localuseradminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

    /**
     * The local interface of the authorization session bean
     */
    private IKeyRecoverySessionLocal keyrecoverysession;
    
    /**
     * The local interface of the caadmin session bean
     */
    private ICAAdminSessionLocal caadminsession;
    
    /**
     * The local interface of the approval session bean
     */
    private IApprovalSessionLocal approvalsession;

    /**
     * The remote interface of the log session bean
     */
    private ILogSessionLocal logsession;

    private UserDataLocalHome home = null;
    /**
     * Columns in the database used in select
     */
    private static final String USERDATA_COL = "username, subjectDN, subjectAltName, subjectEmail, status, type, clearpassword, timeCreated, timeModified, endEntityprofileId, certificateProfileId, tokenType, hardTokenIssuerId, cAId, extendedInformationData";

    /**
     * Default create for SessionBean.
     *
     * @throws CreateException if bean instance can't be created
     * @see org.ejbca.core.model.log.Admin
     */
    public void ejbCreate() throws CreateException {
        try {
            home = (UserDataLocalHome) getLocator().getLocalHome(UserDataLocalHome.COMP_NAME);

            ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) getLocator().getLocalHome(ILogSessionLocalHome.COMP_NAME);
            logsession = logsessionhome.create();

            IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) getLocator().getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME);
            authorizationsession = authorizationsessionhome.create();

            IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) getLocator().getLocalHome(IRaAdminSessionLocalHome.COMP_NAME);
            raadminsession = raadminsessionhome.create();

            ICertificateStoreSessionLocalHome certificatesessionhome = (ICertificateStoreSessionLocalHome) getLocator().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
            certificatesession = certificatesessionhome.create();
            
            
            ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) getLocator().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
            caadminsession = caadminsessionhome.create();
            

        } catch (Exception e) {
            error("Error creating session bean:", e);
            throw new EJBException(e);
        }

    }
    
    private IApprovalSessionLocal getApprovalSession(){
      if(approvalsession == null){
          try {
            IApprovalSessionLocalHome approvalsessionhome = (IApprovalSessionLocalHome) getLocator().getLocalHome(IApprovalSessionLocalHome.COMP_NAME);
			approvalsession = approvalsessionhome.create();
		} catch (CreateException e) {
			throw new EJBException(e);
		}  
      }
      return approvalsession;
    }

    private IKeyRecoverySessionLocal getKeyRecoverySession(){
        if(keyrecoverysession == null){
            try {
            	IKeyRecoverySessionLocalHome keyrecoverysessionhome = (IKeyRecoverySessionLocalHome) getLocator().getLocalHome(IKeyRecoverySessionLocalHome.COMP_NAME);
                keyrecoverysession = keyrecoverysessionhome.create();
  		} catch (CreateException e) {
  			throw new EJBException(e);
  		}  
        }
        return keyrecoverysession;
      }

    
    /**
     * Gets the Global Configuration from ra admin session bean-
     */
    private GlobalConfiguration getGlobalConfiguration(Admin admin) {
        return raadminsession.loadGlobalConfiguration(admin);
    }

    private boolean authorizedToCA(Admin admin, int caid) {
        boolean returnval = false;
        try {
            returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.CAPREFIX + caid);
        } catch (AuthorizationDeniedException e) {
        }
        return returnval;
    }

    private boolean authorizedToEndEntityProfile(Admin admin, int profileid, String rights) {
        boolean returnval = false;
        try {
            if (profileid == SecConst.EMPTY_ENDENTITYPROFILE && (rights.equals(AvailableAccessRules.CREATE_RIGHTS) || rights.equals(AvailableAccessRules.EDIT_RIGHTS)))
                returnval = authorizationsession.isAuthorizedNoLog(admin, "/super_administrator");
            else
                returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + rights) &&
                            authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_RAFUNCTIONALITY + rights);
        } catch (AuthorizationDeniedException e) {
        }
        return returnval;
    }


    /**
     * Implements IUserAdminSession::addUser.
     * Implements a mechanism that uses UserDataEntity Bean.
     * 
     * Important, this method is old and shouldn't be used, user addUser(..UserDataVO...) instead.
     *
     * @param admin                 the administrator pwrforming the action
     * @param username              the unique username.
     * @param password              the password used for authentication.
     * @param subjectdn             the DN the subject is given in his certificate.
     * @param subjectaltname        the Subject Alternative Name to be used.
     * @param email                 the email of the subject or null.
     * @param clearpwd              true if the password will be stored in clear form in the db, otherwise it is
     *                              hashed.
     * @param endentityprofileid    the id number of the end entity profile bound to this user.
     * @param certificateprofileid  the id number of the certificate profile that should be
     *                              generated for the user.
     * @param type                  of user i.e administrator, keyrecoverable and/or sendnotification, from SecConst.USER_XX.
     * @param tokentype             the type of token to be generated, one of SecConst.TOKEN constants
     * @param hardwaretokenissuerid , if token should be hard, the id of the hard token issuer,
     *                              else 0.
     * @param caid					the CA the user should be issued from.
     * @throws WaitingForApprovalException 
     * @throws ApprovalException 
     * @ejb.interface-method
     */
    public void addUser(Admin admin, String username, String password, String subjectdn, String subjectaltname, String email, boolean clearpwd, int endentityprofileid, int certificateprofileid,
                        int type, int tokentype, int hardwaretokenissuerid, int caid)
            throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, DuplicateKeyException, ApprovalException, WaitingForApprovalException {
    	
