📄 localcertificatestoresessionbean.java
字号:
/** * Set the status of certificates of given dn to revoked. * * @param admin Administrator performing the operation * @param username the username of user to revoke certificates. * @param publishers and array of publiserids (Integer) of publishers to revoke the certificate in. * @param reason the reason of the revokation. (One of the RevokedCertInfo.REVOKATION_REASON * constants.) * @ejb.transaction type="Required" * @ejb.interface-method */ public void setRevokeStatus(Admin admin, String username, Collection publishers, int reason) { debug(">setRevokeStatus(), username=" + username); X509Certificate certificate = null; // Strip dangerous chars username = StringTools.strip(username); try { Collection certs = findCertificatesByUsername(admin, username); // Revoke all certs if (!certs.isEmpty()) { Iterator j = certs.iterator(); while (j.hasNext()) { CertificateDataPK revpk = new CertificateDataPK(); certificate = (X509Certificate) j.next(); revpk.fingerprint = CertTools.getFingerprintAsString(certificate); CertificateDataLocal rev = certHome.findByPrimaryKey(revpk); if (rev.getStatus() != CertificateDataBean.CERT_REVOKED) { rev.setStatus(CertificateDataBean.CERT_REVOKED); rev.setRevocationDate(new Date()); rev.setRevocationReason(reason); getLogSession().log(admin, certificate, LogEntry.MODULE_CA, new java.util.Date(), null, certificate, LogEntry.EVENT_INFO_REVOKEDCERT, ("Reason :" + reason)); // Revoke in all related publishers if (publishers != null) { getPublisherSession().revokeCertificate(admin, publishers, certificate, reason); } } } } } catch (FinderException e) { getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_REVOKEDCERT, ("Couldn't find certificate with username :" + username)); throw new EJBException(e); } debug("<setRevokeStatus(), username=" + username); } // setRevokeStatus /** * Set the status of certificate with given serno to revoked. * * @param admin Administrator performing the operation * @param serno the serno of certificate to revoke. * @param publishers and array of publiserids (Integer) of publishers to revoke the certificate in. * @param reason the reason of the revokation. (One of the RevokedCertInfo.REVOKATION_REASON constants.) * @ejb.transaction type="Required" * @ejb.interface-method */ public void setRevokeStatus(Admin admin, String issuerdn, BigInteger serno, Collection publishers, int reason) { debug(">setRevokeStatus(), issuerdn=" + issuerdn + ", serno=" + serno); X509Certificate certificate = null; try { certificate = (X509Certificate) this.findCertificateByIssuerAndSerno(admin, issuerdn, serno); // Revoke all certs if (certificate != null) { CertificateDataPK revpk = new CertificateDataPK(); revpk.fingerprint = CertTools.getFingerprintAsString(certificate); CertificateDataLocal rev = certHome.findByPrimaryKey(revpk); if (rev.getStatus() != CertificateDataBean.CERT_REVOKED) { rev.setStatus(CertificateDataBean.CERT_REVOKED); rev.setRevocationDate(new Date()); rev.setRevocationReason(reason); getLogSession().log(admin, issuerdn.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, certificate, LogEntry.EVENT_INFO_REVOKEDCERT, ("Reason :" + reason)); } // Revoke in all related publishers if (publishers != null) { getPublisherSession().revokeCertificate(admin, publishers, certificate, reason); } } } catch (FinderException e) { getLogSession().log(admin, issuerdn.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_REVOKEDCERT, ("Couldn't find certificate with serno :" + serno)); throw new EJBException(e); } debug("<setRevokeStatus(), issuerdn=" + issuerdn + ", serno=" + serno); } // setRevokeStatus /** * Revokes a certificate (already revoked by the CA), in the database * * @param cert The DER coded Certificate that has been revoked. * @param publishers and array of publiserids (Integer) of publishers to revoke the certificate in. * @ejb.transaction type="Required" * @ejb.interface-method */ public void revokeCertificate(Admin admin, Certificate cert, Collection publishers, int reason) { if (cert instanceof X509Certificate) { setRevokeStatus(admin, ((X509Certificate) cert).getIssuerDN().toString(), ((X509Certificate) cert).getSerialNumber(), publishers, reason); } } //revokeCertificate /** * Method revoking all certificates generated by the specified issuerdn. Sets revokedate to current time. * Should only be called by CAAdminBean when a CA is about to be revoked. * * @param admin the administrator performing the event. * @param issuerdn the dn of CA about to be revoked * @param reason the reason of revokation. * @ejb.transaction type="Required" * @ejb.interface-method */ public void revokeAllCertByCA(Admin admin, String issuerdn, int reason) { Connection con = null; PreparedStatement ps = null; PreparedStatement ps2 = null; int temprevoked = 0; int revoked = 0; String bcdn = CertTools.stringToBCDNString(issuerdn); final String firstsqlstatement = "UPDATE CertificateData SET status=?" + " WHERE issuerDN=? AND status = ? "; final String secondsqlstatement = "UPDATE CertificateData SET status=?, revocationDate=?, revocationReason=?" + " WHERE issuerDN=? AND status <> ?"; long currentdate = new Date().getTime(); try { // First SQL statement, changing all temporaty revoked certificates to permanently revoked certificates con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); ps = con.prepareStatement(firstsqlstatement); ps.setInt(1, CertificateDataBean.CERT_REVOKED); // first statusfield ps.setString(2, bcdn); // issuerdn field ps.setInt(3, CertificateDataBean.CERT_TEMP_REVOKED); // second statusfield temprevoked = ps.executeUpdate(); // Second SQL statement, revoking all non revoked certificates. ps2 = con.prepareStatement(secondsqlstatement); ps2.setInt(1, CertificateDataBean.CERT_REVOKED); // first statusfield ps2.setLong(2, currentdate); // revokedate field ps2.setInt(3, reason); // revokation reason ps2.setString(4, bcdn); // issuer dn ps2.setInt(5, CertificateDataBean.CERT_REVOKED); // second statusfield revoked = ps2.executeUpdate(); getLogSession().log(admin, bcdn.