localhardtokensessionbean.java

JAVA做的J2EE下CA认证系统 基于EJB开发

    	try{
    		// Construct SQL query.
    		con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE);
    		ps = con.prepareStatement("select distinct username from HardTokenData where  tokenSN LIKE '%" + searchpattern + "%'");
    		// Execute query.
    		rs = ps.executeQuery();
    		// Assemble result.
    		while(rs.next() && returnval.size() <= UserAdminConstants.MAXIMUM_QUERY_ROWCOUNT){
    			returnval.add(rs.getString(1));
    		}
    		debug("<findHardTokenByTokenSerialNumber()");
    		return returnval;

    	}catch(Exception e){
    		throw new EJBException(e);
    	}finally{
            JDBCUtil.close(con, ps, rs);
    	}

    }

       /**
       * Adds a mapping between a hard token and a certificate
       *
       * @param admin the administrator calling the function
       * @param tokensn The serialnumber of token.
       * @param certificate the certificate to map to.
       *
       * @throws EJBException if a communication or other error occurs.
        * @ejb.interface-method view-type="both"
        * @ejb.transaction type="Required"
       */
    public void addHardTokenCertificateMapping(Admin admin, String tokensn, X509Certificate certificate){
        String certificatesn = certificate.getSerialNumber().toString(16);
        debug(">addHardTokenCertificateMapping(certificatesn : "+ certificatesn  +", tokensn : " + tokensn + ")");
        int caid = CertTools.getIssuerDN(certificate).hashCode();
        try {
            hardtokencertificatemaphome.create(CertTools.getFingerprintAsString(certificate),tokensn);
            getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENCERTIFICATEMAP,"Certificate mapping added, certificatesn: "  + certificatesn +", tokensn: " + tokensn + " added.");
        }
        catch (Exception e) {
          getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENCERTIFICATEMAP,"Error adding certificate mapping, certificatesn: "  + certificatesn +", tokensn: " + tokensn);
        }
        debug("<addHardTokenCertificateMapping()");
    } // addHardTokenCertificateMapping

      /**
       * Removes a mapping between a hard token and a certificate
       *
       * @param admin the administrator calling the function
       * @param certificate the certificate to map to.
       *
       *
       * @throws EJBException if a communication or other error occurs.
       * @ejb.interface-method view-type="both"
       * @ejb.transaction type="Required"
       */
    public void removeHardTokenCertificateMapping(Admin admin, X509Certificate certificate){
       String certificatesn = certificate.getSerialNumber().toString(16);
       debug(">removeHardTokenCertificateMapping(Certificatesn: " + certificatesn + ")");
	   int caid = CertTools.getIssuerDN(certificate).hashCode();
      try{
        HardTokenCertificateMapLocal htcm =hardtokencertificatemaphome.findByPrimaryKey(CertTools.getFingerprintAsString(certificate));
        htcm.remove();
        getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENCERTIFICATEMAP, "Certificate mapping with certificatesn: "  + certificatesn +" removed.");
      }catch(Exception e){
         try{
           getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENCERTIFICATEMAP, "Error removing certificate mapping with certificatesn " + certificatesn + ".");
         }catch(Exception re){
            throw new EJBException(e);
         }
      }
      debug("<removeHardTokenCertificateMapping()");
    } // removeHardTokenCertificateMapping


    /**
     * Removes all mappings between a hard token and a certificate
     *
     * @param admin the administrator calling the function
     * @param tokensn the serial number to remove.
     *
     *
     * @throws EJBException if a communication or other error occurs.
     */
    private void removeHardTokenCertificateMappings(Admin admin, String tokensn){
      debug(">removeHardTokenCertificateMappings(tokensn: " + tokensn + ")");
	  int caid = admin.getCaId();
      try{
      	Iterator result = hardtokencertificatemaphome.findByTokenSN(tokensn).iterator();
      	while(result.hasNext()){
          HardTokenCertificateMapLocal htcm = (HardTokenCertificateMapLocal) result.next();
          htcm.remove();

