caadminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

    				// set status to active
    				cadatahome.create(cainfo.getSubjectDN(), cainfo.getName(), SecConst.CA_EXTERNAL, ca);

    				// Publish CA certificates.
    			    getSignSession().publishCACertificate(admin, ca.getCertificateChain(), ca.getCRLPublishers());

    			}catch(CATokenOfflineException e){
    	    		String msg = intres.getLocalizedMessage("caadmin.errorprocess", cainfo.getName());            	
    				getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
    				throw e;
    			}
    		}catch(Exception e){
	    		String msg = intres.getLocalizedMessage("caadmin.errorprocess", cainfo.getName());            	
    			getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
    			throw new EJBException(e);
    		}

    	}

    	if(certchain != null) {
    		String msg = intres.getLocalizedMessage("caadmin.processedca", cainfo.getName());            	
    		getLogSession().log(admin, cainfo.getCAId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAEDITED,msg);    		
    	}
    	else {
    		String msg = intres.getLocalizedMessage("caadmin.errorprocess", cainfo.getName());            	
    		getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);    		
    	}

    	return returnval;
    } // processRequest

    /**
     *  Renews a existing CA certificate using the same keys as before. Data  about new CA is taken
     *  from database.
     * 
     *  @param certificateresponce should be set with new certificatechain if CA is signed by external
     *         RootCA, otherwise use the null value.
     *  @param regenerateKeys, if true and the CA have a softCAToken the keys are regenerated before the certrequest.
     *          
     * @ejb.interface-method
     */
    public void renewCA(Admin admin, int caid, IResponseMessage responsemessage, boolean regenerateKeys)  throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException, CATokenOfflineException{
    	debug(">CAAdminSession, renewCA(), caid=" + caid);
    	Collection cachain = null;
    	Certificate cacertificate = null;
    	// check authorization
    	try{
    		getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
    	}catch(AuthorizationDeniedException e){
    		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtorenew", new Integer(caid));            	
    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e);
    		throw new AuthorizationDeniedException(msg);
    	}

    	// Get CA info.
    	CADataLocal cadata = null;
    	try{
    		cadata = this.cadatahome.findByPrimaryKey(new Integer(caid));
    		CA ca = cadata.getCA();
    		
    		
    		if(ca.getStatus() == SecConst.CA_OFFLINE){
        		String msg = intres.getLocalizedMessage("error.catokenoffline", cadata.getName());            	
    			throw new CATokenOfflineException(msg);
    		}
    		
    		CAToken caToken = ca.getCAToken();
    		if(caToken instanceof SoftCAToken && regenerateKeys){
    			((SoftCAToken) caToken).generateKeys(ca.getCAToken().getCATokenInfo());
    			ca.setCAToken(caToken);
    		}
    		
    		try{
    			// if issuer is insystem CA or selfsigned, then generate new certificate.
    			if(ca.getSignedBy() != CAInfo.SIGNEDBYEXTERNALCA){
    				if(ca.getSignedBy() == CAInfo.SELFSIGNED){
    					// create selfsigned certificate
    					if( ca instanceof X509CA){
    						UserDataVO cainfodata = new UserDataVO("nobody",  ca.getSubjectDN(), ca.getSubjectDN().hashCode(), ((X509CA) ca).getSubjectAltName(), null,
    								0, 0, 0, ca.getCertificateProfileId(), null, null, 0, 0 ,null);

    						CertificateProfile certprofile = getCertificateStoreSession().getCertificateProfile(admin, ca.getCertificateProfileId());
    						cacertificate = ca.generateCertificate(cainfodata, ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN),-1, ca.getValidity(), certprofile);
    					}
    					// Build Certificate Chain
    					cachain = new ArrayList();
    					cachain.add(cacertificate);

    				}else{
    					// Resign with CA above.
    					if(ca.getSignedBy() > CAInfo.SPECIALCAIDBORDER || ca.getSignedBy() < 0){
    						// Create CA signed by other internal CA.
    						CADataLocal signcadata = cadatahome.findByPrimaryKey(new Integer(ca.getSignedBy()));
    						CA signca = signcadata.getCA();
    						//Check that the signer is valid
    						checkSignerValidity(admin, signcadata);
    						// Create cacertificate
    						if( ca instanceof X509CA){
    							UserDataVO cainfodata = new UserDataVO("nobody", ca.getSubjectDN(), ca.getSubjectDN().hashCode(), ((X509CA) ca).getSubjectAltName(), null,
    									0,0,0, ca.getCertificateProfileId(), null, null, 0,0, null);

    							CertificateProfile certprofile = getCertificateStoreSession().getCertificateProfile(admin, ca.getCertificateProfileId());
    							cacertificate = signca.generateCertificate(cainfodata, ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN),-1, ca.getValidity(), certprofile);
    						}

    						// Build Certificate Chain
    						Collection rootcachain = signca.getCertificateChain();
    						cachain = new ArrayList();
    						cachain.add(cacertificate);
    						cachain.addAll(rootcachain);
    					}
    				}
    			}else{
    				// if external signer then use signed certificate.
    				// check the validity of the certificate chain.
    				if(responsemessage instanceof X509ResponseMessage){
    					cacertificate = ((X509ResponseMessage) responsemessage).getCertificate();
    				}else{
    	        		String msg = intres.getLocalizedMessage("error.errorcertrespillegalmsg");            	
    					getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    					throw new EJBException(new EjbcaException(msg));
    				}

    				// Check that DN is the equals the request.
    				if(!CertTools.getSubjectDN((X509Certificate) cacertificate).equals(CertTools.stringToBCDNString(ca.getSubjectDN()))){
        	    		String msg = intres.getLocalizedMessage("caadmin.errorcertrespwrongdn", CertTools.getSubjectDN((X509Certificate) cacertificate), ca.getSubjectDN());            	
    					getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg);
    					throw new EJBException(new EjbcaException(msg));
    				}

    				cachain = new ArrayList();
    				cachain.add(cacertificate);
    				cachain.addAll(ca.getRequestCertificateChain());

    				cachain = createCertChain(cachain);

    			}
    			// Set statuses.
    			if(cacertificate instanceof X509Certificate)
    				cadata.setExpireTime(((X509Certificate) cacertificate).getNotAfter().getTime());
    			cadata.setStatus(SecConst.CA_ACTIVE);

    			ca.setCertificateChain(cachain);
    			cadata.setCA(ca);

    			// Publish the new CA certificate
                 ArrayList cacert = new ArrayList();
                 cacert.add(ca.getCACertificate());
     			 getSignSession().publishCACertificate(admin, cacert, ca.getCRLPublishers());


    		}catch(CATokenOfflineException e){
	    		String msg = intres.getLocalizedMessage("caadmin.errorrenewca", new Integer(caid));            	
    			getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
    			throw e;
    		}
    	}catch(Exception e){
    		String msg = intres.getLocalizedMessage("caadmin.errorrenewca", new Integer(caid));            	
    		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAEDITED,msg,e);
    		throw new EJBException(e);
    	}
		String msg = intres.getLocalizedMessage("caadmin.renewdca", new Integer(caid));            	
    	getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CARENEWED,msg);
    	debug("<CAAdminSession, renewCA(), caid=" + caid);
    } // renewCA

    /**
     *  Method that revokes the CA. After this is all certificates created by this CA
     *  revoked and a final CRL is created.
     *
     *  @param reason one of RevokedCertInfo.REVOKATION_REASON values.
     *  
     * @ejb.interface-method
     */
    public void revokeCA(Admin admin, int caid, int reason)  throws CADoesntExistsException, AuthorizationDeniedException{
        // check authorization
		try{
			getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");
		}catch(AuthorizationDeniedException e){
    		String msg = intres.getLocalizedMessage("caadmin.notauthorizedtorevoke", new Integer(caid));            	
			getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,msg,e);
			throw new AuthorizationDeniedException(msg);
		}

        // Get CA info.
        CADataLocal ca = null;
        try{
        	ca = this.cadatahome.findByPrimaryKey(new Integer(caid));
        }catch(javax.ejb.FinderException fe){
           throw new EJBException(fe);
        }

        String issuerdn = ca.getSubjectDN();


        try{
			CA cadata = ca.getCA();

			// Revoke CA certificate
			getCertificateStoreSession().revokeCertificate(admin, cadata.getCACertificate(), cadata.getCRLPublishers(), reason);
             // Revoke all certificates generated by CA
			if(cadata.getStatus() != SecConst.CA_EXTERNAL){
		      getCertificateStoreSession().revokeAllCertByCA(admin, issuerdn, RevokedCertInfo.REVOKATION_REASON_CACOMPROMISE);		    
              getCRLCreateSession().run(admin, issuerdn);
			}
			
			cadata.setRevokationReason(reason);
			cadata.setRevokationDate(new Date());
			if(cadata.getStatus() != SecConst.CA_EXTERNAL){
		  	  ca.setStatus(SecConst.CA_REVOKED);
			}
			ca.setCA(cadata);

        }catch(Exception e){
        	String msg = intres.getLocalizedMessage("caadmin.errorrevoke", ca.getName());            	
        	getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_ERROR_CAREVOKED,msg,e);
        	throw new EJBException(e);
        }

    	String msg = intres.getLocalizedMessage("caadmin.revokedca", ca.getName(), new Integer(reason));            	
		getLogSession().log(admin, caid, LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EVENT_INFO_CAREVOKED,msg);
    } // revokeCA

    /**
     * Method that should be used when upgrading from EJBCA 3.1 to EJBCA 3.2, changes class name of 
     * nCipher HardToken HSMs after code re-structure.
     *
     * @param admin Administrator probably Admin.TYPE_CACOMMANDLINE_USER
     * @param caid id of CA to upgrade
     * 
     * @ejb.interface-method
     */
    public void upgradeFromOldCAHSMKeyStore(Admin admin, int caid){
        try{
            // check authorization
            if(admin.getAdminType() !=  Admin.TYPE_CACOMMANDLINE_USER)
              getAuthorizationSession().isAuthorizedNoLog(admin,"/super_administrator");

            CADataLocal cadata = cadatahome.findByPrimaryKey(new Integer(caid));
            CA ca = cadata.getCA();
            CAToken token = ca.getCAToken();
            CATokenInfo tokeninfo = token.getCATokenInfo();
            HardCATokenInfo htokeninfo = null;
            if (tokeninfo instanceof HardCATokenInfo) {
            	error("(this is not an error) Found hard token for ca with id: "+caid);
				htokeninfo = (HardCATokenInfo)tokeninfo;	
			} else {
            	error("(this is not an error) No need to update soft token for ca with id: "+caid);
			}
            if (htokeninfo != null) {
            	String oldtoken = htokeninfo.getClassPath();
            	if (oldtoken.equals("se.anatom.ejbca.ca.caadmin.hardcatokens.NFastCAToken") 
            			|| oldtoken.equals("se.primeKey.caToken.nFast.NFastCAToken")) {
            		htokeninfo.setClassPath("org.ejbca.core.model.ca.catoken.NFastCAToken");
                	error("(this is not an error) Updated catoken classpath ("+oldtoken+") for ca with id: "+caid);
            		token.updateCATokenInfo(htokeninfo);
            		ca.setCAToken(token);
            		cadata.setCA(ca);
            	} else {
                	error("(this is not an error) No need to update catoken classpath ("+oldtoken+") for ca with id: "+caid);            		
            	}
            }            
        }catch(Exception e){
        	error("An error occured when trying to upgrade hard token classpath: ", e);
            getLogSession().log(admin, admin.getCaId(), LogEntry.MODULE_CA,  new java.util.Date(), null, null, LogEntry.EV