ejbcawebbean.java

JAVA做的J2EE下CA认证系统 基于EJB开发

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.webdist.webconfiguration;

import java.net.URLDecoder;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Collection;
import java.util.Date;

import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;

import se.anatom.ejbca.authorization.AuthenticationFailedException;
import se.anatom.ejbca.authorization.AuthorizationDeniedException;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;
import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;
import se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocal;
import se.anatom.ejbca.ca.caadmin.ICAAdminSessionLocalHome;
import se.anatom.ejbca.ca.publisher.IPublisherSessionLocal;
import se.anatom.ejbca.ca.publisher.IPublisherSessionLocalHome;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;
import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;
import se.anatom.ejbca.hardtoken.IHardTokenSessionLocal;
import se.anatom.ejbca.hardtoken.IHardTokenSessionLocalHome;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.log.ILogSessionLocal;
import se.anatom.ejbca.log.ILogSessionLocalHome;
import se.anatom.ejbca.log.LogEntry;
import se.anatom.ejbca.ra.IUserAdminSessionLocal;
import se.anatom.ejbca.ra.IUserAdminSessionLocalHome;
import se.anatom.ejbca.ra.raadmin.AdminPreference;
import se.anatom.ejbca.ra.raadmin.DNFieldExtractor;
import se.anatom.ejbca.ra.raadmin.GlobalConfiguration;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocal;
import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocalHome;
import se.anatom.ejbca.util.CertTools;
import se.anatom.ejbca.util.ServiceLocator;
import se.anatom.ejbca.util.ServiceLocatorException;

/**
 * The main bean for the web interface, it contains all basic functions.
 *
 * @author  Philip Vendil
 * @version $Id: EjbcaWebBean.java,v 1.46 2005/05/19 06:15:13 herrvendil Exp $
 */
public class EjbcaWebBean implements java.io.Serializable {

    private static Logger log = Logger.getLogger(EjbcaWebBean.class);

    // Public Constants.
    public static final int AUTHORIZED_RA_VIEW_RIGHTS        = 0;
    public static final int AUTHORIZED_RA_EDIT_RIGHTS        = 1;
    public static final int AUTHORIZED_RA_CREATE_RIGHTS      = 2;
    public static final int AUTHORIZED_RA_DELETE_RIGHTS      = 3;
    public static final int AUTHORIZED_RA_REVOKE_RIGHTS      = 4;
    public static final int AUTHORIZED_RA_HISTORY_RIGHTS     = 5;
    public static final int AUTHORIZED_HARDTOKEN_VIEW_RIGHTS = 6;
    public static final int AUTHORIZED_CA_VIEW_CERT          = 7;
    public static final int AUTHORIZED_RA_KEYRECOVERY_RIGHTS = 8;

    private static final int AUTHORIZED_FIELD_LENGTH     = 9;
    private static final String[] AUTHORIZED_RA_RESOURCES = {"/ra_functionality/view_end_entity", "/ra_functionality/edit_end_entity",
                                                             "/ra_functionality/create_end_entity", "/ra_functionality/delete_end_entity",
                                                             "/ra_functionality/revoke_end_entity","/ra_functionality/view_end_entity_history",
                                                             "/ra_functionality/view_hardtoken","/ca_functionality/view_certificate",
                                                             "/ra_functionality/keyrecovery"};

    // Private Fields.
    private ILogSessionLocal               logsession;
    private AdminPreferenceDataHandler     adminspreferences;
    private AdminPreference                currentadminpreference;
    private GlobalConfiguration            globalconfiguration;
    private GlobalConfigurationDataHandler globaldataconfigurationdatahandler;
    private AuthorizationDataHandler       authorizedatahandler;
    private WebLanguages                   adminsweblanguage;
    private String                         usercommonname = "";
    private String                         certificatefingerprint;
    private X509Certificate[]              certificates;
    private InformationMemory              informationmemory;
    private boolean                        initialized=false;
    private boolean                        errorpage_initialized=false;
    private Boolean[]                      raauthorized;
    private Admin                          administrator;

