ejbcawebbean.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.webdist.webconfiguration;

import java.io.IOException;
import java.net.URLDecoder;
import java.rmi.RemoteException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Collection;
import java.util.Date;

import javax.ejb.CreateException;
import javax.ejb.FinderException;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;

import se.anatom.ejbca.authorization.AuthenticationFailedException;
import se.anatom.ejbca.authorization.AuthorizationDeniedException;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;
import se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocal;
import se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocalHome;
import se.anatom.ejbca.ca.publisher.IPublisherSessionLocal;
import se.anatom.ejbca.ca.publisher.IPublisherSessionLocalHome;
import se.anatom.ejbca.ca.sign.ISignSessionLocal;
import se.anatom.ejbca.ca.sign.ISignSessionLocalHome;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
import se.anatom.ejbca.hardtoken.IHardTokenSessionLocal;
import se.anatom.ejbca.hardtoken.IHardTokenSessionLocalHome;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.log.ILogSessionLocal;
import se.anatom.ejbca.log.ILogSessionLocalHome;
import se.anatom.ejbca.log.LogEntry;
import se.anatom.ejbca.ra.IUserAdminSessionLocal;
import se.anatom.ejbca.ra.IUserAdminSessionLocalHome;
import se.anatom.ejbca.ra.raadmin.AdminPreference;
import se.anatom.ejbca.ra.raadmin.DNFieldExtractor;
import se.anatom.ejbca.ra.raadmin.GlobalConfiguration;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocal;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocalHome;
import se.anatom.ejbca.util.CertTools;

/**
 * The main bean for the web interface, it contains all basic functions.
 *
 * @author  Philip Vendil
 * @version $Id: EjbcaWebBean.java,v 1.37 2004/05/31 14:29:05 anatom Exp $
 */
public class EjbcaWebBean {

    private static Logger log = Logger.getLogger(EjbcaWebBean.class);

    // Public Constants.
    public static final int AUTHORIZED_RA_VIEW_RIGHTS        = 0;
    public static final int AUTHORIZED_RA_EDIT_RIGHTS        = 1;
    public static final int AUTHORIZED_RA_CREATE_RIGHTS      = 2;
    public static final int AUTHORIZED_RA_DELETE_RIGHTS      = 3;
    public static final int AUTHORIZED_RA_REVOKE_RIGHTS      = 4;
    public static final int AUTHORIZED_RA_HISTORY_RIGHTS     = 5;
    public static final int AUTHORIZED_HARDTOKEN_VIEW_RIGHTS = 6;
    public static final int AUTHORIZED_CA_VIEW_CERT          = 7;
    public static final int AUTHORIZED_RA_KEYRECOVERY_RIGHTS = 8;

    private static final int AUTHORIZED_FIELD_LENGTH     = 9;
    private static final String[] AUTHORIZED_RA_RESOURCES = {"/ra_functionality/view_end_entity", "/ra_functionality/edit_end_entity",
                                                             "/ra_functionality/create_end_entity", "/ra_functionality/delete_end_entity",
                                                             "/ra_functionality/revoke_end_entity","/ra_functionality/view_end_entity_history",
                                                             "/ra_functionality/view_hardtoken","/ca_functionality/view_certificate",
                                                             "/ra_functionality/keyrecovery"};

    // Private Fields.
    private ILogSessionLocal               logsession;
    private AdminPreferenceDataHandler     adminspreferences;
    private AdminPreference                currentadminpreference;
    private GlobalConfiguration            globalconfiguration;
    private GlobalConfigurationDataHandler globaldataconfigurationdatahandler;
    private AuthorizationDataHandler       authorizedatahandler;
    private WebLanguages                   weblanguages;
    private WebLanguages                   adminsweblanguage;
    private String                         usercommonname = "";
    private String                         certificatefingerprint;
    private X509Certificate[]              certificates;
    private InformationMemory              informationmemory;
    private boolean                        initialized=false;
    private boolean                        errorpage_initialized=false;
    private Boolean[]                      raauthorized;
    private Admin                          administrator;

    

    /** Creates a new instance of EjbcaWebBean */
    public EjbcaWebBean() throws IOException, NamingException, CreateException,
                                 FinderException, RemoteException{
      initialized=false;
      raauthorized = new Boolean[AUTHORIZED_FIELD_LENGTH];
    }

    // Public Methods.

        /* Sets the current user and returns the global configuration */
    public GlobalConfiguration initialize(HttpServletRequest request, String resource) throws Exception{

      String userdn = "";

      CertificateFactory certfact =  CertTools.getCertificateFactory();
      certificates =   (X509Certificate[]) request.getAttribute( "javax.servlet.request.X509Certificate" );

      if(certificates == null) throw new AuthenticationFailedException("Client certificate required.");
      // Check if certificate is still valid
      if(!initialized){
        administrator = new Admin(certificates[0]) ;

        InitialContext jndicontext = new InitialContext();
        Object obj1 = jndicontext.lookup("java:comp/env/UserAdminSessionLocal");
        IUserAdminSessionLocalHome adminsessionhome = (IUserAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionLocalHome.class);
        IUserAdminSessionLocal  adminsession = adminsessionhome.create();
        obj1 = jndicontext.lookup("java:comp/env/RaAdminSessionLocal");
        IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, IRaAdminSessionLocalHome.class);
        IRaAdminSessionLocal raadminsession = raadminsessionhome.create();
        obj1 = jndicontext.lookup("java:comp/env/LogSessionLocal");
        ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, ILogSessionLocalHome.class);
        logsession = logsessionhome.create();
        obj1 = jndicontext.lookup("java:comp/env/SignSessionLocal");
        ISignSessionLocalHome signsessionhome = (ISignSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, ISignSessionLocalHome.class);
        ISignSessionLocal signsession = signsessionhome.create();
        obj1 = jndicontext.lookup("java:comp/env/CAAdminSessionLocal");
        ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICAAdminSessionLocalHome.class);
        ICAAdminSessionLocal caadminsession = caadminsessionhome.create();
        
        obj1 = jndicontext.lookup("java:comp/env/CertificateStoreSessionLocal");
        ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICertificateStoreSessionLocalHome.class);
        ICertificateStoreSessionLocal certificatestoresession = certificatestoresessionhome.create();
        obj1 = jndicontext.lookup("java:comp/env/AuthorizationSessionLocal");
        IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, IAuthorizationSessionLocalHome.class);
        IAuthorizationSessionLocal authorizationsession = authorizationsessionhome.create();

		obj1 = jndicontext.lookup("java:comp/env/HardTokenSessionLocal");
		IHardTokenSessionLocalHome hardtokensessionhome = (IHardTokenSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, IHardTokenSessionLocalHome.class);
		IHardTokenSessionLocal hardtokensession = hardtokensessionhome.create();
        
		IPublisherSessionLocalHome publishersessionhome = (IPublisherSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("java:comp/env/PublisherSessionLocal"),
				IPublisherSessionLocalHome.class);
		IPublisherSessionLocal publishersession = publishersessionhome.create();               
		
        
        globaldataconfigurationdatahandler =  new GlobalConfigurationDataHandler(administrator, raadminsession, authorizationsession);        
        globalconfiguration = this.globaldataconfigurationdatahandler.loadGlobalConfiguration();
        this.informationmemory = new InformationMemory(administrator, caadminsession, raadminsession, authorizationsession, signsession, certificatestoresession, hardtokensession, publishersession, globalconfiguration);
                
        adminspreferences = new AdminPreferenceDataHandler(administrator);
        weblanguages = new WebLanguages(globalconfiguration);

        userdn = CertTools.getSubjectDN(certificates[0]);

        // Check if user certificate is revoked
        authorizedatahandler = new AuthorizationDataHandler(administrator, informationmemory, authorizationsession);
        authorizedatahandler.authenticate(certificates[0]);

        // Check if certificate belongs to a RA Admin
        log.debug("Verifying authoirization of '"+userdn);

        // Check that user is administrator.
        adminsession.checkIfCertificateBelongToAdmin(administrator, certificates[0].getSerialNumber(), certificates[0].getIssuerDN().toString());
        
        logsession.log(administrator, certificates[0], LogEntry.MODULE_ADMINWEB,  new java.util.Date(),null, null, LogEntry.EVENT_INFO_ADMINISTRATORLOGGEDIN,"");

      }
      try{
        isAuthorized(URLDecoder.decode(resource,"UTF-8"));
      }catch(AuthorizationDeniedException e){
         throw new AuthorizationDeniedException("You are not authorized to view this page.");
      }catch(java.io.UnsupportedEncodingException e) {}



      if(!initialized){
        certificatefingerprint = CertTools.getFingerprintAsString(certificates[0]);
        
        // Get current admin preference.
        currentadminpreference=null;
        if(certificatefingerprint != null){
          currentadminpreference = adminspreferences.getAdminPreference(certificatefingerprint);
        }
        if(currentadminpreference == null){
           currentadminpreference = adminspreferences.getDefaultAdminPreference();
        }