localkeyrecoverysessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

     * Help method to check if approval of key recovery is required
     * @param admin 
     * @param certificate 
     * @param username 
     * @param userdata 
     * @param checkNewest 
     * @throws ApprovalException 
     * @throws WaitingForApprovalException 
     */
    private void checkIfApprovalRequired(Admin admin, X509Certificate certificate, String username, int endEntityProfileId, boolean checkNewest) throws ApprovalException, WaitingForApprovalException{    	
        final int caid = CertTools.getIssuerDN(certificate).hashCode();
    	
        // Check if approvals is required.
        int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_KEYRECOVER, caid );
        if (numOfApprovalsRequired > 0){    

			KeyRecoveryApprovalRequest ar = new KeyRecoveryApprovalRequest(certificate,username,checkNewest, admin,null,numOfApprovalsRequired,caid,endEntityProfileId);
			if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_KEYRECOVERY)){       		    		
				approvalsession.addApprovalRequest(admin, ar);
	            String msg = intres.getLocalizedMessage("keyrecovery.addedforapproval");            	
				throw new WaitingForApprovalException(msg);
			}

        } 
    }
    
    /**
     * Default create for SessionBean without any creation Arguments.
     *
     * @throws CreateException if bean instance can't be created
     */
    public void ejbCreate() throws CreateException {
        debug(">ejbCreate()");

        try {
            keyrecoverydatahome = (KeyRecoveryDataLocalHome) getLocator().getLocalHome(KeyRecoveryDataLocalHome.COMP_NAME);

            ILogSessionLocalHome logHome = (ILogSessionLocalHome) getLocator().getLocalHome(ILogSessionLocalHome.COMP_NAME);
            logsession = logHome.create();

            ICertificateStoreSessionLocalHome storeHome = (ICertificateStoreSessionLocalHome) getLocator().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
            certificatestoresession = storeHome.create();

            ISignSessionLocalHome signsessionhome = (ISignSessionLocalHome) getLocator().getLocalHome(ISignSessionLocalHome.COMP_NAME);
            signsession = signsessionhome.create();
            
            IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) getLocator().getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME);
            authorizationsession = authorizationsessionhome.create();

            ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) getLocator().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
            caadminsession = caadminsessionhome.create();
            
            IApprovalSessionLocalHome approvalsessionhome = (IApprovalSessionLocalHome) getLocator().getLocalHome(IApprovalSessionLocalHome.COMP_NAME);
            approvalsession = approvalsessionhome.create();
            

            
            debug("<ejbCreate()");
        } catch (Exception e) {
            throw new EJBException(e);
        }
    }

    /**
     * Adds a certificates keyrecovery data to the database.
     *
     * @param admin the administrator calling the function
     * @param certificate the certificate used with the keypair.
     * @param username of the administrator
     * @param keypair the actual keypair to save.
     *
     * @return false if the certificates keyrecovery data already exists.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public boolean addKeyRecoveryData(Admin admin, X509Certificate certificate, String username,
                                      KeyPair keypair) {
        debug(">addKeyRecoveryData(user: " + username + ")");

        boolean returnval = false;

        try {
            int caid = CertTools.getIssuerDN(certificate).hashCode();

            KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
                    new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS, keypair));

            keyrecoverydatahome.create(certificate.getSerialNumber(),
                    CertTools.getIssuerDN(certificate), username, response.getKeyData());
            String msg = intres.getLocalizedMessage("keyrecovery.addeddata", certificate.getSerialNumber().toString(16), CertTools.getIssuerDN(certificate));            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
                    certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
            returnval = true;
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("keyrecovery.erroradddata", certificate.getSerialNumber().toString(16), CertTools.getIssuerDN(certificate));            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                    username, certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
        }

        debug("<addKeyRecoveryData()");

        return returnval;
    } // addKeyRecoveryData

    /**
     * Updates keyrecovery data
     *
     * @param admin DOCUMENT ME!
     * @param certificate DOCUMENT ME!
     * @param markedasrecoverable DOCUMENT ME!
     * @param keypair DOCUMENT ME!
     *
     * @return false if certificates keyrecovery data doesn't exists
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public boolean changeKeyRecoveryData(Admin admin, X509Certificate certificate,
                                         boolean markedasrecoverable, KeyPair keypair) {
        debug(">changeKeyRecoveryData(certsn: " + certificate.getSerialNumber().toString(16) + ", " +
                CertTools.getIssuerDN(certificate) + ")");

        boolean returnval = false;
        final String hexSerial = certificate.getSerialNumber().toString(16);
        final String dn = CertTools.getIssuerDN(certificate);
        try {
            KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
            krd.setMarkedAsRecoverable(markedasrecoverable);

            int caid = dn.hashCode();

            KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
                    new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS, keypair));


            krd.setKeyDataFromByteArray(response.getKeyData());
            String msg = intres.getLocalizedMessage("keyrecovery.changeddata", hexSerial, dn);            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                    krd.getUsername(), certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
            returnval = true;
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("keyrecovery.errorchangedata", hexSerial, dn);            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
                    certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
        }

        debug("<changeKeyRecoveryData()");

        return returnval;
    } // changeKeyRecoveryData

    /**
     * Removes a certificates keyrecovery data from the database.
     *
     * @param admin the administrator calling the function
     * @param certificate the certificate used with the keys about to be removed.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public void removeKeyRecoveryData(Admin admin, X509Certificate certificate) {
        debug(">removeKeyRecoveryData(certificate: " + certificate.getSerialNumber().toString() +
                ")");
        final String hexSerial = certificate.getSerialNumber().toString(16);
        final String dn = CertTools.getIssuerDN(certificate);
        try {
            String username = null;
            KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
            username = krd.getUsername();
            krd.remove();
            String msg = intres.getLocalizedMessage("keyrecovery.removeddata", hexSerial, dn);            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
                    certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("keyrecovery.errorremovedata", hexSerial, dn);            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
                    certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
        }

        debug("<removeKeyRecoveryData()");
    } // removeKeyRecoveryData

    /**
     * Removes a all keyrecovery data saved for a user from the database.
     *
     * @param admin DOCUMENT ME!
     * @param username DOCUMENT ME!
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public void removeAllKeyRecoveryData(Admin admin, String username) {
        debug(">removeAllKeyRecoveryData(user: " + username + ")");

        try {
            Collection result = keyrecoverydatahome.findByUsername(username);
            Iterator iter = result.iterator();

            while (iter.hasNext()) {
                ((KeyRecoveryDataLocal) iter.next()).remove();
            }

            String msg = intres.getLocalizedMessage("keyrecovery.removeduser", username);            	
            logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
                    null, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("keyrecovery.errorremoveuser", username);            	
            logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
                    null, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
        }

        debug("<removeAllKeyRecoveryData()");
    } // removeAllKeyRecoveryData

    /**
     * Returns the keyrecovery data for a user. Observe only one certificates key can be recovered
     * for every user at the time.
     *
     * @param admin 
     * @param username
     * @param endentityprofileid, the end entity profile id the user belongs to.
     *
     * @return the marked keyrecovery data  or null if no recoverydata can be found.
     * @throws AuthorizationDeniedException 
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public KeyRecoveryData keyRecovery(Admin admin, String username, int endEntityProfileId) throws AuthorizationDeniedException {
        debug(">keyRecovery(user: " + username + ")");

        KeyRecoveryData returnval = null;
        KeyRecoveryDataLocal krd = null;
        X509Certificate certificate = null;
        
        if(authorizedToKeyRecover(admin, endEntityProfileId)){
        	
        	try {
        		Collection result = keyrecoverydatahome.findByUserMark(username);
        		Iterator i = result.iterator();
        		
        		try {
        			while (i.hasNext()) {
        				krd = (KeyRecoveryDataLocal) i.next();
        				
        				if (returnval == null) {
        					int caid = krd.getIssuerDN().hashCode();
        					
        					KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
        							new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_DECRYPTKEYS, krd.getKeyDataAsByteArray()));
        					KeyPair keys = response.getKeyPair();
        					certificate = (X509Certificate) certificatestoresession
        					.findCertificateByIssuerAndSerno(admin,