📄 localkeyrecoverysessionbean.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/package org.ejbca.core.ejb.keyrecovery;import java.security.KeyPair;import java.security.cert.X509Certificate;import java.util.Collection;import java.util.Iterator;import javax.ejb.CreateException;import javax.ejb.EJBException;import javax.ejb.FinderException;import org.ejbca.core.ejb.BaseSessionBean;import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome;import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;import org.ejbca.core.ejb.log.ILogSessionLocal;import org.ejbca.core.ejb.log.ILogSessionLocalHome;import org.ejbca.core.ejb.ra.IUserAdminSessionLocal;import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome;import org.ejbca.core.ejb.approval.IApprovalSessionLocal;import org.ejbca.core.ejb.approval.IApprovalSessionLocalHome;import org.ejbca.core.model.InternalResources;import org.ejbca.core.model.approval.ApprovalException;import org.ejbca.core.model.approval.ApprovalExecutorUtil;import org.ejbca.core.model.approval.ApprovalOveradableClassName;import org.ejbca.core.model.approval.WaitingForApprovalException;import org.ejbca.core.model.approval.approvalrequests.KeyRecoveryApprovalRequest;import org.ejbca.core.model.authorization.AuthorizationDeniedException;import org.ejbca.core.model.authorization.AvailableAccessRules;import org.ejbca.core.model.ca.caadmin.CAInfo;import org.ejbca.core.model.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceRequest;import org.ejbca.core.model.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceResponse;import org.ejbca.core.model.keyrecovery.KeyRecoveryData;import org.ejbca.core.model.log.Admin;import org.ejbca.core.model.log.LogEntry;import org.ejbca.core.model.ra.UserDataConstants;import org.ejbca.util.CertTools;/** * Stores key recovery data. Uses JNDI name for datasource as defined in env 'Datasource' in * ejb-jar.xml. * * @version $Id: LocalKeyRecoverySessionBean.java,v 1.10 2006/12/13 10:33:10 anatom Exp $ * * @ejb.bean * display-name="Stores key recovery data" * name="KeyRecoverySession" * jndi-name="KeyRecoverySession" * local-jndi-name="KeyRecoverySessionLocal" * view-type="both" * type="Stateless" * transaction-type="Container" * * @ejb.transaction type="Required" * * @weblogic.enable-call-by-reference True * * @ejb.env-entry description="JDBC datasource to be used" * name="DataSource" * type="java.lang.String" * value="${datasource.jndi-name-prefix}${datasource.jndi-name}" * * @ejb.ejb-external-ref * description="The key recovery data entity bean" * view-type="local" * ref-name="ejb/KeyRecoveryDataLocal" * type="Entity" * home="org.ejbca.core.ejb.keyrecovery.KeyRecoveryDataLocalHome" * business="org.ejbca.core.ejb.keyrecovery.KeyRecoveryDataLocal" * link="KeyRecoveryData" * * @ejb.ejb-external-ref * description="The Sign Session Bean" * view-type="local" * ref-name="ejb/RSASignSessionLocal" * type="Session" * home="org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome" * business="org.ejbca.core.ejb.ca.sign.ISignSessionLocal" * link="RSASignSession" * * @ejb.ejb-external-ref * description="The Certificate Store session bean" * view-type="local" * ref-name="ejb/CertificateStoreSessionLocal" * type="Session" * home="org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome" * business="org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal" * link="CertificateStoreSession" * * @ejb.ejb-external-ref description="The CAAdmin Session Bean" * view-type="local" * ref-name="ejb/CAAdminSessionLocal" * type="Session" * home="org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome" * business="org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal" * link="CAAdminSession" * * @ejb.ejb-external-ref * description="The User Admin session bean" * view-type="local" * ref-name="ejb/UserAdminSessionLocal" * type="Session" * home="org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome" * business="org.ejbca.core.ejb.ra.IUserAdminSessionLocal" * link="UserAdminSession" * * @ejb.ejb-external-ref description="The Approval Session Bean" * view-type="local" * ref-name="ejb/ApprovalSessionLocal" * type="Session" * home="org.ejbca.core.ejb.approval.IApprovalSessionLocalHome" * business="org.ejbca.core.ejb.approval.IApprovalSessionLocal" * link="ApprovalSession" * * @ejb.ejb-external-ref * description="The Authorization session bean" * view-type="local" * ref-name="ejb/AuthorizationSessionLocal" * type="Session" * home="org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome" * business="org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal" * link="AuthorizationSession" * * @ejb.ejb-external-ref * description="The log session bean" * view-type="local" * ref-name="ejb/LogSessionLocal" * type="Session" * home="org.ejbca.core.ejb.log.ILogSessionLocalHome" * business="org.ejbca.core.ejb.log.ILogSessionLocal" * link="LogSession" * * @ejb.home * extends="javax.ejb.EJBHome" * local-extends="javax.ejb.EJBLocalHome" * local-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocalHome" * remote-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionHome" * * @ejb.interface * extends="javax.ejb.EJBObject" * local-extends="javax.ejb.EJBLocalObject" * local-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocal" * remote-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionRemote" * * @jonas.bean * ejb-name="KeyRecoverySession" * */public class LocalKeyRecoverySessionBean extends BaseSessionBean { /** Internal localization of logs and errors */ private static final InternalResources intres = InternalResources.getInstance(); /** The local home interface of hard token issuer entity bean. */ private KeyRecoveryDataLocalHome keyrecoverydatahome = null; /** The local interface of sign session bean */ private ISignSessionLocal signsession = null; /** The local interface of certificate store session bean */ private ICertificateStoreSessionLocal certificatestoresession = null; /** The local interface of the caadmin session bean*/ private ICAAdminSessionLocal caadminsession = null; /** The local interface of the approval session bean*/ private IApprovalSessionLocal approvalsession = null; /** The local interface of the useradmin session bean*/ private IUserAdminSessionLocal useradminsession = null; /** The local interface of log session bean */ private ILogSessionLocal logsession = null; /** The local interface of authorization session bean */ private IAuthorizationSessionLocal authorizationsession; /** * Method checking the following authorizations: * * If /superadmin -> true * * Other must have both * AvailableAccessRules. * /ra_functionality/keyrecovery * and /endentityprofilesrules/<endentityprofile>/ keyrecovery * * * @param admin * @param profileid end entity profile * @return true if the admin is authorized to keyrecover * @throws AuthorizationDeniedException if administrator isn't authorized. */ private boolean authorizedToKeyRecover(Admin admin, int profileid) throws AuthorizationDeniedException{ boolean returnval = false; try{ authorizationsession.isAuthorizedNoLog(admin, "/super_administrator"); returnval = true; }catch(AuthorizationDeniedException e){} if(admin.getAdminType() == Admin.TYPE_PUBLIC_WEB_USER){ returnval = true; // Special Case, public web use should be able to key recover } if(!returnval){ returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + AvailableAccessRules.KEYRECOVERY_RIGHTS) && authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_KEYRECOVERY); } return returnval; } /** * Help method that checks the CA data config if specified action * requires approvals and how many * @param action one of CAInfo.REQ_APPROVAL_ constants * @param caid of the ca to check * @return 0 of no approvals is required othervise the number of approvals */ private int getNumOfApprovalRequired(Admin admin,int action, int caid) { CAInfo cainfo = caadminsession.getCAInfo(admin, caid); return ApprovalExecutorUtil.getNumOfApprovalRequired(action, cainfo); } private IUserAdminSessionLocal getUserAdminSession(){ if(useradminsession == null){ try { IUserAdminSessionLocalHome useradminhome = (IUserAdminSessionLocalHome) getLocator().getLocalHome(IUserAdminSessionLocalHome.COMP_NAME); useradminsession = useradminhome.create(); } catch (CreateException e) { throw new EJBException(e); } } return useradminsession; } /**⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -