caadminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

        // Get CA from database
        try{
            CADataLocal cadata = cadatahome.findByPrimaryKey(new Integer(cainfo.getCAId()));
            CA ca = cadata.getCA();

            // Update CA values
            ca.updateCA(cainfo);
            // Store CA in database
            cadata.setCA(ca);

            // If OCSP Certificate renew, publish the new one.
            if(ocsprenewcert){
              X509Certificate ocspcert = (X509Certificate) ((OCSPCAServiceInfo)
                                         ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_OCSPEXTENDEDSERVICE))
                                         .getOCSPSignerCertificatePath().get(0);
			  ArrayList ocspcertificate = new ArrayList();
              ocspcertificate.add(ocspcert);
              getSignSession().publishCACertificate(admin, ocspcertificate, ca.getCRLPublishers());
            }
            if(xkmsrenewcert){
                X509Certificate xkmscert = (X509Certificate) ((XKMSCAServiceInfo)
                                           ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_XKMSEXTENDEDSERVICE))
                                           .getXKMSSignerCertificatePath().get(0);
  			  ArrayList xkmscertificate = new ArrayList();
  			  xkmscertificate.add(xkmscert);
              getSignSession().publishCACertificate(admin, xkmscertificate, ca.getCRLPublishers());
            }
            if(cmsrenewcert){
                X509Certificate cmscert = (X509Certificate) ((CmsCAServiceInfo)
                                           ca.getExtendedCAServiceInfo(ExtendedCAServiceInfo.TYPE_CMSEXTENDEDSERVICE))
                                           .getCertificatePath().get(0);
  			  ArrayList cmscertificate = new ArrayList();
  			  cmscertificate.add(cmscert);
              getSignSession().publishCACertificate(admin, cmscertificate, ca.getCRLPublishers());
            }
            // Log Action
    		String msg = intres.getLocalizedMessage("caadmin.editedca", cainfo.getName());            	
            getLogSession().log(admin, cainfo.getCAId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAEDITED, msg);
        }catch(Exception fe) {
    		String msg = intres.getLocalizedMessage("caadmin.erroreditca", cainfo.getName());            	
            log.error(msg, fe);
            getLogSession().log(admin, cainfo.getCAId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED, msg, fe);
            throw new EJBException(fe);
        }
    } // editCA

    /**
     * Method used to remove a CA from the system. 
     *
     * First there is a check that the CA isn't used by any EndEntity, Profile or AccessRule
     * before it is removed. 
     * 
     * Should be used with care. If any certificate has been created with the CA use revokeCA instead
     * and don't remove it.
     * 
     * @ejb.interface-method
     */
    public void removeCA(Admin admin, int caid) throws AuthorizationDeniedException{
        // check authorization
        try{
            getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
        }catch(AuthorizationDeniedException e){
    		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtoremoveca", new Integer(caid));            	
            getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE, msg, e);
            throw new AuthorizationDeniedException(msg);
        }
        // Get CA from database
        try{
            CADataLocal cadata = cadatahome.findByPrimaryKey(new Integer(caid));
            // Remove CA
            cadata.remove();
			// Invalidate CA cache to refresh information
			CACacheManager.instance().removeCA(caid);
            // Remove an eventual CA token from the token registry
            HardCATokenManager.instance().addCAToken(caid, null);
    		String msg = intres.getLocalizedMessage("caadmin.removedca", new Integer(caid));            	
            getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAEDITED, msg);
        }catch(Exception e) {
    		String msg = intres.getLocalizedMessage("caadmin.errorremoveca", new Integer(caid));            	
            log.error(msg, e);
            getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED, msg, e);
            throw new EJBException(e);
        }
    } // removeCA

    /**
     * Renames the name of CA used in administrators web interface.
     * This name doesn't have to be the same as SubjectDN and is only used for reference.
     * 
     * @ejb.interface-method
     */
    public void renameCA(Admin admin, String oldname, String newname) throws CAExistsException, AuthorizationDeniedException{
        // Get CA from database
        try{
            CADataLocal cadata = cadatahome.findByName(oldname);
            // Check authorization
            int caid = cadata.getCaId().intValue();
            try{
                getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
            }catch(AuthorizationDeniedException e){
        		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtorenameca", new Integer(caid));            	
                getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e);
                throw new AuthorizationDeniedException(msg);
            }

            try{
                CADataLocal cadatanew = cadatahome.findByName(newname);
                cadatanew.getCaId();
                throw new CAExistsException(" CA name " + newname + " already exists.");
            }catch(javax.ejb.FinderException fe) {
                // new CA doesn't exits, it's ok to rename old one.
                cadata.setName(newname);
				// Invalidate CA cache to refresh information
				CACacheManager.instance().removeCA(cadata.getCaId().intValue());
	    		String msg = intres.getLocalizedMessage("caadmin.renamedca", oldname, newname);            	
                getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAEDITED,msg);
            }
        }catch(javax.ejb.FinderException fe) {
    		String msg = intres.getLocalizedMessage("caadmin.errorrenameca", oldname);            	
            log.error(msg, fe);
            getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
            throw new EJBException(fe);
        }
    } // renamewCA

