localuseradminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

                    logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg);
                    throw new AuthorizationDeniedException(msg);
                }
            }
        } catch (FinderException e) {
            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg);
            throw new NotFoundException(msg);
        }
        try {
            UserDataPK pk = new UserDataPK(username);
            home.remove(pk);
            String msg = intres.getLocalizedMessage("ra.removedentity", username);            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_INFO_DELETEDENDENTITY, msg);
        } catch (EJBException e) {
            String msg = intres.getLocalizedMessage("ra.errorremoveentity", username);            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg);
            throw new RemoveException(msg);
        }
        debug("<deleteUser(" + username + ")");
    } // deleteUser

	private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_SETUSERSTATUS = {
		new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.ChangeStatusEndEntityApprovalRequest",null),
		new ApprovalOveradableClassName("org.ejbca.core.ejb.ra.LocalUserAdminSessionBean","revokeUser"),
		new ApprovalOveradableClassName("org.ejbca.core.ejb.ra.LocalUserAdminSessionBean","revokeCert"),
		new ApprovalOveradableClassName("org.ejbca.ui.web.admin.rainterface.RAInterfaceBean","unrevokeCert"),
		new ApprovalOveradableClassName("org.ejbca.ui.web.admin.rainterface.RAInterfaceBean","markForRecovery"),
		new ApprovalOveradableClassName("org.ejbca.extra.caservice.ExtRACAProcess","processExtRARevocationRequest"),
		new ApprovalOveradableClassName("se.primeKey.cardPersonalization.ra.connection.ejbca.EjbcaConnection",null)
	};
    
    /**
     * Changes status of a user.
     *
     * @param username the unique username.
     * @param status   the new status, from 'UserData'.
     * @param approvalflag approvalflag that indicates if approvals should be used or not
     * @throws ApprovalException if an approval already is waiting for specified action 
     * @throws WaitingForApprovalException if approval is required and the action have been added in the approval queue.
     * @ejb.interface-method
     */
    public void setUserStatus(Admin admin, String username, int status) throws AuthorizationDeniedException, FinderException, ApprovalException, WaitingForApprovalException {
        debug(">setUserStatus(" + username + ", " + status + ")");
        // Check if administrator is authorized to edit user.
        int caid = LogConstants.INTERNALCAID;
        try {
            UserDataPK pk = new UserDataPK(username);
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            caid = data1.getCaId();

            if (!authorizedToCA(admin, caid)) {
                String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }


            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
                if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                    String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data1.getEndEntityProfileId()));            	
                    logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                    throw new AuthorizationDeniedException(msg);
                }
            }
            
            // Check if approvals is required.
            int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, caid);
            ChangeStatusEndEntityApprovalRequest ar = new ChangeStatusEndEntityApprovalRequest(username, data1.getStatus(), status ,  admin,null,numOfApprovalsRequired,data1.getCaId(),data1.getEndEntityProfileId());
            if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_SETUSERSTATUS)){       		    		
            	getApprovalSession().addApprovalRequest(admin, ar);
	            String msg = intres.getLocalizedMessage("ra.approvaledit");            	
            	throw new WaitingForApprovalException(msg);
            }  
            
            if(data1.getStatus() == UserDataConstants.STATUS_KEYRECOVERY && !(status == UserDataConstants.STATUS_KEYRECOVERY || status == UserDataConstants.STATUS_INPROCESS || status == UserDataConstants.STATUS_INITIALIZED)){
                getKeyRecoverySession().unmarkUser(admin,username);	
            }
            
            data1.setStatus(status);
            data1.setTimeModified((new java.util.Date()).getTime());
            String msg = intres.getLocalizedMessage("ra.editedentitystatus", username, new Integer(status));            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg);
        } catch (FinderException e) {
            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw e;
        }

        debug("<setUserStatus(" + username + ", " + status + ")");
    } // setUserStatus
    

    /**
     * Sets a new password for a user.
     *
     * @param admin    the administrator pwrforming the action
     * @param username the unique username.
     * @param password the new password for the user, NOT null.
     * @ejb.interface-method
     */
    public void setPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        setPassword(admin, username, password, false);
    } // setPassword

    /**
     * Sets a clear text password for a user.
     *
     * @param admin    the administrator pwrforming the action
     * @param username the unique username.
     * @param password the new password to be stored in clear text. Setting password to 'null'
     *                 effectively deletes any previous clear text password.
     * @ejb.interface-method
     */
    public void setClearTextPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        setPassword(admin, username, password, true);
    } // setClearTextPassword

    /**
     * Sets a password, hashed or clear text, for a user.
     *
     * @param admin     the administrator pwrforming the action
     * @param username  the unique username.
     * @param password  the new password to be stored in clear text. Setting password to 'null'
     *                  effectively deletes any previous clear text password.
     * @param cleartext true gives cleartext password, false hashed
     */
    private void setPassword(Admin admin, String username, String password, boolean cleartext) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        debug(">setPassword(" + username + ", hiddenpwd), " + cleartext);
        // Find user
        String newpasswd = password;
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data = home.findByPrimaryKey(pk);
        int caid = data.getCaId();
        String dn = data.getSubjectDN();

        EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, data.getEndEntityProfileId());

        if (profile.useAutoGeneratedPasswd())
            newpasswd = profile.getAutoGeneratedPasswd();

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if user fulfills it's profile.
            try {
                profile.doesPasswordFulfillEndEntityProfile(password, true);
            } catch (UserDoesntFullfillEndEntityProfile ufe) {
                String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", new Integer(data.getEndEntityProfileId()), dn, ufe.getMessage());            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw ufe;
            }

            // Check if administrator is authorized to edit user.
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        try {
            if ((newpasswd == null) && (cleartext)) {
                data.setClearPassword("");
                data.setTimeModified((new java.util.Date()).getTime());
            } else {
                if (cleartext) {
                    data.setOpenPassword(newpasswd);
                } else {
                    data.setPassword(newpasswd);
                }
                data.setTimeModified((new java.util.Date()).getTime());
            }
            String msg = intres.getLocalizedMessage("ra.editpwdentity", username);            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg);
        } catch (java.security.NoSuchAlgorithmException nsae) {
            error("NoSuchAlgorithmException while setting password for user " + username);
            throw new EJBException(nsae);
        }
        debug("<setPassword(" + username + ", hiddenpwd), " + cleartext);
    } // setPassword

    /**
     * Verifies a password for a user.
     *
     * @param admin    the administrator pwrforming the action
     * @param username the unique username.
     * @param password the password to be verified.
     * @ejb.interface-method
     */
    public boolean verifyPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        debug(">verifyPassword(" + username + ", hiddenpwd)");
        boolean ret = false;
        // Find user
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data = home.findByPrimaryKey(pk);
        int caid = data.getCaId();

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if administrator is authorized to edit user.
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        try {
            ret = data.comparePassword(password);
        } catch (java.security.NoSuchAlgorithmException nsae) {
            debug("NoSuchAlgorithmException while verifying password for user " + username);
            throw new EJBException(nsae);
        }
        debug("<verifyPassword(" + username + ", hiddenpwd)");
        return ret;
    } // verifyPassword

    /**
     * Method that revokes a user.
     *
     * @param username the username to revoke.
     * @ejb.interface-method
     */
    public void revokeUser(Admin admin, String username, int reason) throws AuthorizationDeniedException, FinderException {
        debug(">revokeUser(" + username + ")");
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data;
        try {
            data = home.findByPrimaryKey(pk);
        } catch (ObjectNotFoundException oe) {
            throw new EJBException(oe);
        }

        int caid = data.getCaId();
        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }