ejbcaws.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

		}catch(AuthorizationDeniedException ade){
			throw ade;
		} catch (ClassCastException e) {
			log.error("EJBCA WebService error, checkRevokationStatus : ",e);
		    throw new EjbcaException(e.getMessage());
		} catch (CreateException e) {
			log.error("EJBCA WebService error, checkRevokationStatus : ",e);
		    throw new EjbcaException(e.getMessage());
		} catch (NamingException e) {
			log.error("EJBCA WebService error, checkRevokationStatus : ",e);
		    throw new EjbcaException(e.getMessage());
		}
		return retval;

	}	


	private Admin getAdmin() throws AuthorizationDeniedException, ClassCastException, CreateException, NamingException{
  		  MessageContext msgContext = wsContext.getMessageContext();
		  HttpServletRequest request = (HttpServletRequest) msgContext.get(MessageContext.SERVLET_REQUEST);
		  X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
		  
		  if(certificates == null){
			  throw new AuthorizationDeniedException("Error no client certificate recieved used for authentication.");
		  }
		  
		  Admin admin = new Admin(certificates[0]);
			// Check that user have the administrator flag set.
		  getUserAdminSession().checkIfCertificateBelongToAdmin(admin, certificates[0].getSerialNumber(), certificates[0].getIssuerDN().toString());
		  getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.ROLE_ADMINISTRATOR);
		  
			
		  RevokedCertInfo revokeResult =  getCertStoreSession().isRevoked(new Admin(Admin.TYPE_INTERNALUSER),CertTools.stringToBCDNString(certificates[0].getIssuerDN().toString()), certificates[0].getSerialNumber());
		  if(revokeResult == null || revokeResult.getReason() != RevokedCertInfo.NOT_REVOKED){
			  throw new AuthorizationDeniedException("Error Signer certificate doesn't exist or is revoked.");
		  }
		  
		  return admin;
	}

	private UserDataVO convertUserDataVOWS(Admin admin, UserDataVOWS userdata) throws EjbcaException, ClassCastException, CreateException, NamingException{
		   
		int caid = getCAAdminSession().getCAInfo(admin,userdata.getCaName()).getCAId();
		if(caid == 0){
			throw new EjbcaException("Error CA " + userdata.getCaName() + " doesn't exists.");
		}
		
		int endentityprofileid = getRAAdminSession().getEndEntityProfileId(admin,userdata.getEndEntityProfileName());
		if(endentityprofileid == 0){
			throw new EjbcaException("Error End Entity profile " + userdata.getEndEntityProfileName() + " doesn't exists.");
		}

		int certificateprofileid = getCertStoreSession().getCertificateProfileId(admin,userdata.getCertificateProfileName());
		if(certificateprofileid == 0){
			throw new EjbcaException("Error Certificate profile " + userdata.getCertificateProfileName() + " doesn't exists.");
		}
		
		int hardtokenissuerid = 0;
		if(userdata.getHardTokenIssuerName() != null){
           hardtokenissuerid = getHardTokenSession().getHardTokenIssuerId(admin,userdata.getHardTokenIssuerName());
		   if(hardtokenissuerid == 0){
			  throw new EjbcaException("Error Hard Token Issuer " + userdata.getHardTokenIssuerName() + " doesn't exists.");
		   }
		}
		
		int tokenid = getTokenId(admin,userdata.getTokenType());
		if(tokenid == 0){
			throw new EjbcaException("Error Token Type  " + userdata.getTokenType() + " doesn't exists.");
		}
		
		UserDataVO userdatavo = new UserDataVO(userdata.getUsername(),
				userdata.getSubjectDN(),
				caid,
				userdata.getSubjectAltName(),
				userdata.getEmail(),
				userdata.getStatus(),
				userdata.getType(),
				endentityprofileid,
				certificateprofileid,
				null,
				null,
				tokenid,
				hardtokenissuerid,
				null);
		
		userdatavo.setPassword(userdata.getPassword());
		
		return userdatavo;
	}
	
	private UserDataVOWS convertUserDataVO(Admin admin, UserDataVO userdata) throws EjbcaException, ClassCastException, CreateException, NamingException{
		
		String caname = getCAAdminSession().getCAInfo(admin,userdata.getCAId()).getName();
		if(caname == null){
			throw new EjbcaException("Error CA id " + userdata.getCAId() + " doesn't exists.");
		}
		
		String endentityprofilename = getRAAdminSession().getEndEntityProfileName(admin,userdata.getEndEntityProfileId());
		if(endentityprofilename == null){
			throw new EjbcaException("Error End Entity profile id " + userdata.getEndEntityProfileId() + " doesn't exists.");
		}

		String certificateprofilename = getCertStoreSession().getCertificateProfileName(admin,userdata.getCertificateProfileId());
		if(certificateprofilename == null){
			throw new EjbcaException("Error Certificate profile id" + userdata.getCertificateProfileId() + " doesn't exists.");
		}
		
		String hardtokenissuername = null;
		if(userdata.getHardTokenIssuerId() != 0){
		   hardtokenissuername = getHardTokenSession().getHardTokenIssuerAlias(admin,userdata.getHardTokenIssuerId());
		   if(hardtokenissuername == null){
			  throw new EjbcaException("Error Hard Token Issuer id " + userdata.getHardTokenIssuerId() + " doesn't exists.");
		   }
		}
		
		String tokenname = getTokenName(admin,userdata.getTokenType());
		if(tokenname == null){
			throw new EjbcaException("Error Token Type id " + userdata.getTokenType() + " doesn't exists.");
		}										
		return new UserDataVOWS(userdata.getUsername(),null,false,userdata.getDN(),caname,userdata.getSubjectAltName(),userdata.getEmail(),userdata.getStatus(),tokenname,endentityprofilename,certificateprofilename,hardtokenissuername);
	}
	
	/**
	 * Method that converts profilenames etc to corresponding Id's
	 * @param admin
	 * @param usermatch a usermatch containing names of profiles
	 * @return a query containg id's of profiles.
	 * @throws NumberFormatException
	 * @throws ClassCastException
	 * @throws CreateException
	 * @throws NamingException
	 */
	private Query convertUserMatch(Admin admin, UserMatch usermatch) throws NumberFormatException, ClassCastException, CreateException, NamingException{
		Query retval = new Query(Query.TYPE_USERQUERY);		  		
		
		switch(usermatch.getMatchwith()){
		  case UserMatch.MATCH_WITH_ENDENTITYPROFILE:
			  String endentityprofilename = Integer.toString(getRAAdminSession().getEndEntityProfileId(admin,usermatch.getMatchvalue()));
			  retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),endentityprofilename);
			  break;
		  case UserMatch.MATCH_WITH_CERTIFICATEPROFILE:
			  String certificateprofilename = Integer.toString(getCertStoreSession().getCertificateProfileId(admin,usermatch.getMatchvalue()));
			  retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),certificateprofilename);
			  break;			  
		  case UserMatch.MATCH_WITH_CA:
			  String caname = Integer.toString(getCAAdminSession().getCAInfo(admin,usermatch.getMatchvalue()).getCAId());
			  retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),caname);
			  break;	
		  case UserMatch.MATCH_WITH_TOKEN:
			  String tokenname = Integer.toString(getTokenId(admin,usermatch.getMatchvalue()));
			  retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),tokenname);
			  break;
		  default:		
			  retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),usermatch.getMatchvalue());
			  break;
		}
		
		
		return retval;
	}
	
	/**
	 * Help metod returning a subset of certificates containing only valid certificates
	 * expiredate and revokation status is checked.
	 * @throws NamingException 
	 * @throws CreateException 
	 * @throws ClassCastException 
	 */
	private Collection returnOnlyValidCertificates(Admin admin, Collection certs) throws ClassCastException, CreateException, NamingException {
       ArrayList<X509Certificate> retval = new ArrayList<X509Certificate>();
       
       Iterator iter = certs.iterator();
       while(iter.hasNext()){
    	   X509Certificate next = (X509Certificate) iter.next();
    	   
    	   RevokedCertInfo info = getCertStoreSession().isRevoked(admin,next.getIssuerDN().toString(),next.getSerialNumber());
    	   if(info.getReason() == RevokedCertInfo.NOT_REVOKED){
    		   try{
    			   next.checkValidity();
    			   retval.add(next);
    		   }catch(CertificateExpiredException e){    			   
    		   }catch (CertificateNotYetValidException e) {    			   
    		   }
    	   }
       }
	
       return retval;
	}
	
	private Collection returnOnlyAuthorizedCertificates(Admin admin, Collection certs) {
		ArrayList<X509Certificate> retval = new ArrayList<X509Certificate>();
		
