📄 localcertificatestoresessionbean.java
字号:
* Implements ICertificateStoreSession::findCertificatesByUsername. * * @param admin DOCUMENT ME! * @param username DOCUMENT ME! * * @return DOCUMENT ME! */ public Collection findCertificatesByUsername(Admin admin, String username) { debug(">findCertificateBySerno(), username=" + username); try { // Strip dangerous chars username = StringTools.strip(username); Collection coll = certHome.findByUsername(username); ArrayList ret = new ArrayList(); if (coll != null) { Iterator iter = coll.iterator(); while (iter.hasNext()) { ret.add(((CertificateDataLocal)iter.next()).getCertificate()); } } debug("<findCertificateBySerno(), username="+username); return ret; } catch (javax.ejb.FinderException fe) { throw new EJBException(fe); } } // findCertificateByUsername /** * Implements ICertificateStoreSession::findCertificateByFingerprint. * * @param admin DOCUMENT ME! * @param fingerprint DOCUMENT ME! * * @return DOCUMENT ME! */ public Certificate findCertificateByFingerprint(Admin admin, String fingerprint) { debug(">findCertificateByFingerprint()"); Certificate ret = null; try { CertificateDataLocal res = certHome.findByPrimaryKey(new CertificateDataPK(fingerprint)); ret = res.getCertificate(); debug("<findCertificateByFingerprint()"); } catch (FinderException fe) { // Return null; } catch (Exception e) { log.error("Error finding certificate with fp: "+fingerprint); throw new EJBException(e); } return ret; } // findCertificateByFingerprint /** * Lists all active (status = 20) certificates of a specific type and if * given from a specific issuer. * * The type is the bitwise OR value of the types listed * int {@link se.anatom.ejbca.SecConst}:<br> * <ul> * <li><tt>CERTTYPE_ENDENTITY</tt><br> * An user or machine certificate, which identifies a subject. * </li> * <li><tt>CERTTYPE_CA</tt><br> * A CA certificate which is <b>not</b> a root CA. * </li> * <li><tt>CERTTYPE_ROOTCA</tt><br> * A Root CA certificate. * </li> * </ul> * <p> * Usage examples:<br> * <ol> * <li>Get all root CA certificates * <p> * <code> * ... * ICertificateStoreSessionRemote itf = ... * Collection certs = itf.findCertificatesByType(adm, * SecConst.CERTTYPE_ROOTCA, * null); * ... * </code> * </li> * <li>Get all subordinate CA certificates for a specific * Root CA. It is assumed that the <tt>subjectDN</tt> of the * Root CA certificate is located in the variable <tt>issuer</tt>. * <p> * <code> * ... * ICertificateStoreSessionRemote itf = ... * Certficate rootCA = ... * String issuer = rootCA.getSubjectDN(); * Collection certs = itf.findCertificatesByType(adm, * SecConst.CERTTYPE_SUBCA, * issuer); * ... * </code> * </li> * <li>Get <b>all</b> CA certificates. * <p> * <code> * ... * ICertificateStoreSessionRemote itf = ... * Collection certs = itf.findCertificatesByType(adm, * SecConst.CERTTYPE_SUBCA * + CERTTYPE_ROOTCA, * null); * ... * </code> * </li> * </ol> * * @param admin * @paran type CERTTYPE_* types from SecConst * @param issuerDN get all certificates issued by a specific issuer. * If <tt>null</tt> or empty return certificates regardless of * the issuer. * * @return Collection Collection of X509Certificate, never <tt>null</tt> * * @throws RemoteException */ public Collection findCertificatesByType(Admin admin, int type, String issuerDN) { debug(">findCertificatesByType()"); if (null == admin || type <= 0 || type > SecConst.CERTTYPE_SUBCA + SecConst.CERTTYPE_ENDENTITY + SecConst.CERTTYPE_ROOTCA) { throw new IllegalArgumentException(); } StringBuffer ctypes = new StringBuffer(); if ((type & SecConst.CERTTYPE_SUBCA) > 0) { ctypes.append(SecConst.CERTTYPE_SUBCA); } if ((type & SecConst.CERTTYPE_ENDENTITY) > 0) { if (ctypes.length() > 0) { ctypes.append(", "); } ctypes.append(SecConst.CERTTYPE_ENDENTITY); } if ((type & SecConst.CERTTYPE_ROOTCA) > 0) { if (ctypes.length() > 0) { ctypes.append(", "); } ctypes.append(SecConst.CERTTYPE_ROOTCA); } Connection con = null; PreparedStatement ps = null; ResultSet result = null; try { ArrayList vect; // Status 20 = CertificateData.CERT_ACTIVE StringBuffer stmt = new StringBuffer("SELECT DISTINCT fingerprint FROM CertificateData WHERE status = 20 AND "); stmt.append(" type IN ("); stmt.append(ctypes.toString()); stmt.append(')'); if (null != issuerDN && issuerDN.length() > 0) { String dn = CertTools.stringToBCDNString(issuerDN); dn = StringTools.strip(dn); if (log.isDebugEnabled()) { debug("findCertificatesByType() : Looking for cert with (transformed)DN: " + dn); } stmt.append(" AND issuerDN = '"); stmt.append(dn); stmt.append('\''); } if (log.isDebugEnabled()) { debug("findCertificatesByType() : executing SQL statement\n" + stmt.toString()); } con = getConnection(); ps = con.prepareStatement(stmt.toString()); result = ps.executeQuery(); vect = new ArrayList(); while (result.next()) { Certificate cert = findCertificateByFingerprint(admin, result.getString(1)); if (cert != null) { vect.add(cert); } } debug("<findCertificatesByType()"); return vect; } catch (Exception e) { throw new EJBException(e); } finally { try { if (result != null) { result.close(); } if (ps != null) { ps.close(); } if (con != null) { con.close(); } } catch (SQLException se) { error("Unable to cleanup after : findCertificatesByType()", se); } } } // findCertificatesByType /** * Set the status of certificates of given username to revoked. * * @param admin DOCUMENT ME! * @param username the username of user to revoke certificates. * @param publishers and array of publiserids (Integer) of publishers to revoke the certificate in. * @param reason reason the user is revoked from CRLData * * @see CRLData */ public void setRevokeStatus(Admin admin, String username, Collection publishers, int reason) { debug(">setRevokeStatus(), username=" + username); X509Certificate certificate = null; // Strip dangerous chars username = StringTools.strip(username); try{ Collection certs = findCertificatesByUsername(admin, username); // Revoke all certs if (!certs.isEmpty()) { Iterator j = certs.iterator(); while (j.hasNext()) { CertificateDataPK revpk = new CertificateDataPK(); certificate = (X509Certificate) j.next(); revpk.fingerprint = CertTools.getFingerprintAsString(certificate); CertificateDataLocal rev = certHome.findByPrimaryKey(revpk); if (rev.getStatus() != CertificateData.CERT_REVOKED) { rev.setStatus(CertificateData.CERT_REVOKED); rev.setRevocationDate(new Date()); rev.setRevocationReason(reason); getLogSession().log(admin, certificate, LogEntry.MODULE_CA, new java.util.Date(), null, certificate, LogEntry.EVENT_INFO_REVOKEDCERT,("Reason :" + reason)); // Revoke in all related publishers if(publishers!= null){ getPublisherSession().revokeCertificate(admin, publishers, certificate, reason); } } } } }catch(FinderException e){ getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_REVOKEDCERT,("Couldn't find certificate with username :" + username)); throw new EJBException(e); } debug("<setRevokeStatus(), username=" + username); } // setRevokeStatus /** * Set the status of certificate of serno to revoked. * * @param admin DOCUMENT ME! * @param serno the serial number of the certificate to revoke. * @param publishers and array of publiserids (Integer) of publishers to revoke the certificate in. * @param reason reason the user is revoked from CRLData * * @see CRLData */ public void setRevokeStatus(Admin admin, String issuerdn, BigInteger serno, Collection publishers, int reason) { debug(">setRevokeStatus(), issuerdn=" + issuerdn + ", serno=" + serno); X509Certificate certificate = null; try{ certificate = (X509Certificate) this.findCertificateByIssuerAndSerno(admin, issuerdn, serno); // Revoke all certs if (certificate != null) { CertificateDataPK revpk = new CertificateDataPK(); revpk.fingerprint = CertTools.getFingerprintAsString(certificate); CertificateDataLocal rev = certHome.findByPrimaryKey(revpk); if (rev.getStatus() != CertificateData.CERT_REVOKED) { rev.setStatus(CertificateData.CERT_REVOKED); rev.setRevocationDate(new Date()); rev.setRevocationReason(reason); getLogSession().log(admin, issuerdn.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, certificate, LogEntry.EVENT_INFO_REVOKEDCERT,("Reason :" + reason)); } // Revoke in all related publishers if(publishers!= null){ getPublisherSession().revokeCertificate(admin, publishers, certificate, reason); } } }catch(FinderException e){ getLogSession().log(admin, issuerdn.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_REVOKEDCERT,("Couldn't find certificate with serno :" + serno)); throw new EJBException(e); } debug("<setRevokeStatus(), issuerdn=" + issuerdn + ", serno=" + serno); } // setRevokeStatus /** * Revokes a certificate (already revoked by the CA), the Publisher decides what to do, if * anything. * * @param admin DOCUMENT ME! * @param cert The DER coded Certificate that has been revoked. * @param publishers and array of publiserids (Integer) of publishers to revoke the certificate in. * @param reason DOCUMENT ME! * * @throws EJBException if a communication or other error occurs. */ public void revokeCertificate(Admin admin, Certificate cert, Collection publishers, int reason) { if (cert instanceof X509Certificate) { setRevokeStatus(admin, ((X509Certificate)cert).getIssuerDN().toString(), ((X509Certificate)cert).getSerialNumber(), publishers, reason); } } //revokeCertificate /** * Method revoking all certificates generated by the specified issuerdn. Sets revokedate to current time. * Should only be called by CAAdminBean when a CA is about to be revoked. * * @param admin the administrator performing the event. * @param issuerdn the dn of CA about to be revoked * @param reason the reason of revokation. * */ public void revokeAllCertByCA(Admin admin, String issuerdn, int reason){⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -