localcertificatestoresessionbean.java

一套JAVA的CA证书签发系统.

                    con.close();
                }
            } catch (SQLException se) {
                error("Error cleaning up: ", se);
            }
        }
    } //getLastCRLNumber

    /**
     * Adds a certificate profile to the database.
     *
     * @param admin administrator performing the task
     * @param certificateprofilename readable name of new certificate profile
     * @param certificateprofile the profile to be added
     *
     * @return true if added succesfully, false if it already exist
     */
    public void addCertificateProfile(Admin admin, String certificateprofilename,
        CertificateProfile certificateprofile) throws CertificateProfileExistsException{
        addCertificateProfile(admin, findFreeCertificateProfileId(), certificateprofilename, certificateprofile);
    } // addCertificateProfile

     /**
     * Adds a certificate profile to the database.
     *
     * @param admin administrator performing the task
     * @param certificateprofileid internal ID of new certificate profile, use only if you know it's right.
     * @param certificateprofilename readable name of new certificate profile
     * @param certificateprofile the profile to be added
     *
     * @return true if added succesfully, false if it already exist
     */
    public void addCertificateProfile(Admin admin, int certificateprofileid, String certificateprofilename,
        CertificateProfile certificateprofile)throws CertificateProfileExistsException {
        boolean returnval = false;

		if(isCertificateProfileNameFixed(certificateprofilename)){
		  getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error adding certificaterprofile " + certificateprofilename);  
		  throw new CertificateProfileExistsException();  
		}
        
        if (isFreeCertificateProfileId(certificateprofileid)) {                
           try {
              certprofilehome.findByCertificateProfileName(certificateprofilename);
              throw new CertificateProfileExistsException("Certificate Profile Name already exists.");
           } catch (FinderException e) {
              try {
                  certprofilehome.create(new Integer(certificateprofileid), certificateprofilename,
                      certificateprofile);
				  getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_CERTPROFILE,"New certificateprofile " + certificateprofilename +  " added successfully");                  
              } catch (Exception f) {
				 getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error when creating new certificateprofile " + certificateprofilename);
              }
           }
        }  
      } // addCertificateProfile

     /**
     * Adds a certificate profile with the same content as the original certificateprofile,
     *
     * @param admin DOCUMENT ME!
     * @param originalcertificateprofilename DOCUMENT ME!
     * @param newcertificateprofilename DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public void cloneCertificateProfile(Admin admin, String originalcertificateprofilename, String newcertificateprofilename) throws CertificateProfileExistsException{
       CertificateProfile certificateprofile = null;
       
       if(isCertificateProfileNameFixed(newcertificateprofilename)){
         getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error adding certificaterprofile " + newcertificateprofilename +  " using profile " + originalcertificateprofilename + " as template.");  
         throw new CertificateProfileExistsException();  
       }
                            
       try{         
         certificateprofile = (CertificateProfile)  getCertificateProfile(admin, originalcertificateprofilename).clone();
         
          boolean issuperadministrator= false; 
          try{
            issuperadministrator = getAuthorizationSession().isAuthorizedNoLog(admin, "/super_administrator");
          }catch(AuthorizationDeniedException ade){}
        
          if(!issuperadministrator && certificateprofile.isApplicableToAnyCA()){
             // Not superadministrator, do not use ANYCA;
             Collection authcas = getAuthorizationSession().getAuthorizedCAIds(admin);
             certificateprofile.setAvailableCAs(authcas);
          }        	
                  
         try{
           certprofilehome.findByCertificateProfileName(newcertificateprofilename);
           getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error adding certificaterprofile " + newcertificateprofilename +  " using profile " + originalcertificateprofilename + " as template.");  
           throw new CertificateProfileExistsException();  
         }catch(FinderException e){
           try{
             certprofilehome.create(new Integer(findFreeCertificateProfileId()),newcertificateprofilename,certificateprofile);
             getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_CERTPROFILE,"New certificateprofile " + newcertificateprofilename +  " used profile " + originalcertificateprofilename + " as template.");
           }catch(CreateException f){}
         }
       }catch(CloneNotSupportedException f){}

    } // cloneCertificateProfile

     /**
     * Removes a certificateprofile from the database.
     *
     * @param admin DOCUMENT ME!
     * @param certificateprofilename DOCUMENT ME!
     *
     * @throws EJBException if a communication or other error occurs.
     */
    public void removeCertificateProfile(Admin admin, String certificateprofilename) {
      try{
        CertificateProfileDataLocal pdl = certprofilehome.findByCertificateProfileName(certificateprofilename);
        pdl.remove();
        getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_CERTPROFILE,"Removed certificateprofile " + certificateprofilename + ".");
      }catch(Exception e){
        getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error removing certificateprofile " + certificateprofilename + ".");
      }
    } // removeCertificateProfile

     /**
     * Renames a certificateprofile
     *
     * @param admin DOCUMENT ME!
     * @param oldcertificateprofilename DOCUMENT ME!
     * @param newcertificateprofilename DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public void renameCertificateProfile(Admin admin, String oldcertificateprofilename, String newcertificateprofilename) throws CertificateProfileExistsException{
       if(isCertificateProfileNameFixed(oldcertificateprofilename) || isCertificateProfileNameFixed(newcertificateprofilename)){
         getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error renaming certificateprofile " + oldcertificateprofilename +  " to " + newcertificateprofilename + ".");
         throw new CertificateProfileExistsException("Cannot rename fixed profiles.");
       }
        
       try{
          certprofilehome.findByCertificateProfileName(newcertificateprofilename);
          getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error renaming certificateprofile " + oldcertificateprofilename +  " to " + newcertificateprofilename + ".");
          throw new CertificateProfileExistsException();
       }catch(FinderException e){
         try{
           CertificateProfileDataLocal pdl = certprofilehome.findByCertificateProfileName(oldcertificateprofilename);
           pdl.setCertificateProfileName(newcertificateprofilename);
           getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_CERTPROFILE,"Renamed certificateprofile " + oldcertificateprofilename +  " to " + newcertificateprofilename + ".");
         }catch(FinderException f){
           getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE,"Error renaming certificateprofile " + oldcertificateprofilename +  " to " + newcertificateprofilename + ".");
         }
       }
    } // renameCertificateProfile

    /**
     * Updates certificateprofile data
     *
     * @param admin DOCUMENT ME!
     * @param certificateprofilename DOCUMENT ME!
     * @param certificateprofile DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */

    public void changeCertificateProfile(Admin admin, String certificateprofilename, CertificateProfile certificateprofile){
       try{
         CertificateProfileDataLocal pdl = certprofilehome.findByCertificateProfileName(certificateprofilename);
         pdl.setCertificateProfile(certificateprofile);
         getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_CERTPROFILE,"Certificateprofile " + certificateprofilename +  " edited.");
       }catch(FinderException e){
         getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CERTPROFILE," Error editing certificateprofile " + certificateprofilename + ".");       
       }
    }// changeCertificateProfile
    
    /**
     * Retrives a Collection of id:s (Integer) to authorized profiles.
     *
     * @param certprofiletype should be either SecConst.CERTTYPE_ENDENTITY, SecConst.CERTTYPE_SUBCA, SecConst.CERTTYPE_ROOTCA, 
     * SecConst.CERTTYPE_HARDTOKEN (i.e EndEntity certificates and Hardtoken fixed profiles) or 0 for all. 
     * Retrives certificate profile names sorted.
     *
     *
     * @return Collection of id:s (Integer)
     */
    public Collection getAuthorizedCertificateProfileIds(Admin admin, int certprofiletype){
      ArrayList returnval = new ArrayList();
      Collection result = null;
      
      HashSet authorizedcaids = new HashSet(getAuthorizationSession().getAuthorizedCAIds(admin));

      // Add fixed certificate profiles. 
      if(certprofiletype == 0 || certprofiletype == SecConst.CERTTYPE_ENDENTITY || certprofiletype == SecConst.CERTTYPE_HARDTOKEN)
        returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_ENDUSER));
      if(certprofiletype == 0 || certprofiletype == SecConst.CERTTYPE_SUBCA)
        returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_SUBCA));
      if(certprofiletype == 0 || certprofiletype == SecConst.CERTTYPE_ROOTCA)
        returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_ROOTCA));
      
	   if(certprofiletype == 0 || certprofiletype == SecConst.CERTTYPE_HARDTOKEN){		
		 returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENAUTH));
		 returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENAUTHENC));
		 returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENENC));
		 returnval.add(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENSIGN));
	   }	   
      
