localkeyrecoverysessionbean.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.keyrecovery;

import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Collection;
import java.util.Iterator;

import javax.ejb.CreateException;
import javax.ejb.EJBException;
import javax.ejb.FinderException;
import javax.naming.NamingException;
import javax.sql.DataSource;



import se.anatom.ejbca.BaseSessionBean;
import se.anatom.ejbca.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceRequest;
import se.anatom.ejbca.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceResponse;
import se.anatom.ejbca.ca.sign.ISignSessionLocal;
import se.anatom.ejbca.ca.sign.ISignSessionLocalHome;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.log.ILogSessionLocal;
import se.anatom.ejbca.log.ILogSessionLocalHome;
import se.anatom.ejbca.log.LogEntry;
import se.anatom.ejbca.util.CertTools;


/**
 * Stores key recovery data. Uses JNDI name for datasource as defined in env 'Datasource' in
 * ejb-jar.xml.
 *
 * @version $Id: LocalKeyRecoverySessionBean.java,v 1.15 2004/05/22 16:02:13 anatom Exp $
 */
public class LocalKeyRecoverySessionBean extends BaseSessionBean {

	/** Var holding JNDI name of datasource */
	private String dataSource = "";

	/** The local home interface of hard token issuer entity bean. */
	private KeyRecoveryDataLocalHome keyrecoverydatahome = null;

	/** The local interface of sign session bean */
	private ISignSessionLocal signsession = null;

	/** The local interface of certificate store session bean */
	private ICertificateStoreSessionLocal certificatestoresession = null;

	/** The remote interface of  log session bean */
	private ILogSessionLocal logsession = null;

	/**
	 * Default create for SessionBean without any creation Arguments.
	 *
	 * @throws CreateException if bean instance can't be created
	 */
	public void ejbCreate() throws CreateException {
		debug(">ejbCreate()");

		try {
			dataSource = (String) lookup("java:comp/env/DataSource", java.lang.String.class);
			debug("DataSource=" + dataSource);
			keyrecoverydatahome = (KeyRecoveryDataLocalHome) lookup("java:comp/env/ejb/KeyRecoveryData",
					KeyRecoveryDataLocalHome.class);

			debug("<ejbCreate()");
		} catch (Exception e) {
			throw new EJBException(e);
		}
	}

	/**
	 * Gets connection to Datasource used for manual SQL searches
	 *
	 * @return Connection
	 */
	private Connection getConnection() throws SQLException, NamingException {
		DataSource ds = (DataSource) getInitialContext().lookup(dataSource);

		return ds.getConnection();
	} //getConnection

	/**
	 * Gets connection to log session bean
	 *
	 * @return Connection
	 */
	private ILogSessionLocal getLogSession() {
		if (logsession == null) {
			try {
				ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) lookup("java:comp/env/ejb/LogSessionLocal",
						ILogSessionLocalHome.class);
				logsession = logsessionhome.create();
			} catch (Exception e) {
				throw new EJBException(e);
			}
		}

		return logsession;
	} //getLogSession

	/**
	 * Gets connection to certificate store session bean
	 *
	 * @return Connection
	 */
	private ICertificateStoreSessionLocal getCertificateStoreSession() {
		if (certificatestoresession == null) {
			try {
				ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) lookup("java:comp/env/ejb/CertificateStoreSession",
						ICertificateStoreSessionLocalHome.class);
				certificatestoresession = certificatestoresessionhome.create();
			} catch (Exception e) {
				throw new EJBException(e);
			}
		}

		return certificatestoresession;
	} //getCertificateStoreSession

	/**
	 * Gets connection to sign session bean
	 *
	 * @return ISignSessionLocal
	 */
	private ISignSessionLocal getSignSession() {
		if (signsession == null) {
			try {
				ISignSessionLocalHome signsessionhome = (ISignSessionLocalHome) lookup("java:comp/env/ejb/RSASignSession",
						ISignSessionLocalHome.class);
				signsession = signsessionhome.create();
			} catch (Exception e) {
				throw new EJBException(e);
			}
		}

		return signsession;
	} //getSignSession

	/**
	 * Adds a certificates keyrecovery data to the database.
	 *
	 * @param admin the administrator calling the function
	 * @param certificate the certificate used with the keypair.
	 * @param username of the administrator
	 * @param keypair the actual keypair to save.
	 *
	 * @return false if the certificates keyrecovery data already exists.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public boolean addKeyRecoveryData(Admin admin, X509Certificate certificate, String username,
		KeyPair keypair) {
		debug(">addKeyRecoveryData(user: " + username + ")");

		boolean returnval = false;

		try {
			int caid = CertTools.getIssuerDN(certificate).hashCode();
			
			KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) getSignSession().extendedService(admin,caid, 
					                                                                new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS,keypair));
						
			keyrecoverydatahome.create(certificate.getSerialNumber(),
				CertTools.getIssuerDN(certificate), username, response.getKeyData());
			getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
				certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
				"Keyrecovery data for certificate with serial number : " +
				certificate.getSerialNumber().toString(16) + ", " +
				CertTools.getIssuerDN(certificate) + " added.");
			returnval = true;
		} catch (Exception e) {
				getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
					username, certificate, LogEntry.EVENT_ERROR_KEYRECOVERY,
					"Error when trying to add keyrecovery data for certificate with serial number : " +
					certificate.getSerialNumber().toString(16) + ", " +
					CertTools.getIssuerDN(certificate) + ".");
		}

		debug("<addKeyRecoveryData()");

		return returnval;
	} // addKeyRecoveryData

	/**
	 * Updates keyrecovery data
	 *
	 * @param admin DOCUMENT ME!
	 * @param certificate DOCUMENT ME!
	 * @param markedasrecoverable DOCUMENT ME!
	 * @param keypair DOCUMENT ME!
	 *
	 * @return false if certificates keyrecovery data doesn't exists
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public boolean changeKeyRecoveryData(Admin admin, X509Certificate certificate,
		boolean markedasrecoverable, KeyPair keypair) {
		debug(">changeKeyRecoveryData(certsn: " + certificate.getSerialNumber().toString() + ", " +
			CertTools.getIssuerDN(certificate) + ")");

		boolean returnval = false;

		try {
			KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(
						certificate.getSerialNumber(), CertTools.getIssuerDN(certificate)));
			krd.setMarkedAsRecoverable(markedasrecoverable);

			int caid = CertTools.getIssuerDN(certificate).hashCode();
			
			KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) getSignSession().extendedService(admin,caid, 
					new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS,keypair));
			
			
			krd.setKeyDataFromByteArray(response.getKeyData());
			getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
				krd.getUsername(), certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
				"Keyrecovery data for certificate with serial number : " +
				certificate.getSerialNumber().toString(16) + ", " +
				CertTools.getIssuerDN(certificate) + " changed.");
			returnval = true;
		} catch (Exception e) {
				getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
					certificate, LogEntry.EVENT_ERROR_KEYRECOVERY,
					"Error when trying to update keyrecovery data for certificate with serial number : " +
					certificate.getSerialNumber().toString(16) + ", " +
					CertTools.getIssuerDN(certificate) + ".");
		}

		debug("<changeKeyRecoveryData()");

		return returnval;
	} // changeKeyRecoveryData

	/**
	 * Removes a certificates keyrecovery data from the database.
	 *
	 * @param admin the administrator calling the function
	 * @param certificate the certificate used with the keys about to be removed.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public void removeKeyRecoveryData(Admin admin, X509Certificate certificate) {
		debug(">removeKeyRecoveryData(certificate: " + certificate.getSerialNumber().toString() +
			")");

		try {
			String username = null;
			KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(
						certificate.getSerialNumber(), CertTools.getIssuerDN(certificate)));
			username = krd.getUsername();
			krd.remove();
			getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
				certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
				"Keyrecovery data for certificate with serial number : " +
				certificate.getSerialNumber().toString(16) + ", " +
				CertTools.getIssuerDN(certificate) + " removed.");
		} catch (Exception e) {			
				getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
					certificate, LogEntry.EVENT_ERROR_KEYRECOVERY,
					"Error when removing keyrecovery data for certificate with serial number : " +
					certificate.getSerialNumber().toString(16) + ", " +
					CertTools.getIssuerDN(certificate) + ".");
		}

		debug("<removeKeyRecoveryData()");
	} // removeKeyRecoveryData