localkeyrecoverysessionbean.java

一套JAVA的CA证书签发系统.

	/**
	 * Removes a all keyrecovery data saved for a user from the database.
	 *
	 * @param admin DOCUMENT ME!
	 * @param username DOCUMENT ME!
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public void removeAllKeyRecoveryData(Admin admin, String username) {
		debug(">removeAllKeyRecoveryData(user: " + username + ")");

		try {
			Collection result = keyrecoverydatahome.findByUsername(username);
			Iterator iter = result.iterator();

			while (iter.hasNext()) {				
				((KeyRecoveryDataLocal) iter.next()).remove();
			}

			getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
				null, LogEntry.EVENT_INFO_KEYRECOVERY,
				"All keyrecovery data for user: " + username + " removed.");
		} catch (Exception e) {
				getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
					null, LogEntry.EVENT_ERROR_KEYRECOVERY,
					"Error when removing all keyrecovery data for user: " + username + ".");
		}

		debug("<removeAllKeyRecoveryData()");
	} // removeAllKeyRecoveryData

	/**
	 * Returns the keyrecovery data for a user. Observe only one certificates key can be recovered
	 * for every user at the time.
	 *
	 * @param admin DOCUMENT ME!
	 * @param username DOCUMENT ME!
	 *
	 * @return the marked keyrecovery data  or null if no recoverydata can be found.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public KeyRecoveryData keyRecovery(Admin admin, String username) {
		debug(">keyRecovery(user: " + username + ")");

		KeyRecoveryData returnval = null;
		KeyRecoveryDataLocal krd = null;
		X509Certificate certificate = null;

		try {
			Collection result = keyrecoverydatahome.findByUserMark(username);
			Iterator i = result.iterator();

			try {
				while (i.hasNext()) {
					krd = (KeyRecoveryDataLocal) i.next();

					if (returnval == null) {
						int caid = krd.getIssuerDN().hashCode();
						
						KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) getSignSession().extendedService(admin,caid, 
								new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_DECRYPTKEYS,krd.getKeyDataAsByteArray()));												
						KeyPair keys = response.getKeyPair();
						returnval = new KeyRecoveryData(krd.getCertificateSN(), krd.getIssuerDN(),
								krd.getUsername(), krd.getMarkedAsRecoverable(), keys);
						certificate = (X509Certificate) getCertificateStoreSession()
															.findCertificateByIssuerAndSerno(admin,
								krd.getIssuerDN(), krd.getCertificateSN());
					}

					krd.setMarkedAsRecoverable(false);
				}

				getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
					username, certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
					"Keydata for user: " + username + " have been sent for key recovery.");
			} catch (Exception e) {
				log.error("-keyRecovery: ", e);
                getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, null, LogEntry.EVENT_ERROR_KEYRECOVERY,
                        "Error when trying to revover key data.");
			}
		} catch (FinderException e) {
		}

		debug("<keyRecovery()");

		return returnval;
	} // keyRecovery

	/**
	 * Marks a users newest certificate for key recovery. Newest means certificate with latest not
	 * before date.
	 *
	 * @param admin the administrator calling the function
	 * @param username or the user.
	 *
	 * @return true if operation went successful or false if no certificates could be found for
	 *         user, or user already marked.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public boolean markNewestAsRecoverable(Admin admin, String username) {
		debug(">markNewestAsRecoverable(user: " + username + ")");

		boolean returnval = false;
		long newesttime = 0;
		KeyRecoveryDataLocal krd = null;
		KeyRecoveryDataLocal newest = null;
		X509Certificate certificate = null;
		X509Certificate newestcertificate = null;

		if (!isUserMarked(admin, username)) {
			try {
				Collection result = keyrecoverydatahome.findByUsername(username);
				Iterator iter = result.iterator();

				while (iter.hasNext()) {
					krd = (KeyRecoveryDataLocal) iter.next();
					certificate = (X509Certificate) getCertificateStoreSession()
														.findCertificateByIssuerAndSerno(admin,
							krd.getIssuerDN(), krd.getCertificateSN());

					if (certificate != null) {
						if (certificate.getNotBefore().getTime() > newesttime) {
							newesttime = certificate.getNotBefore().getTime();
							newest = krd;
							newestcertificate = certificate;
						}
					}
				}

				if (newest != null) {
					newest.setMarkedAsRecoverable(true);
					returnval = true;
				}

				getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
					username, newestcertificate, LogEntry.EVENT_INFO_KEYRECOVERY,
					"User's newest certificate marked for recovery.");
			} catch (Exception e) {
					getLogSession().log(admin, admin.getCAId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
						username, null, LogEntry.EVENT_ERROR_KEYRECOVERY,
						"Error when trying to mark users newest certificate for recovery.");
			}
		}

		debug("<markNewestAsRecoverable()");

		return returnval;
	} // markNewestAsRecoverable

	/**
	 * Marks a users certificate for key recovery.
	 *
	 * @param admin the administrator calling the function
	 * @param certificate the certificate used with the keys about to be removed.
	 *
	 * @return true if operation went successful or false if  certificate couldn't be found.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public boolean markAsRecoverable(Admin admin, X509Certificate certificate) {
		debug(">markAsRecoverable(certificatesn: " + certificate.getSerialNumber() + ")");

		boolean returnval = false;

		try {
			String username = null;
			KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(
						certificate.getSerialNumber(), CertTools.getIssuerDN(certificate)));
			username = krd.getUsername();
			krd.setMarkedAsRecoverable(true);
			getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
				certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
				"User's certificate marked for recovery.");
			returnval = true;
		} catch (Exception e) {			
				getLogSession().log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
					certificate, LogEntry.EVENT_ERROR_KEYRECOVERY,
					"Error when trying to mark certificate for recovery.");
		}

		debug("<markAsRecoverable()");

		return returnval;
	} // markAsRecoverable

	/**
	 * Resets keyrecovery mark for a user,
	 *
	 * @param admin DOCUMENT ME!
	 * @param username DOCUMENT ME!
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public void unmarkUser(Admin admin, String username) {
		debug(">unmarkUser(user: " + username + ")");

		KeyRecoveryDataLocal krd = null;

		try {
			Collection result = keyrecoverydatahome.findByUserMark(username);
			Iterator i = result.iterator();

			while (i.hasNext()) {
				krd = (KeyRecoveryDataLocal) i.next();
				krd.setMarkedAsRecoverable(false);
			}
		} catch (Exception e) {
			throw new EJBException(e);
		}

		debug("<unmarkUser()");
	} // unmarkUser

	/**
	 * Returns true if a user is marked for key recovery.
	 *
	 * @param admin DOCUMENT ME!
	 * @param username DOCUMENT ME!
	 *
	 * @return true if user is already marked for key recovery.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public boolean isUserMarked(Admin admin, String username) {
		debug(">isUserMarked(user: " + username + ")");

		boolean returnval = false;
		KeyRecoveryDataLocal krd = null;

		try {
			Collection result = keyrecoverydatahome.findByUserMark(username);
			Iterator i = result.iterator();

			while (i.hasNext()) {
				krd = (KeyRecoveryDataLocal) i.next();

				if (krd.getMarkedAsRecoverable()) {
					returnval = true;

					break;
				}
			}
		} catch (Exception e) {
			throw new EJBException(e);
		}
		debug("<isUserMarked(" + returnval + ")");
		return returnval;
	} // isUserMarked

	/**
	 * Returns true if specified certificates keys exists in database.
	 *
	 * @param admin the administrator calling the function
	 * @param certificate the certificate used with the keys about to be removed.
	 *
	 * @return true if user is already marked for key recovery.
	 *
	 * @throws EJBException if a communication or other error occurs.
	 */
	public boolean existsKeys(Admin admin, X509Certificate certificate) {
		debug(">existsKeys()");

		boolean returnval = false;

		try {
			KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(
						certificate.getSerialNumber(), CertTools.getIssuerDN(certificate)));
			returnval = true;
		} catch (FinderException e) {
		}

		debug("<existsKeys(" + returnval + ")");

		return returnval;
	} // existsKeys
    
}// LocalKeyRecoverySessionBean