📄 endentityprofile.java
字号:
public void setRequired(int parameter, int number, boolean isrequired) { data.put(new Integer((ISREQUIRED*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), Boolean.valueOf(isrequired)); } public void setModifyable(int parameter, int number, boolean changeable) { data.put(new Integer((MODIFYABLE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), Boolean.valueOf(changeable)); } public String getValue(int parameter, int number) { String returnval = (String) data.get(new Integer((VALUE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); if(returnval != null) return returnval; else return ""; } public boolean getUse(int parameter, int number){ Boolean returnval = (Boolean) data.get(new Integer((USE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); if(returnval != null) return returnval.booleanValue(); else return false; } public boolean isRequired(int parameter, int number) { Boolean returnval = (Boolean) data.get(new Integer((ISREQUIRED*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); if(returnval != null) return returnval.booleanValue(); else return false; } public boolean isModifyable(int parameter, int number){ Boolean returnval = (Boolean) data.get(new Integer((MODIFYABLE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); if(returnval != null) return returnval.booleanValue(); else return false; } public int getSubjectDNFieldOrderLength(){ return ((ArrayList) data.get(SUBJECTDNFIELDORDER)).size(); } public int getSubjectAltNameFieldOrderLength(){ return ((ArrayList) data.get(SUBJECTALTNAMEFIELDORDER)).size(); } public int[] getSubjectDNFieldsInOrder(int index){ int[] returnval = new int[2]; ArrayList fieldorder = (ArrayList) data.get(SUBJECTDNFIELDORDER); returnval[NUMBER] = ((Integer) fieldorder.get(index)).intValue() % NUMBERBOUNDRARY; returnval[FIELDTYPE] = ((Integer) fieldorder.get(index)).intValue() / NUMBERBOUNDRARY; return returnval; } public int[] getSubjectAltNameFieldsInOrder(int index){ int[] returnval = new int[2]; ArrayList fieldorder = (ArrayList) data.get(SUBJECTALTNAMEFIELDORDER); returnval[NUMBER] = ((Integer) fieldorder.get(index)).intValue() % NUMBERBOUNDRARY; returnval[FIELDTYPE] = ((Integer) fieldorder.get(index)).intValue() / NUMBERBOUNDRARY; return returnval; } public Collection getAvailableCAs(){ ArrayList availablecaids = new ArrayList(); availablecaids.addAll(Arrays.asList(getValue(AVAILCAS,0).split(SPLITCHAR))); return availablecaids; } public boolean useAutoGeneratedPasswd(){ return !this.getUse(EndEntityProfile.PASSWORD,0); } public String getAutoGeneratedPasswd(){ return PasswordGeneratorFactory.getInstance(PasswordGeneratorFactory.PASSWORDTYPE_ALLPRINTABLE).getNewPassword(6,8); } public String getNotificationSender(){ if(data.get(NOTIFICATIONSENDER) == null) return ""; return (String) data.get(NOTIFICATIONSENDER); } public void setNotificationSender(String sender){ data.put(NOTIFICATIONSENDER, sender); } public String getNotificationSubject(){ if(data.get(NOTIFICATIONSUBJECT) == null) return ""; return (String) data.get(NOTIFICATIONSUBJECT); } public void setNotificationSubject(String subject){ data.put(NOTIFICATIONSUBJECT, subject); } public String getNotificationMessage(){ if(data.get(NOTIFICATIONMESSAGE) == null) return ""; return (String) data.get(NOTIFICATIONMESSAGE); } public void setNotificationMessage(String message){ data.put(NOTIFICATIONMESSAGE, message); } /** A function that takes an fieldid pointing to a coresponding id in UserView and DnFieldExctractor. * For example : profileFieldIdToUserFieldIdMapper(EndEntityProfile.COMMONNAME) returns DnFieldExctractor.COMMONNAME. * * Should only be used with subjectDN and Subject Alternative Names fields. */ public static int profileFieldIdToUserFieldIdMapper(int parameter){ return PROFILEIDTOUSERIDMAPPER[parameter]; } public void doesUserFullfillEndEntityProfile(String username, String password, String dn, String subjectaltname, String email, int certificateprofileid, boolean clearpwd, boolean administrator, boolean keyrecoverable, boolean sendnotification, int tokentype, int hardwaretokenissuerid, int caid) throws UserDoesntFullfillEndEntityProfile{ if(useAutoGeneratedPasswd()){ if(password !=null) throw new UserDoesntFullfillEndEntityProfile("Autogenerated password must have password==null"); }else{ if(!isModifyable(PASSWORD,0)){ if(!password.equals(getValue(PASSWORD,0))) throw new UserDoesntFullfillEndEntityProfile("Password didn't match requirement of it's profile."); } else if(isRequired(PASSWORD,0)){ if(password == null || password.trim().equals("")) throw new UserDoesntFullfillEndEntityProfile("Password cannot be empty or null."); } } if(!getUse(CLEARTEXTPASSWORD,0) && clearpwd) throw new UserDoesntFullfillEndEntityProfile("Clearpassword (used in batch proccessing) cannot be used."); if(isRequired(CLEARTEXTPASSWORD,0)){ if(getValue(CLEARTEXTPASSWORD,0).equals(TRUE) && !clearpwd) throw new UserDoesntFullfillEndEntityProfile("Clearpassword (used in batch proccessing) cannot be false."); if(getValue(CLEARTEXTPASSWORD,0).equals(FALSE) && clearpwd) throw new UserDoesntFullfillEndEntityProfile("Clearpassword (used in batch proccessing) cannot be true."); } doesUserFullfillEndEntityProfileWithoutPassword(username, dn, subjectaltname, email, certificateprofileid, administrator, keyrecoverable, sendnotification, tokentype, hardwaretokenissuerid, caid); } public void doesUserFullfillEndEntityProfileWithoutPassword(String username, String dn, String subjectaltname, String email, int certificateprofileid, boolean administrator, boolean keyrecoverable, boolean sendnotification, int tokentype, int hardwaretokenissuerid, int caid) throws UserDoesntFullfillEndEntityProfile{ DNFieldExtractor subjectdnfields = new DNFieldExtractor(dn, DNFieldExtractor.TYPE_SUBJECTDN); if (subjectdnfields.isIllegal()) { throw new UserDoesntFullfillEndEntityProfile("Subject IS is illegal."); } DNFieldExtractor subjectaltnames = new DNFieldExtractor(subjectaltname, DNFieldExtractor.TYPE_SUBJECTALTNAME); if (subjectaltnames.isIllegal()) { throw new UserDoesntFullfillEndEntityProfile("Subject alt names are illegal."); } String dnfield; String[] values; // Check that no other than supported dn fields exists in the subject dn. if(subjectdnfields.existsOther()) throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject DN Field found in:" + dn); if(subjectaltnames.existsOther()) throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Alternate Name Field found in:" + subjectaltname ); checkIfAllRequiredFieldsExists(subjectdnfields, subjectaltnames, username, email); checkIfForIllegalNumberOfFields(subjectdnfields, subjectaltnames); // Check contents of username. checkIfDataFullfillProfile(USERNAME,0,username, "Username",null); // Check Email address. if(email == null) email = ""; checkIfEmailFullfillProfile(EMAIL,0,email,"Email"); // Check contents of Subject DN fields. int[] subjectdnfieldnumbers = subjectdnfields.getNumberOfFields(); for(int i = 0; i < DNFieldExtractor.SUBJECTALTERNATIVENAMEBOUNDRARY; i++){ for(int j=0; j < subjectdnfieldnumbers[i]; j++){ checkIfDataFullfillProfile(DNEXTRATORTOPROFILEMAPPER[i],j,subjectdnfields.getField(i,j), DNEXTRATORTOPROFILEMAPPERTEXTS[i], email); } } // Check contents of Subject Alternative Name fields. int[] subjectaltnamesnumbers = subjectaltnames.getNumberOfFields(); for(int i = DNFieldExtractor.SUBJECTALTERNATIVENAMEBOUNDRARY; i < DNFieldExtractor.NUMBEROFFIELDS; i++){ for(int j=0; j < subjectaltnamesnumbers[i-DNFieldExtractor.SUBJECTALTERNATIVENAMEBOUNDRARY]; j++){ checkIfDataFullfillProfile(DNEXTRATORTOPROFILEMAPPER[i],j,subjectaltnames.getField(i,j), DNEXTRATORTOPROFILEMAPPERTEXTS[i], email); } } // Check for administrator flag. if(!getUse(ADMINISTRATOR,0) && administrator) throw new UserDoesntFullfillEndEntityProfile("Administrator cannot be set."); if(isRequired(ADMINISTRATOR,0)){ if(getValue(ADMINISTRATOR,0).equals(TRUE) && !administrator) throw new UserDoesntFullfillEndEntityProfile("Administrator flag is required."); if(getValue(ADMINISTRATOR,0).equals(FALSE) && administrator) throw new UserDoesntFullfillEndEntityProfile("Administrator flag cannot be set in current end entity profile."); } // Check for keyrecoverable flag. if(!getUse(KEYRECOVERABLE,0) && keyrecoverable) throw new UserDoesntFullfillEndEntityProfile("Key Recoverable cannot be used."); if(isRequired(KEYRECOVERABLE,0)){ if(getValue(KEYRECOVERABLE,0).equals(TRUE) && !keyrecoverable) throw new UserDoesntFullfillEndEntityProfile("Key Recoverable is required."); if(getValue(KEYRECOVERABLE,0).equals(FALSE) && keyrecoverable) throw new UserDoesntFullfillEndEntityProfile("Key Recoverable cannot be set in current end entity profile."); } // Check for send notification flag. if(!getUse(SENDNOTIFICATION,0) && sendnotification) throw new UserDoesntFullfillEndEntityProfile("Email notification cannot be used."); if(isRequired(SENDNOTIFICATION,0)){ if(getValue(SENDNOTIFICATION,0).equals(TRUE) && !sendnotification) throw new UserDoesntFullfillEndEntityProfile("Email notification is required."); if(getValue(SENDNOTIFICATION,0).equals(FALSE) && sendnotification) throw new UserDoesntFullfillEndEntityProfile("Email notification cannot be set in current end entity profile."); } // Check if certificate profile is among available certificate profiles. String[] availablecertprofiles; try{ availablecertprofiles = getValue(AVAILCERTPROFILES,0).split(SPLITCHAR); }catch(Exception e){ throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); } if(availablecertprofiles == null) throw new UserDoesntFullfillEndEntityProfile("Error Available certificate profiles is null."); else{ boolean found=false; for(int i=0; i < availablecertprofiles.length;i++){ if( Integer.parseInt(availablecertprofiles[i]) == certificateprofileid) found=true; } if(!found) throw new UserDoesntFullfillEndEntityProfile("Couldn't find certificate profile among available certificate profiles."); } // Check if tokentype is among available token types. String[] availablesofttokentypes; try{ availablesofttokentypes = getValue(AVAILKEYSTORE,0).split(SPLITCHAR); }catch(Exception e){ throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); } if(availablesofttokentypes == null) throw new UserDoesntFullfillEndEntityProfile("Error available token types is null."); else{ boolean found=false; for(int i=0; i < availablesofttokentypes.length;i++){ if( Integer.parseInt(availablesofttokentypes[i]) == tokentype) found=true; } } // If soft token check for hardwaretoken issuer id = 0. if(tokentype <= SecConst.TOKEN_SOFT){ if(hardwaretokenissuerid != 0) throw new UserDoesntFullfillEndEntityProfile("Soft tokens cannot have a hardware token issuer."); } // If Hard token type check if hardware token issuer is among available hardware token issuers. if(tokentype > SecConst.TOKEN_SOFT && getUse(AVAILTOKENISSUER, 0) ){ // Hardware token. String[] availablehardtokenissuers; try{ availablehardtokenissuers = getValue(AVAILTOKENISSUER, 0).split(SPLITCHAR); }catch(Exception e){ throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); } if(availablehardtokenissuers == null) throw new UserDoesntFullfillEndEntityProfile("Error available hard token issuers is null."); else{ boolean found=false; for(int i=0; i < availablehardtokenissuers.length;i++){ if( Integer.parseInt(availablehardtokenissuers[i]) == hardwaretokenissuerid) found=true; } if(!found) throw new UserDoesntFullfillEndEntityProfile("Couldn't find hard token issuers among available hard token issuers."); } } ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -