localapprovalsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

    * Method used to add an approval to database.
    * 
    * The main key of an approval is the approvalid, which should be unique for
    * one administrator doing one type of action, requesting the same action twice should
    * result in the same approvalId
    * 
    * It the approvalId already exists, it will check the status:
    *   If status is waiting, approved, or rejected an ApprovalException is thrown
    *   otherwise is an new approval requeset added to the database
    *   
    * @throws ApprovalException 
    *   
    * @ejb.interface-method view-type="both"
    */
    public void addApprovalRequest(Admin admin, ApprovalRequest approvalRequest) throws ApprovalException{
    	log.debug(">addApprovalRequest");
    	int approvalId = approvalRequest.generateApprovalId();
    	
    	
        ApprovalDataVO data = findNonExpiredApprovalRequest(admin, approvalId);
        if(data != null){						
			getLogSession().log(admin,approvalRequest.getCAId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Approval with id : " +approvalId +" already exists");
			throw new ApprovalException("Approval Request " + approvalId + " already exists in database");
		} else {
			// The exists no approval request with status waiting add a new one
			try {
				Integer freeId = this.findFreeApprovalId();
				approvalHome.create(freeId,approvalRequest);
				GlobalConfiguration gc = getRAAdminSession().loadGlobalConfiguration(admin);
				if(gc.getUseApprovalNotifications()){
					sendApprovalNotification(admin, gc,
							                 intres.getLocalizedMessage("notification.newrequest.subject"),
							                 intres.getLocalizedMessage("notification.newrequest.msg"),
							                 freeId, approvalRequest.getNumOfRequiredApprovals(), new Date(), approvalRequest,null);
				}
				getLogSession().log(admin,approvalRequest.getCAId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_INFO_APPROVALREQUESTED,"Approval with id : " +approvalId +" added with status waiting.");
			} catch (CreateException e1) {
				getLogSession().log(admin,approvalRequest.getCAId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Approval with id : " +approvalId +" couldn't be created");
				log.error("Error creating approval request",e1);
				
			}
		}
		log.debug("<addApprovalRequest");
    }
    

    /**
     * Method used to remove an approval from database.
     * 
     * @param id, the uniqu id of the approvalrequest, not the same as approvalId
     *   
     * @throws ApprovalException 
     *   
     * @ejb.interface-method view-type="both"
     */
     public void removeApprovalRequest(Admin admin, int id) throws ApprovalException{
     	log.debug(">removeApprovalRequest");
     	
     	
     	try {
			ApprovalDataLocal adl = approvalHome.findByPrimaryKey(new Integer(id));
			adl.remove();
			getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_INFO_APPROVALREQUESTED,"Approval with unique id : " + id +" removed successfully.");
		} catch (FinderException e) {
			getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Error removing approvalrequest with unique id : " +id +", doesn't exist");
 			throw new ApprovalException("Error removing approvalrequest with unique id : " +id +", doesn't exist");
		} catch (EJBException e) {
			getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Error removing approvalrequest with unique id : " +id);
		    log.error("Error removing approval request",e);
		} catch (RemoveException e) {
			getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Error removing approvalrequest with unique id : " +id);
		    log.error("Error removing approval request",e);
		}

 		log.debug("<removeApprovalRequest");
     }
    
    /**
     * Method used to approve an approval requests.
     * 
     * It does the follwing
     *  1. checks if the approval with the status waiting exists, throws an ApprovalRequestDoesntExistException otherwise
     *  
     *  2. check if the administrator is authorized using the follwing rules:
     *     2.1 if getEndEntityProfile is ANY_ENDENTITYPROFILE then check if the admin is
     *         authorized to AvailableAccessRules.REGULAR_APPROVECAACTION othervise AvailableAccessRules.REGULAR_APPORVEENDENTITY 
     *         and APPROVAL_RIGHTS for the end entity profile.
     *     2.2 Checks if the admin is authoried to the approval requests getCAId()
     *     
     *  3. looks upp the username of the administrator and checks that no approval
     *     have been made by this user earlier.
     *        
     *  4. Runs the approval command in the end entity bean.      
     * 
     * @param admin
     * @param approvalId
     * @param approval
     * @throws ApprovalRequestExpiredException 
     * @throws ApprovalRequestExecutionException 
     * @throws AuthorizationDeniedException 
     * @throws ApprovalRequestDoesntExistException 
     * @throws ApprovalException 
     * @throws AdminAlreadyApprovedRequestException 
     * 
    *   
    * @ejb.interface-method view-type="both"
     */
    public void approve(Admin admin, int approvalId, Approval approval) throws ApprovalRequestExpiredException, ApprovalRequestExecutionException, 
                                                                               AuthorizationDeniedException,  ApprovalException, AdminAlreadyApprovedRequestException{
    	log.debug(">approve");
    	ApprovalDataLocal adl;
		try {
			adl = isAuthorizedBeforeApproveOrReject(admin,approvalId,approval);
		} catch (ApprovalException e1) {
			getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval request with id : " +approvalId +" doesn't exists.");
			throw e1;
		} 
		
		// Check that the approvers username doesn't exists among the existing usernames.
    	X509Certificate approvingCert = admin.getAdminInformation().getX509Certificate();
    	ApprovalDataVO data = adl.getApprovalDataVO();
		String username = getCertificateStoreSession().findUsernameByCertSerno(admin,approvingCert.getSerialNumber(),CertTools.getIssuerDN(approvingCert));
		
        // Check that the approver isn't the same as requested the action.
		if(data.getReqadmincertissuerdn() != null){
			String requsername = getCertificateStoreSession().findUsernameByCertSerno(admin,new BigInteger(data.getReqadmincertsn(),16),data.getReqadmincertissuerdn());
			if(username.equals(requsername)){
				getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Error administrator have already approved, rejected or requested current request, approveId " + approvalId);
				throw new AdminAlreadyApprovedRequestException("Error administrator have already approved, rejected or requested current request, approveId : " + approvalId);			
			}
		}
		if(username != null){
			Iterator iter = data.getApprovals().iterator();
			while(iter.hasNext()){
				Approval next = (Approval) iter.next();
				if(next.getUsername().equals(username)){
					getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Error administrator have already approved or rejected current request, approveId " + approvalId);
					throw new AdminAlreadyApprovedRequestException("Error administrator have already approved or rejected current request, approveId : " + approvalId);					
				}
			}
			approval.setApprovalCertificateAndUsername(true, approvingCert,username);
		}else{
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval request with id : " +approvalId +", Error no username exists for the given approver certificate.");
			throw new ApprovalException("Error no username exists for the given approver or requestor certificate");
		}
				
    	
    	try {
			adl.approve(approval);
			GlobalConfiguration gc = getRAAdminSession().loadGlobalConfiguration(admin);
			if(gc.getUseApprovalNotifications()){
			  if(adl.getApprovalDataVO().getRemainingApprovals() != 0){
			    sendApprovalNotification(admin, gc,
						               intres.getLocalizedMessage("notification.requestconcured.subject"),
						               intres.getLocalizedMessage("notification.requestconcured.msg"),
						               adl.getId(), adl.getApprovalDataVO().getRemainingApprovals(),  adl.getApprovalDataVO().getRequestDate(),
						               adl.getApprovalDataVO().getApprovalRequest(), 
						               approval);
			  }else{
				 sendApprovalNotification(admin, gc,
				               intres.getLocalizedMessage("notification.requestapproved.subject"),
				               intres.getLocalizedMessage("notification.requestapproved.msg"),
				               adl.getId(), adl.getApprovalDataVO().getRemainingApprovals(),  adl.getApprovalDataVO().getRequestDate(),
				               adl.getApprovalDataVO().getApprovalRequest(), 
				               approval);				  
			  }
			}
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_INFO_APPROVALAPPROVED,"Approval request with id : " +approvalId +" have been approved.");
		} catch (ApprovalRequestExpiredException e) {
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval request with id : " +approvalId +" have expired.");
			throw e;
		} catch (ApprovalRequestExecutionException e) {
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval with id : " +approvalId +" couldn't execute properly");
			throw e;
		}
		log.debug("<approve");
    }
    
    /**
     * Method used to reject a approval requests.
     * 
     * It does the follwing
     *  1. checks if the approval with the status waiting exists, throws an ApprovalRequestDoesntExistException otherwise
     *  
     *  2. check if the administrator is authorized using the follwing rules:
     *     2.1 if getEndEntityProfile is ANY_ENDENTITYPROFILE then check if the admin is
     *         authorized to AvailableAccessRules.REGULAR_APPROVECAACTION othervise AvailableAccessRules.REGULAR_APPORVEENDENTITY 
     *         and APPROVAL_RIGHTS for the end entity profile.
     *     2.2 Checks if the admin is authoried to the approval requests getCAId()
     *     
     *  3. looks upp the username of the administrator and checks that no approval
     *     have been made by this user earlier.
     *        
     *  4. Runs the approval command in the end entity bean.      
     * 
     * @param admin
     * @param approvalId
     * @param approval
     * @throws ApprovalRequestExpiredException 
     * @throws AuthorizationDeniedException 
     * @throws ApprovalRequestDoesntExistException 
     * @throws ApprovalException 
     * @throws AdminAlreadyApprovedRequestException 
     * 
     *   
     * @ejb.interface-method view-type="both"
     */
    public void reject(Admin admin, int approvalId, Approval approval) throws ApprovalRequestExpiredException,  
                                                                               AuthorizationDeniedException,  ApprovalException, AdminAlreadyApprovedRequestException{
    	log.debug(">reject");
    	ApprovalDataLocal adl;
		try {
			adl = isAuthorizedBeforeApproveOrReject(admin,approvalId,approval);
		} catch (ApprovalException e1) {
			getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Approval request with id : " +approvalId +" doesn't exists.");
			throw e1;
		} 
		
		// Check that the approvers username doesn't exists among the existing usernames.
    	X509Certificate approvingCert = admin.getAdminInformation().getX509Certificate();
		String username = getCertificateStoreSession().findUsernameByCertSerno(admin,approvingCert.getSerialNumber(),CertTools.getIssuerDN(approvingCert));
		ApprovalDataVO data = adl.getApprovalDataVO();
		
		if(data.getReqadmincertissuerdn() != null){
			// Check that the approver isn't the same as requested the action.
			String requsername = getCertificateStoreSession().findUsernameByCertSerno(admin,new BigInteger(data.getReqadmincertsn(),16),data.getReqadmincertissuerdn());
			if(username.equals(requsername)){
				getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Error administrator have already approved, rejected or requested current request, approveId ");
				throw new AdminAlreadyApprovedRequestException("Error administrator have already approved, rejected or requested current request, approveId : " + approvalId);			
			}
		}
		if(username != null){			
			Iterator iter = data.getApprovals().iterator();
			while(iter.hasNext()){
				Approval next = (Approval) iter.next();
				if(next.getUsername().equals(username)){
					getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Error administrator have already approved or rejected current request, approveId ");
					throw new AdminAlreadyApprovedRequestException("Error administrator have already approved or rejected current request, approveId : " + approvalId);					
				}
			}
			approval.setApprovalCertificateAndUsername(false, approvingCert,username);
		}else{
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Approval request with id : " +approvalId +", Error no username exists for the given approver certificate.");
			throw new ApprovalException("Error no username exists for the given approver or requestor certificate");
		}
				
    	
    	try {
			adl.reject(approval);
			GlobalConfiguration gc = getRAAdminSession().loadGlobalConfiguration(admin);
			if(gc.getUseApprovalNotifications()){				
			  sendApprovalNotification(admin, gc,
						               intres.getLocalizedMessage("notification.requestrejected.subject"),
						               intres.getLocalizedMessage("notification.requestrejected.msg"),
						               adl.getId(), adl.getApprovalDataVO().getRemainingApprovals(), adl.getApprovalDataVO().getRequestDate(),
						               adl.getApprovalDataVO().getApprovalRequest(), 
						               approval);
			}
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_INFO_APPROVALREJECTED,"Approval request with id : " +approvalId +" have been rejected.");
		} catch (ApprovalRequestExpiredException e) {
			getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date(),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Approval request with id : " +approvalId +" have expired.");
			throw e;
		}
		log.debug("<reject");
    }    


	/**
     * Help method for approve and reject.
     */
    private ApprovalDataLocal isAuthorizedBeforeApproveOrReject(Admin admin, int approvalId, Approval approval) throws ApprovalException, AuthorizationDeniedException{
    	ApprovalDataLocal retval = null;
    	
    	retval = findNonExpiredApprovalDataLocal(admin,approvalId);
    	
    	if(retval != null){
    		if(retval.getEndentityprofileid() == ApprovalDataVO.ANY_ENDENTITYPROFILE){
    			getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.REGULAR_APPROVECAACTION);				
    		}else{
    			getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.REGULAR_APPROVEENDENTITY);
    			getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.ENDENTITYPROFILEPREFIX + retval.getEndentityprofileid() + AvailableAccessRules.APPROVAL_RIGHTS);
    		}
    		if(retval.getCaid() != ApprovalDataVO.ANY_CA){
    			getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.CAPREFIX + retval.getCaid());
    		}


		} else {
			throw new ApprovalException("Suitable approval with id : " + approvalId + " doesn't exist");
		}
    	return retval;
    }
    
    /**
     * Method that goes through exists approvals in database to see if there
     * exists any approved action.
     * 
     * If goes through all approvalrequests with the given Id and checks
     * their status, if any have status approved it returns true.
     * 
     * This method should be used by action requiring the requesting administrator
     * to poll to see if it have been approved.
     * 
     * @param admin
     * @param approvalId
     * @return the number of approvals left, 0 if approved othervis is the ApprovalDataVO.STATUS constants returned indicating the statys.
     * @throws ApprovalException if approvalId doesn't exists
     * @throws ApprovalRequestExpiredException Throws this exception one time if one of the approvals have expired, once notified it wount throw it anymore.
     * 
     * @ejb.interface-method view-type="both"
     */
    public int isApproved(Admin admin, int approvalId) throws ApprovalException, ApprovalRequestExpiredException{
    	log.debug(">isApproved, approvalId" + approvalId);
    	int retval = ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED;
    	
    	try {
			Collection result = approvalHome.findByApprovalId(approvalId);
			Iterator iter = result.iterator();
			while(iter.hasNext()){
				ApprovalDataLocal adl = (ApprovalDataLocal) iter.next();
				retval = adl.isApproved();
				if(adl.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL ||
				   adl.getStatus() == ApprovalDataVO.STATUS_APPROVED ||
				   adl.getStatus() == ApprovalDataVO.STATUS_REJECTED ){
					break;
				}
			}
			
		} catch (FinderException e) {
            throw new ApprovalException("Approval request with id : " + approvalId + " doesn't exists");