    /**
     * Returns a value object containing nonsensitive information about a CA give it's name.
     * @param admin administrator calling the method
     * @param name human readable name of CA
     * @return value object or null if CA does not exist
     * 
     * @ejb.transaction type="Supports"
     * @ejb.interface-method
     */
    public CAInfo getCAInfo(Admin admin, String name) {
        CAInfo cainfo = null;
        try{
            CADataLocal cadata = cadatahome.findByName(name);
            if(cadata.getStatus() == SecConst.CA_ACTIVE && new Date(cadata.getExpireTime()).before(new Date())){
                cadata.setStatus(SecConst.CA_EXPIRED);
            }
            authorizedToCA(admin,cadata.getCaId().intValue());

            cainfo = cadata.getCA().getCAInfo();
        } catch(javax.ejb.FinderException fe) {             
            // ignore
            log.debug("Can not find CA with name: '"+name+"'.");
        } catch(Exception e) {
    		String msg = intres.getLocalizedMessage("caadmin.errorgetcainfo", name);            	
            log.error(msg, e);
            throw new EJBException(e);
        }
        return cainfo;
    } // getCAInfo

    /**
     * Returns a value object containing nonsensitive information about a CA give it's CAId.
     * @param admin administrator calling the method
     * @param caid numerical id of CA (subjectDN.hashCode())
     * @return value object or null if CA does not exist
     * 
     * @ejb.transaction type="Supports"
     * @ejb.interface-method
     */
    public CAInfo getCAInfo(Admin admin, int caid){
        CAInfo cainfo = null;
        try{
            authorizedToCA(admin,caid);
            CADataLocal cadata = cadatahome.findByPrimaryKey(new Integer(caid));
            if(cadata.getStatus() == SecConst.CA_ACTIVE && new Date(cadata.getExpireTime()).before(new Date())){
                cadata.setStatus(SecConst.CA_EXPIRED);
            }

            cainfo = cadata.getCA().getCAInfo();
        } catch(javax.ejb.FinderException fe) {
            // ignore
            log.debug("Can not find CA with id: '"+caid+"'");
        } catch(Exception e){
    		String msg = intres.getLocalizedMessage("caadmin.errorgetcainfo", new Integer(caid));            	
            log.error(msg, e);
            throw new EJBException(e);
        }        
        return cainfo;
    } // getCAInfo

    /**
     * Returns a HashMap containing mappings of caid (Integer) to CA name (String) of all CAs in the system.
     * 
     * @return HashMap with Integer->String mappings
     * @ejb.transaction type="Supports"
     * @ejb.interface-method
     */
    public HashMap getCAIdToNameMap(Admin admin){
        HashMap returnval = new HashMap();
        try{
            Collection result = cadatahome.findAll();
            Iterator iter = result.iterator();
            while(iter.hasNext()){
                CADataLocal cadata = (CADataLocal) iter.next();
                returnval.put(cadata.getCaId(), cadata.getName());
            }
        }catch(javax.ejb.FinderException fe){}


        return returnval;
    }

    /**
     *  Method returning id's of all CA's avaible to the system. i.e. not have status
     * "external" or "waiting for certificate response"
     *
     * @return a Collection (Integer) of available CA id's
     * @ejb.transaction type="Supports"
     * @ejb.interface-method
     */
    public Collection getAvailableCAs(Admin admin){
		ArrayList returnval = new ArrayList();
		try{
			Collection result = cadatahome.findAll();
			Iterator iter = result.iterator();
			while(iter.hasNext()){
				CADataLocal cadata = (CADataLocal) iter.next();
				if(cadata.getStatus() != SecConst.CA_WAITING_CERTIFICATE_RESPONSE && cadata.getStatus() != SecConst.CA_EXTERNAL)
				  returnval.add(cadata.getCaId());
			}
		}catch(javax.ejb.FinderException fe){}

		return returnval;
    }


    /**
     *  Creates a certificate request that should be sent to External Root CA for process before
     *  activation of CA.
     *
     *  @param rootcertificates A Collection of rootcertificates.
     *  @param setstatustowaiting should be set true when creating new CAs and false for renewing old CAs
     *  @return PKCS10RequestMessage
     *  
     * @ejb.interface-method
     */
    public IRequestMessage makeRequest(Admin admin, int caid, Collection cachain, boolean setstatustowaiting) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException, CATokenOfflineException{
        PKCS10RequestMessage returnval = null;
        // Check authorization
        try{
            getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
        }catch(AuthorizationDeniedException e){
    		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtocertreq", new Integer(caid));            	
            getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e);
            throw new AuthorizationDeniedException(msg);
        }
        
        // Get CA info.
        CADataLocal cadata = null;
        try{
            cadata = this.cadatahome.findByPrimaryKey(new Integer(caid));
            CA ca = cadata.getCA();
            
            try{
                // if issuer is insystem CA or selfsigned, then generate new certificate.
                if(ca.getSignedBy() == CAInfo.SIGNEDBYEXTERNALCA){