📄 localuseradminsessionbean.java
字号:
/** * Method that revokes a certificate. * * @param certserno, the serno of certificate to revoke. * @param username, the username to revoke. * @param reason, the reason of revokation. */ public void revokeCert(Admin admin, BigInteger certserno, String issuerdn, String username, int reason) throws AuthorizationDeniedException,FinderException{ debug(">revokeCert("+certserno+", IssuerDN: " + issuerdn + ", username, " + username + ")"); UserDataPK pk = new UserDataPK(username); UserDataLocal data; try { data = home.findByPrimaryKey(pk); } catch (ObjectNotFoundException oe) { throw new EJBException(oe); } int caid = data.getCAId(); if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY,"Administrator not authorized to revoke certificates of this CA."); throw new AuthorizationDeniedException("Administrator not authorized to revoke certificate of user with given CA."); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY,"Administrator not authorized"); throw new AuthorizationDeniedException("Not authorized to revoke user : " + username + "."); } } Collection publishers = this.certificatesession.getCertificateProfile(admin, data.getCertificateProfileId()).getPublisherList(); certificatesession.setRevokeStatus(admin, issuerdn, certserno, publishers, reason); // Revoke certificate in publishers Certificate cert = certificatesession.findCertificateByIssuerAndSerno(admin, issuerdn, certserno); if(certificatesession.checkIfAllRevoked(admin, username)){ setUserStatus(admin, username, UserDataRemote.STATUS_REVOKED); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_REVOKEDENDENTITY,""); } debug("<revokeCert()"); } // revokeCert /** * Implements IUserAdminSession::findUser. */ public UserAdminData findUser(Admin admin, String username) throws FinderException, AuthorizationDeniedException { debug(">findUser("+username+")"); UserDataPK pk = new UserDataPK(username); UserDataLocal data; try { data = home.findByPrimaryKey(pk); } catch (ObjectNotFoundException oe) { return null; } if(!authorizedToCA(admin, data.getCAId())){ throw new AuthorizationDeniedException("Administrator not authorized to view user with given CA."); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ // Check if administrator is authorized to view user. if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)) throw new AuthorizationDeniedException("Administrator not authorized to view user."); } UserAdminData ret = new UserAdminData(data.getUsername(), data.getSubjectDN(), data.getCAId(), data.getSubjectAltName() ,data.getSubjectEmail(), data.getStatus() , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId() , new java.util.Date(data.getTimeCreated()), new java.util.Date(data.getTimeModified()) , data.getTokenType(), data.getHardTokenIssuerId()); ret.setPassword(data.getClearPassword()); debug("<findUser("+username+")"); return ret; } // findUser /** * Implements IUserAdminSession::findUserBySubjectDN. */ public UserAdminData findUserBySubjectDN(Admin admin, String subjectdn, String issuerdn) throws AuthorizationDeniedException { debug(">findUserBySubjectDN("+subjectdn+")"); String bcdn = CertTools.stringToBCDNString(subjectdn); // String used in SQL so strip it String dn = StringTools.strip(bcdn); debug("Looking for users with subjectdn: " + dn +", issuerdn : " + issuerdn); UserAdminData returnval = null; UserDataLocal data = null; if(!authorizedToCA(admin, issuerdn.hashCode())){ throw new AuthorizationDeniedException("Administrator not authorized to view user with given CA."); } try{ data = home.findBySubjectDN(dn, issuerdn.hashCode()); } catch( FinderException e) { log.debug("Cannot find user with DN='"+dn+"'"); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ // Check if administrator is authorized to view user. if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)) throw new AuthorizationDeniedException("Administrator not authorized to view user."); } if(data != null){ returnval = new UserAdminData(data.getUsername(), data.getSubjectDN(), data.getCAId(), data.getSubjectAltName() ,data.getSubjectEmail(), data.getStatus() , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId() , new java.util.Date(data.getTimeCreated()), new java.util.Date(data.getTimeModified()) , data.getTokenType(), data.getHardTokenIssuerId()); returnval.setPassword(data.getClearPassword()); } debug("<findUserBySubjectDN("+subjectdn+")"); return returnval; } // findUserBySubjectDN /** * Implements IUserAdminSession::findUserBySubjectDN. */ public Collection findUserByEmail(Admin admin, String email) throws AuthorizationDeniedException { debug(">findUserByEmail("+email+")"); debug("Looking for user with email: " + email); ArrayList returnval = new ArrayList(); Collection result = null; try{ result = home.findBySubjectEmail(email); } catch( FinderException e) { log.debug("Cannot find user with Email='"+email+"'"); } Iterator iter = result.iterator(); while(iter.hasNext()){ UserDataLocal data = (UserDataLocal) iter.next(); if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ // Check if administrator is authorized to view user. if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)) break; } if(!authorizedToCA(admin, data.getCAId())){ break; } UserAdminData user =new UserAdminData(data.getUsername(), data.getSubjectDN(), data.getCAId(), data.getSubjectAltName() ,data.getSubjectEmail(), data.getStatus() , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId() , new java.util.Date(data.getTimeCreated()), new java.util.Date(data.getTimeModified()) , data.getTokenType(), data.getHardTokenIssuerId()); user.setPassword(data.getClearPassword()); returnval.add(user); } debug("<findUserByEmail("+email+")"); return