localuseradminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

                    if (newpassword == null) {
                        data1.setClearPassword("");
                    } else {
                        data1.setOpenPassword(newpassword);
                    }
                } catch (java.security.NoSuchAlgorithmException nsae) {
                    debug("NoSuchAlgorithmException while setting password for user " + userdata.getUsername());
                    throw new EJBException(nsae);
                }
            }
            if ((type & SecConst.USER_SENDNOTIFICATION) != 0) {
                sendNotification(admin, profile, userdata.getUsername(), newpassword, dn, userdata.getEmail(), userdata.getCAId());
            }
            if ((type & SecConst.USER_PRINT) != 0) {
            	print(admin,profile,userdata);
            }
            String msg = intres.getLocalizedMessage("ra.addedentity", userdata.getUsername());            	
            logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_INFO_ADDEDENDENTITY, msg);

        } catch (DuplicateKeyException e) {
            String msg = intres.getLocalizedMessage("ra.errorentityexist", userdata.getUsername());            	
            logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg);
            throw e;
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("ra.erroraddentity", userdata.getUsername());            	
            logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg, e);
            error(msg, e);
            throw new EJBException(e);
        }

        debug("<addUser(" + userdata.getUsername() + ", password, " + dn + ", " + userdata.getEmail() + ")");
    } // addUser

    /**
     * Help method that checks the CA data config if specified action 
     * requires approvals and how many
     * @param action one of CAInfo.REQ_APPROVAL_ constants
     * @param caid of the ca to check
     * @return 0 of no approvals is required othervise the number of approvals
     */
    private int getNumOfApprovalRequired(Admin admin,int action, int caid) {
    	CAInfo cainfo = caadminsession.getCAInfo(admin, caid);
    	return ApprovalExecutorUtil.getNumOfApprovalRequired(action, cainfo);    	
	}

	/**
     * Changes data for a user in the database speciefied by username.
     * 
     * Important, this method is old and shouldn't be used, user changeUser(..UserDataVO...) instead.
     *
     * @param username              the unique username.
     * @param password              the password used for authentication.*
     * @param subjectdn             the DN the subject is given in his certificate.
     * @param subjectaltname        the Subject Alternative Name to be used.
     * @param email                 the email of the subject or null.
     * @param endentityprofileid    the id number of the end entity profile bound to this user.
     * @param certificateprofileid  the id number of the certificate profile that should be generated for the user.
     * @param type                  of user i.e administrator, keyrecoverable and/or sendnotification
     * @param tokentype             the type of token to be generated, one of SecConst.TOKEN constants
     * @param hardwaretokenissuerid if token should be hard, the id of the hard token issuer, else 0.
     * @param status 				the status of the user, from UserDataConstants.STATUS_X
     * @param caid                  the id of the CA that should be used to issue the users certificate
     * 
     * @throws AuthorizationDeniedException if administrator isn't authorized to add user
     * @throws UserDoesntFullfillEndEntityProfile if data doesn't fullfil requirements of end entity profile 
     * @throws ApprovalException if an approval already is waiting for specified action 
     * @throws WaitingForApprovalException if approval is required and the action have been added in the approval queue.
     * @throws EJBException if a communication or other error occurs.
     * @ejb.interface-method
     */
    public void changeUser(Admin admin, String username, String password, String subjectdn, String subjectaltname, String email, boolean clearpwd, int endentityprofileid, int certificateprofileid,
            int type, int tokentype, int hardwaretokenissuerid, int status, int caid)
throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException {
    	UserDataVO userdata = new UserDataVO(username, subjectdn, caid, subjectaltname, 
                email, status, type, endentityprofileid, certificateprofileid,
                null,null, tokentype, hardwaretokenissuerid, null);
        
    	userdata.setPassword(password);
        changeUser(admin, userdata, clearpwd);    	
    }

	private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_CHANGEUSER = {
		new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.EditEndEntityApprovalRequest",null),
		new ApprovalOveradableClassName("se.primeKey.cardPersonalization.ra.connection.ejbca.EjbcaConnection",null)
	};

	/**
     * Implements IUserAdminSession::changeUser.. 
     *
     * @param admin                 the administrator performing the action
     * @param userdata 	            a UserDataVO object,  timecreated and timemodified will not be used.
     * @param clearpwd              true if the password will be stored in clear form in the db, otherwise it is
     *                              hashed.
     *                              
     * @throws AuthorizationDeniedException if administrator isn't authorized to add user
     * @throws UserDoesntFullfillEndEntityProfile if data doesn't fullfil requirements of end entity profile 
     * @throws ApprovalException if an approval already is waiting for specified action 
     * @throws WaitingForApprovalException if approval is required and the action have been added in the approval queue.

     * @ejb.interface-method
     */
    public void changeUser(Admin admin, UserDataVO userdata, boolean clearpwd)
            throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException {
        // String used in SQL so strip it
        String dn = CertTools.stringToBCDNString(userdata.getDN());
        dn = StringTools.strip(dn);
        String newpassword = userdata.getPassword();
        int type = userdata.getType();
        debug(">changeUser(" + userdata.getUsername() + ", " + dn + ", " + userdata.getEmail() + ")");
        int oldstatus;
        EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, userdata.getEndEntityProfileId());

        if (profile.useAutoGeneratedPasswd() && userdata.getPassword() != null) {
            // special case used to signal regeneraton of password
            newpassword = profile.getAutoGeneratedPasswd();
        }

        // Check if user fulfills it's profile.
        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            try {
                profile.doesUserFullfillEndEntityProfileWithoutPassword(userdata.getUsername(), dn, userdata.getSubjectAltName(), userdata.getExtendedinformation().getSubjectDirectoryAttributes(), userdata.getEmail(), userdata.getCertificateProfileId(),
                        (type & SecConst.USER_ADMINISTRATOR) != 0, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0,
                        userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getCAId());
            } catch (UserDoesntFullfillEndEntityProfile udfp) {
                String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", new Integer(userdata.getEndEntityProfileId()), dn, udfp.getMessage());            	
                logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw udfp;
            }
            // Check if administrator is authorized to edit user.
            if (!authorizedToEndEntityProfile(admin, userdata.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(userdata.getEndEntityProfileId()));            	
                logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        // Check if administrator is authorized to edit user to CA.
        if (!authorizedToCA(admin, userdata.getCAId())) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(userdata.getCAId()));            	
            logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }
        // Check if approvals is required.
        int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, userdata.getCAId());
        if (numOfApprovalsRequired > 0){
        	UserDataVO orguserdata;
			try {
				orguserdata = findUser(admin, userdata.getUsername());
			} catch (FinderException e) {
	            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", userdata.getUsername());            	
				throw new ApprovalException(msg);
			}        	        	
			EditEndEntityApprovalRequest ar = new EditEndEntityApprovalRequest(userdata, clearpwd, orguserdata, admin,null,numOfApprovalsRequired,userdata.getCAId(),userdata.getEndEntityProfileId());
			if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_CHANGEUSER)){       		    		
				getApprovalSession().addApprovalRequest(admin, ar);
	            String msg = intres.getLocalizedMessage("ra.approvaledit");            	
				throw new WaitingForApprovalException(msg);
			}

        }   
        
        
        try {
            UserDataPK pk = new UserDataPK(userdata.getUsername());
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            data1.setDN(dn);
            if (userdata.getSubjectAltName() != null)
                data1.setSubjectAltName(userdata.getSubjectAltName());
            if (userdata.getEmail() != null)
                data1.setSubjectEmail(userdata.getEmail());
            data1.setCaId(userdata.getCAId());
            data1.setType(type);
            data1.setEndEntityProfileId(userdata.getEndEntityProfileId());
            data1.setCertificateProfileId(userdata.getCertificateProfileId());
            data1.setTokenType(userdata.getTokenType());
            data1.setHardTokenIssuerId(userdata.getHardTokenIssuerId());
            data1.setExtendedInformation(userdata.getExtendedinformation());
            oldstatus = data1.getStatus();
            if(oldstatus == UserDataConstants.STATUS_KEYRECOVERY && !(userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INPROCESS)){
              getKeyRecoverySession().unmarkUser(admin,userdata.getUsername());	
            }
            data1.setStatus(userdata.getStatus());
            data1.setTimeModified((new java.util.Date()).getTime());

            if(newpassword != null){
                if(clearpwd) {
                    try {
                        data1.setOpenPassword(newpassword);
                    } catch (java.security.NoSuchAlgorithmException nsae) {
                        debug("NoSuchAlgorithmException while setting password for user "+userdata.getUsername());
                        throw new EJBException(nsae);
                    }
                } else {
                    data1.setPassword(newpassword);
                }
            }

            boolean statuschanged = userdata.getStatus() != oldstatus;
            // Send notification fi it should be sent. Should only be sent if new status is NEW, KEYRECOVERY or INITIALIZED, you don't send a notification to a user that has no use of the password
            if ((type & SecConst.USER_SENDNOTIFICATION) != 0 && (userdata.getStatus() == UserDataConstants.STATUS_NEW || userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INITIALIZED)) {

                sendNotification(admin, profile, userdata.getUsername(), newpassword, dn, userdata.getEmail(), userdata.getCAId());
            }
            // Only print stuff on a printer on the same conditions as for notifications, we also only print if the status changes, not for every time we press save
            if ((type & SecConst.USER_PRINT) != 0 && statuschanged && (userdata.getStatus() == UserDataConstants.STATUS_NEW || userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INITIALIZED)) {
            	print(admin,profile,userdata);
            }
            if (statuschanged) {
                String msg = intres.getLocalizedMessage("ra.editedentitystatus", userdata.getUsername(), new Integer(userdata.getStatus()));            	
                logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg );
            } else {
                String msg = intres.getLocalizedMessage("ra.editedentity", userdata.getUsername());            	
                logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg);
            }
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("ra.erroreditentity", userdata.getUsername());            	
            logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
            error("ChangeUser:", e);
            throw new EJBException(e);
        }
        debug("<changeUser(" + userdata.getUsername() + ", password, " + dn + ", " + userdata.getEmail() + ")");
    } // changeUser


    /**
     * Deletes a user from the database. The users certificates must be revoked BEFORE this method is called.
     *
     * @param username the unique username.
     * @throws NotFoundException if the user does not exist
     * @throws RemoveException   if the user could not be removed
     * @ejb.interface-method
     */
    public void deleteUser(Admin admin, String username) throws AuthorizationDeniedException, NotFoundException, RemoveException {
        debug(">deleteUser(" + username + ")");
        // Check if administrator is authorized to delete user.
        int caid = LogConstants.INTERNALCAID;
        try {
            UserDataPK pk = new UserDataPK(username);
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            caid = data1.getCaId();

            if (!authorizedToCA(admin, caid)) {
                String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }

            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
                if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.DELETE_RIGHTS)) {
                    String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data1.getEndEntityProfileId()));