rainterfacebean.java

JAVA做的J2EE下CA认证系统 基于EJB开发

     * @param username user the certs belong to
     */
    private void loadCertificateView(Collection certs, String username) {
    	if(!certs.isEmpty()){
    		Iterator j = certs.iterator();
    		certificates = new CertificateView[certs.size()];
    		for(int i=0; i< certificates.length; i++){
    			RevokedInfoView revokedinfo = null;
    			X509Certificate cert = (X509Certificate) j.next();
    			RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN(cert), cert.getSerialNumber());
    			if(revinfo != null) {
    				revokedinfo = new RevokedInfoView(revinfo);
    			}
    			certificates[i] = new CertificateView(cert, revokedinfo, username);
    		}
    	}
    	else{
    		certificates = null;
    	}
    } // loadCertificateView

    public boolean revokeTokenCertificates(String tokensn, String username, int reason) throws RemoteException, NamingException, CreateException, AuthorizationDeniedException, FinderException{
       boolean success = true;

       Collection certs = hardtokensession.findCertificatesInHardToken(administrator, tokensn);
       Iterator i = certs.iterator();
       try{
         while(i.hasNext()){
           X509Certificate cert = (X509Certificate) i.next();  
           adminsession.revokeCert(administrator, cert.getSerialNumber(), cert.getIssuerDN().toString(), username, reason);
         }
       }catch( AuthorizationDeniedException e){
         success =false;
       }

       return success;
    }

    public boolean isAllTokenCertificatesRevoked(String tokensn, String username) throws RemoteException, NamingException, CreateException, AuthorizationDeniedException, FinderException{
      Collection certs = hardtokensession.findCertificatesInHardToken(administrator, tokensn);

      boolean allrevoked = true;

      if(!certs.isEmpty()){
        Iterator j = certs.iterator();
        while(j.hasNext()){
          X509Certificate cert = (X509Certificate) j.next();        
          RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN(cert), cert.getSerialNumber());          
          if(revinfo == null || revinfo.getReason()== RevokedCertInfo.NOT_REVOKED)
            allrevoked = false;
        }
      }

      return allrevoked;
    }
    


    public void loadCACertificates(CertificateView[] cacerts) {
        certificates = cacerts;
    }

    public void loadCertificates(BigInteger serno, String issuerdn) throws RemoteException, NamingException, CreateException, AuthorizationDeniedException, FinderException{
	  try{	
		  authorizationsession.isAuthorizedNoLog(administrator, AvailableAccessRules.CAPREFIX + issuerdn.hashCode());        
		  X509Certificate cert = (X509Certificate) certificatesession.findCertificateByIssuerAndSerno(administrator, issuerdn, serno);
		  
		  if(cert != null){
			  RevokedInfoView revokedinfo = null;
			  String username = certificatesession.findUsernameByCertSerno(administrator,serno, cert.getIssuerDN().toString());
			  if(this.adminsession.findUser(administrator, username) != null){
				  int endentityprofileid = this.adminsession.findUser(administrator, username).getEndEntityProfileId();
				  this.endEntityAuthorization(administrator,endentityprofileid,AvailableAccessRules.VIEW_RIGHTS,true);
			  }
			  RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN(cert), cert.getSerialNumber());
			  if(revinfo != null)
				  revokedinfo = new RevokedInfoView(revinfo);
			  
			  certificates = new CertificateView[1];
			  certificates[0] = new CertificateView(cert, revokedinfo, username);
			  
		  }
		  else{
			  certificates = null;
		  }
	  }catch(AuthorizationDeniedException ade){
		  throw new AuthorizationDeniedException("Not authorized to view certificate, error: " + ade.getMessage());
	  }
    }

    public int getNumberOfCertificates(){
      int returnval=0;
      if(certificates != null){
        returnval=certificates.length;
      }
      
      return returnval;
    }

    public CertificateView getCertificate(int index){
      CertificateView returnval = null;      
      if(certificates != null){
        returnval = certificates[index];
      }
      
      return returnval;
    }

    public boolean authorizedToEditUser(int profileid) throws RemoteException{
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.EDIT_RIGHTS, false);
    }

    public boolean authorizedToViewHistory(int profileid) throws RemoteException{
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.HISTORY_RIGHTS, false);
    }

    public boolean authorizedToViewHardToken(String username) throws Exception{
      int profileid = adminsession.findUser(administrator, username).getEndEntityProfileId();
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.HARDTOKEN_RIGHTS, false);
    }

    public boolean authorizedToViewHardToken(int profileid) throws Exception{
      return endEntityAuthorization(administrator, profileid, AvailableAccessRules.HARDTOKEN_RIGHTS, false);
    }

    public boolean authorizedToRevokeCert(String username) throws FinderException, RemoteException, AuthorizationDeniedException{
      boolean returnval=false;
      UserDataVO data = adminsession.findUser(administrator, username);
      if(data == null)
        return false;
              
      int profileid = data.getEndEntityProfileId();

      if(informationmemory.getGlobalConfiguration().getEnableEndEntityProfileLimitations())
       returnval= endEntityAuthorization(administrator, profileid, AvailableAccessRules.REVOKE_RIGHTS, false);
      else
       returnval=true;

      return returnval;
    }


    public boolean keyRecoveryPossible(X509Certificate cert, String username) throws Exception{
      boolean returnval = true;
      
      try{
        authorizationsession.isAuthorizedNoLog(administrator, AvailableAccessRules.REGULAR_KEYRECOVERY);
      }catch(AuthorizationDeniedException ade){
      	returnval = false;
      }
	  
      if(informationmemory.getGlobalConfiguration().getEnableEndEntityProfileLimitations()){
      	UserDataVO data = adminsession.findUser(administrator, username);
      	if(data != null){       	
          int profileid = data.getEndEntityProfileId();
		  returnval = endEntityAuthorization(administrator, profileid, AvailableAccessRules.KEYRECOVERY_RIGHTS, false);		  
      	}else
          returnval = false;         
      }

      return returnval && keyrecoverysession.existsKeys(administrator, cert) && !keyrecoverysession.isUserMarked(administrator,username);
    }

    public void markForRecovery(String username, X509Certificate cert) throws Exception{
      boolean authorized = true;
      if(informationmemory.getGlobalConfiguration().getEnableEndEntityProfileLimitations()){
        int profileid = adminsession.findUser(administrator, username).getEndEntityProfileId();
        authorized = endEntityAuthorization(administrator, profileid, AvailableAccessRules.KEYRECOVERY_RIGHTS, false);
      }

      if(authorized){
        keyrecoverysession.markAsRecoverable(administrator, cert);
        adminsession.setUserStatus(administrator, username,UserDataConstants.STATUS_KEYRECOVERY);
      }
    }

    public String[] getCertificateProfileNames(){
        String[] dummy = {""};
        Collection certprofilenames = this.informationmemory.getAuthorizedEndEntityCertificateProfileNames().keySet();
        if(certprofilenames == null)
            return new String[0];
        return (String[]) certprofilenames.toArray(dummy);
    }

    public int getCertificateProfileId(String certificateprofilename) throws RemoteException{
      return certificatesession.getCertificateProfileId(administrator, certificateprofilename);
    }
    public String getCertificateProfileName(int certificateprofileid) throws RemoteException{
      return this.informationmemory.getCertificateProfileNameProxy().getCertificateProfileName(certificateprofileid);
    }

    public boolean getEndEntityParameter(String parameter){
       if(parameter == null)
         return false;

       return parameter.equals(EndEntityProfile.TRUE);
    }

    /**
     * Help function used to check end entity profile authorization.
     */
    public boolean endEntityAuthorization(Admin admin, int profileid, String rights, boolean log) throws RemoteException {
      boolean returnval = false;
      
      // TODO FIX
      if(admin.getAdminInformation().isSpecialUser()){
        return true;
      }
      try{
        if(log)
           returnval = authorizationsession.isAuthorized(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights) &&
           authorizationsession.isAuthorized(admin, AvailableAccessRules.REGULAR_RAFUNCTIONALITY + rights);
        else
           returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights)&&
           authorizationsession.isAuthorized(admin, AvailableAccessRules.REGULAR_RAFUNCTIONALITY + rights);
      }catch(AuthorizationDeniedException e){}

      return returnval;
    }    

    /**
     *  Help functiosn used by edit end entity pages used to temporary save a profile 
     *  so things can be canceled later
     */
    public EndEntityProfile getTemporaryEndEntityProfile(){
    	return this.temporateendentityprofile;
    }
    
    public void setTemporaryEndEntityProfile(EndEntityProfile profile){
    	this.temporateendentityprofile = profile;
    }

    //
    // Private fields.
    //
    private EndEntityProfileDataHandler    profiles;

    private IUserAdminSessionLocal                 adminsession;
    private IUserAdminSessionLocalHome        adminsessionhome;
    private ICertificateStoreSessionLocal          certificatesession;
    private ICertificateStoreSessionLocalHome certificatesessionhome;
    private IRaAdminSessionLocalHome            raadminsessionhome;
    private IRaAdminSessionLocal                     raadminsession;
    private IAuthorizationSessionLocal              authorizationsession;
    private IHardTokenSessionLocal                  hardtokensession;
    private IKeyRecoverySessionLocal               keyrecoverysession;

    private UsersView                           users;
    private CertificateView[]                  certificates;
    private AddedUserMemory              addedusermemory;
    private Admin                                 administrator;   
    private InformationMemory             informationmemory;
    private boolean initialized=false;
    
    private EndEntityProfile temporateendentityprofile = null;  
}