returnval; } // findUserBySubjectDN /** * Implements IUserAdminSession::checkIfCertificateBelongToAdmin. */ public void checkIfCertificateBelongToAdmin(Admin admin, BigInteger certificatesnr, String issuerdn) throws AuthorizationDeniedException { debug(">checkIfCertificateBelongToAdmin("+certificatesnr+")"); String username = certificatesession.findUsernameByCertSerno(admin, certificatesnr, issuerdn); UserAdminData returnval = null; UserDataLocal data = null; if(username != null){ UserDataPK pk = new UserDataPK(username); try { data = home.findByPrimaryKey(pk); } catch( FinderException e) { log.debug("Cannot find user with username='"+username+"'"); } } if(data != null){ int type = data.getType(); if( (type & SecConst.USER_ADMINISTRATOR) == 0){ logsession.log(admin, data.getCAId(), LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_ADMINISTRATORLOGGEDIN,"Certificate didn't belong to an administrator."); throw new AuthorizationDeniedException("Your certificate does not belong to an administrator."); } }else{ logsession.log(admin, ILogSessionLocal.INTERNALCAID, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_ADMINISTRATORLOGGEDIN,"Certificate didn't belong to any user."); throw new AuthorizationDeniedException("Your certificate does not belong to any user."); } debug("<checkIfCertificateBelongToAdmin()"); } // checkIfCertificateBelongToAdmin /** * Implements IUserAdminSession::findAllUsersByStatus. */ public Collection findAllUsersByStatus(Admin admin, int status) throws FinderException { debug(">findAllUsersByStatus("+status+")"); debug("Looking for users with status: " + status); Query query = new Query(Query.TYPE_USERQUERY); query.add(UserMatch.MATCH_WITH_STATUS, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(status)); Collection returnval = null; try{ returnval = query(admin, query, false, null, null, false); }catch(IllegalQueryException e){} debug("found "+returnval.size()+" user(s) with status="+status); debug("<findAllUsersByStatus("+status+")"); return returnval; } /** * Implements IUserAdminSession::findAllUsersWithLimit. */ public Collection findAllUsersWithLimit(Admin admin) throws FinderException{ debug(">findAllUsersWithLimit()"); Collection returnval = null; try{ returnval = query(admin, null, true, null, null, false); }catch(IllegalQueryException e){} debug("<findAllUsersWithLimit()"); return returnval; } /** * Implements IUserAdminSession::findAllUsersWithLimit. */ public Collection findAllUsersByStatusWithLimit(Admin admin, int status, boolean onlybatchusers) throws FinderException{ debug(">findAllUsersByStatusWithLimit()"); Query query = new Query(Query.TYPE_USERQUERY); query.add(UserMatch.MATCH_WITH_STATUS, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(status)); Collection returnval = null; try{ returnval = query(admin, query, false, null, null, onlybatchusers); }catch(IllegalQueryException e){} debug("<findAllUsersByStatusWithLimit()"); return returnval; } /** * Implements IUserAdminSession::startExternalService. */ public void startExternalService( String[] args ) { debug(">startService()"); try { RMIFactory rmiFactory = (RMIFactory)Class.forName( (String)lookup("java:comp/env/RMIFactory", java.lang.String.class) ).newInstance(); rmiFactory.startConnection( args ); debug(">startService()"); } catch( Exception e ) { error("Error starting external service.", e); throw new EJBException("Error starting external service", e); } } // startExternalService /** * Method to execute a customized query on the ra user data. The parameter query should be a legal Query object. * * @param query a number of statments compiled by query class to a SQL 'WHERE'-clause statment. * @param caauthorizationstring is a string placed in the where clause of SQL query indication which CA:s the administrator is authorized to view. * @param endentityprofilestring is a string placed in the where clause of SQL query indication which endentityprofiles the administrator is authorized to view. * @return a collection of UserAdminData. Maximum size of Collection is defined i IUserAdminSessionRemote.MAXIMUM_QUERY_ROWCOUNT * @throws IllegalQueryException when query parameters internal rules isn't fullfilled. * @see se.anatom.ejbca.util.query.Query */ public Collection query(Admin admin, Query query, String caauthorizationstring, String endentityprofilestring) throws IllegalQueryException{ return query(admin, query, true, caauthorizationstring, endentityprofilestring, false); } /** * Help function used to retrieve user information. A query parameter of null indicates all users. * If caauthorizationstring or endentityprofilestring are null then the method will retrieve the information * itself. */ private Collection query(Admin admin, Query query, boolean withlimit, String caauthorizationstr, String endentityprofilestr, boolean onlybatchusers) throws IllegalQueryException{ debug(">query()"); boolean authorizedtoanyprofile = true; Connection con = null; PreparedStatement ps = null; ResultSet rs = null; String caauthorizationstring = StringTools.strip(caauthorizationstr); String endentityprofilestring = StringTools.strip(endentityprofilestr); ArrayList returnval = new ArrayList(); GlobalConfiguration globalconfiguration = getGlobalConfiguration(admin); RAAuthorization raauthorization = null; String caauthstring = caauthorizationstring; String endentityauth = endentityprofilestring; String sqlquery = "select " + USERDATA_COL + " from UserData where "; // Check if query is legal. if(query != null && !query.isLegalQuery()) throw new IllegalQueryException(); if(query != null) sqlquery = sqlquery + query.getQueryString(); ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -