localuseradminsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        CertificateProfile prof = this.certificatesession.getCertificateProfile(admin, data.getCertificateProfileId());
        Collection publishers;
        if (prof == null) {
            publishers = new ArrayList();
        } else {
            publishers = prof.getPublisherList();
        }
        String actionMessage = "ra.revokedentity";
        try {
        	if ( reason == RevokedCertInfo.NOT_REVOKED ) {
    			setUserStatus(admin, username, UserDataConstants.STATUS_GENERATED);
    			actionMessage = "ra.unrevokedentity";
        	} else {
    			setUserStatus(admin, username, UserDataConstants.STATUS_REVOKED);
        	}
		} catch (ApprovalException e) {
			throw new EJBException("This should never happen",e);
		} catch (WaitingForApprovalException e) {
			throw new EJBException("This should never happen",e);
		}
        certificatesession.setRevokeStatus(admin, username, publishers, reason);	// Revoke/unrevoke all possible user certificates
        String msg = intres.getLocalizedMessage(actionMessage, username);            	
        logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_INFO_REVOKEDENDENTITY, msg);
        debug("<revokeUser()");
    } // revokeUser

    /**
     * Method that revokes a certificate.
     *
     * @param admin the adminsitrator performing the action
     * @param certserno the serno of certificate to revoke.
     * @param username  the username to revoke.
     * @param reason    the reason of revokation, one of the RevokedCertInfo.XX constants.
     * @ejb.interface-method
     */
    public void revokeCert(Admin admin, BigInteger certserno, String issuerdn, String username, int reason) throws AuthorizationDeniedException, FinderException {
        debug(">revokeCert(" + certserno + ", IssuerDN: " + issuerdn + ", username, " + username + ")");
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data;
        try {
            data = home.findByPrimaryKey(pk);
        } catch (ObjectNotFoundException oe) {
            throw new FinderException(oe.getMessage()+": username");
        }
        // Check that the user have revokation rigths.
        authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_REVOKEENDENTITY);

        int caid = data.getCaId();
        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }
        // Check that unrevocation is not done on anything that can not be unrevoked
        if (reason == RevokedCertInfo.NOT_REVOKED) {
            RevokedCertInfo revinfo = certificatesession.isRevoked(admin, issuerdn, certserno);        
            if ( (revinfo == null) || (revinfo != null && revinfo.getReason() != RevokedCertInfo.REVOKATION_REASON_CERTIFICATEHOLD) ) {
                String msg = intres.getLocalizedMessage("ra.errorunrevokenotonhold", issuerdn, certserno.toString(16));            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }            
        }
        CertificateProfile prof = this.certificatesession.getCertificateProfile(admin, data.getCertificateProfileId());
        Collection publishers;
        if (prof == null) {
            publishers = new ArrayList();
        } else {
            publishers = prof.getPublisherList();
        }
        // revoke certificate in database and all publishers
        certificatesession.setRevokeStatus(admin, issuerdn, certserno, publishers, reason);
        
        // Reset the revocation code identifier used in XKMS
        ExtendedInformation inf = data.getExtendedInformation();
        if (inf != null) {
            inf.setRevocationCodeIdentifier(null);        	
        }
        
        if (certificatesession.checkIfAllRevoked(admin, username)) {
            try {
    			setUserStatus(admin, username, UserDataConstants.STATUS_REVOKED);
    		} catch (ApprovalException e) {
    			throw new EJBException("This should never happen",e);
    		} catch (WaitingForApprovalException e) {
    			throw new EJBException("This should never happen",e);
    		}
            String msg = intres.getLocalizedMessage("ra.revokedentitycert", issuerdn, certserno.toString(16));            	
            logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), username, null, LogEntry.EVENT_INFO_REVOKEDENDENTITY, msg);
        } else if (reason == RevokedCertInfo.NOT_REVOKED) {
            // Don't change status if it is already the same
            if (data.getStatus() != UserDataConstants.STATUS_GENERATED) {
                try {
                    setUserStatus(admin, username, UserDataConstants.STATUS_GENERATED);                   
                } catch (ApprovalException e) {
                    throw new EJBException("This should never happen",e);
                } catch (WaitingForApprovalException e) {
                    throw new EJBException("This should never happen",e);
                }
            }
        }
        debug("<revokeCert()");
    } // revokeCert

    /** 
     * Reactivates the certificate with certificate serno.
     *
     * @param admin the adminsitrator performing the action
     * @param certserno serial number of certificate to reactivate.
     * @param issuerdn the issuerdn of certificate to reactivate.
     * @param username the username joined to the certificate.
     * @ejb.interface-method
     */
    public void unRevokeCert(Admin admin, BigInteger certserno, String issuerdn, String username) throws AuthorizationDeniedException, FinderException {
        log.debug(">unrevokeCert()");
        revokeCert(admin, certserno, issuerdn, username, RevokedCertInfo.NOT_REVOKED);
        log.debug("<unrevokeCert()");
    }
    
    /**
     * Finds a user.
     *
     * @param admin the administrator performing the action
     * @param username username.
     * @return UserDataVO or null if the user is not found.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public UserDataVO findUser(Admin admin, String username) throws FinderException, AuthorizationDeniedException {
        debug(">findUser(" + username + ")");
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data;
        try {
            data = home.findByPrimaryKey(pk);
        } catch (ObjectNotFoundException oe) {
            return null;
        }

        if (!authorizedToCA(admin, data.getCaId())) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(data.getCaId()));
            throw new AuthorizationDeniedException(msg);
        }

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if administrator is authorized to view user.
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)){
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));
                throw new AuthorizationDeniedException(msg);            	
            }
        }

        UserDataVO ret = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(), data.getStatus()
                , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId()
                , new java.util.Date(data.getTimeCreated()), new java.util.Date(data.getTimeModified())
                , data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation());
        ret.setPassword(data.getClearPassword());
        debug("<findUser(" + username + ")");
        return ret;
    } // findUser

    /**
     * Finds a user by its subject and issuer DN.
     *
     * @param admin
     * @param subjectdn
     * @param issuerdn
     * @return UserDataVO or null if the user is not found.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public UserDataVO findUserBySubjectAndIssuerDN(Admin admin, String subjectdn, String issuerdn) throws AuthorizationDeniedException {
        debug(">findUserBySubjectAndIssuerDN(" + subjectdn + ", "+issuerdn+")");
        String bcdn = CertTools.stringToBCDNString(subjectdn);
        // String used in SQL so strip it
        String dn = StringTools.strip(bcdn);
        debug("Looking for users with subjectdn: " + dn + ", issuerdn : " + issuerdn);
        UserDataVO returnval = null;

        UserDataLocal data = null;

        try {
            data = home.findBySubjectDNAndCAId(dn, issuerdn.hashCode());
        } catch (FinderException e) {
            log.debug("Cannot find user with DN='" + dn + "'");
        }
        returnval = returnUserDataVO(admin, returnval, data);
        debug("<findUserBySubjectAndIssuerDN(" + subjectdn + ", "+issuerdn+")");
        return returnval;
    } // findUserBySubjectDN

    /**
     * Finds a user by its subject DN.
     *
     * @param admin
     * @param subjectdn
     * @return UserDataVO or null if the user is not found.
     * @ejb.interface-method
     * @ejb.transaction type="Supports"
     */
    public UserDataVO findUserBySubjectDN(Admin admin, String subjectdn) throws AuthorizationDeniedException {
        debug(">findUserBySubjectDN(" + subjectdn + ")");
        String bcdn = CertTools.stringToBCDNString(subjectdn);
        // String used in SQL so strip it
        String dn = StringTools.strip(bcdn);
        debug("Looking for users with subjectdn: " + dn);
        UserDataVO returnval = null;

        UserDataLocal data = null;

        try {
            data = home.findBySubjectDN(dn);
        } catch (FinderException e) {
            log.debug("Cannot find user with DN='" + dn + "'");
        }
        returnval = returnUserDataVO(admin, returnval, data);
        debug("<findUserBySubjectDN(" + subjectdn + ")");
        return returnval;
    } // findUserBySubjectDN

	private UserDataVO returnUserDataVO(Admin admin, UserDataVO returnval, UserDataLocal data) throws AuthorizationDeniedException {
		if (data != null) {
        	if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
        		// Check if administrator is authorized to view user.
        		if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)) {
                    String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));
        			throw new AuthorizationDeniedException(msg);
        		}
        	}

            if (!authorizedToCA(admin, data.getCaId())) {
                String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(data.getCaId()));
                throw new AuthorizationDeniedException(msg);
            }

            returnval = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSub