approvalrequest.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
package org.ejbca.core.model.approval;

import java.io.ByteArrayInputStream;
import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;

import javax.ejb.CreateException;
import javax.ejb.EJBException;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.ejbca.core.ejb.ServiceLocator;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;
import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;
import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal;
import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocalHome;
import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal;
import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome;
import org.ejbca.core.model.SecConst;
import org.ejbca.core.model.log.Admin;
import org.ejbca.util.Base64;
import org.ejbca.util.CertTools;



/**
 * Abstract Base class representing one approval request created when
 * an administrator performs an action that requires an approval.
 * 
 * 
 * Contains information like:
 * Admin that performs the request
 * Data necessary to display the request to the approver
 * Eventual data necessary to execute the request. 
 *  
 * 
 * 
 * @author Philip Vendil
 * @version $Id: ApprovalRequest.java,v 1.8 2006/08/13 10:13:58 anatom Exp $
 */

public abstract class ApprovalRequest implements  Externalizable { 
	
	private static final long serialVersionUID = -1L;
	
	private static final Logger log = Logger.getLogger(ApprovalRequest.class);
	
	private static final int LATEST_VERSION = 2;
		
	/**
	 * Simple request type means that the approver will only see new data about the
	 * action and will not compare it to old data
	 */
	public static final int REQUESTTYPE_SIMPLE    = 1;
	
	/**
	 * Comparing request type means that the approving administrator have to
	 * compare old data with new data in the request.
	 * 
	 */
	public static final int REQUESTTYPE_COMPARING = 2;
	
	/**
	 * The default request validity used if not method getRequestValidity is overridden
	 *
	 */
	protected static final long DEFAULT_REQUESTVALIDITY = 28800 * 1000;
	protected static final String DEFAULT_REQUESTVALIDITYSTRING = "@approval.defaultrequestvalidity@";

	/**
	 * The default approval validity used if not method getApprovalValidity is overridden
	 *
	 */
	protected static final long DEFAULT_APPROVALVALIDITY = 28800 * 1000;
	protected static final String DEFAULT_APPROVALVALIDITYSTRING = "@approval.defaultapprovalvalidity@";

    private Admin requestAdmin = null; // Base64 encoding of x509certificate   
    
    private String requestSignature = null;        
    
    private int approvalRequestType = REQUESTTYPE_SIMPLE;
    
    private int numOfRequiredApprovals = 0;
    
    private int cAId = 0;
    
    private int endEntityProfileId = 0;
   
    /**
     * Main constructor of an approval request
     * @param requestAdminCert the certificate of the requesting admin
     * @param requestSignature signature of the requestor (OPTIONAL, for future use)
     * @param approvalRequestType one of TYPE_ constants
     * @param numOfRequiredApprovals 
     * @param cAId the related cAId of the request that the approver must be authorized to or ApprovalDataVO.ANY_CA in applicable to any ca
     * @param endEntityProfileId the related profile id that the approver must be authorized to or ApprovalDataVO.ANY_ENDENTITYPROFILE if applicable to any end entity profile
     */
	protected ApprovalRequest(Admin requestAdmin, String requestSignature, 
			                  int approvalRequestType, int numOfRequiredApprovals, int cAId, int endEntityProfileId) {
		super();
		
   	    setRequestAdmin(requestAdmin);
		this.requestSignature = requestSignature;
		this.approvalRequestType = approvalRequestType;
		this.numOfRequiredApprovals = numOfRequiredApprovals;
		this.cAId = cAId;
		this.endEntityProfileId = endEntityProfileId;
	}
	
	/**
	 * Constuctor used in externaliziation only
	 */
	public ApprovalRequest(){
	}
	
	/**
	 * Should return true if the request if of the type that should be executed
	 * by the last approver.
	 * 
	 * False if the request admin should do a polling action to try again.
	 */
	public abstract boolean isExecutable();
	
	/**
	 * A main function of the ApprovalRequest, the execute() method
	 * is run when all required approvals have been made.
	 * 
	 * execute should perform the action or nothing if the requesting admin
	 * is supposed to try his action again.
	 */
	public abstract void execute() throws ApprovalRequestExecutionException;
	
	/**
	 * Method that should generate an approval id for this type of
	 * approval, the same request i.e the same admin want's to do the
	 * same thing twice should result in the same approvalId.
	 */
	public abstract int generateApprovalId();
	
	/**
	 * This method should return the request data in text representation.
	 * This text is presented for the approving administrator in order
	 * for him to make a desition about the request.
	 * 
	 * Should return a List of ApprovalDataText, one for each row
	 */
	public abstract List getNewRequestDataAsText(Admin admin);
	
	/**
	 * This method should return the original request data in text representation.
	 * Should only be implemented by TYPE_COMPARING ApprovalRequests.
	 * TYPE_SIMPLE requests should return null;
	 * 
	 * This text is presented for the approving administrator for him to
	 * compare of what will be done.
	 * 
	 * Should return a Collection of ApprovalDataText, one for each row
	 */
	public abstract List getOldRequestDataAsText(Admin admin);
		
	/**
	 * This method is used to check if this is an allowed transition between
	 * two states, so that it does not require approval. 
	 * Override this method to add allowed transitions.
	 * 
	 * @return true if this transition does not require approval, false by default.
	 * 
	 */
	public boolean isAllowedTransition() {
		return false;
	}

	/**
	 * Should return the time in millisecond that the request should be valid
	 * or Long.MAX_VALUE if it should never expire
	 * 
	 * Default if will return the value defined in the ejbca.properties
	 */
	public long getRequestValidity(){
		long ret = DEFAULT_REQUESTVALIDITY; 
		if (StringUtils.isNotEmpty(DEFAULT_REQUESTVALIDITYSTRING)) {
			ret = Long.parseLong(DEFAULT_REQUESTVALIDITYSTRING) * 1000;
		}
		return ret;
	}
	
	/**
	 * Should return the time in millisecond that the approval should be valid
	 * or Long.MAX_VALUE if it should never expire
	 * 
	 * Default if will return the value defined in the ejbca.properties
	 */
	public long getApprovalValidity(){
		long ret = DEFAULT_APPROVALVALIDITY; 
		if (StringUtils.isNotEmpty(DEFAULT_APPROVALVALIDITYSTRING)) {
			ret = Long.parseLong(DEFAULT_APPROVALVALIDITYSTRING) * 1000;
		}
		return ret;
	}
	
	
	/**
	 * Should return one of the ApprovalDataVO.APPROVALTYPE_ constants
	 */
	public abstract int getApprovalType();
	
	

    /**
     * Method returning the number of required approvals in order to execute the request.
     */
	public int getNumOfRequiredApprovals(){
		return numOfRequiredApprovals;
	}


	/**
	 * The type of requesttype, one of TYPE_ constants
	 * 
	 */
	public int getApprovalRequestType() {
		return approvalRequestType;
	}

	/**
	 * @return Returns the requestSignature. OPTIONAL
	 */
	public String getRequestSignature() {
		return requestSignature;
	}

    /**
     * Returns the related ca id.
     * The approving administrator must be authorized to this ca
     * in order to approve it.
     */
	public int getCAId() {
		return cAId;
	}
	
    /**
     * Returns the related end entity profile id.
     * The approving administrator must be authorized to this profile
     * in order to approve it.
     */
	public int getEndEntityProfileId() {
		return endEntityProfileId;
	}


	private void setRequestAdmin(Admin requestAdmin) {				
		this.requestAdmin = requestAdmin; 				
	}
	
	/**
	 * Returns the certificate of the request admin.
	 */
	public X509Certificate getRequestAdminCert() {			      
      return requestAdmin.getAdminInformation().getX509Certificate();
	}

	
	public Admin getRequestAdmin() {		
		return requestAdmin;
	}
	

	public void writeExternal(ObjectOutput out) throws IOException {
		out.writeInt(LATEST_VERSION);
		out.writeObject(this.requestAdmin);
		out.writeObject(this.requestSignature);
		out.writeInt(this.approvalRequestType);
		out.writeInt(this.numOfRequiredApprovals);
		out.writeInt(this.cAId);
		out.writeInt(this.endEntityProfileId);
	}

