localkeyrecoverysessionbean.java

JAVA做的J2EE下CA认证系统 基于EJB开发

     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public void removeAllKeyRecoveryData(Admin admin, String username) {
        debug(">removeAllKeyRecoveryData(user: " + username + ")");

        try {
            Collection result = keyrecoverydatahome.findByUsername(username);
            Iterator iter = result.iterator();

            while (iter.hasNext()) {
                ((KeyRecoveryDataLocal) iter.next()).remove();
            }

            logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
                    null, LogEntry.EVENT_INFO_KEYRECOVERY,
                    "All keyrecovery data for user: " + username + " removed.");
        } catch (Exception e) {
            logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
                    null, LogEntry.EVENT_ERROR_KEYRECOVERY,
                    "Error when removing all keyrecovery data for user: " + username + ".");
        }

        debug("<removeAllKeyRecoveryData()");
    } // removeAllKeyRecoveryData

    /**
     * Returns the keyrecovery data for a user. Observe only one certificates key can be recovered
     * for every user at the time.
     *
     * @param admin DOCUMENT ME!
     * @param username DOCUMENT ME!
     *
     * @return the marked keyrecovery data  or null if no recoverydata can be found.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public KeyRecoveryData keyRecovery(Admin admin, String username) {
        debug(">keyRecovery(user: " + username + ")");

        KeyRecoveryData returnval = null;
        KeyRecoveryDataLocal krd = null;
        X509Certificate certificate = null;

        try {
            Collection result = keyrecoverydatahome.findByUserMark(username);
            Iterator i = result.iterator();

            try {
                while (i.hasNext()) {
                    krd = (KeyRecoveryDataLocal) i.next();

                    if (returnval == null) {
                        int caid = krd.getIssuerDN().hashCode();

                        KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
                                new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_DECRYPTKEYS, krd.getKeyDataAsByteArray()));
                        KeyPair keys = response.getKeyPair();
                        certificate = (X509Certificate) certificatestoresession
                        .findCertificateByIssuerAndSerno(admin,
                                krd.getIssuerDN(), krd.getCertificateSN());
                        returnval = new KeyRecoveryData(krd.getCertificateSN(), krd.getIssuerDN(),
                                krd.getUsername(), krd.getMarkedAsRecoverable(), keys, certificate);

                        
                    }

                    // krd.setMarkedAsRecoverable(false);
                }

                logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
                        "Keydata for user: " + username + " have been sent for key recovery.");
            } catch (Exception e) {
                log.error("-keyRecovery: ", e);
                logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, null, LogEntry.EVENT_ERROR_KEYRECOVERY,
                        "Error when trying to revover key data.");
            }
        } catch (FinderException e) {
        }

        debug("<keyRecovery()");

        return returnval;
    } // keyRecovery

    /**
     * Marks a users newest certificate for key recovery. Newest means certificate with latest not
     * before date.
     *
     * @param admin the administrator calling the function
     * @param username or the user.
     *
     * @return true if operation went successful or false if no certificates could be found for
     *         user, or user already marked.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public boolean markNewestAsRecoverable(Admin admin, String username) {
        debug(">markNewestAsRecoverable(user: " + username + ")");

        boolean returnval = false;
        long newesttime = 0;
        KeyRecoveryDataLocal krd = null;
        KeyRecoveryDataLocal newest = null;
        X509Certificate certificate = null;
        X509Certificate newestcertificate = null;

        if (!isUserMarked(admin, username)) {
            try {
                Collection result = keyrecoverydatahome.findByUsername(username);
                Iterator iter = result.iterator();

                while (iter.hasNext()) {
                    krd = (KeyRecoveryDataLocal) iter.next();
                    certificate = (X509Certificate) certificatestoresession
                            .findCertificateByIssuerAndSerno(admin,
                                    krd.getIssuerDN(), krd.getCertificateSN());

                    if (certificate != null) {
                        if (certificate.getNotBefore().getTime() > newesttime) {
                            newesttime = certificate.getNotBefore().getTime();
                            newest = krd;
                            newestcertificate = certificate;
                        }
                    }
                }

