raaddusercommand.java

JAVA做的J2EE下CA认证系统 基于EJB开发

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.admin;

import java.rmi.RemoteException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;

import javax.ejb.FinderException;
import javax.naming.InitialContext;

import se.anatom.ejbca.SecConst;
import se.anatom.ejbca.authorization.AuthorizationDeniedException;
import se.anatom.ejbca.authorization.IAuthorizationSessionHome;
import se.anatom.ejbca.authorization.IAuthorizationSessionRemote;
import se.anatom.ejbca.ca.caadmin.ICAAdminSessionHome;
import se.anatom.ejbca.ca.caadmin.ICAAdminSessionRemote;
import se.anatom.ejbca.ca.store.CertificateDataBean;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionHome;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionRemote;
import se.anatom.ejbca.hardtoken.IHardTokenSessionHome;
import se.anatom.ejbca.hardtoken.IHardTokenSessionRemote;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.ra.raadmin.GlobalConfiguration;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionHome;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionRemote;
import se.anatom.ejbca.ra.raadmin.UserDoesntFullfillEndEntityProfile;




/**
 * Adds a user to the database.
 *
 * @version $Id: RaAddUserCommand.java,v 1.40 2005/05/03 16:34:53 anatom Exp $
 */
public class RaAddUserCommand extends BaseRaAdminCommand {
	
	private static final String USERGENERATED = "USERGENERATED"; 
	private static final String P12           = "P12";
	private static final String JKS           = "JKS";
	private static final String PEM           = "PEM";
	
	private final String[] softtokennames = {USERGENERATED,P12,JKS,PEM};
	private final int[] softtokenids = {SecConst.TOKEN_SOFT_BROWSERGEN,
			SecConst.TOKEN_SOFT_P12, SecConst.TOKEN_SOFT_JKS, SecConst.TOKEN_SOFT_PEM};
	
    /**
     * Creates a new instance of RaAddUserCommand
     *
     * @param args command line arguments
     */
    public RaAddUserCommand(String[] args) {
        super(args);
    }

    /**
     * Runs the command
     *
     * @throws IllegalAdminCommandException Error in command args
     * @throws ErrorAdminCommandException Error running command
     */
    public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
        try {
            InitialContext jndicontext = getInitialContext();

            Object obj1 = jndicontext.lookup("CertificateStoreSession");
            ICertificateStoreSessionHome certificatesessionhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1,
                    ICertificateStoreSessionHome.class);
            ICertificateStoreSessionRemote certificatesession = certificatesessionhome.create();

            IRaAdminSessionHome raadminsessionhome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("RaAdminSession"),
                                                                                 IRaAdminSessionHome.class);

            IRaAdminSessionRemote raadminsession = raadminsessionhome.create();


            ICAAdminSessionHome caadminsessionhome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("CAAdminSession"),
                                                                                 ICAAdminSessionHome.class);
            ICAAdminSessionRemote caadminsession = caadminsessionhome.create();                       

            IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("AuthorizationSession"),
                                                                                 IAuthorizationSessionHome.class);
            IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();                       
            
            
            GlobalConfiguration globalconfiguration = raadminsession.loadGlobalConfiguration(administrator);
            boolean usehardtokens = globalconfiguration.getIssueHardwareTokens();
            boolean usekeyrecovery = globalconfiguration.getEnableKeyRecovery();
            String[] hardtokenissueraliases = null;
            Collection authorizedhardtokenprofiles   = null;
            HashMap hardtokenprofileidtonamemap = null;            

            IHardTokenSessionRemote hardtokensession=null;
            if(usehardtokens){  
              IHardTokenSessionHome hardtokensessionhome = (IHardTokenSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("HardTokenSession"),
                                                                                 IHardTokenSessionHome.class);
              hardtokensession = hardtokensessionhome.create();
              hardtokenissueraliases = (String[]) hardtokensession.getHardTokenIssuerAliases(administrator).toArray(new String[0]);             

              authorizedhardtokenprofiles = hardtokensession.getAuthorizedHardTokenProfileIds(administrator);
              hardtokenprofileidtonamemap = hardtokensession.getHardTokenProfileIdToNameMap(administrator);
            }  
            
            if ( (args.length < 9) || (args.length > 12) ) {
                Collection certprofileids = certificatesession.getAuthorizedCertificateProfileIds(administrator, CertificateDataBean.CERTTYPE_ENDENTITY);
                HashMap certificateprofileidtonamemap = certificatesession.getCertificateProfileIdToNameMap(administrator);
                
                Collection endentityprofileids =  raadminsession.getAuthorizedEndEntityProfileIds(administrator);
                HashMap endentityprofileidtonamemap = raadminsession.getEndEntityProfileIdToNameMap(administrator);
                
                Collection caids = authorizationsession.getAuthorizedCAIds(administrator);
                HashMap caidtonamemap = caadminsession.getCAIdToNameMap(administrator);
                
                if( usehardtokens)
                  getOutputStream().println("Usage: RA adduser <username> <password> <dn> <subjectAltName> <caname> <email> <type> <token> [<certificateprofile>]  [<endentityprofile>] [<hardtokenissuer>]");
                else
                  getOutputStream().println("Usage: RA adduser <username> <password> <dn> <subjectAltName> <caname> <email> <type> <token> [<certificateprofile>]  [<endentityprofile>] ");


                getOutputStream().println("");
                getOutputStream().println("DN is of form \"C=SE, O=MyOrg, OU=MyOrgUnit, CN=MyName\" etc.");
                getOutputStream().println(
                    "SubjectAltName is of form \"rfc822Name=<email>, dNSName=<host name>, uri=<http://host.com/>, ipaddress=<address>, guid=<globally unique id>\"");

                if (usekeyrecovery) {
                    getOutputStream().println(
                        "Type (mask): INVALID=0; END-USER=1; ADMINISTRATOR=64; KEYRECOVERABLE=128; SENDNOTIFICATION=256");
                } else {
                    getOutputStream().println(
                        "Type (mask): INVALID=0; END-USER=1; ADMINISTRATOR=64; SENDNOTIFICATION=256");
                }

                getOutputStream().print("Existing tokens      : " + USERGENERATED + ", " +
                                          P12 + ", "+ JKS + ", "  + PEM);

                if (usehardtokens) {
                  Iterator iter = authorizedhardtokenprofiles.iterator();
                  while(iter.hasNext()){
                    getOutputStream().print(", " + hardtokenprofileidtonamemap.get(iter.next()));
                  }
                }

                getOutputStream().print("\n");
                
                
                getOutputStream().print("Existing cas  : ");
                boolean first = true;
                Iterator iter = caids.iterator();
                while(iter.hasNext()){
                  if(first)                    
                    first= false;
                  else
                    getOutputStream().print(", ");                      
                  getOutputStream().print(caidtonamemap.get(iter.next()));
                }
                getOutputStream().print("\n");
                
                getOutputStream().print("Existing certificate profiles  : ");
                first = true;
                iter = certprofileids.iterator();
                while(iter.hasNext()){
                  if(first)                    
                    first= false;
                  else
                    getOutputStream().print(", ");