batchmakep12.java

JAVA做的J2EE下CA认证系统 基于EJB开发

        log.info("Created Keystore for " + username + ".");
        log.debug("<createUser: username=" + username);
    } // createUser

    /**
     * Does the deed with one user...
     *
     * @param data           user data for user
     * @param createJKS      if a jks should be created
     * @param createPEM      if pem files should be created
     * @param keyrecoverflag if we should try to revoer already existing keys
     * @throws Exception If something goes wrong...
     */
    private void processUser(UserDataVO data, boolean createJKS, boolean createPEM,
                             boolean keyrecoverflag) throws Exception {
        KeyPair rsaKeys = null;

        if (usekeyrecovery && keyrecoverflag) {
            // Recover Keys
            IKeyRecoverySessionRemote keyrecoverysession = keyrecoveryhome.create();
            KeyRecoveryData recoveryData = keyrecoverysession.keyRecovery(administrator, data.getUsername());
            if (recoveryData != null) {
                rsaKeys = recoveryData.getKeyPair();
            } else {
                throw new Exception("No Key Recovery Data available for user, " + data.getUsername() + " can not be generated.");
            }
        } else {
            rsaKeys = KeyTools.genKeys(1024);
        }
        // Get certificate for user and create P12
        if (rsaKeys != null) {
            createUser(data.getUsername(), data.getPassword(), data.getCAId(), rsaKeys, createJKS, createPEM, data.getKeyRecoverable());
        }
    } //processUser

    private boolean doCreate(IUserAdminSessionRemote admin, UserDataVO data, int status) throws Exception {
        boolean ret = false;
        int tokentype = SecConst.TOKEN_SOFT_BROWSERGEN;
        boolean createJKS = false;
        boolean createPEM = false;
        boolean createP12 = false;
        // get users Token Type.
        tokentype = data.getTokenType();
        createP12 = tokentype == SecConst.TOKEN_SOFT_P12;
        createPEM = tokentype == SecConst.TOKEN_SOFT_PEM;
        createJKS = tokentype == SecConst.TOKEN_SOFT_JKS;
        
        // Only generate supported tokens
        if (createP12 || createPEM || createJKS) {
            if (status == UserDataConstants.STATUS_KEYRECOVERY) {
                log.info("Retrieving keys for " + data.getUsername());
            } else {
                log.info("Generating keys for " + data.getUsername());
            }                               
            
            // Grab new user, set status to INPROCESS
            admin.setUserStatus(administrator, data.getUsername(),
                    UserDataConstants.STATUS_INPROCESS);
            processUser(data, createJKS, createPEM,
                    (status == UserDataConstants.STATUS_KEYRECOVERY));
            
            // If all was OK , set status to GENERATED
            admin.setUserStatus(administrator, data.getUsername(),
                    UserDataConstants.STATUS_GENERATED);
            
            // Delete clear text password
            admin.setClearTextPassword(administrator, data.getUsername(), null);
            ret = true;
            log.info("New user generated successfully - " + data.getUsername());
        } else {
            log.debug("Cannot batchmake browser generated token for user (wrong tokentype)- " +
                    data.getUsername());
        }        
        return ret;
    }
    
    /**
     * Creates P12-files for all users with status NEW in the local database.
     *
     * @throws Exception if something goes wrong...
     */
    public void createAllNew() throws Exception {
        log.debug(">createAllNew:");
        log.info("Generating for all NEW.");
        createAllWithStatus(UserDataConstants.STATUS_NEW);
        log.debug("<createAllNew:");
    } // createAllNew

    /**
     * Creates P12-files for all users with status FAILED in the local database.
     *
     * @throws Exception if something goes wrong...
     */
    public void createAllFailed() throws Exception {
        log.debug(">createAllFailed:");
        log.info("Generating for all FAILED.");
        createAllWithStatus(UserDataConstants.STATUS_FAILED);
        log.debug("<createAllFailed:");
    } // createAllFailed

    /**
     * Creates P12-files for all users with status KEYRECOVER in the local database.
     *
     * @throws Exception if something goes wrong...
     */
    public void createAllKeyRecover() throws Exception {
        if (usekeyrecovery) {
            log.debug(">createAllKeyRecover:");
            log.info("Generating for all KEYRECOVER.");
            createAllWithStatus(UserDataConstants.STATUS_KEYRECOVERY);
            log.debug("<createAllKeyRecover:");
        }
    } // createAllKeyRecover

    /**
     * Creates P12-files for all users with status in the local database.
     *
     * @param status
     * @throws Exception if something goes wrong...
     */
    public void createAllWithStatus(int status) throws Exception {
        log.debug(">createAllWithStatus: " + status);

        Collection result;
        IUserAdminSessionRemote admin = adminhome.create();
        boolean stopnow = false;

