localuseradminsessionbean.java

用来生成java证书

                        userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getCAId(), userdata.getExtendedinformation());
            } catch (UserDoesntFullfillEndEntityProfile udfp) {
                String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", new Integer(userdata.getEndEntityProfileId()), dn, udfp.getMessage());            	
                logsession.log(admin, userdata.getCAId(), LogConstants.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw udfp;
            }
            // Check if administrator is authorized to edit user.
            if (!authorizedToEndEntityProfile(admin, userdata.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(userdata.getEndEntityProfileId()));            	
                logsession.log(admin, userdata.getCAId(), LogConstants.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        // Check if administrator is authorized to edit user to CA.
        if (!authorizedToCA(admin, userdata.getCAId())) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(userdata.getCAId()));            	
            logsession.log(admin, userdata.getCAId(), LogConstants.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }
        // Check if approvals is required.
        int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, userdata.getCAId());
        if (numOfApprovalsRequired > 0){
        	UserDataVO orguserdata;
			try {
				orguserdata = findUser(admin, userdata.getUsername());
			} catch (FinderException e) {
	            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", userdata.getUsername());            	
				throw new ApprovalException(msg);
			}        	        	
			EditEndEntityApprovalRequest ar = new EditEndEntityApprovalRequest(userdata, clearpwd, orguserdata, admin,null,numOfApprovalsRequired,userdata.getCAId(),userdata.getEndEntityProfileId());
			if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_CHANGEUSER)){       		    		
				getApprovalSession().addApprovalRequest(admin, ar);
	            String msg = intres.getLocalizedMessage("ra.approvaledit");            	
				throw new WaitingForApprovalException(msg);
			}
        }   
        
        try {
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            data1.setDN(dn);
            data1.setSubjectAltName(altName);
            data1.setSubjectEmail(userdata.getEmail());
            data1.setCaId(userdata.getCAId());
            data1.setType(type);
            data1.setEndEntityProfileId(userdata.getEndEntityProfileId());
            data1.setCertificateProfileId(userdata.getCertificateProfileId());
            data1.setTokenType(userdata.getTokenType());
            data1.setHardTokenIssuerId(userdata.getHardTokenIssuerId());
            ExtendedInformation ei = userdata.getExtendedinformation();
            data1.setExtendedInformation(ei);
            oldstatus = data1.getStatus();
            if(oldstatus == UserDataConstants.STATUS_KEYRECOVERY && !(userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INPROCESS)){
              getKeyRecoverySession().unmarkUser(admin,userdata.getUsername());	
            }
            String requestCounter = ei.getCustomData(ExtendedInformation.CUSTOM_REQUESTCOUNTER);
    		if ( StringUtils.equals(requestCounter, "0") && (userdata.getStatus() == UserDataConstants.STATUS_NEW) && (oldstatus != UserDataConstants.STATUS_NEW) ) {
                // If status is set to new, we should re-set the allowed request counter to the default values
    			// But we only do this if no value is specified already, i.e. 0 or null
    			resetRequestCounter(admin, data1, false);
    		} else {
    			// If status is not new, we will only remove the counter if the profile does not use it
    			resetRequestCounter(admin, data1, true);    			
    		}
            data1.setStatus(userdata.getStatus());
            if(newpassword != null){
                if(clearpwd) {
                    try {
                        data1.setOpenPassword(newpassword);
                    } catch (java.security.NoSuchAlgorithmException nsae) {
                        debug("NoSuchAlgorithmException while setting password for user "+userdata.getUsername());
                        throw new EJBException(nsae);
                    }
                } else {
                    data1.setPassword(newpassword);
                }
            }
            // We want to create this object before re-setting the time modified, because we may want to 
            // Use the old time modified in any notifications
            UserDataVO udata = data1.toUserDataVO();
            data1.setTimeModified((new java.util.Date()).getTime());

        	// We also want to be able to handle non-clear generated passwords in the notifiction, although UserDataVO
            // should always have a null password for autogenerated end entities the notification framework expects it to
            // exist.
            if (newpassword != null) {
                udata.setPassword(newpassword);
            }
            // Send notification if it should be sent. 
            sendNotification(admin, udata, userdata.getStatus());
            
            boolean statuschanged = userdata.getStatus() != oldstatus;
            // Only print stuff on a printer on the same conditions as for notifications, we also only print if the status changes, not for every time we press save
            if ((type & SecConst.USER_PRINT) != 0 && statuschanged && (userdata.getStatus() == UserDataConstants.STATUS_NEW || userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INITIALIZED)) {
            	print(admin,profile,userdata);
            }
            if (statuschanged) {
                String msg = intres.getLocalizedMessage("ra.editedentitystatus", userdata.getUsername(), new Integer(userdata.getStatus()));            	
                logsession.log(admin, userdata.getCAId(), LogConstants.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogConstants.EVENT_INFO_CHANGEDENDENTITY, msg );
            } else {
                String msg = intres.getLocalizedMessage("ra.editedentity", userdata.getUsername());            	
                logsession.log(admin, userdata.getCAId(), LogConstants.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogConstants.EVENT_INFO_CHANGEDENDENTITY, msg);
            }
        } catch (Exception e) {
            String msg = intres.getLocalizedMessage("ra.erroreditentity", userdata.getUsername());            	
            logsession.log(admin, userdata.getCAId(), LogConstants.MODULE_RA, new java.util.Date(), userdata.getUsername(), null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
            error("ChangeUser:", e);
            throw new EJBException(e);
        }
        debug("<changeUser(" + userdata.getUsername() + ", password, " + dn + ", " + userdata.getEmail() + ")");
    } // changeUser


    /**
     * Deletes a user from the database. The users certificates must be revoked BEFORE this method is called.
     *
     * @param username the unique username.
     * @throws NotFoundException if the user does not exist
     * @throws RemoveException   if the user could not be removed
     * @ejb.interface-method
     */
    public void deleteUser(Admin admin, String username) throws AuthorizationDeniedException, NotFoundException, RemoveException {
        debug(">deleteUser(" + username + ")");
        // Check if administrator is authorized to delete user.
        int caid = LogConstants.INTERNALCAID;
        try {
            UserDataPK pk = new UserDataPK(username);
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            caid = data1.getCaId();

            if (!authorizedToCA(admin, caid)) {
                String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_DELETEENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }

            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
                if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.DELETE_RIGHTS)) {
                    String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data1.getEndEntityProfileId()));            	
                    logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_DELETEENDENTITY, msg);
                    throw new AuthorizationDeniedException(msg);
                }
            }
        } catch (FinderException e) {
            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_DELETEENDENTITY, msg);
            throw new NotFoundException(msg);
        }
        try {
            UserDataPK pk = new UserDataPK(username);
            home.remove(pk);
            String msg = intres.getLocalizedMessage("ra.removedentity", username);            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_INFO_DELETEDENDENTITY, msg);
        } catch (EJBException e) {
            String msg = intres.getLocalizedMessage("ra.errorremoveentity", username);            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_DELETEENDENTITY, msg);
            throw new RemoveException(msg);
        }
        debug("<deleteUser(" + username + ")");
    } // deleteUser

	private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_SETUSERSTATUS = {
		new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.ChangeStatusEndEntityApprovalRequest",null),
		new ApprovalOveradableClassName("org.ejbca.core.ejb.ra.LocalUserAdminSessionBean","revokeUser"),
		new ApprovalOveradableClassName("org.ejbca.core.ejb.ra.LocalUserAdminSessionBean","revokeCert"),
		new ApprovalOveradableClassName("org.ejbca.core.ejb.ca.auth.LocalAuthenticationSessionBean","finishUser"),
		new ApprovalOveradableClassName("org.ejbca.ui.web.admin.rainterface.RAInterfaceBean","unrevokeCert"),
		new ApprovalOveradableClassName("org.ejbca.ui.web.admin.rainterface.RAInterfaceBean","markForRecovery"),
		new ApprovalOveradableClassName("org.ejbca.extra.caservice.ExtRACAProcess","processExtRARevocationRequest"),
		new ApprovalOveradableClassName("se.primeKey.cardPersonalization.ra.connection.ejbca.EjbcaConnection",null)
	};
    
    /**
     * Decreases (the optional) request counter by 1, until it reaches 0. Returns the new value. If the value is already 0, -1 is returned, but the 
     * -1 is not stored in the database.
     *
     * @param username the unique username.
     * @param status   the new status, from 'UserData'.
     * @ejb.interface-method
     */
    public int decRequestCounter(Admin admin, String username) throws AuthorizationDeniedException, FinderException {
        debug(">decRequestCounter(" + username + ")");
        // Default return value is as if the optional value does not exist for the user, i.e. the default values is 0
        // because the default number of allowed requests are 1
        int counter = 0;
        // Check if administrator is authorized to edit user.
        int caid = LogConstants.INTERNALCAID;
        try {
            UserDataPK pk = new UserDataPK(username);
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            caid = data1.getCaId();
            if (!authorizedToCA(admin, caid)) {
                String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
                if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                    String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data1.getEndEntityProfileId()));            	
                    logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                    throw new AuthorizationDeniedException(msg);
                }
            }
            
            // Do the work of decreasing the counter
        	ExtendedInformation ei = data1.getExtendedInformation();
        	if (ei != null) {
        		String counterstr = ei.getCustomData(ExtendedInformation.CUSTOM_REQUESTCOUNTER);
        		if (StringUtils.isNotEmpty(counterstr)) {
        			try {
        				counter = Integer.valueOf(counterstr);
        				log.debug("Found a counter with value "+counter);
        				// decrease the counter, if we get to 0 we must set status to generated
        				counter--;
        				if (counter >= 0) {
        					ei.setCustomData(ExtendedInformation.CUSTOM_REQUESTCOUNTER, String.valueOf(counter));
        					data1.setExtendedInformation(ei);
        					data1.setTimeModified((new java.util.Date()).getTime());
        					String msg = intres.getLocalizedMessage("ra.decreasedentityrequestcounter", username, counter);            	
        					logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_INFO_CHANGEDENDENTITY, msg);
        				} else {
        					log.debug("Counter value was already 0, not decreased in db.");
        				}
        			} catch (NumberFormatException e) {
        				String msg = intres.getLocalizedMessage("ra.errorrequestcounterinvalid", username, counterstr, e.getMessage());            	        		
        				log.error(msg, e);
        			}        		
        		} else {
        			log.debug("No (optional) request counter exists for end entity: "+username);
        		}
        	} else {
        		debug("No extended information exists for user: "+data1.getUsername());
        	}
        } catch (FinderException e) {
            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw e;
        }
        debug("<decRequestCounter(" + username + "): "+counter);
        return counter;
    } // decRequestCounter