ejbcawebbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package org.ejbca.ui.web.admin.configuration;

import java.net.URLDecoder;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Collection;
import java.util.Date;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;
import org.ejbca.core.ejb.ServiceLocator;
import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;
import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocal;
import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocalHome;
import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;
import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal;
import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocalHome;
import org.ejbca.core.ejb.log.ILogSessionLocal;
import org.ejbca.core.ejb.log.ILogSessionLocalHome;
import org.ejbca.core.ejb.ra.IUserAdminSessionLocal;
import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome;
import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal;
import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome;
import org.ejbca.core.model.authorization.AuthenticationFailedException;
import org.ejbca.core.model.authorization.AuthorizationDeniedException;
import org.ejbca.core.model.log.Admin;
import org.ejbca.core.model.log.LogEntry;
import org.ejbca.core.model.ra.raadmin.AdminPreference;
import org.ejbca.core.model.ra.raadmin.GlobalConfiguration;
import org.ejbca.util.CertTools;
import org.ejbca.util.HTMLTools;
import org.ejbca.util.dn.DNFieldExtractor;

/**
 * The main bean for the web interface, it contains all basic functions.
 *
 * @author  Philip Vendil
 * @version $Id: EjbcaWebBean.java,v 1.8.2.1 2007/01/24 08:47:41 anatom Exp $
 */
public class EjbcaWebBean implements java.io.Serializable {

    private static Logger log = Logger.getLogger(EjbcaWebBean.class);

    // Public Constants.
    public static final int AUTHORIZED_RA_VIEW_RIGHTS        = 0;
    public static final int AUTHORIZED_RA_EDIT_RIGHTS        = 1;
    public static final int AUTHORIZED_RA_CREATE_RIGHTS      = 2;
    public static final int AUTHORIZED_RA_DELETE_RIGHTS      = 3;
    public static final int AUTHORIZED_RA_REVOKE_RIGHTS      = 4;
    public static final int AUTHORIZED_RA_HISTORY_RIGHTS     = 5;
    public static final int AUTHORIZED_HARDTOKEN_VIEW_RIGHTS = 6;
    public static final int AUTHORIZED_CA_VIEW_CERT          = 7;
    public static final int AUTHORIZED_RA_KEYRECOVERY_RIGHTS = 8;

    private static final int AUTHORIZED_FIELD_LENGTH     = 9;
    private static final String[] AUTHORIZED_RA_RESOURCES = {"/ra_functionality/view_end_entity", "/ra_functionality/edit_end_entity",
                                                             "/ra_functionality/create_end_entity", "/ra_functionality/delete_end_entity",
                                                             "/ra_functionality/revoke_end_entity","/ra_functionality/view_end_entity_history",
                                                             "/ra_functionality/view_hardtoken","/ca_functionality/view_certificate",
                                                             "/ra_functionality/keyrecovery"};

    // Private Fields.
    private ILogSessionLocal               logsession;
    private AdminPreferenceDataHandler     adminspreferences;
    private AdminPreference                currentadminpreference;
    private GlobalConfiguration            globalconfiguration;
    private ServletContext                 servletContext = null;
    private GlobalConfigurationDataHandler globaldataconfigurationdatahandler;
    private AuthorizationDataHandler       authorizedatahandler;
    private WebLanguages                   adminsweblanguage;
    private String                         usercommonname = "";
    private String                         certificatefingerprint;
    private X509Certificate[]              certificates;
    private InformationMemory              informationmemory;
    private boolean                        initialized=false;
    private boolean                        errorpage_initialized=false;
    private Boolean[]                      raauthorized;
    private Admin                          administrator;
    private String                         requestServerName;

    

    /** Creates a new instance of EjbcaWebBean */
    public EjbcaWebBean() {
      initialized=false;
      raauthorized = new Boolean[AUTHORIZED_FIELD_LENGTH];
    }


    private void commonInit() throws Exception {
        ServiceLocator locator = ServiceLocator.getInstance();

    	IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) locator.getLocalHome(IRaAdminSessionLocalHome.COMP_NAME);
    	IRaAdminSessionLocal raadminsession = raadminsessionhome.create();

    	ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) locator.getLocalHome(ILogSessionLocalHome.COMP_NAME);
    	logsession = logsessionhome.create();

    	ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) locator.getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
    	ICAAdminSessionLocal caadminsession = caadminsessionhome.create();

    	ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) locator.getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
    	ICertificateStoreSessionLocal certificatestoresession = certificatestoresessionhome.create();

    	IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) locator.getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME);
    	IAuthorizationSessionLocal authorizationsession = authorizationsessionhome.create();

    	IHardTokenSessionLocalHome hardtokensessionhome = (IHardTokenSessionLocalHome) locator.getLocalHome(IHardTokenSessionLocalHome.COMP_NAME);
    	IHardTokenSessionLocal hardtokensession = hardtokensessionhome.create();

        IPublisherSessionLocalHome publishersessionhome = (IPublisherSessionLocalHome) locator.getLocalHome(IPublisherSessionLocalHome.COMP_NAME);
    	IPublisherSessionLocal publishersession = publishersessionhome.create();               		
    	
    	globaldataconfigurationdatahandler =  new GlobalConfigurationDataHandler(administrator, raadminsession, authorizationsession);        
    	globalconfiguration = this.globaldataconfigurationdatahandler.loadGlobalConfiguration();       
		if(informationmemory == null){		  
    	  informationmemory = new InformationMemory(administrator, caadminsession, raadminsession, authorizationsession, certificatestoresession, hardtokensession, publishersession, globalconfiguration);
		}
    	authorizedatahandler = new AuthorizationDataHandler(administrator, informationmemory, authorizationsession);
    	
