), dn='"+subjectDN+"' and issuer='"+issuerDN+"'");
            return ret;
        } catch (javax.ejb.FinderException fe) {
            throw new EJBException(fe);
        }
    } //findCertificatesBySubjectAndIssuer

    /**
     * Implements ICertificateStoreSession::findCertificatesBySubject.
     *
     * @param admin DOCUMENT ME!
     * @param subjectDN DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public Collection findCertificatesBySubject(Admin admin, String subjectDN) {
        debug(">findCertificatesBySubjectAndIssuer(), dn='"+subjectDN+"'");
        // First make a DN in our well-known format
        String dn = CertTools.stringToBCDNString(subjectDN);
        dn = StringTools.strip(dn);
        debug("Looking for cert with (transformed)DN: " + dn);
        try {
            Collection coll = certHome.findBySubjectDN(dn);
            Collection ret = new ArrayList();
            if (coll != null) {
                Iterator iter = coll.iterator();
                while (iter.hasNext()) {
                    ret.add( ((CertificateDataLocal)iter.next()).getCertificate() );
                }
            }
            debug("<findCertificatesBySubject(), dn='"+subjectDN+"'");
            return ret;
        } catch (javax.ejb.FinderException fe) {
            throw new EJBException(fe);
        }
    } //findCertificatesBySubject

    /**
     * Finds certificate which expire within a specified time. Implements
     * ICertificateStoreSession::findCertificatesByExpireTime.
     *
     * @param admin DOCUMENT ME!
     * @param expireTime DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public Collection findCertificatesByExpireTime(Admin admin, Date expireTime) {
        debug(">findCertificatesByExpireTime(), time="+expireTime);
        // First make expiretime in well know format
        debug("Looking for certs that expire before: " + expireTime);

        try {
            Collection coll = certHome.findByExpireDate(expireTime.getTime());
            Collection ret = new ArrayList();

            if (coll != null) {
                Iterator iter = coll.iterator();

                while (iter.hasNext()) {
                    ret.add( ((CertificateDataLocal)iter.next()).getCertificate() );
                }
            }
            debug("<findCertificatesByExpireTime(), time="+expireTime);
            return ret;
        } catch (javax.ejb.FinderException fe) {
            throw new EJBException(fe);
        }
    }

    //findCertificatesByExpireTime

    /**
     * Finds usernames of users having certificate(s) expiring within a specified time and that has
     * status active.
     *
     * @param admin DOCUMENT ME!
     * @param expiretime DOCUMENT ME!
     *
     * @return a collection of usernames (String) Implements
     *         ICertificateStoreSession::findCertificatesByExpireTimeWithLimit.
     */
    public Collection findCertificatesByExpireTimeWithLimit(Admin admin, Date expiretime) {
        debug(">findCertificatesByExpireTimeWithLimit");

        Connection con = null;
        PreparedStatement ps = null;;
        ResultSet result = null;
        ArrayList returnval = new ArrayList();
        long currentdate = new Date().getTime();

        try {
            con = getConnection();
            ps = con.prepareStatement(
				"SELECT DISTINCT username FROM CertificateData WHERE expireDate>=? AND expireDate<? AND status=?"); 
            ps.setLong(1,currentdate);
			ps.setLong(2,expiretime.getTime());
			ps.setInt(3,CertificateData.CERT_ACTIVE);
            result = ps.executeQuery();
            while(result.next() && returnval.size() <= SecConst.MAXIMUM_QUERY_ROWCOUNT +1){
                if(result.getString(1) != null && !result.getString(1).equals(""))
                  returnval.add(result.getString(1));
            }    
            debug("<findCertificatesByExpireTimeWithLimit()");
            return returnval;
        }
        catch (Exception e) {
            throw new EJBException(e);
        } finally {
            try {
                if (result != null) {
                    result.close();
                }

                if (ps != null) {
                    ps.close();
                }

                if (con != null) {
                    con.close();
                }
            } catch (SQLException se) {
                error("Error cleaning up: ", se);
            }
        }
    } //findCertificatesByExpireTimeWithLimit

    /**
     * Implements ICertificateStoreSession::findCertificateByIssuerAndSerno.
     *
     * @param admin DOCUMENT ME!
     * @param issuerDN DOCUMENT ME!
     * @param serno DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */                           
    public Certificate findCertificateByIssuerAndSerno(Admin admin, String issuerDN, BigInteger serno) {
        debug(">findCertificateByIssuerAndSerno(), dn:"+issuerDN+", serno="+serno);
        // First make a DN in our well-known format
        String dn = CertTools.stringToBCDNString(issuerDN);
        dn = StringTools.strip(dn);
        debug("Looking for cert with (transformed)DN: " + dn);
        try {
            Collection coll = certHome.findByIssuerDNSerialNumber(dn, serno.toString());
            Certificate ret = null;
            if (coll != null) {
                if (coll.size() > 1)
                  getLogSession().log(admin, issuerDN.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_DATABASE,"Error in database, more than one certificate has the same Issuer : " + issuerDN + " and serialnumber "
                                                                                                          + serno.toString(16) + ".");
                Iterator iter = coll.iterator();
                if (iter.hasNext()) {
                    ret= ((CertificateDataLocal)iter.next()).getCertificate();
                }
            }
            debug("<findCertificateByIssuerAndSerno(), dn:" + issuerDN + ", serno=" + serno);
            return ret;
        } catch (Exception fe) {
            throw new EJBException(fe);
        }
    } //findCertificateByIssuerAndSerno

	/**
	 * Implements ICertificateStoreSession::findCertificatesByIssuerAndSernos.
	 *
	 * The method retrives all certificates from a specific issuer
	 * which are identified by list of serial numbers. The collection
	 * will be empty if the issuerDN is <tt>null</tt>/empty
	 * or the collection of serial numbers is empty.
	 *
	 * @param admin
	 * @param issuer the subjectDN of a CA certificate
	 * @param sernos a collection of certificate serialnumbers
	 *
	 * @return Collection a list of certificates; never <tt>null</tt>
	 */
	public Collection findCertificatesByIssuerAndSernos(Admin admin, String issuerDN, Collection sernos) {
		debug(">findCertificateByIssuerAndSernos()");

		Connection con = null;
		PreparedStatement ps = null;
		ResultSet result = null;
		ArrayList vect = null;

		if (null == admin) {
			throw new IllegalArgumentException();
		}


		if (null == issuerDN || issuerDN.length() <= 0
			|| null == sernos || sernos.isEmpty()) {
			return new ArrayList();
		}

		String dn = CertTools.stringToBCDNString(issuerDN);
		debug("Looking for cert with (transformed)DN: " + dn);

		try {

			final StringBuffer sb = new StringBuffer();
			/*
			 * tmeckel:
			 * JBoss seems to have problems loading anoymous classes :(
			 * i always get an java.lang.NoClassDefFound exception when
			 * i try to use the following code snipped
			 *
			 * the code in the following block is only a dingy
			 * replacement as long as the problem with anonymous
			 * classes are solved :)
			CollectionUtils.forAllDo(sernos, new Closure() {
												public void execute(Object input) {
													if (null != input) {
														sb.append(", ");
														sb.append(input.toString());
													}
												}} );
			*/
			{
				Iterator iter = sernos.iterator();
				while (iter.hasNext()) {
                    sb.append(", '");
                    // Make sure this is really a BigInteger passed in as (untrusted param)
                    BigInteger serno = (BigInteger)iter.next(); 
                    sb.append(serno.toString());
                    sb.append("'");
				}
			}
			/*
			 * to save the repeating if-statement in the above
			 * Closure not to add ', ' as the first characters
			 * in the StringBuffer we remove the two chars here :)
			 */
			sb.delete(0, ", ".length());
			con = getConnection();
			ps = con.prepareStatement("SELECT DISTINCT fingerprint"
									  + " FROM CertificateData WHERE"
									  + " issuerDN = ?"
									  + " AND serialNumber IN (" + sb.toString() + ")");
            ps.setString(1,dn);
			result = ps.executeQuery();

			vect = new ArrayList();
			while (result.next()) {
                Certificate cert = findCertificateByFingerprint(admin, result.getString(1));
                if (cert != null) {
                    vect.add(cert);                    
                } 
			}

			debug("<findCertificateByIssuerAndSernos()");
			return vect;
		} catch (Exception fe) {
			throw new EJBException(fe);
		} finally {
		   try {
				if (result != null) result.close();
				if (ps != null) ps.close();
				if (con != null) con.close();
			} catch (SQLException se) {
				error("Unable to cleanup after : findCertificateByIssuerAndSernos()", se);
			}
		}
	} // findCertificateByIssuerAndSernos

    /**
     * Implements ICertificateStoreSession::findCertificatesBySerno.
     *
     * @param admin DOCUMENT ME!
     * @param serno DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public Collection findCertificatesBySerno(Admin admin, BigInteger serno) {
        debug(">findCertificateBySerno(),  serno="+serno);
        try {
            Collection coll = certHome.findBySerialNumber(serno.toString());
            ArrayList ret = new ArrayList();

            if (coll != null) {
                Iterator iter = coll.iterator();

                while (iter.hasNext()) {
                    ret.add(((CertificateDataLocal)iter.next()).getCertificate());
                }
            }

            debug("<findCertificateBySerno(), serno=" + serno);

            return ret;
        } catch (javax.ejb.FinderException fe) {
            throw new EJBException(fe);
        }
    } // findCertificateBySerno

    /**
     * Implements ICertificateStoreSession::findUsernameByCertSerno.
     *
     * @param admin DOCUMENT ME!
     * @param serno DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public String findUsernameByCertSerno(Admin admin, BigInteger serno, String issuerdn){
        debug(">findUsernameByCertSerno(),  serno="+serno);
        String dn = CertTools.stringToBCDNString(issuerdn);
        try {
            Collection coll = certHome.findByIssuerDNSerialNumber(dn, serno.toString());
            String ret = null;

            if (coll != null) {
                Iterator iter = coll.iterator();

                while (iter.hasNext()) {
                    ret = ((CertificateDataLocal)iter.next()).getUsername();
                }
            }

            debug("<findUsernameByCertSerno(), serno=" + serno);

            return ret;
        } catch (javax.ejb.FinderException fe) {
            throw new EJBException(fe);
        }
    } // findUsernameByCertSerno

    /**