      	}
      	 getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_INFO_HARDTOKENCERTIFICATEMAP, "All certificate mappings with tokensn: "  + tokensn +" removed");
        }catch(Exception e){
           try{
             getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_HARDTOKENCERTIFICATEMAP, "Error removing certificate mapping with tokensn " + tokensn + ".");
           }catch(Exception re){
              throw new EJBException(e);
           }
         }
         debug("<removeHardTokenCertificateMappings()");
     } // removeHardTokenCertificateMapping

       /**
       * Returns all the X509Certificates places in a hard token.
       *
       * @param admin the administrator calling the function
       * @param tokensn The serialnumber of token.
       *
       * @return a collection of X509Certificates
       * @throws EJBException if a communication or other error occurs.
        * @ejb.interface-method view-type="both"
       */
    public Collection findCertificatesInHardToken(Admin admin, String tokensn){
       debug("<findCertificatesInHardToken(username :" + tokensn +")");
       ArrayList returnval = new ArrayList();
       HardTokenCertificateMapLocal htcm = null;
       try{
         Collection result = hardtokencertificatemaphome.findByTokenSN(tokensn);         
         Iterator i = result.iterator();
         while(i.hasNext()){
           htcm = (HardTokenCertificateMapLocal) i.next();
           Certificate cert = getCertificateStoreSession().findCertificateByFingerprint(admin, htcm.getCertificateFingerprint());
           if (cert != null) {
               returnval.add(cert);
           }
         }
       }catch(Exception e){
          throw new EJBException(e);
       }

       debug("<findCertificatesInHardToken()");
       return returnval;
    } // findCertificatesInHardToken

    /**
     * Returns the tokensn that the have blongs to a given certificatesn and tokensn.
     *
     * @param admin the administrator calling the function
     * @param certificatesn The serialnumber of certificate.
     * @param issuerdn the issuerdn of the certificate.
     *
     * @return the serialnumber or null if no tokensn could be found.
     * @throws EJBException if a communication or other error occurs.
      * @ejb.interface-method view-type="both"
     */
  public String findHardTokenByCertificateSNIssuerDN(Admin admin, BigInteger certificatesn, String issuerdn){
     debug("<findHardTokenByCertificateSNIssuerDN(certificatesn :" + certificatesn + ", issuerdn :" + issuerdn+ ")");
     String returnval = null;
     HardTokenCertificateMapLocal htcm = null;
     try{
       X509Certificate cert = (X509Certificate) getCertificateStoreSession().findCertificateByIssuerAndSerno(admin,issuerdn,certificatesn);
       if(cert != null){       	       	 
         htcm = hardtokencertificatemaphome.findByPrimaryKey(CertTools.getFingerprintAsString(cert));        
         if(htcm != null){
           returnval = htcm.getTokenSN();
         }
       }
     }catch(Exception e){
        throw new EJBException(e);
     }

     debug("<findHardTokenByCertificateSNIssuerDN()");
     return returnval;
  } // findCertificatesInHardToken
    

    /**
     * Method used to signal to the log that token was generated successfully.
     *
     * @param admin administrator performing action
     * @param tokensn tokensn of token generated
     * @param username username of user token was generated for.
     * @param significantissuerdn indicates which CA the hard token should belong to.
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Required"
     */
    public void tokenGenerated(Admin admin, String tokensn, String username, String significantissuerdn){
	  int caid = CertTools.stringToBCDNString(significantissuerdn).hashCode();
      try{
        getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),username, null, LogEntry.EVENT_INFO_HARDTOKENGENERATED, "Token with serialnumber : " + tokensn + " generated successfully.");
      }catch(Exception e){
        throw new EJBException(e);
      }
    } // tokenGenerated

