📄 caadminsessionbean.java
字号:
* @jboss.method-attributes transaction-timeout="900" */ public void createCA(Admin admin, CAInfo cainfo) throws CAExistsException, AuthorizationDeniedException, CATokenOfflineException, CATokenAuthenticationFailedException { int castatus = SecConst.CA_OFFLINE; // Check that administrat has superadminsitrator rights. try{ getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator"); }catch(AuthorizationDeniedException ade){ String msg = intres.getLocalizedMessage("caadmin.notauthorizedtocreateca", "create", cainfo.getName()); getLogSession().log (admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE, msg, ade); throw new AuthorizationDeniedException(msg); } // Check that CA doesn't already exists try{ int caid = cainfo.getCAId(); if(caid >=0 && caid <= CAInfo.SPECIALCAIDBORDER){ String msg = intres.getLocalizedMessage("caadmin.wrongcaid", new Integer(caid)); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg); throw new CAExistsException(msg); } cadatahome.findByPrimaryKey(new Integer(caid)); String msg = intres.getLocalizedMessage("caadmin.caexistsid", new Integer(caid)); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg); throw new CAExistsException(msg); }catch(javax.ejb.FinderException fe) {} try{ cadatahome.findByName(cainfo.getName()); String msg = intres.getLocalizedMessage("caadmin.caexistsname", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg); throw new CAExistsException(msg); }catch(javax.ejb.FinderException fe) {} // Create CAToken CAToken catoken = null; CATokenInfo catokeninfo = cainfo.getCATokenInfo(); if(catokeninfo instanceof SoftCATokenInfo){ try{ catoken = new SoftCAToken(); ((SoftCAToken) catoken).generateKeys(catokeninfo); }catch(Exception e){ String msg = intres.getLocalizedMessage("caadmin.errorcreatetoken"); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, e); throw new EJBException(e); } } else if(catokeninfo instanceof HardCATokenInfo){ catoken = new HardCATokenContainer(); ((HardCATokenContainer) catoken).updateCATokenInfo(catokeninfo); try{ catoken.activate(((HardCATokenInfo) catokeninfo).getAuthenticationCode()); }catch(CATokenAuthenticationFailedException ctaf){ String msg = intres.getLocalizedMessage("caadmin.errorcreatetokenpin"); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, ctaf); throw ctaf; }catch(CATokenOfflineException ctoe){ String msg = intres.getLocalizedMessage("error.catokenoffline", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, ctoe); throw ctoe; } } // Create CA CA ca = null; if(cainfo instanceof X509CAInfo){ X509CAInfo x509cainfo = (X509CAInfo) cainfo; // Create X509CA ca = new X509CA((X509CAInfo) cainfo); X509CA x509ca = (X509CA) ca; ca.setCAToken(catoken); // Create Certificate Chain Collection certificatechain = null; // getCertificateProfile CertificateProfile certprofile = getCertificateStoreSession().getCertificateProfile(admin,cainfo.getCertificateProfileId()); if(x509cainfo.getPolicyId() != null){ certprofile.setUseCertificatePolicies(true); certprofile.setCertificatePolicyId(x509cainfo.getPolicyId()); }else{ if(certprofile.getUseCertificatePolicies()) x509ca.setPolicyId(certprofile.getCertificatePolicyId()); } if(cainfo.getSignedBy() == CAInfo.SELFSIGNED){ try{ // create selfsigned certificate Certificate cacertificate = null; log.debug("CAAdminSessionBean : " + cainfo.getSubjectDN()); UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), x509cainfo.getSubjectAltName(), null, 0,0,0, cainfo.getCertificateProfileId(), null, null, 0, 0, null); cacertificate = ca.generateCertificate(cadata, catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN),-1, cainfo.getValidity(), certprofile); log.debug("CAAdminSessionBean : " + ((X509Certificate) cacertificate).getSubjectDN().toString()); // Build Certificate Chain certificatechain = new ArrayList(); certificatechain.add(cacertificate); // set status to active castatus = SecConst.CA_ACTIVE; }catch(CATokenOfflineException e){ String msg = intres.getLocalizedMessage("error.catokenoffline", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, e); throw e; }catch(Exception fe){ String msg = intres.getLocalizedMessage("caadmin.errorcreateca", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, fe); throw new EJBException(fe); } } if(cainfo.getSignedBy() == CAInfo.SIGNEDBYEXTERNALCA){ certificatechain = new ArrayList(); // set status to waiting certificate response. castatus = SecConst.CA_WAITING_CERTIFICATE_RESPONSE; } if(cainfo.getSignedBy() > CAInfo.SPECIALCAIDBORDER || cainfo.getSignedBy() < 0){ // Create CA signed by other internal CA. try{ CADataLocal signcadata = cadatahome.findByPrimaryKey(new Integer(cainfo.getSignedBy())); CA signca = signcadata.getCA(); //Check that the signer is valid checkSignerValidity(admin, signcadata); // Create cacertificate Certificate cacertificate = null; UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), x509cainfo.getSubjectAltName(), null, 0, 0, 0, cainfo.getCertificateProfileId(),null, null, 0, 0, null); cacertificate = signca.generateCertificate(cadata, catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, cainfo.getValidity(), certprofile); // Build Certificate Chain Collection rootcachain = signca.getCertificateChain(); certificatechain = new ArrayList(); certificatechain.add(cacertificate); certificatechain.addAll(rootcachain); // set status to active castatus = SecConst.CA_ACTIVE; }catch(CATokenOfflineException e){ String msg = intres.getLocalizedMessage("error.catokenoffline", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, e); throw e; }catch(Exception fe){ String msg = intres.getLocalizedMessage("caadmin.errorcreateca", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED, msg, fe); throw new EJBException(fe); } } // Set Certificate Chain x509ca.setCertificateChain(certificatechain); } // Publish CA certificates. getSignSession().publishCACertificate(admin, ca.getCertificateChain(), ca.getCRLPublishers()); if(castatus ==SecConst.CA_ACTIVE){ // activate External CA Services Iterator iter = cainfo.getExtendedCAServiceInfos().iterator(); while(iter.hasNext()){ ExtendedCAServiceInfo info = (ExtendedCAServiceInfo) iter.next(); if(info instanceof OCSPCAServiceInfo){ try{ ca.initExternalService(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE, ca); ArrayList ocspcertificate = new ArrayList(); ocspcertificate.add(((OCSPCAServiceInfo) ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE)).getOCSPSignerCertificatePath().get(0)); getSignSession().publishCACertificate(admin, ocspcertificate, ca.getCRLPublishers()); }catch(Exception fe){ String msg = intres.getLocalizedMessage("caadmin.errorcreatecaservice", "OCSPCAService"); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,msg,fe); throw new EJBException(fe); } } if(info instanceof XKMSCAServiceInfo){ try{ ca.initExternalService(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE, ca); ArrayList xkmscertificate = new ArrayList(); xkmscertificate.add(((XKMSCAServiceInfo) ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE)).getXKMSSignerCertificatePath().get(0)); getSignSession().publishCACertificate(admin, xkmscertificate, ca.getCRLPublishers()); }catch(Exception fe){ String msg = intres.getLocalizedMessage("caadmin.errorcreatecaservice", "XKMSCAService"); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,msg,fe); throw new EJBException(fe); } } if(info instanceof CmsCAServiceInfo){ try{ ca.initExternalService(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE, ca); ArrayList cmscertificate = new ArrayList(); cmscertificate.add(((CmsCAServiceInfo) ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE)).getCertificatePath().get(0)); getSignSession().publishCACertificate(admin, cmscertificate, ca.getCRLPublishers()); }catch(Exception fe){ String msg = intres.getLocalizedMessage("caadmin.errorcreatecaservice", "CMSCAService"); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,msg,fe); throw new EJBException(fe); } } } } // Store CA in database. try{ cadatahome.create(cainfo.getSubjectDN(), cainfo.getName(), castatus, ca); if(castatus == SecConst.CA_ACTIVE){ // create initial CRL this.getCRLCreateSession().run(admin,cainfo.getSubjectDN()); } String msg = intres.getLocalizedMessage("caadmin.createdca", cainfo.getName(), new Integer(castatus)); getLogSession().log(admin, ca.getCAId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_CACREATED, msg); }catch(javax.ejb.CreateException e){ String msg = intres.getLocalizedMessage("caadmin.errorcreateca", cainfo.getName()); getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CACREATED,msg); throw new EJBException(e); } } // createCA /** * Method used to edit the data of a CA. * * Not all of the CAs data can be edited after the creation, therefore will only * the values from CAInfo that is possible be uppdated. * * * For values see: * @see org.ejbca.core.model.ca.caadmin.CAInfo * @see org.ejbca.core.model.ca.caadmin.X509CAInfo * * @ejb.interface-method */ public void editCA(Admin admin, CAInfo cainfo) throws AuthorizationDeniedException{ boolean ocsprenewcert = false; boolean xkmsrenewcert = false; boolean cmsrenewcert = false; // Check authorization try{ getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator"); }catch(AuthorizationDeniedException e){ String msg = intres.getLocalizedMessage("caadmin.notauthorizedtoeditca", cainfo.getName()); getLogSession().log(admin, cainfo.getCAId(), LogEntry.MODULE_CA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e); throw new AuthorizationDeniedException(msg); } // Check if OCSP Certificate is about to be renewed. Iterator iter = cainfo.getExtendedCAServiceInfos().iterator(); while(iter.hasNext()){ Object next = iter.next(); if(next instanceof OCSPCAServiceInfo){ ocsprenewcert = ((OCSPCAServiceInfo) next).getRenewFlag(); } if(next instanceof XKMSCAServiceInfo){ xkmsrenewcert = ((XKMSCAServiceInfo) next).getRenewFlag(); } if(next instanceof CmsCAServiceInfo){ cmsrenewcert = ((CmsCAServiceInfo) next).getRenewFlag(); } }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -