rainterfacebean.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.webdist.rainterface;

import java.math.BigInteger;
import java.rmi.RemoteException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.TreeMap;

import javax.ejb.CreateException;
import javax.ejb.FinderException;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;

import se.anatom.ejbca.SecConst;
import se.anatom.ejbca.authorization.AuthorizationDeniedException;
import se.anatom.ejbca.authorization.AvailableAccessRules;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;
import se.anatom.ejbca.ca.crl.RevokedCertInfo;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
import se.anatom.ejbca.hardtoken.IHardTokenSessionLocal;
import se.anatom.ejbca.hardtoken.IHardTokenSessionLocalHome;
import se.anatom.ejbca.keyrecovery.IKeyRecoverySessionLocal;
import se.anatom.ejbca.keyrecovery.IKeyRecoverySessionLocalHome;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.ra.IUserAdminSessionLocal;
import se.anatom.ejbca.ra.IUserAdminSessionLocalHome;
import se.anatom.ejbca.ra.UserAdminData;
import se.anatom.ejbca.ra.UserDataRemote;
import se.anatom.ejbca.ra.raadmin.EndEntityProfile;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocal;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocalHome;
import se.anatom.ejbca.util.CertTools;
import se.anatom.ejbca.util.StringTools;
import se.anatom.ejbca.util.query.Query;
import se.anatom.ejbca.webdist.webconfiguration.EjbcaWebBean;
import se.anatom.ejbca.webdist.webconfiguration.InformationMemory;

/**
 * A java bean handling the interface between EJBCA ra module and JSP pages.
 *
 * @author  Philip Vendil
 * @version $Id: RAInterfaceBean.java,v 1.47 2004/04/16 07:38:55 anatom Exp $
 */
public class RAInterfaceBean {

    private static Logger log = Logger.getLogger(RAInterfaceBean.class);

    // Public constants.
    public static final int MAXIMUM_QUERY_ROWCOUNT = SecConst.MAXIMUM_QUERY_ROWCOUNT;

    public static final String[] tokentexts = {"TOKENSOFTBROWSERGEN","TOKENSOFTP12","TOKENSOFTJKS","TOKENSOFTPEM"};
    public static final int[]    tokenids   = {SecConst.TOKEN_SOFT_BROWSERGEN,SecConst.TOKEN_SOFT_P12,SecConst.TOKEN_SOFT_JKS,SecConst.TOKEN_SOFT_PEM};

    /** Creates new RaInterfaceBean */
    public RAInterfaceBean()  {
      users = new UsersView();
      addedusermemory = new AddedUserMemory();
    }
    // Public methods.
    public void initialize(HttpServletRequest request, EjbcaWebBean ejbcawebbean) throws  Exception{
      log.debug(">initialize()");

      if(!initialized){
        if(request.getAttribute( "javax.servlet.request.X509Certificate" ) != null)
          administrator = new Admin(((X509Certificate[]) request.getAttribute( "javax.servlet.request.X509Certificate" ))[0]);
        else
          administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, request.getRemoteAddr());
        // Get the UserAdminSession instance.
        this.informationmemory = ejbcawebbean.getInformationMemory();
        
        jndicontext = new InitialContext();
        Object obj1 = jndicontext.lookup("java:comp/env/UserAdminSessionLocal");
        adminsessionhome = (IUserAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionLocalHome.class);
        adminsession = adminsessionhome.create();

        raadminsessionhome = (IRaAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("java:comp/env/RaAdminSessionLocal"),
                                                                                 IRaAdminSessionLocalHome.class);
        raadminsession = raadminsessionhome.create();
        

        obj1 =  jndicontext.lookup("java:comp/env/CertificateStoreSessionLocal");
        certificatesessionhome = (ICertificateStoreSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICertificateStoreSessionLocalHome.class);
        certificatesession = certificatesessionhome.create();

        IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("java:comp/env/AuthorizationSessionLocal"),
                                                                                 IAuthorizationSessionLocalHome.class);
        authorizationsession = authorizationsessionhome.create();

        this.profiles = new EndEntityProfileDataHandler(administrator,raadminsession,authorizationsession,informationmemory);
        
        IHardTokenSessionLocalHome hardtokensessionhome = (IHardTokenSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("java:comp/env/HardTokenSessionLocal"),
                                                                                 IHardTokenSessionLocalHome.class);
        hardtokensession = hardtokensessionhome.create();

        IKeyRecoverySessionLocalHome keyrecoverysessionhome = (IKeyRecoverySessionLocalHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("java:comp/env/KeyRecoverySessionLocal"),
                                                                                 IKeyRecoverySessionLocalHome.class);
        keyrecoverysession = keyrecoverysessionhome.create();

        
        initialized =true;
      } else {
          log.debug("=initialize(): already initialized");
      }
      log.debug("<initialize()");
    }

    /* Adds a user to the database, the string array must be in format defined in class UserView. */
    public void addUser(UserView userdata) throws Exception{
        log.debug(">addUser()");

        if(userdata.getEndEntityProfileId() != 0){
           adminsession.addUser(administrator, userdata.getUsername(), userdata.getPassword(), userdata.getSubjectDN(), userdata.getSubjectAltName()
                               ,userdata.getEmail(), userdata.getClearTextPassword(), userdata.getEndEntityProfileId(),
                                userdata.getCertificateProfileId(), userdata.getType(),
                                userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getCAId());
           addedusermemory.addUser(userdata);

        } else {
            log.debug("=addUser(): profile id not set, user not created");
        }
        log.debug("<addUser()");
    }

    /* Removes a number of users from the database.
     *
     * @param usernames an array of usernames to delete.
     * @return false if administrator wasn't authorized to delete all of given users.
     * */
    public boolean deleteUsers(String[] usernames) throws Exception{
      log.debug(">deleteUsers()");
      boolean success = true;
      for(int i=0; i < usernames.length; i++){
         try{
           adminsession.deleteUser(administrator, usernames[i]);
         }catch(AuthorizationDeniedException e){
           success = false;
         }
      }
      log.debug("<deleteUsers(): " + success);
      return success;
    }

    /* Changes the status of a number of users from the database.
     *
     * @param usernames an array of usernames to change.
     * @param status gives the status to apply to users, should be one of UserDataRemote.STATUS constants.
     * @return false if administrator wasn't authorized to change all of the given users.
     * */
    public boolean setUserStatuses(String[] usernames, String status) throws Exception{
      log.debug(">setUserStatuses()");
      boolean success = true;
      int intstatus = 0;
      try{
        intstatus = Integer.parseInt(status);
      }catch(Exception e){}
      for(int i=0; i < usernames.length; i++){
        try{
          adminsession.setUserStatus(administrator, usernames[i],intstatus);
        }catch(AuthorizationDeniedException e){
           success = false;
        }
      }
      log.debug("<setUserStatuses(): " + success);
      return success;
    }

    /** Revokes the given users.
     *
     * @param users an array of usernames to revoke.
     * @param reason reason(s) of revokation.
     * @return false if administrator wasn't authorized to revoke all of the given users.
     */
    public boolean revokeUsers(String[] usernames, int reason) throws  Exception{
      log.debug(">revokeUsers()");
      boolean success = true;
      for(int i=0; i < usernames.length; i++){
        try{
          adminsession.revokeUser(administrator, usernames[i], reason);
        }catch( AuthorizationDeniedException e){
          success =false;
        }
      }
      log.debug("<revokeUsers(): " + success);
      return success;
    }

    /** Revokes the  certificate with certificate serno.
     *
     * @param serno serial number of certificate to revoke.
     * @param issuerdn the issuerdn of certificate to revoke.
     * @param reason reason(s) of revokation.
     * @return false if administrator wasn't authorized to revoke the given certificate.
     */
    public boolean revokeCert(BigInteger serno, String issuerdn, String username, int reason) throws  Exception{
      log.debug(">revokeCert()");
      boolean success = true;
      try{
        adminsession.revokeCert(administrator, serno, issuerdn, username, reason);
      }catch( AuthorizationDeniedException e){
        success =false;
      }
      log.debug("<revokeCert(): " + success);
      return success;
    }

    /* Changes the userdata  */
    public void changeUserData(UserView userdata) throws Exception {
        log.debug(">changeUserData()");
        int profileid = userdata.getEndEntityProfileId();
        int certificatetypeid =userdata.getCertificateProfileId();

        addedusermemory.changeUser(userdata);
        if(userdata.getPassword() != null && userdata.getPassword().trim().equals(""))
          userdata.setPassword(null);

        adminsession.changeUser(administrator, userdata.getUsername(), userdata.getPassword(), userdata.getSubjectDN(), userdata.getSubjectAltName(),
                                userdata.getEmail(),  userdata.getClearTextPassword(), userdata.getEndEntityProfileId(),
                                userdata.getCertificateProfileId(), userdata.getType(),
                                userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getStatus(), userdata.getCAId());
        log.debug("<changeUserData()");
    }

    /* Method to filter out a user by it's username */
    public UserView[] filterByUsername(String username) throws Exception{
       log.debug(">filterByUserName()");
       UserAdminData[] userarray = new UserAdminData[1];
       UserAdminData user = null;
       try{
         user = adminsession.findUser(administrator, username);
       }catch(AuthorizationDeniedException e){
       }

       if(user != null){
         userarray[0]=user;
         users.setUsers(userarray, informationmemory.getCAIdToNameMap());
       }else{
         users.setUsers((UserAdminData[]) null, informationmemory.getCAIdToNameMap());
       }
       log.debug("<filterByUserName()");
       return users.getUsers(0,1);
    }

    /* Method used to check if user exists */
    public boolean userExist(String username) throws Exception{
       return adminsession.existsUser(administrator, username);
    }