        //Collection result = admin.findAllUsersByStatus(administrator, status);
        do {
            result = admin.findAllUsersByStatusWithLimit(administrator, status, true);
            log.info("Batch generating " + result.size() + " users.");

            int failcount = 0;
            int successcount = 0;

            if (result.size() > 0) {
                if (result.size() < UserAdminConstants.MAXIMUM_QUERY_ROWCOUNT) {
                    stopnow = true;
                }
                Iterator it = result.iterator();
                String failedusers = "";
                String successusers = "";
                while (it.hasNext()) {
                    UserDataVO data = (UserDataVO) it.next();
                    if ((data.getPassword() != null) && (data.getPassword().length() > 0)) {
                        try {
                            if (doCreate(admin, data, status)) {
                                successusers += (":" + data.getUsername());
                                successcount++;
                            }
                        } catch (Exception e) {
                            // If things went wrong set status to FAILED
                            log.error("An error happened, setting status to FAILED.", e);
                            failedusers += (":" + data.getUsername());
                            failcount++;
                            if (status == UserDataConstants.STATUS_KEYRECOVERY) {
                                admin.setUserStatus(administrator, data.getUsername(), UserDataConstants.STATUS_KEYRECOVERY);
                            } else {
                                admin.setUserStatus(administrator, data.getUsername(), UserDataConstants.STATUS_FAILED);
                            }
                        }
                    } else {
                        log.debug("User '" + data.getUsername() +
                                "' does not have clear text password.");
                    }
                }

                if (failedusers.length() > 0) {
                    throw new Exception("BatchMakeP12 failed for " + failcount + " users (" +
                            successcount + " succeeded) - " + failedusers);
                }

                log.info(successcount + " new users generated successfully - " + successusers);
            }
        } while ((result.size() > 0) && !stopnow);

        log.debug("<createAllWithStatus: " + status);
    } // createAllWithStatus

    /**
     * Creates P12-files for one user in the local database.
     *
     * @param username username
     * @throws Exception if the user does not exist or something goes wrong during generation
     */
    public void createUser(String username) throws Exception {
        log.debug(">createUser(" + username + ")");

        IUserAdminSessionRemote admin = adminhome.create();
        UserDataVO data = admin.findUser(administrator, username);
        int status = data.getStatus();

        if ((data != null) && (data.getPassword() != null) && (data.getPassword().length() > 0)) {
            if ((status == UserDataConstants.STATUS_NEW) ||
                    ((status == UserDataConstants.STATUS_KEYRECOVERY) && usekeyrecovery)) {
                try {
                    doCreate(admin, data, status);
                } catch (Exception e) {
                    // If things went wrong set status to FAILED
                    log.error("An error happened, setting status to FAILED (if not keyrecovery).");
                    log.error(e);
                    if (status == UserDataConstants.STATUS_KEYRECOVERY) {
                        admin.setUserStatus(administrator, data.getUsername(), UserDataConstants.STATUS_KEYRECOVERY);
                    } else {
                        admin.setUserStatus(administrator, data.getUsername(), UserDataConstants.STATUS_FAILED);
                    }
                    throw new Exception("BatchMakeP12 failed for '" + username + "'.");
                }
            } else {
                log.error("Unknown user, or clear text password is null: " + username);
                throw new Exception("BatchMakeP12 failed for '" + username + "'.");
            }
        }

        log.debug(">createUser(" + username + ")");
    } // doit

    /**
     * Main
     *
     * @param args command line arguments
     */
    public static void main(String[] args) {
        try {
            BatchMakeP12 makep12 = new BatchMakeP12();
            String username = null;
            String directory = "p12";
            for (int i = 0; i < args.length; i++) {
                if ("-?".equalsIgnoreCase(args[i]) || "--help".equalsIgnoreCase(args[i])){
                    System.out.println("Usage: batch [username] [-dir directory]");
                    System.out.println("   username: the name of the user to generate the key.");
                    System.out.println("             If omitted, keys will be generated for all users with status NEW or FAILED");
                    System.out.println("   directory: the name of the directory to store the keys to");
                    System.exit(1);
                } else if ("-dir".equalsIgnoreCase(args[i])){
                    directory = args[++i];
                } else {
                    username = args[i];
                }
            }

            // Create subdirectory 'p12' if it does not exist
            File dir = new File(directory).getCanonicalFile();
            dir.mkdir();
            makep12.setMainStoreDir(directory);
            log.info("Generating keys in directory " + dir);

            if (username != null) {
                makep12.createUser(username);
            } else {
                // Make P12 for all NEW users in local DB
                makep12.createAllNew();

                // Make P12 for all FAILED users in local DB
                makep12.createAllFailed();

                // Make P12 for all KEYRECOVERABLE users in local DB
                makep12.createAllKeyRecover();
            }
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
    } // main

} // BatchMakeP12