      try{
        result = certprofilehome.findAll();
        Iterator i = result.iterator();
        while(i.hasNext()){
          CertificateProfileDataLocal next = (CertificateProfileDataLocal) i.next();
          CertificateProfile profile = next.getCertificateProfile();
          // Check if all profiles available CAs exists in authorizedcaids.
          if(certprofiletype == 0 || certprofiletype == profile.getType()
             || ( profile.getType() == SecConst.CERTTYPE_ENDENTITY && 
			      certprofiletype == SecConst.CERTTYPE_HARDTOKEN)){
            Iterator availablecas = profile.getAvailableCAs().iterator();
            boolean allexists = true;
            while(availablecas.hasNext()){
              Integer nextcaid = (Integer) availablecas.next();
              if(nextcaid.intValue() == CertificateProfile.ANYCA){
                allexists=true;
                break;
              }
                
              if(!authorizedcaids.contains(nextcaid)){
                allexists = false;
                break;
              }
            }
          
            if(allexists)
              returnval.add(next.getId());
          }
        }  
      }catch(FinderException e){}
      return returnval;
    } // getAuthorizedCertificateProfileNames    
    
    
    /**
     * Method creating a hashmap mapping profile id (Integer) to profile name (String).
     */    
    public HashMap getCertificateProfileIdToNameMap(Admin admin){
      HashMap returnval = new HashMap();
      Collection result = null;
      returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_ENDUSER),
                    EndUserCertificateProfile.CERTIFICATEPROFILENAME);
      returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_SUBCA),
                    CACertificateProfile.CERTIFICATEPROFILENAME);
      returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_ROOTCA),
                    RootCACertificateProfile.CERTIFICATEPROFILENAME);

	  returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENAUTH),
	  			    HardTokenAuthCertificateProfile.CERTIFICATEPROFILENAME);
	  returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENAUTHENC),
	 			    HardTokenAuthEncCertificateProfile.CERTIFICATEPROFILENAME);
	  returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENENC),
	  			    HardTokenEncCertificateProfile.CERTIFICATEPROFILENAME);
	  returnval.put(new Integer(SecConst.CERTPROFILE_FIXED_HARDTOKENSIGN),
				    HardTokenSignCertificateProfile.CERTIFICATEPROFILENAME);
					  
            
      try{
        result = certprofilehome.findAll();
        Iterator i = result.iterator();
        while(i.hasNext()){
          CertificateProfileDataLocal next = (CertificateProfileDataLocal) i.next();    
          returnval.put(next.getId(),next.getCertificateProfileName());
        }
      }catch(FinderException e){}
      return returnval;
    } // getCertificateProfileIdToNameMap


    /**
     * Retrives a named certificate profile.
     *
     * @param admin DOCUMENT ME!
     * @param certificateprofilename DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public CertificateProfile getCertificateProfile(Admin admin, String certificateprofilename){
       CertificateProfile returnval=null;
       
      if(certificateprofilename.equals(EndUserCertificateProfile.CERTIFICATEPROFILENAME))
        return new EndUserCertificateProfile(); 
     
      if(certificateprofilename.equals(CACertificateProfile.CERTIFICATEPROFILENAME))
        return new CACertificateProfile(); 

      if(certificateprofilename.equals(RootCACertificateProfile.CERTIFICATEPROFILENAME))
        return new RootCACertificateProfile();        

  	  if(certificateprofilename.equals(HardTokenAuthCertificateProfile.CERTIFICATEPROFILENAME))
	    return new HardTokenAuthCertificateProfile();
  	    
	  if(certificateprofilename.equals(HardTokenAuthEncCertificateProfile.CERTIFICATEPROFILENAME))
	    return new HardTokenAuthEncCertificateProfile(); 

	  if(certificateprofilename.equals(HardTokenEncCertificateProfile.CERTIFICATEPROFILENAME))
	    return new HardTokenEncCertificateProfile(); 
      
	  if(certificateprofilename.equals(HardTokenSignCertificateProfile.CERTIFICATEPROFILENAME))
	    return new HardTokenSignCertificateProfile(); 

       
       try{
         returnval = (certprofilehome.findByCertificateProfileName(certificateprofilename)).getCertificateProfile();
       } catch(FinderException e){
           // return null if we cant find it
       }
       return returnval;
    } //  getCertificateProfile

     /**
     * Finds a certificate profile by id.
     *
     * @param admin DOCUMENT ME!
     * @param id DOCUMENT ME!
     *
     * @return DOCUMENT ME!
     */
    public CertificateProfile getCertificateProfile(Admin admin, int id){
       CertificateProfile returnval=null;
       
       if(id < SecConst.FIXED_CERTIFICATEPROFILE_BOUNDRY){
         switch(id){
            case SecConst.CERTPROFILE_FIXED_ENDUSER :
              returnval = ne