tableprotectsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

    	} catch (Exception e) {
            String msg = intres.getLocalizedMessage("protect.errorcreate", dbType, dbKey);            	
    		error(msg, e);
    	}
    }
    
    /**
     * Store a protection entry.
     *
     * @param admin the administrator performing the event.
     * @param Protectable the object beeing protected
     *
     * @ejb.interface-method
     * @ejb.transaction type="Required"
     */
    public void protect(Admin admin, Protectable entry) {
    	if (!enabled) {
    		return;
    	}
    	int hashVersion = entry.getHashVersion();
    	String dbKey = entry.getDbKeyString();
    	String dbType = entry.getEntryType();
		debug("Protecting entry, type: "+dbType+", with key: "+dbKey);
    	String hash;
    	try {
    		hash = entry.getHash();
    		String signature = createHmac(key, HMAC_ALG, hash);
    		String id = GUIDGenerator.generateGUID(this);
    		try {
    			TableProtectDataLocal data = protectentryhome.findByDbTypeAndKey(dbType, dbKey);
    			if (data != null) {
                    String msg = intres.getLocalizedMessage("protect.rowexistsupdate", dbType, dbKey);            	
    				info(msg);
    				data.setHashVersion(hashVersion);
    				data.setHash(hash);
    				data.setProtectionAlg(HMAC_ALG);
    				data.setSignature(signature);
    				data.setTime((new Date()).getTime());
    				data.setDbKey(dbKey);
    				data.setDbType(dbType);
    				data.setKeyRef(keyRef);
    				data.setKeyType(keyType);
    			}
    		} catch (FinderException e1) {
    			try {
    				protectentryhome.create(id, hashVersion, HMAC_ALG, hash, signature, new Date(), dbKey, dbType, keyRef, keyType);
    			} catch (Exception e) {
    	            String msg = intres.getLocalizedMessage("protect.errorcreate", dbType, dbKey);            	
    				error(msg, e);
    			}
    		}
    	} catch (Exception e) {
            String msg = intres.getLocalizedMessage("protect.errorcreate", dbType, dbKey);            	
    		error(msg, e);
    	}
    } // protect

    /**
     * Verifies a protection entry.
     *
     * @param admin the administrator performing the event.
     * @param Protectable the object beeing verified
     * @return TableVerifyResult, never null
     * 
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public TableVerifyResult verify(Protectable entry) {
    	TableVerifyResult ret = new TableVerifyResult();
    	if (!enabled) {
    		return ret;
    	}
    	String alg = HMAC_ALG;
    	String dbKey = entry.getDbKeyString();
    	String dbType = entry.getEntryType();
		debug("Verifying entry, type: "+dbType+", with key: "+dbKey);
    	try {
    		TableProtectDataLocal data = protectentryhome.findByDbTypeAndKey(dbType, dbKey);
    		int hashVersion = data.getHashVersion();
    		String hash = entry.getHash(hashVersion);
    		if (!StringUtils.equals(keyRef, data.getKeyRef())) {
    			ret.setResultCode(TableVerifyResult.VERIFY_NO_KEY);    			
                String msg = intres.getLocalizedMessage("protect.errorverifynokey", dbType, dbKey);            	
    			error(msg);
    		} else if (!StringUtils.equals(alg, data.getProtectionAlg())) {
        			ret.setResultCode(TableVerifyResult.VERIFY_INCOMPATIBLE_ALG);    			
                    String msg = intres.getLocalizedMessage("protect.errorverifyalg", dbType, dbKey);            	
        			error(msg);
    		} else {
        		// Create a new signature on the passed in object, and compare it with the one we have stored in the db'
    			if (log.isDebugEnabled()) {
        			log.debug("Hash is: "+hash);    				
    			}
        		String signature = createHmac(key, alg, hash);
    			if (log.isDebugEnabled()) {
        			log.debug("Signature is: "+signature);    				
    			}
        		if (!StringUtils.equals(signature, data.getSignature())) {
        			ret.setResultCode(TableVerifyResult.VERIFY_FAILED);
                    String msg = intres.getLocalizedMessage("protect.errorverify", dbType, dbKey);            	
        			error(msg);
        		} else {
        			// This can actually never happen
            		if (!StringUtils.equals(hash, data.getHash())) {
            			ret.setResultCode(TableVerifyResult.VERIFY_WRONG_HASH);
                        String msg = intres.getLocalizedMessage("protect.errorverifywronghash", dbType, dbKey);            	
            			error(msg);
            		}    			
        		}    			
    		}
		} catch (ObjectNotFoundException e) {
			if (warnOnMissingRow) {
                String msg = intres.getLocalizedMessage("protect.errorverifynorow", dbType, dbKey);            	
				error(msg);				
			}
			ret.setResultCode(TableVerifyResult.VERIFY_NO_ROW);
		}catch (Exception e) {
            String msg = intres.getLocalizedMessage("protect.errorverifycant", dbType, dbKey);            	
			error(msg, e);
		}
		return ret;
    } // verify

    private String createHmac(String pwd, String alg, String data) throws NoSuchAlgorithmException, NoSuchProviderException, UnsupportedEncodingException, InvalidKeyException {
        Mac mac = Mac.getInstance(alg, "BC");
        SecretKey key = new SecretKeySpec(pwd.getBytes("UTF-8"), alg);
        mac.init(key);
        mac.reset();
        byte[] dataBytes = data.getBytes("UTF-8");  
        mac.update(dataBytes, 0, dataBytes.length);
        byte[] out = mac.doFinal();
    	return new String(Hex.encode(out));
    }

    protected class SelectProtectPreparer implements JDBCUtil.Preparer {
    	private final String dbType;
    	private final String dbKey;
		public SelectProtectPreparer(final String dbType, final String dbKey) {
			super();
			this.dbType = dbType;
			this.dbKey = dbKey;
		}
		public void prepare(PreparedStatement ps) throws Exception {
            ps.setString(1, dbType);
            ps.setString(2, dbKey);
		}
        public String getInfoString() {
        	return "Select:, dbKey:"+dbKey+", dbType: "+dbType;
        }
    }

    protected class ProtectPreparer implements JDBCUtil.Preparer {
        private final String id;
        private final int version;
        private final int hashVersion;
        private final String alg;
        private final String hash;
        private final String signature;
        private final long time;
        private final String dbKey; 
        private final String dbType; 
        private final String keyRef; 
        private final String keyType; 
        
        public ProtectPreparer(final String id, final int version, final int hashVersion, final String alg, final String hash, final String signature, final long time, final String dbKey, final String dbType, final String keyRef, final String keyType) {
			super();
			this.id = id;
			this.version = version;
			this.hashVersion = hashVersion;
			this.alg = alg;
			this.hash = hash;
			this.signature = signature;
			this.time = time;
			this.dbKey = dbKey;
			this.dbType = dbType;
			this.keyRef = keyRef;
			this.keyType = keyType;
		}
		public void prepare(PreparedStatement ps) throws Exception {
            ps.setInt(1, version);
            ps.setInt(2, hashVersion);
            ps.setString(3, alg);
            ps.setString(4, hash);
            ps.setString(5, signature);
            ps.setLong(6, time);
            ps.setString(7, dbKey);
            ps.setString(8, dbType);
            ps.setString(9, keyRef);
            ps.setString(10, keyType);
            ps.setString(11,id);
        }
        public String getInfoString() {
        	return "Store:, id: "+id+", dbKey:"+dbKey+", dbType: "+dbType;
        }
    }


} // TableProtectSessionBean