		Iterator iter = certs.iterator();
		while(iter.hasNext()){
			X509Certificate next = (X509Certificate) iter.next();
			
			try{
				// check that admin is autorized to CA
				int caid = CertTools.stringToBCDNString(next.getIssuerDN().toString()).hashCode();		
				getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid);
				retval.add(next);
			}catch(AuthorizationDeniedException ade){
				log.debug("findCerts : not authorized to certificate " + next.getSerialNumber().toString(16));
			}
		}
		
		return retval;
	}
	
	
	private final String[] softtokennames = {UserDataVOWS.TOKEN_TYPE_USERGENERATED,UserDataVOWS.TOKEN_TYPE_P12,
			                                 UserDataVOWS.TOKEN_TYPE_JKS,UserDataVOWS.TOKEN_TYPE_PEM};
	private final int[] softtokenids = {SecConst.TOKEN_SOFT_BROWSERGEN,
			SecConst.TOKEN_SOFT_P12, SecConst.TOKEN_SOFT_JKS, SecConst.TOKEN_SOFT_PEM};
	
	private int getTokenId(Admin admin, String tokenname){
        int returnval = 0;
        
        // First check for soft token type
        for(int i=0;i< softtokennames.length;i++){
        	if(softtokennames[i].equals(tokenname)){
        		returnval = softtokenids[i];
        		break;
        	}        	
        }

        if (returnval == 0) {
             returnval = getHardTokenSession().getHardTokenProfileId(admin , tokenname);
        }

        return returnval;
	}
	
	private String getTokenName(Admin admin, int tokenid){
        String returnval = null;
        
        // First check for soft token type
        for(int i=0;i< softtokenids.length;i++){
        	if(softtokenids[i] == tokenid){
        		returnval = softtokennames[i];
        		break;
        	}        	
        }

        if (returnval == null) {
             returnval = getHardTokenSession().getHardTokenProfileName(admin , tokenid);
        }

        return returnval;
	}
	
	private ICAAdminSessionLocal caadminsession = null;
	private ICAAdminSessionLocal getCAAdminSession() throws ClassCastException, CreateException, NamingException{ 		
	    if(caadminsession == null){	  
	    	Context context = new InitialContext();	    	
	    	caadminsession = ((ICAAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
	    	"CAAdminSessionLocal"), ICAAdminSessionLocalHome.class)).create();   
	    }
	    return caadminsession;
	}
	
	private IRaAdminSessionLocal raadminsession = null;
	private IRaAdminSessionLocal getRAAdminSession() throws ClassCastException, CreateException, NamingException{
		if(raadminsession == null){
		  Context context = new InitialContext();
	      raadminsession = ((IRaAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
	      "RaAdminSessionLocal"), IRaAdminSessionLocalHome.class)).create();    	           	           	        
		}
		return raadminsession;
	}
	
	private ICertificateStoreSessionLocal certificatestoresession = null;
	private ICertificateStoreSessionLocal getCertStoreSession() throws ClassCastException, CreateException, NamingException{
		if(certificatestoresession == null){
			Context context = new InitialContext();
			certificatestoresession = ((ICertificateStoreSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
			"CertificateStoreSessionLocal"), ICertificateStoreSessionLocalHome.class)).create();    	           	           	        
		}
		return certificatestoresession;
	}
	
	private ISignSessionLocal signsession = null;
	private ISignSessionLocal getSignSession() throws ClassCastException, CreateException, NamingException{
		if(signsession == null){
			Context context = new InitialContext();
			signsession = ((ISignSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
			"SignSessionLocal"), ISignSessionLocalHome.class)).create();    	           	           	        
		}
		return signsession;
	}
	
	private IUserAdminSessionLocal usersession = null;
	private IUserAdminSessionLocal getUserAdminSession() {
		try{
			if(usersession == null){
				Context context = new InitialContext();
				usersession = ((IUserAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
				"UserAdminSessionLocal"), IUserAdminSessionLocalHome.class)).create();   
			}
		}catch(Exception e)	{
			log.error("Error instancing User Admin Session Bean",e);
			throw new EJBException(e);
		}
		return usersession;
	}
	
	private IHardTokenSessionLocal hardtokensession = null;
	private IHardTokenSessionLocal getHardTokenSession() {
		try{
			if(hardtokensession == null){
				Context context = new InitialContext();
				hardtokensession = ((IHardTokenSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
				"HardTokenSessionLocal"), IHardTokenSessionLocalHome.class)).create();   
			}
		}catch(Exception e)	{
			log.error("Error instancing Hard Token Session Bean",e);
			throw new EJBException(e);
		}
		return hardtokensession;
	}
	
	private IAuthorizationSessionLocal authsession = null;
	private IAuthorizationSessionLocal getAuthorizationSession() {
		try{
			if(authsession == null){
				Context context = new InitialContext();
				authsession = ((IAuthorizationSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
				"AuthorizationSessionLocal"), IAuthorizationSessionLocalHome.class)).create();   
			}
		}catch(Exception e)	{
			log.error("Error instancing Authorization Session Bean",e);
			throw new EJBException(e);
		}
		return authsession;
	}


}