localkeyrecoverysessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

        							krd.getIssuerDN(), krd.getCertificateSN());
        					returnval = new KeyRecoveryData(krd.getCertificateSN(), krd.getIssuerDN(),
        							krd.getUsername(), krd.getMarkedAsRecoverable(), keys, certificate);
        					
        					
        				}
        				
        				// krd.setMarkedAsRecoverable(false);
        			}
        			
                    String msg = intres.getLocalizedMessage("keyrecovery.sentdata", username);            	
        			logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
        					username, certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
        		} catch (Exception e) {
                    String msg = intres.getLocalizedMessage("keyrecovery.errorsenddata", username);            	
        			log.error(msg, e);
        			logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
        					username, null, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
        		}
        	} catch (FinderException e) {
        	}
        }

        debug("<keyRecovery()");

        return returnval;
    } // keyRecovery

    
	private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_KEYRECOVERY = {
		new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.KeyRecoveryApprovalRequest",null),		
	};
	
    /**
     * Marks a users newest certificate for key recovery. Newest means certificate with latest not
     * before date.
     *
     * @param admin the administrator calling the function
     * @param username or the user.
     * @param the end entity profile of the user, used for access control
     *
     * @return true if operation went successful or false if no certificates could be found for
     *         user, or user already marked.
     * @throws AuthorizationDeniedException 
     * @throws WaitingForApprovalException 
     * @throws ApprovalException 
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public boolean markNewestAsRecoverable(Admin admin, String username, int endEntityProfileId) throws AuthorizationDeniedException, ApprovalException, WaitingForApprovalException {
        debug(">markNewestAsRecoverable(user: " + username + ")");

        boolean returnval = false;
        long newesttime = 0;
        KeyRecoveryDataLocal krd = null;
        KeyRecoveryDataLocal newest = null;
        X509Certificate certificate = null;
        X509Certificate newestcertificate = null;

        if (!isUserMarked(admin, username)) {
            try {
                Collection result = keyrecoverydatahome.findByUsername(username);
                Iterator iter = result.iterator();

                while (iter.hasNext()) {
                    krd = (KeyRecoveryDataLocal) iter.next();
                    certificate = (X509Certificate) certificatestoresession
                            .findCertificateByIssuerAndSerno(admin,
                                    krd.getIssuerDN(), krd.getCertificateSN());

                    if (certificate != null) {
                        if (certificate.getNotBefore().getTime() > newesttime) {
                            newesttime = certificate.getNotBefore().getTime();
                            newest = krd;
                            newestcertificate = certificate;
                        }
                    }
                }

                if (newest != null) {
                	

                	
                    // Check that the administrator is authorized to keyrecover
                    authorizedToKeyRecover(admin, endEntityProfileId);        	        	
                    // Check if approvals is required.            
                    checkIfApprovalRequired(admin,newestcertificate,username,endEntityProfileId,true); 
                    newest.setMarkedAsRecoverable(true);
                    getUserAdminSession().setUserStatus(admin, username, UserDataConstants.STATUS_KEYRECOVERY);
                    returnval = true;
                }

                String msg = intres.getLocalizedMessage("keyrecovery.markeduser", username);            	
                logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, newestcertificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
            } catch (FinderException e) {
                String msg = intres.getLocalizedMessage("keyrecovery.errormarkuser", username);            	
                logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date(),
                        username, null, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
            }
        }

        debug("<markNewestAsRecoverable()");

        return returnval;
    } // markNewestAsRecoverable

    /**
     * Marks a users certificate for key recovery.
     *
     * @param admin the administrator calling the function
     * @param certificate the certificate used with the keys about to be removed.
     *
     * @return true if operation went successful or false if  certificate couldn't be found.
     * @throws AuthorizationDeniedException 
     * @throws WaitingForApprovalException 
     * @throws ApprovalException 
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public boolean markAsRecoverable(Admin admin, X509Certificate certificate, int endEntityProfileId) throws AuthorizationDeniedException, WaitingForApprovalException, ApprovalException {
        debug(">markAsRecoverable(certificatesn: " + certificate.getSerialNumber() + ")");
        
        boolean returnval = false;
        final String hexSerial = certificate.getSerialNumber().toString(16);
        final String dn = CertTools.getIssuerDN(certificate);        
        try {
            String username = null;
            KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
            username = krd.getUsername();
        	
            // Check that the administrator is authorized to keyrecover
            authorizedToKeyRecover(admin, endEntityProfileId);        	        	
            // Check if approvals is required.            
            checkIfApprovalRequired(admin,certificate,username,endEntityProfileId,false); 
            krd.setMarkedAsRecoverable(true);
            getUserAdminSession().setUserStatus(admin, username, UserDataConstants.STATUS_KEYRECOVERY);
            String msg = intres.getLocalizedMessage("keyrecovery.markedcert", hexSerial, dn);            	
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), username,
                    certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
            returnval = true;
        } catch (FinderException e) {
            String msg = intres.getLocalizedMessage("keyrecovery.errormarkcert", hexSerial, dn);            	
        	log.error(msg, e);
            logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date(), null,
                    certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
        } 

        debug("<markAsRecoverable()");

        return returnval;
    } // markAsRecoverable

    /**
     * Resets keyrecovery mark for a user,
     *
     * @param admin DOCUMENT ME!
     * @param username DOCUMENT ME!
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     */
    public void unmarkUser(Admin admin, String username) {
        debug(">unmarkUser(user: " + username + ")");

        KeyRecoveryDataLocal krd = null;

        try {
            Collection result = keyrecoverydatahome.findByUserMark(username);            
            Iterator i = result.iterator();

            while (i.hasNext()) {
                krd = (KeyRecoveryDataLocal) i.next();
                krd.setMarkedAsRecoverable(false);
            }
        } catch (Exception e) {
            throw new EJBException(e);
        }

        debug("<unmarkUser()");
    } // unmarkUser

    /**
     * Returns true if a user is marked for key recovery.
     *
     * @param admin DOCUMENT ME!
     * @param username DOCUMENT ME!
     *
     * @return true if user is already marked for key recovery.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public boolean isUserMarked(Admin admin, String username) {
        debug(">isUserMarked(user: " + username + ")");

        boolean returnval = false;
        KeyRecoveryDataLocal krd = null;
        try {
            Collection result = keyrecoverydatahome.findByUserMark(username);
            Iterator i = result.iterator();

            while (i.hasNext()) {
                krd = (KeyRecoveryDataLocal) i.next();

                if (krd.getMarkedAsRecoverable()) {
                    returnval = true;
                    break;
                }
            }
        } catch (Exception e) {
            throw new EJBException(e);
        }
        debug("<isUserMarked(" + returnval + ")");
        return returnval;
    } // isUserMarked

    /**
     * Returns true if specified certificates keys exists in database.
     *
     * @param admin the administrator calling the function
     * @param certificate the certificate used with the keys about to be removed.
     *
     * @return true if user is already marked for key recovery.
     *
     * @throws EJBException if a communication or other error occurs.
     *
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public boolean existsKeys(Admin admin, X509Certificate certificate) {
        debug(">existsKeys()");

        boolean returnval = false;
        final String hexSerial = certificate.getSerialNumber().toString(16);
        final String dn = CertTools.getIssuerDN(certificate);
        try {
            KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
            debug("Found key for user: "+krd.getUsername());
            returnval = true;
        } catch (FinderException e) {
        }
        debug("<existsKeys(" + returnval + ")");
        return returnval;
    } // existsKeys

}// LocalKeyRecoverySessionBean