    

    /** Creates a new instance of EjbcaWebBean */
    public EjbcaWebBean() {
      initialized=false;
      raauthorized = new Boolean[AUTHORIZED_FIELD_LENGTH];
    }


    private void commonInit() throws Exception {
        ServiceLocator locator = ServiceLocator.getInstance();

    	IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) locator.getLocalHome(IRaAdminSessionLocalHome.COMP_NAME);
    	IRaAdminSessionLocal raadminsession = raadminsessionhome.create();

    	ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) locator.getLocalHome(ILogSessionLocalHome.COMP_NAME);
    	logsession = logsessionhome.create();

    	ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) locator.getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
    	ICAAdminSessionLocal caadminsession = caadminsessionhome.create();

    	ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) locator.getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
    	ICertificateStoreSessionLocal certificatestoresession = certificatestoresessionhome.create();

    	IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) locator.getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME);
    	IAuthorizationSessionLocal authorizationsession = authorizationsessionhome.create();

    	IHardTokenSessionLocalHome hardtokensessionhome = (IHardTokenSessionLocalHome) locator.getLocalHome(IHardTokenSessionLocalHome.COMP_NAME);
    	IHardTokenSessionLocal hardtokensession = hardtokensessionhome.create();

        IPublisherSessionLocalHome publishersessionhome = (IPublisherSessionLocalHome) locator.getLocalHome(IPublisherSessionLocalHome.COMP_NAME);
    	IPublisherSessionLocal publishersession = publishersessionhome.create();               		
    	
    	globaldataconfigurationdatahandler =  new GlobalConfigurationDataHandler(administrator, raadminsession, authorizationsession);        
    	globalconfiguration = this.globaldataconfigurationdatahandler.loadGlobalConfiguration();       
		if(informationmemory == null){		  
    	  informationmemory = new InformationMemory(administrator, caadminsession, raadminsession, authorizationsession, certificatestoresession, hardtokensession, publishersession, globalconfiguration);
		}
    	authorizedatahandler = new AuthorizationDataHandler(administrator, informationmemory, authorizationsession);
    	
    }
    /* Sets the current user and returns the global configuration */
    public GlobalConfiguration initialize(HttpServletRequest request, String resource) throws Exception{
    	
    	certificates = (X509Certificate[]) request.getAttribute( "javax.servlet.request.X509Certificate" );
    	if(certificates == null) throw new AuthenticationFailedException("Client certificate required.");

    	String userdn = "";
    	
    	if(!initialized){
    		administrator = new Admin(certificates[0]) ;
    		
    		commonInit();
            ServiceLocator locator = ServiceLocator.getInstance();
    		IUserAdminSessionLocalHome adminsessionhome = (IUserAdminSessionLocalHome) locator.getLocalHome(IUserAdminSessionLocalHome.COMP_NAME);
    		IUserAdminSessionLocal  adminsession = adminsessionhome.create();
    		
    		adminspreferences = new AdminPreferenceDataHandler(administrator);
    		
    		// Check if user certificate is revoked
    		authorizedatahandler.authenticate(certificates[0]);
    		
    		// Check if certificate and user is an RA Admin
    		userdn = CertTools.getSubjectDN(certificates[0]);
    		log.debug("Verifying authorization of '"+userdn);    		
    		adminsession.checkIfCertificateBelongToAdmin(administrator, certificates[0].getSerialNumber(), certificates[0].getIssuerDN().toString());        
    		logsession.log(administrator, certificates[0], LogEntry.MODULE_ADMINWEB,  new java.util.Date(),null, null, LogEntry.EVENT_INFO_ADMINISTRATORLOGGEDIN,"");
    	}

    	try {
    		isAuthorized(URLDecoder.decode(resource,"UTF-8"));
    	} catch(AuthorizationDeniedException e) {
    		throw new AuthorizationDeniedException("You are not authorized to view this page.");
    	} catch(java.io.UnsupportedEncodingException e) {}
    	
    	
    	if(!initialized){
    		certificatefingerprint = CertTools.getFingerprintAsString(certificates[0]);
    		
    		// Get current admin preference.
    		currentadminpreference=null;
    		if(certificatefingerprint != null){
    			currentadminpreference = adminspreferences.getAdminPreference(certificatefingerprint);
    		}
    		if(currentadminpreference == null){
    			currentadminpreference = adminspreferences.getDefaultAdminPreference();
    		}
    		adminsweblanguage = new WebLanguages(globalconfiguration, currentadminpreference.getPreferedLanguage()
    				,currentadminpreference.getSecondaryLanguage());
    		
    		// set User Common Name
    		DNFieldExtractor dn = new DNFieldExtractor(userdn, DNFieldExtractor.TYPE_SUBJECTDN);
    		usercommonname = dn.getField(DNFieldExtractor.CN,0);
    		
    		initialized=true;
    	}
    	return globalconfiguration;
    }


    public GlobalConfiguration initialize_errorpage(HttpServletRequest request) throws Exception{

      if(!errorpage_initialized){
              
        if(administrator == null){
          String remoteAddr = request.getRemoteAddr();
          administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, remoteAddr);
        }
        commonInit(); 
        
        adminspreferences = new AdminPreferenceDataHandler(administrator);

        if(currentadminpreference == null){
           currentadminpreference = adminspreferences.getDefaultAdminPreference();
        }
        adminsweblanguage = new WebLanguages(globalconfiguration, currentadminpreference.getPreferedLanguage()
                                             ,currentadminpreference.getSecondaryLanguage());
        errorpage_initialized=true;
      }
      return globalconfiguration;
    }

    /** Returns the current users common name */
    public String getUsersCommonName(){
      return usercommonname;
    }

    /** Returns the users certificate serialnumber, user to id the adminpreference. */
    public String getCertificateFingerprint(){
      return certificatefingerprint;
    }


    /** Return the admins selected theme including it's trailing '.css' */
    public String getCssFile(){
      return globalconfiguration.getAdminWebPath() + globalconfiguration.getThemePath() + "/" + currentadminpreference.getTheme() + ".css";
    }

    /** Returns the admins prefered language */
    public int getPreferedLanguage() {
      return currentadminpreference.getPreferedLanguage();
    }

    /** Returns the admins secondary language. */
    public int getSecondaryLanguage() {
      return currentadminpreference.getSecondaryLanguage();
    }

    public int getEntriesPerPage(){
      return currentadminpreference.getEntriesPerPage();
    }

    public int getLogEntriesPerPage(){
      return currentadminpreference.getLogEntriesPerPage();
    }

    public void setLogEntriesPerPage(int logentriesperpage) throws Exception{
        currentadminpreference.setLogEntriesPerPage(logentriesperpage);
        if(existsAdminPreference()){
          adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference);
        }else{
          addAdminPreference(currentadminpreference);
        }
    }

    public int getLastFilterMode(){ return currentadminpreference.getLastFilterMode();}
    public void setLastFilterMode(int lastfiltermode) throws Exception{
        currentadminpreference.setLastFilterMode(lastfiltermode);
        if(existsAdminPreference()){
          adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference);
        }else{
          addAdminPreference(currentadminpreference);
        }
    }
    public int getLastLogFilterMode(){ return currentadminpreference.getLastLogFilterMode();}
    public void setLastLogFilterMode(int lastlogfiltermode) throws Exception{
        currentadminpreference.setLastLogFilterMode(lastlogfiltermode);
        if(existsAdminPreference()){
          adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference);
        }else{
          addAdminPreference(currentadminpreference);
        }
    }

    public int getLastEndEntityProfile(){ return currentadminpreference.getLastProfile();}
    public void setLastEndEntityProfile(int lastprofile) throws Exception{
        currentadminpreference.setLastProfile(lastprofile);
        if(existsAdminPreference()){
          adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference);
        }else{
          addAdminPreference(currentadminpreference);