    /**
     * Method used to signal to the log that error occured when generating token.
     *
     * @param admin administrator performing action
     * @param tokensn tokensn of token.
     * @param username username of user token was generated for.
     * @param significantissuerdn indicates which CA the hard token should belong to.
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Required"
     */
    public void errorWhenGeneratingToken(Admin admin, String tokensn, String username, String significantissuerdn){
      int caid = CertTools.stringToBCDNString(significantissuerdn).hashCode();
      try{
        getLogSession().log(admin, caid, LogEntry.MODULE_HARDTOKEN, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_HARDTOKENGENERATED, "Error when generating token with serialnumber : " + tokensn + ".");
      }catch(Exception e){
        throw new EJBException(e);
      }
    } // errorWhenGeneratingToken


	/**
	* Method to check if a certificate profile exists in any of the hard token profiles.
	* Used to avoid desyncronization of certificate profile data.
	*
	* @param id the certificateprofileid to search for.
	* @return true if certificateprofileid exists in any of the hard token profiles.
     * @ejb.interface-method view-type="both"
	*/
   public boolean existsCertificateProfileInHardTokenProfiles(Admin admin, int id){
   	 HardTokenProfile profile = null;
	 Collection certprofiles=null;
	 boolean exists = false;
	 try{
	   Collection result = hardtokenprofilehome.findAll();
	   Iterator i = result.iterator();
	   while(i.hasNext() && !exists){
		 profile = ((HardTokenProfileDataLocal) i.next()).getHardTokenProfile();
		 if(profile instanceof EIDProfile){
		   certprofiles = ((EIDProfile) profile).getAllCertificateProfileIds();
		   if(certprofiles.contains(new Integer(id)))
		     exists = true;
		 }
	   }
	 }catch(FinderException e){}

	 return exists;
   } // existsCertificateProfileInHardTokenProfiles
   
	/**
	* Method to check if a hard token profile exists in any of the hard token issuers.
	* Used to avoid desyncronization of hard token profile data.
	*
	* @param id the hard token profileid to search for.
	* @return true if hard token profileid exists in any of the hard token issuers.
    * @ejb.interface-method view-type="both"
	*/
  public boolean existsHardTokenProfileInHardTokenIssuer(Admin admin, int id){
  	 HardTokenIssuer issuer = null;
	 Collection hardtokenissuers=null;
	 boolean exists = false;
	 try{
	   Collection result = this.hardtokenissuerhome.findAll();
	   Iterator i = result.iterator();
	   while(i.hasNext() && !exists){
		 issuer = ((HardTokenIssuerDataLocal) i.next()).getHardTokenIssuer();
		 hardtokenissuers = issuer.getAvailableHardTokenProfiles();
		 if(hardtokenissuers.contains(new Integer(id)))
			 exists = true;		 
	   }
	 }catch(FinderException e){}
	 return exists;
  } // existsHardTokenProfileInHardTokenIssuer

	private Integer findFreeHardTokenProfileId(){
	  Random ran = (new Random((new Date()).getTime()));
	  int id = ran.nextInt();
	  boolean foundfree = false;

	  while(!foundfree){
		try{
		  if(id > SecConst.TOKEN_SOFT)
			hardtokenprofilehome.findByPrimaryKey(new Integer(id));
		    id = ran.nextInt();
		}catch(FinderException e){
		   foundfree = true;
		}
	  }
	  return new Integer(id);
	} // findFreeHardTokenProfileId

    private Integer findFreeHardTokenIssuerId(){
      Random ran = (new Random((new Date()).getTime()));
      int id = ran.nextInt();
      boolean foundfree = false;

      while(!foundfree){
        try{
          if(id > 1)
            hardtokenissuerhome.findByPrimaryKey(new Integer(id));
            id = ran.nextInt();
        }catch(FinderException e){
           foundfree = true;
        }
      }
      return new Integer(id);
    } // findFreeHardTokenIssuerId


} // LocalHardTokenSessionBean