    }
    /* Sets the current user and returns the global configuration */
    public GlobalConfiguration initialize(HttpServletRequest request, String resource) throws Exception{
    	
    	certificates = (X509Certificate[]) request.getAttribute( "javax.servlet.request.X509Certificate" );
    	if(certificates == null) throw new AuthenticationFailedException("Client certificate required.");

    	
    	String userdn = "";
    	
    	if(!initialized){
    		requestServerName = getRequestServerName(request);
    		
    		administrator = new Admin(certificates[0]) ;
    		
    		commonInit();
            ServiceLocator locator = ServiceLocator.getInstance();
    		IUserAdminSessionLocalHome adminsessionhome = (IUserAdminSessionLocalHome) locator.getLocalHome(IUserAdminSessionLocalHome.COMP_NAME);
    		IUserAdminSessionLocal  adminsession = adminsessionhome.create();
    		
    		adminspreferences = new AdminPreferenceDataHandler(administrator);
    		
    		// Check if user certificate is revoked
    		authorizedatahandler.authenticate(certificates[0]);
    		
    		// Set ServletContext for reading language files from resources
    		servletContext = request.getSession(true).getServletContext();
    		
    		// Check if certificate and user is an RA Admin
    		userdn = CertTools.getSubjectDN(certificates[0]);
    		log.debug("Verifying authorization of '"+userdn);    		
    		adminsession.checkIfCertificateBelongToAdmin(administrator, certificates[0].getSerialNumber(), certificates[0].getIssuerDN().toString());        
    		logsession.log(administrator, certificates[0], LogEntry.MODULE_ADMINWEB,  new java.util.Date(),null, null, LogEntry.EVENT_INFO_ADMINISTRATORLOGGEDIN,"");
    	}

    	try {
    		isAuthorized(URLDecoder.decode(resource,"UTF-8"));
    	} catch(AuthorizationDeniedException e) {
    		throw new AuthorizationDeniedException("You are not authorized to view this page.");
    	} catch(java.io.UnsupportedEncodingException e) {}
    	
    	
    	if(!initialized){
    		certificatefingerprint = CertTools.getFingerprintAsString(certificates[0]);
    		
    		// Get current admin preference.
    		currentadminpreference=null;
    		if(certificatefingerprint != null){
    			currentadminpreference = adminspreferences.getAdminPreference(certificatefingerprint);
    		}
    		if(currentadminpreference == null){
    			currentadminpreference = adminspreferences.getDefaultAdminPreference();
    		}
    		adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage()
    				,currentadminpreference.getSecondaryLanguage());
    		
    		// set User Common Name
    		DNFieldExtractor dn = new DNFieldExtractor(userdn, DNFieldExtractor.TYPE_SUBJECTDN);
    		usercommonname = dn.getField(DNFieldExtractor.CN,0);
    		
    		initialized=true;
    	}
    	return globalconfiguration;
    }


    /**
     * Method that returns the servername, extracted from the HTTPServlet Request, 
     * no protocol, port or application path is returned
     * @return the server name requested
     */
    private String getRequestServerName(HttpServletRequest request) {    	
    	String requestURL = request.getRequestURL().toString();
    	
    	// Remove https://
    	requestURL = requestURL.substring(8);
    	int firstSlash = requestURL.indexOf("/");
    	// Remove application path
    	requestURL =requestURL.substring(0,firstSlash);
		
		return requestURL;
	}


	public GlobalConfiguration initialize_errorpage(HttpServletRequest request) throws Exception{

      if(!errorpage_initialized){
              
        if(administrator == null){
          String remoteAddr = request.getRemoteAddr();
          administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, remoteAddr);
        }
        commonInit(); 
        
        adminspreferences = new AdminPreferenceDataHandler(administrator);

		// Set ServletContext for reading language files from resources
        servletContext = request.getSession(true).getServletContext();

        if(currentadminpreference == null){
           currentadminpreference = adminspreferences.getDefaultAdminPreference();
        }
        adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage()
                                             ,currentadminpreference.getSecondaryLanguage());
        errorpage_initialized=true;
      }
      return globalconfiguration;
    }

    /** Returns the current users common name */
    public String getUsersCommonName(){
      return usercommonname;
    }

    /** Returns the users certificate serialnumber, user to id the adminpreference. */
    public String getCertificateFingerprint(){
      return certificatefingerprint;
    }


    /** Return the admins selected theme including it's trailing '.css' */
    public String getCssFile(){
      return globalconfiguration.getAdminWebPath() + globalconfiguration.getThemePath() + "/" + currentadminpreference.getTheme() + ".css";
    }

    /** Returns the admins prefered language */
    public int getPreferedLanguage() {
      return currentadminpreference.getPreferedLanguage();
    }

    /** Returns the admins secondary language. */
    public int getSecondaryLanguage() {
      return currentadminpreference.getSecondaryLanguage();
    }

    public int getEntriesPerPage(){
      return currentadminpreference.getEntriesPerPage();
    }

    public int getLogEntriesPerPage(){
      return currentadminpreference.getLogEntriesPerPage();
    }

    public void setLogEntriesPerPage(int logentriesperpage) throws Exception{
        currentadminpreference.setLogEntriesPerPage(logentriesperpage);
        if(existsAdminPreference()){
          adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference);
        }else{
          addAdminPreference(currentadminpreference);
        }
    }

    public int getLastFilterMode(){ return currentadminpreference.getLastFilterMode();}
    public void setLastFilterMode(int lastfiltermode) throws Exception{
        currentadminpreference.setLastFilterMode(lastfiltermode);
        if(existsAdminPreference()){
          adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference);
        }else{