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_REVOKEDCERT, ("Revoked All CAs certificates successfully. Permantly revoked :" + (revoked + temprevoked) + " Certificates with reason: " + reason)); } catch (Exception e) { getLogSession().log(admin, bcdn.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_REVOKEDCERT, "Error when trying to revoke a CA's all certificates", e); throw new EJBException(e); } finally { JDBCUtil.close(con, ps, null); JDBCUtil.close(ps2); } } // revokeAllCertByCA /** * Method that checks if a users all certificates have been revoked. * * @param admin Administrator performing the operation * @param username the username to check for. * @return returns true if all certificates are revoked. * @ejb.interface-method */ public boolean checkIfAllRevoked(Admin admin, String username) { boolean returnval = true; X509Certificate certificate = null; // Strip dangerous chars username = StringTools.strip(username); try { Collection certs = findCertificatesByUsername(admin, username); // Revoke all certs if (!certs.isEmpty()) { Iterator j = certs.iterator(); while (j.hasNext()) { CertificateDataPK revpk = new CertificateDataPK(); certificate = (X509Certificate) j.next(); revpk.fingerprint = CertTools.getFingerprintAsString(certificate); CertificateDataLocal rev = certHome.findByPrimaryKey(revpk); if (rev.getStatus() != CertificateDataBean.CERT_REVOKED) { returnval = false; } } } } catch (FinderException e) { throw new EJBException(e); } return returnval; } /** * The method returns the revocation status for a list or certificate identified * by the serialnumber. * * @param admin * @param issuerDN the subjectDN of a CA certificate * @param sernos a collection of certificate serialnumbers * @return Collection a collection of {@link RevokedCertInfo} objects which * reflect the revocation status of the given certificates. * @ejb.interface-method */ public Collection isRevoked(Admin admin, String issuerDN, Collection sernos) { if (log.isDebugEnabled()) { debug(">isRevoked(), dn:" + issuerDN + ", no of sernos=" + sernos.size()); } Connection con = null; PreparedStatement ps = null; ResultSet result = null; ArrayList vect = null; if (null == admin || null == issuerDN || issuerDN.length() <= 0 || null == sernos) { throw new IllegalArgumentException(); } if (sernos.isEmpty()) { return new ArrayList(); } // First make a DN in our well-known format String dn = CertTools.stringToBCDNString(issuerDN); try { final StringBuffer sb = new StringBuffer(); /* * tmeckel: * why commented out refer to 'findCertificateByIssuerAndSernos' CollectionUtils.forAllDo(sernos, new Closure() { public void execute(Object input) { if (null != input) { sb.append(", "); sb.append(input.toString()); } }} ); */ { Iterator iter = sernos.iterator(); while (iter.hasNext()) { sb.append(", '");// Make sure this is really a BigInteger passed in as (untrusted param) BigInteger serno = (BigInteger) iter.next(); sb.append(serno.toString()); sb.append("'"); } } /* * to save the repeating if-statement in the above * Closure not to add ', ' as the first characters * in the StringBuffer we remove the two chars here :) */ sb.delete(0, ", ".length()); con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); ps = con.prepareStatement("SELECT DISTINCT serialNumber, revocationDate, revocationReason, status" + " FROM CertificateData WHERE" + " issuerDN = '" + dn + "'" + " AND serialNumber IN (" + sb.toString() + ")"); result = ps.executeQuery(); vect = new ArrayList(); while (result.next()) { RevokedCertInfo info = new RevokedCertInfo(new BigInteger(result.getBytes(1)), new Date(result.getLong(2)), result.getInt(3)); // Backwards compatibility, handle databases that did not have NOT_REVOKED if (result.getInt(4) != CertificateDataBean.CERT_REVOKED) { info.setReason(RevokedCertInfo.NOT_REVOKED); } vect.add(info); } } catch (Exception e) { error("Unable to load revoked certificates for issuer '" + issuerDN + "'" , e); throw new EJBException(e); } finally { JDBCUtil.close(con, ps, result); } debug("<isRevoked()"); return vect; } // isRevoked /** * Checks if a certificate is revoked. * * @param admin Administrator performing the operation * @param issuerDN the DN of the issuer. * @param serno the serialnumber of the certificate that will be checked * @return RevokedCertInfo with revocation information, with reason RevokedCertInfo.NOT_REVOKED if NOT revoked. Returns null if certificate is not found. * @ejb.interface-method */ public RevokedCertInfo isRevoked(Admin admin, String issuerDN, BigInteger serno) { if (log.isDebugEnabled()) { debug(">isRevoked(), dn:" + issuerDN + ", serno=" + serno); } // First make a DN in our well-known format String dn = CertTools.stringToBCDNString(issuerDN); try { Collection coll = certHome.findByIssuerDNSerialNumber(dn, serno.toString()); if (coll != null) { if (coll.size() > 1) getLogSession().log(admin, issuerDN.hashCode(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_DATABASE, "Error in database, more than one certificate has the same Issuer : " + issuerDN + " and serialnumber "⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -