rainterfacebean.java

一套JAVA的CA证书签发系统.

          RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN(cert), cert.getSerialNumber());
          if(revinfo != null)
            revokedinfo = new RevokedInfoView(revinfo);
           certificates[i] = new CertificateView(cert, revokedinfo, username);
        }
      }
      else{
        certificates = null;
      }
    }

    public boolean revokeTokenCertificates(String tokensn, String username, int reason) throws RemoteException, NamingException, CreateException, AuthorizationDeniedException, FinderException{
       boolean success = true;

       Collection certs = hardtokensession.findCertificatesInHardToken(administrator, tokensn);
       Iterator i = certs.iterator();
       try{
         while(i.hasNext()){
           X509Certificate cert = (X509Certificate) i.next();  
           adminsession.revokeCert(administrator, cert.getSerialNumber(), cert.getIssuerDN().toString(), username, reason);
         }
       }catch( AuthorizationDeniedException e){
         success =false;
       }

       return success;
    }

    public boolean isAllTokenCertificatesRevoked(String tokensn, String username) throws RemoteException, NamingException, CreateException, AuthorizationDeniedException, FinderException{
      Collection certs = hardtokensession.findCertificatesInHardToken(administrator, tokensn);

      UserAdminData user = adminsession.findUser(administrator, username);
      boolean allrevoked = true;

      if(!certs.isEmpty()){
        Iterator j = certs.iterator();
        while(j.hasNext()){
          X509Certificate cert = (X509Certificate) j.next();        
          RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN(cert), cert.getSerialNumber());          
          if(revinfo == null || revinfo.getReason()== RevokedCertInfo.NOT_REVOKED)
            allrevoked = false;
        }
      }

      return allrevoked;
    }

    public void loadCACertificates(CertificateView[] cacerts) {
        certificates = cacerts;
    }

    public void loadCertificates(BigInteger serno, String issuerdn) throws RemoteException, NamingException, CreateException, AuthorizationDeniedException, FinderException{
      authorizationsession.isAuthorizedNoLog(administrator, AvailableAccessRules.CAPREFIX + issuerdn.hashCode());
        
      X509Certificate cert = (X509Certificate) certificatesession.findCertificateByIssuerAndSerno(administrator, issuerdn, serno);
      
      if(cert != null){
        RevokedInfoView revokedinfo = null;
        String username = certificatesession.findUsernameByCertSerno(administrator,serno, cert.getIssuerDN().toString());
        UserAdminData user = adminsession.findUser(administrator, username);

        RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN(cert), cert.getSerialNumber());
        if(revinfo != null)
          revokedinfo = new RevokedInfoView(revinfo);
        
        certificates = new CertificateView[1];
        certificates[0] = new CertificateView(cert, revokedinfo, username);
              
      }
      else{
        certificates = null;
      }
    }

    public int getNumberOfCertificates(){
      int returnval=0;
      if(certificates != null){
        returnval=certificates.length;
      }
      
      return returnval;
    }

    public CertificateView getCertificate(int index){
      CertificateView returnval = null;      
      if(certificates != null){
        returnval = certificates[index];
      }
      
      return returnval;
    }

    public boolean authorizedToEditUser(int profileid) throws RemoteException{
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.EDIT_RIGHTS, false);
    }

    public boolean authorizedToViewHistory(int profileid) throws RemoteException{
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.HISTORY_RIGHTS, false);
    }

    public boolean authorizedToViewHardToken(String username) throws Exception{
      int profileid = adminsession.findUser(administrator, username).getEndEntityProfileId();
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.HARDTOKEN_RIGHTS, false);
    }

    public boolean authorizedToViewHardToken(int profileid) throws Exception{
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.HARDTOKEN_RIGHTS, false);
    }

    public boolean authorizedToRevokeCert(String username) throws FinderException, RemoteException, AuthorizationDeniedException{
      boolean returnval=false;
      UserAdminData data = adminsession.findUser(administrator, username);
      if(data == null)
        return false;
              
      int profileid = data.getEndEntityProfileId();

      if(informationmemory.getGlobalConfiguration().getEnableEndEntityProfileLimitations())
       returnval= endEntityAuthorization(administrator, profileid, AvailableAccessRules.REVOKE_RIGHTS, false);
      else
       returnval=true;

      return returnval;
    }


    public boolean keyRecoveryPossible(CertificateView certificatedata) throws Exception{
      boolean returnval = true;
      if(informationmemory.getGlobalConfiguration().getEnableEndEntityProfileLimitations()){
      	UserAdminData data = adminsession.findUser(administrator, certificatedata.getUsername());
      	if(data != null){       	
          int profileid = data.getEndEntityProfileId();
		  returnval = endEntityAuthorization(administrator, profileid, AvailableAccessRules.KEYRECOVERY_RIGHTS, false);		  
      	}else
          returnval = false;         
      }

      return returnval && keyrecoverysession.existsKeys(administrator, certificatedata.getCertificate()) && !keyrecoverysession.isUserMarked(administrator,certificatedata.getUsername());
    }

    public void markForRecovery(CertificateView certificatedata) throws Exception{
      boolean authorized = true;
      if(informationmemory.getGlobalConfiguration().getEnableEndEntityProfileLimitations()){
        int profileid = adminsession.findUser(administrator, certificatedata.getUsername()).getEndEntityProfileId();
        authorized = endEntityAuthorization(administrator, profileid, AvailableAccessRules.KEYRECOVERY_RIGHTS, false);
      }

      if(authorized){
        keyrecoverysession.markAsRecoverable(administrator, certificatedata.getCertificate());
        adminsession.setUserStatus(administrator, certificatedata.getUsername(),UserDataRemote.STATUS_KEYRECOVERY);
      }
    }

    public String[] getCertificateProfileNames(){
      String[] dummy = {""};
      Collection certprofilenames = (Collection) this.informationmemory.getAuthorizedEndEntityCertificateProfileNames().keySet();
      if(certprofilenames == null)
        return new String[0];
      else
        return (String[]) certprofilenames.toArray(dummy);
    }

    public int getCertificateProfileId(String certificateprofilename) throws RemoteException{
      return certificatesession.getCertificateProfileId(administrator, certificateprofilename);
    }
    public String getCertificateProfileName(int certificateprofileid) throws RemoteException{
      return this.informationmemory.getCertificateProfileNameProxy().getCertificateProfileName(certificateprofileid);
    }

    public boolean getEndEntityParameter(String parameter){
       if(parameter == null)
         return false;

       return parameter.equals(EndEntityProfile.TRUE);
    }

    // Private methods.
    private String calculateCardNumber(String tokensn, String sIIN) {

        while( tokensn.length() + sIIN.length() < 18 )
            tokensn = "0" + tokensn;
        final int lengthByte = tokensn.length() + sIIN.length() + 1;
        final long divider = pow(10,tokensn.length());
        final long number = Long.parseLong(sIIN)*divider + Long.parseLong(tokensn);
        final int chsum; {
            int sum = 0;
            for ( int i=0; i+1<lengthByte; i++ ) {
                int digit=(int)(number/pow(10,i) % 10);
                if ( i%2==0 ) {
                    digit *= 2;
                    sum += digit/10+digit%10;
                } else
                    sum += digit;
            }
            chsum = (10-sum%10)%10;
        }
        return (""+lengthByte+number+chsum+(lengthByte%2==1 ? "0": ""));
    }

    private long pow( int x, int y ) {
        long result=1;
        for ( int i=0; i<y; i++ )
            result *= x;
        return result;
    }
    
    
    /**
     * Help function used to check end entity profile authorization.
     */
    public boolean endEntityAuthorization(Admin admin, int profileid, String rights, boolean log) throws RemoteException {
      boolean returnval = false;
      String resource= null;
      String adm = null;
      
      // TODO FIX
      if(admin.getAdminInformation().isSpecialUser()){
        adm = Integer.toString(admin.getAdminInformation().getSpecialUser());
        return true;
      }
      try{
        if(log)
           returnval = authorizationsession.isAuthorized(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
        else
           returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
      }catch(AuthorizationDeniedException e){}

      return returnval;
    }    

    /**
     *  Help functiosn used by edit end entity pages used to temporary save a profile 
     *  so things can be canceled later
     */
    public EndEntityProfile getTemporaryEndEntityProfile(){
    	return this.temporateendentityprofile;
    }
    
    public void setTemporaryEndEntityProfile(EndEntityProfile profile){
    	this.temporateendentityprofile = profile;
    }
    
    // Private fields.

    private EndEntityProfileDataHandler    profiles;

    private InitialContext                                 jndicontext;
    private IUserAdminSessionLocal                 adminsession;
    private IUserAdminSessionLocalHome        adminsessionhome;
    private ICertificateStoreSessionLocal          certificatesession;
    private ICertificateStoreSessionLocalHome certificatesessionhome;
    private IRaAdminSessionLocalHome            raadminsessionhome;
    private IRaAdminSessionLocal                     raadminsession;
    private IAuthorizationSessionLocal              authorizationsession;
    private IHardTokenSessionLocal                  hardtokensession;
    private IKeyRecoverySessionLocal               keyrecoverysession;

    private UsersView                           users;
    private CertificateView[]                  certificates;
    private AddedUserMemory              addedusermemory;
    private Admin                                 administrator;   
    private InformationMemory             informationmemory;
    private boolean initialized=false;
    
    private EndEntityProfile temporateendentityprofile = null;  
}