localuseradminsessionbean.java

用来生成java证书

    /**
     * Changes status of a user.
     *
     * @param username the unique username.
     * @param status   the new status, from 'UserData'.
     * @throws ApprovalException if an approval already is waiting for specified action 
     * @throws WaitingForApprovalException if approval is required and the action have been added in the approval queue.
     * @ejb.interface-method
     */
    public void setUserStatus(Admin admin, String username, int status) throws AuthorizationDeniedException, FinderException, ApprovalException, WaitingForApprovalException {
        debug(">setUserStatus(" + username + ", " + status + ")");
        // Check if administrator is authorized to edit user.
        int caid = LogConstants.INTERNALCAID;
        try {
            UserDataPK pk = new UserDataPK(username);
            UserDataLocal data1 = home.findByPrimaryKey(pk);
            caid = data1.getCaId();

            if (!authorizedToCA(admin, caid)) {
                String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }


            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
                if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                    String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data1.getEndEntityProfileId()));            	
                    logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                    throw new AuthorizationDeniedException(msg);
                }
            }
            
            // Check if approvals is required.
            int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, caid);
            ChangeStatusEndEntityApprovalRequest ar = new ChangeStatusEndEntityApprovalRequest(username, data1.getStatus(), status ,  admin,null,numOfApprovalsRequired,data1.getCaId(),data1.getEndEntityProfileId());
            if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_SETUSERSTATUS)){       		    		
            	getApprovalSession().addApprovalRequest(admin, ar);
	            String msg = intres.getLocalizedMessage("ra.approvaledit");            	
            	throw new WaitingForApprovalException(msg);
            }  
            
            if(data1.getStatus() == UserDataConstants.STATUS_KEYRECOVERY && !(status == UserDataConstants.STATUS_KEYRECOVERY || status == UserDataConstants.STATUS_INPROCESS || status == UserDataConstants.STATUS_INITIALIZED)){
                getKeyRecoverySession().unmarkUser(admin,username);	
            }
    		if ( (status == UserDataConstants.STATUS_NEW) && (data1.getStatus() != UserDataConstants.STATUS_NEW) ) {
                // If status is set to new, when it is not already new, we should re-set the allowed request counter to the default values
    			resetRequestCounter(admin, data1, false);
    		}
            data1.setStatus(status);
            data1.setTimeModified((new java.util.Date()).getTime());
            String msg = intres.getLocalizedMessage("ra.editedentitystatus", username, new Integer(status));            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_INFO_CHANGEDENDENTITY, msg);
            
            // Send notifications when transitioning user through work-flow, if they should be sent
            UserDataVO userdata = data1.toUserDataVO();
            sendNotification(admin, userdata, status);

        } catch (FinderException e) {
            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw e;
        }

        debug("<setUserStatus(" + username + ", " + status + ")");
    } // setUserStatus

    /**
     * Sets a new password for a user.
     *
     * @param admin    the administrator pwrforming the action
     * @param username the unique username.
     * @param password the new password for the user, NOT null.
     * @ejb.interface-method
     */
    public void setPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        setPassword(admin, username, password, false);
    } // setPassword

    /**
     * Sets a clear text password for a user.
     *
     * @param admin    the administrator pwrforming the action
     * @param username the unique username.
     * @param password the new password to be stored in clear text. Setting password to 'null'
     *                 effectively deletes any previous clear text password.
     * @ejb.interface-method
     */
    public void setClearTextPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        setPassword(admin, username, password, true);
    } // setClearTextPassword

    /**
     * Sets a password, hashed or clear text, for a user.
     *
     * @param admin     the administrator pwrforming the action
     * @param username  the unique username.
     * @param password  the new password to be stored in clear text. Setting password to 'null'
     *                  effectively deletes any previous clear text password.
     * @param cleartext true gives cleartext password, false hashed
     */
    private void setPassword(Admin admin, String username, String password, boolean cleartext) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        debug(">setPassword(" + username + ", hiddenpwd), " + cleartext);
        // Find user
        String newpasswd = password;
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data = home.findByPrimaryKey(pk);
        int caid = data.getCaId();
        String dn = data.getSubjectDN();

        EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, data.getEndEntityProfileId());

        if (profile.useAutoGeneratedPasswd())
            newpasswd = profile.getAutoGeneratedPasswd();

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if user fulfills it's profile.
            try {
                profile.doesPasswordFulfillEndEntityProfile(password, true);
            } catch (UserDoesntFullfillEndEntityProfile ufe) {
                String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", new Integer(data.getEndEntityProfileId()), dn, ufe.getMessage());            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw ufe;
            }

            // Check if administrator is authorized to edit user.
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        try {
            if ((newpasswd == null) && (cleartext)) {
                data.setClearPassword("");
                data.setTimeModified((new java.util.Date()).getTime());
            } else {
                if (cleartext) {
                    data.setOpenPassword(newpasswd);
                } else {
                    data.setPassword(newpasswd);
                }
                data.setTimeModified((new java.util.Date()).getTime());
            }
            String msg = intres.getLocalizedMessage("ra.editpwdentity", username);            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_INFO_CHANGEDENDENTITY, msg);
        } catch (java.security.NoSuchAlgorithmException nsae) {
            error("NoSuchAlgorithmException while setting password for user " + username);
            throw new EJBException(nsae);
        }
        debug("<setPassword(" + username + ", hiddenpwd), " + cleartext);
    } // setPassword

    /**
     * Verifies a password for a user.
     *
     * @param admin    the administrator pwrforming the action
     * @param username the unique username.
     * @param password the password to be verified.
     * @ejb.interface-method
     */
    public boolean verifyPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException {
        debug(">verifyPassword(" + username + ", hiddenpwd)");
        boolean ret = false;
        // Find user
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data = home.findByPrimaryKey(pk);
        int caid = data.getCaId();

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            // Check if administrator is authorized to edit user.
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }

        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        try {
            ret = data.comparePassword(password);
        } catch (java.security.NoSuchAlgorithmException nsae) {
            debug("NoSuchAlgorithmException while verifying password for user " + username);
            throw new EJBException(nsae);
        }
        debug("<verifyPassword(" + username + ", hiddenpwd)");
        return ret;
    } // verifyPassword

	private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_REVOKEANDDELETEUSER = {
		new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.RevocationApprovalRequest",null),
	};

    /**
     * @ejb.interface-method
     */
    public void revokeAndDeleteUser(Admin admin, String username, int reason) throws AuthorizationDeniedException,
		ApprovalException, WaitingForApprovalException, RemoveException, NotFoundException {
        UserDataPK pk = new UserDataPK(username);
        UserDataLocal data;
        try {
            data = home.findByPrimaryKey(pk);
		} catch (FinderException e) {
			throw new NotFoundException ("User '" + username + "' not found."); 
        }
    	// Authorized?
        int caid = data.getCaId();
        if (!authorizedToCA(admin, caid)) {
            String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer(caid));            	
            logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_REVOKEDENDENTITY, msg);
            throw new AuthorizationDeniedException(msg);
        }

        if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
            if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)) {
                String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer(data.getEndEntityProfileId()));            	
                logsession.log(admin, caid, LogConstants.MODULE_RA, new java.util.Date(), username, null, LogConstants.EVENT_ERROR_REVOKEDENDENTITY, msg);
                throw new AuthorizationDeniedException(msg);
            }
        }
    	try {
	        if ( getUserStatus(admin, username) != UserDataConstants.STATUS_REVOKED ) {
		        // Check if approvals is required.
		        int numOfReqApprovals = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_REVOCATION, data.getCaId());
		        RevocationApprovalRequest ar = new RevocationApprovalRequest(true, username, reason, admin,
		        		numOfReqApprovals, data.getCaId(), data.getEndEntityProfileId());
		        if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_REVOKEANDDELETEUSER)) {
		        	getApprovalSession().addApprovalRequest(admin, ar);
		            String msg = intres.getLocalizedMessage("ra.approvalrevoke");