    	UserDataVO userdata = new UserDataVO(username, subjectdn, caid, subjectaltname, 
    			                             email, UserDataConstants.STATUS_NEW, type, endentityprofileid, certificateprofileid,
    			                             null,null, tokentype, hardwaretokenissuerid, null);
    	userdata.setPassword(password);
    	addUser(admin, userdata, clearpwd);
    }

	private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_ADDUSER = {
		new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.AddEndEntityApprovalRequest",null),
	};
	
    /**
     * Implements IUserAdminSession::addUser.
     * Implements a mechanism that uses UserDataEntity Bean. 
     *
     * @param admin                 the administrator pwrforming the action
     * @param userdata 	            a UserDataVO object, the fields status, timecreated and timemodified will not be used.
     * @param clearpwd              true if the password will be stored in clear form in the db, otherwise it is
     *                              hashed.
     * @throws AuthorizationDeniedException if administrator isn't authorized to add user
     * @throws UserDoesntFullfillEndEntityProfile if data doesn't fullfil requirements of end entity profile 
     * @throws DuplicateKeyException if user already exists
     * @throws ApprovalException if an approval already is waiting for specified action 
     * @throws WaitingForApprovalException if approval is required and the action have been added in the approval queue.  
     * 
     * @ejb.interface-method
     */
    public void addUser(Admin admin, UserDataVO userdata, boolean clearpwd) throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, DuplicateKeyException, ApprovalException, WaitingForApprovalException {
        // String used in SQL so strip it
        String dn = CertTools.stringToBCDNString(userdata.getDN());
        dn = StringTools.strip(dn);
    	String altName = StringTools.strip(userdata.getSubjectAltName());
    	String username = StringTools.strip(userdata.getUsername());
    	String email = StringTools.strip(userdata.getEmail());
    	userdata.setUsername(username);
    	userdata.setDN(dn);
    	userdata.setSubjectAltName(altName);
    	userdata.setEmail(email);
        int type = userdata.getType();
        String newpassword = userdata.getPassword();
        debug(">addUser(" + userdata.getUsername() + ", password, " + dn + ", "+ userdata.getDN() + ", " + userdata.getSubjectAltName()+", "+userdata.getEmail() + ")");
        int profileId = userdata.getEndEntityProfileId();
        String profileName = raadminsession.getEndEntityProfileName(admin, profileId);
        EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, profileId);

        if (profile.useAutoGeneratedPasswd() && userdata.getPassword() == null) {
            // special case used to signal regeneraton of password
            newpassword = profile.getAutoGeneratedPasswd();
        }


        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if user fulfills it's profile.
            try {
                profile.doesUserFullfillEndEntityProfile(userdata.getUsername(), userdata.getPassword(), dn, userdata.getSubjectAltName(), userdata.getExtendedinformation().getSubjectDirectoryAttributes(), userdata.getEmail(), userdata.getCertificateProfileId(), clearpwd,
                        (type & SecConst.USER_ADMINISTRATOR) != 0, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0,
                        userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getCAId());
            } catch (UserDoesntFullfillEndEntityProfile udfp) {
                String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", profileName, dn, udfp.getMessage());            	
                logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg);
                throw new UserDoesntFullfillEndEntityProfile(udfp.getMessage());
            }

            // Check if administrator is authorized to add user.
            if (!authorizedToEndEntityProfile(admin, userdata.getEndEntityProfileId(), AvailableAccessRules.CREATE_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", profileName);            	
                logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        // Check if administrator is authorized to add user to CA.
        if (!authorizedToCA(admin, userdata.getCAId())) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(userdata.getCAId()));            	
            logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        // Check if approvals is required.
        int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, userdata.getCAId());
        AddEndEntityApprovalRequest ar = new AddEndEntityApprovalRequest(userdata,clearpwd,admin,null,numOfApprovalsRequired,userdata.getCAId(),userdata.getEndEntityProfileId());
        if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_ADDUSER)) {       		    		
        	getApprovalSession().addApprovalRequest(admin, ar);
            String msg = intres.getLocalizedMessage("ra.approvalad");            	
        	throw new WaitingForApprovalException(msg);
        }
        
        try {
            UserDataLocal data1 = home.create(userdata.getUsername(), newpassword, dn, userdata.getCAId());
            if (userdata.getSubjectAltName() != null)
                data1.setSubjectAltName(userdata.getSubjectAltName());

            if (userdata.getEmail() != null)
                data1.setSubjectEmail(userdata.getEmail());

            data1.setType(type);
            data1.setEndEntityProfileId(userdata.getEndEntityProfileId());
            data1.setCertificateProfileId(userdata.getCertificateProfileId());
            data1.setTokenType(userdata.getTokenType());
            data1.setHardTokenIssuerId(userdata.getHardTokenIssuerId());
            data1.setExtendedInformation(userdata.getExtendedinformation());

            if (clearpwd) {
                try {