	public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
        
		int version = in.readInt();
		if(version == 1){
			String requestAdminCert = (String) in.readObject();			
			byte[] certbuf = Base64.decode(requestAdminCert.getBytes());
		      CertificateFactory cf = CertTools.getCertificateFactory();
		      X509Certificate x509cert = null;
		      try {
		    	  x509cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(certbuf));
		      } catch (CertificateException e) {
		    	  log.error(e);
		      }
		    this.requestAdmin = new Admin(x509cert); 
			
			this.requestSignature = (String) in.readObject();
			this.approvalRequestType = in.readInt();
			this.numOfRequiredApprovals =  in.readInt();
			this.cAId = in.readInt();
			this.endEntityProfileId = in.readInt();
		}
		if(version == 2){
			this.requestAdmin = (Admin) in.readObject();
			this.requestSignature = (String) in.readObject();
			this.approvalRequestType = in.readInt();
			this.numOfRequiredApprovals =  in.readInt();
			this.cAId = in.readInt();
			this.endEntityProfileId = in.readInt();
		}
		
	}
	
	// Help Methods for approval requests
	protected String getCAName(Admin admin,int caid){
		String caname;
			    
		try {
			ServiceLocator locator = ServiceLocator.getInstance();
			ICAAdminSessionLocalHome home = (ICAAdminSessionLocalHome) locator.getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
			ICAAdminSessionLocal session = home.create();
			caname = session.getCAInfo(admin, caid).getName();
			
		} catch (CreateException e) {
			throw new EJBException(e);
		}
		
		return caname;
	}
	
	protected String getEndEntityProfileName(Admin admin,int profileid){
		String name;
	    
		try {
			ServiceLocator locator = ServiceLocator.getInstance();
			IRaAdminSessionLocalHome home = (IRaAdminSessionLocalHome) locator.getLocalHome(IRaAdminSessionLocalHome.COMP_NAME);
			IRaAdminSessionLocal session = home.create();
			name = session.getEndEntityProfileName(admin, profileid);			
		} catch (CreateException e) {
			throw new EJBException(e);
		}
		
		return name;
		
	}
	
	protected String getCertificateProfileName(Admin admin,int profileid){
		String name;
	    
		try {
			ServiceLocator locator = ServiceLocator.getInstance();
			ICertificateStoreSessionLocalHome home = (ICertificateStoreSessionLocalHome) locator.getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
			ICertificateStoreSessionLocal session = home.create();
			name = session.getCertificateProfileName(admin, profileid);			
		} catch (CreateException e) {
			throw new EJBException(e);
		}
		
		return name;		
	}
		
	protected ApprovalDataText getTokenName(Admin admin,int tokenid){
		ApprovalDataText retval;
	    
		try {
			if(tokenid <= SecConst.TOKEN_SOFT  ){
				int tokenindex=0;
				for(int i=0;i<SecConst.TOKENIDS.length;i++){					
					if(SecConst.TOKENIDS[i] == tokenid){
                      tokenindex = i;								
					}
				}
				retval = new ApprovalDataText("TOKEN" ,SecConst.TOKENTEXTS[tokenindex],true,true);
				
			}else{			
			  ServiceLocator locator = ServiceLocator.getInstance();
			  IHardTokenSessionLocalHome home = (IHardTokenSessionLocalHome) locator.getLocalHome(IHardTokenSessionLocalHome.COMP_NAME);
			  IHardTokenSessionLocal session = home.create();
			  String name = session.getHardTokenProfileName(admin, tokenid);
			  retval = new ApprovalDataText("TOKEN" ,name,true,false);
			}
		} catch (CreateException e) {
			throw new EJBException(e);
		}
		
		return retval;		
	}

	protected String getHardTokenIssuerName(Admin admin,int issuerid){
		String name;
	    
		try {
			ServiceLocator locator = ServiceLocator.getInstance();
			IHardTokenSessionLocalHome home = (IHardTokenSessionLocalHome) locator.getLocalHome(IHardTokenSessionLocalHome.COMP_NAME);
			IHardTokenSessionLocal session = home.create();
			name = session.getHardTokenIssuerAlias(admin, issuerid);		
		} catch (CreateException e) {
			throw new EJBException(e);
		}
		
		return name;		
	}

}