localuseradminsessionbean.java

JAVA做的J2EE下CA认证系统 基于EJB开发

    /**
     * Finds a user by its subjectDN.
     *
     * @param subjectdn
     * @return UserDataVO or null if the user is not found.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public UserDataVO findUserBySubjectDN(Admin admin, String subjectdn, String issuerdn) throws AuthorizationDeniedException {
        debug(">findUserBySubjectDN(" + subjectdn + ")");
        String bcdn = CertTools.stringToBCDNString(subjectdn);
        // String used in SQL so strip it
        String dn = StringTools.strip(bcdn);
        debug("Looking for users with subjectdn: " + dn + ", issuerdn : " + issuerdn);
        UserDataVO returnval = null;

        UserDataLocal data = null;

        if (!authorizedToCA(admin, issuerdn.hashCode())) {
            throw new AuthorizationDeniedException("Administrator not authorized to view user with given CA.");
        }

        try {
            data = home.findBySubjectDN(dn, issuerdn.hashCode());
        } catch (FinderException e) {
            log.debug("Cannot find user with DN='" + dn + "'");
        }
        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if administrator is authorized to view user.
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS))
                throw new AuthorizationDeniedException("Administrator not authorized to view user.");
        }

        if (data != null) {
            returnval = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(), data.getStatus()
                    , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId()
                    , new java.util.Date(data.getTimeCreated()), new java.util.Date(data.getTimeModified())
                    , data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation());

            returnval.setPassword(data.getClearPassword());
        }
        debug("<findUserBySubjectDN(" + subjectdn + ")");
        return returnval;
    } // findUserBySubjectDN

    /**
     * Finds a user by its Email.
     *
     * @param email
     * @return UserDataVO or null if the user is not found.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public Collection findUserByEmail(Admin admin, String email) throws AuthorizationDeniedException {
        debug(">findUserByEmail(" + email + ")");
        debug("Looking for user with email: " + email);
        ArrayList returnval = new ArrayList();

        Collection result = null;
        try {
            result = home.findBySubjectEmail(email);
        } catch (FinderException e) {
            log.debug("Cannot find user with Email='" + email + "'");
        }

        Iterator iter = result.iterator();
        while (iter.hasNext()) {
            UserDataLocal data = (UserDataLocal) iter.next();

            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
                // Check if administrator is authorized to view user.
                if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS))
                    break;
            }

            if (!authorizedToCA(admin, data.getCaId())) {
                break;
            }

            UserDataVO user = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(), data.getStatus()
                    , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId()
                    , new java.util.Date(data.getTimeCreated()), new java.util.Date(data.getTimeModified())
                    , data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation());
            user.setPassword(data.getClearPassword());
            returnval.add(user);
        }
        debug("<findUserByEmail(" + email + ")");
        return returnval;
    } // findUserBySubjectDN

    /**
     * Method that checks if user with specified users certificate exists in database and is set as administrator.
     *
     * @param subjectdn
     * @throws AuthorizationDeniedException if user isn't an administrator.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public void checkIfCertificateBelongToAdmin(Admin admin, BigInteger certificatesnr, String issuerdn) throws AuthorizationDeniedException {
        debug(">checkIfCertificateBelongToAdmin(" + certificatesnr + ")");
        String username = certificatesession.findUsernameByCertSerno(admin, certificatesnr, issuerdn);

        UserDataLocal data = null;
        if (username != null) {
            UserDataPK pk = new UserDataPK(username);
            try {
                data = home.findByPrimaryKey(pk);
            } catch (FinderException e) {
                log.debug("Cannot find user with username='" + username + "'");
            }
        }

        if (data != null) {
            int type = data.getType();
            if ((type & SecConst.USER_ADMINISTRATOR) == 0) {
                logsession.log(admin, data.getCaId(), LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_ADMINISTRATORLOGGEDIN, "Certificate didn't belong to an administrator.");
                throw new AuthorizationDeniedException("Your certificate does not belong to an administrator.");
            }
        } else {
            logsession.log(admin, LogConstants.INTERNALCAID, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_ADMINISTRATORLOGGEDIN, "Certificate didn't belong to any user.");
            throw new AuthorizationDeniedException("Your certificate does not belong to any user.");
        }

        debug("<checkIfCertificateBelongToAdmin()");
    } // checkIfCertificateBelongToAdmin


    /**
     * Finds all users with a specified status.
     *
     * @param status the status to look for, from 'UserData'.
     * @return Collection of UserDataVO
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public Collection findAllUsersByStatus(Admin admin, int status) throws FinderException {
        debug(">findAllUsersByStatus(" + status + ")");
        debug("Looking for users with status: " + status);

        Query query = new Query(Query.TYPE_USERQUERY);
        query.add(UserMatch.MATCH_WITH_STATUS, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(status));
        Collection returnval = null;

        try {
            returnval = query(admin, query, false, null, null, false);
        } catch (IllegalQueryException e) {
        }
        debug("found " + returnval.size() + " user(s) with status=" + status);
        debug("<findAllUsersByStatus(" + status + ")");
        return returnval;
    }
    /**
     * Finds all users registered to a specified ca.
     *
     * @param caid the caid of the CA, from 'UserData'.
     * @return Collection of UserDataVO
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
     public Collection findAllUsersByCaId(Admin admin, int caid) throws FinderException {
         debug(">findAllUsersByCaId("+caid+")");
         debug("Looking for users with caid: " + caid);
         
         Query query = new Query(Query.TYPE_USERQUERY);
         query.add(UserMatch.MATCH_WITH_CA, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(caid));
         Collection returnval = null;
         
         try{
           returnval = query(admin, query, false, null, null, false);  
         }catch(IllegalQueryException e){}
         debug("found "+returnval.size()+" user(s) with caid="+caid);
         debug("<findAllUsersByCaId("+caid+")");
         return returnval;         
     }


    /**
     * Finds all users and returns the first MAXIMUM_QUERY_ROWCOUNT.
     *
     * @return Collection of UserDataVO
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public Collection findAllUsersWithLimit(Admin admin) throws FinderException {
        debug(">findAllUsersWithLimit()");
        Collection returnval = null;
        try {
            returnval = query(admin, null, true, null, null, false);
        } catch (IllegalQueryException e) {
        }
        debug("<findAllUsersWithLimit()");
        return returnval;
    }

    /**
     * Finds all users with a specified status and returns the first MAXIMUM_QUERY_ROWCOUNT.
     *
     * @param status the new status, from 'UserData'.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public Collection findAllUsersByStatusWithLimit(Admin admin, int status, boolean onlybatchusers) throws FinderException {
        debug(">findAllUsersByStatusWithLimit()");

        Query query = new Query(Query.TYPE_USERQUERY);
        query.add(UserMatch.MATCH_WITH_STATUS, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(status));
        Collection returnval = null;

        try {
            returnval = query(admin, query, false, null, null, onlybatchusers);
        } catch (IllegalQueryException e) {
        }

        debug("<findAllUsersByStatusWithLimit()");
        return returnval;
    }

    /**
     * Starts an external service that may be needed bu user administration.
     *
     * @ejb.interface-method
     */
    public void startExternalService(String[] args) {
        debug(">startService()");
        try {
            String className = getLocator().getString("java:comp/env/RMIFactory");
            RMIFactory rmiFactory = (RMIFactory) Class.forName(className).newInstance();
            rmiFactory.startConnection(args);
            debug(">startService()");
        } catch (Exception e) {
            error("Error starting external service.", e);
            throw new EJBException("Error starting external service", e);
        }
    } // startExternalService

    /**
     * Method to execute a customized query on the ra user data. The parameter query should be a legal Query object.
     *
     * @param query                  a number of statments compiled by query class to a SQL 'WHERE'-clause statment.
     * @param caauthorizationstring  is a string placed in the where clause of SQL query indication which CA:s the administrator is authorized to view.
     * @param endentityprofilestring is a string placed in the where clause of SQL query indication which endentityprofiles the administrator is authorized to view.
     * @return a collection of UserDataVO. Maximum size of Collection is defined i IUserAdminSessionRemote.MAXIMUM_QUERY_ROWCOUNT
     * @throws IllegalQueryException when query parameters internal rules isn't fullfilled.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     * @see se.anatom.ejbca.util.query.Query
     */
    public Collection query(Admin admin, Query query, String caauthorizationstring, String endentityprofilestring) throws IllegalQueryException {
        return query(admin, query, true, caauthorizationstring, endentityprofilestring, false);
    }

    /**
     * Help function used to retrieve user information. A query parameter of null indicates all users.
     * If caauthorizationstring or endentityprofilestring are null then the method will retrieve the information
     * itself.
     */
    private Collection query(Admin admin, Query query, boolean withlimit, String caauthorizationstr, String endentityprofilestr, boolean onlybatchusers) throws IllegalQueryException {
        debug(">query(): withlimit(not implemented)="+withlimit);
        boolean authorizedtoanyprofile = true;
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        String caauthorizationstring = StringTools.strip(caauthorizationstr);
        String endentityprofilestring = StringTools.strip(endentityprofilestr);
        ArrayList returnval = new ArrayList();
        GlobalConfiguration globalconfiguration = getGlobalConfiguration(admin);
        RAAuthorization raauthorization = null;
        String caauthstring = caauthorizationstring;
        String endentityauth = endentityprofilestring;
        String sqlquery = "select " + USERDATA_COL + " from UserData where ";


        // Check if query is legal.
        if (query != null && !query.isLegalQuery())
            throw new IllegalQueryException();

        if (query != null)