                if (newest != null) {
                    newest.setMarkedAsRecoverable(true);
                    returnval = true;
                }

                logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, newestcertificate, LogEntry.EVENT_INFO_KEYRECOVERY,
                        "User's newest certificate marked for recovery.");
            } catch (Exception e) {
                logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, null, LogEntry.EVENT_ERROR_KEYRECOVERY,
                        "Error when trying to mark users newest certificate for recovery.");
            }
        }

        debug("<markNewestAsRecoverable()");

        return returnval;
    } // markNewestAsRecoverable

    /**
     * Marks a users certificate for key recovery.
     *
     * @param admin the administrator calling the function
     * @param certificate the certificate used with the keys about to be removed.
     *
     * @return true if operation went successful or false if  certificate couldn't be found.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public boolean markAsRecoverable(Admin admin, X509Certificate certificate) {
        debug(">markAsRecoverable(certificatesn: " + certificate.getSerialNumber() + ")");

        boolean returnval = false;
        final String hexSerial = certificate.getSerialNumber().toString(16);
        final String dn = CertTools.getIssuerDN(certificate);
        try {
            String username = null;
            KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
            username = krd.getUsername();
            krd.setMarkedAsRecoverable(true);
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
                    certificate, LogEntry.EVENT_INFO_KEYRECOVERY,
                    "User's certificate marked for recovery.");
            returnval = true;
        } catch (Exception e) {
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
                    certificate, LogEntry.EVENT_ERROR_KEYRECOVERY,
                    "Error when trying to mark certificate for recovery.");
        }

        debug("<markAsRecoverable()");

        return returnval;
    } // markAsRecoverable

    /**
     * Resets keyrecovery mark for a user,
     *
     * @param admin DOCUMENT ME!
     * @param username DOCUMENT ME!
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public void unmarkUser(Admin admin, String username) {
        debug(">unmarkUser(user: " + username + ")");

        KeyRecoveryDataLocal krd = null;

        try {
            Collection result = keyrecoverydatahome.findByUserMark(username);            
            Iterator i = result.iterator();

            while (i.hasNext()) {
                krd = (KeyRecoveryDataLocal) i.next();
                krd.setMarkedAsRecoverable(false);
            }
        } catch (Exception e) {
            throw new EJBException(e);
        }

        debug("<unmarkUser()");
    } // unmarkUser

    /**
     * Returns true if a user is marked for key recovery.
     *
     * @param admin DOCUMENT ME!
     * @param username DOCUMENT ME!
     *
     * @return true if user is already marked for key recovery.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public boolean isUserMarked(Admin admin, String username) {
        debug(">isUserMarked(user: " + username + ")");

        boolean returnval = false;
        KeyRecoveryDataLocal krd = null;
        try {
            Collection result = keyrecoverydatahome.findByUserMark(username);
            Iterator i = result.iterator();

            while (i.hasNext()) {
                krd = (KeyRecoveryDataLocal) i.next();

                if (krd.getMarkedAsRecoverable()) {
                    returnval = true;
                    break;
                }
            }
        } catch (Exception e) {
            throw new EJBException(e);
        }
        debug("<isUserMarked(" + returnval + ")");
        return returnval;
    } // isUserMarked

    /**
     * Returns true if specified certificates keys exists in database.
     *
     * @param admin the administrator calling the function
     * @param certificate the certificate used with the keys about to be removed.
     *
     * @return true if user is already marked for key recovery.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public boolean existsKeys(Admin admin, X509Certificate certificate) {
        debug(">existsKeys()");

        boolean returnval = false;
        final String hexSerial = certificate.getSerialNumber().toString(16);
        final String dn = CertTools.getIssuerDN(certificate);
        try {
            KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
            debug("Found key for user: "+krd.getUsername());
            returnval = true;
        } catch (FinderException e) {
        }
        debug("<existsKeys(" + returnval + ")");
        return returnval;
    } // existsKeys

}// LocalKeyRecoverySessionBean