1 13 14 package org.ejbca.core.ejb.approval; 15 16 import java.math.BigInteger ; 17 import java.security.cert.X509Certificate ; 18 import java.sql.Connection ; 19 import java.sql.PreparedStatement ; 20 import java.sql.ResultSet ; 21 import java.util.ArrayList ; 22 import java.util.Collection ; 23 import java.util.Date ; 24 import java.util.HashMap ; 25 import java.util.Iterator ; 26 import java.util.List ; 27 import java.util.Random ; 28 29 import javax.ejb.CreateException ; 30 import javax.ejb.EJBException ; 31 import javax.ejb.FinderException ; 32 import javax.ejb.RemoveException ; 33 import javax.mail.Message ; 34 import javax.mail.Session ; 35 import javax.mail.Transport ; 36 import javax.mail.internet.InternetAddress ; 37 38 import org.apache.commons.lang.StringUtils; 39 import org.apache.log4j.Logger; 40 import org.ejbca.core.ejb.BaseSessionBean; 41 import org.ejbca.core.ejb.JNDINames; 42 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 43 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome; 44 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 45 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome; 46 import org.ejbca.core.ejb.log.ILogSessionLocal; 47 import org.ejbca.core.ejb.log.ILogSessionLocalHome; 48 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal; 49 import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome; 50 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 51 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome; 52 import org.ejbca.core.model.InternalResources; 53 import org.ejbca.core.model.approval.AdminAlreadyApprovedRequestException; 54 import org.ejbca.core.model.approval.Approval; 55 import org.ejbca.core.model.approval.ApprovalDataUtil; 56 import org.ejbca.core.model.approval.ApprovalDataVO; 57 import org.ejbca.core.model.approval.ApprovalException; 58 import org.ejbca.core.model.approval.ApprovalRequest; 59 import org.ejbca.core.model.approval.ApprovalRequestExecutionException; 60 import org.ejbca.core.model.approval.ApprovalRequestExpiredException; 61 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 62 import org.ejbca.core.model.authorization.AvailableAccessRules; 63 import org.ejbca.core.model.log.Admin; 64 import org.ejbca.core.model.log.LogEntry; 65 import org.ejbca.core.model.ra.RAAuthorization; 66 import org.ejbca.core.model.ra.UserDataVO; 67 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration; 68 import org.ejbca.util.CertTools; 69 import org.ejbca.util.JDBCUtil; 70 import org.ejbca.util.NotificationParamGen; 71 import org.ejbca.util.TemplateMimeMessage; 72 import org.ejbca.util.query.IllegalQueryException; 73 import org.ejbca.util.query.Query; 74 75 76 77 193 public class LocalApprovalSessionBean extends BaseSessionBean { 194 195 196 private static final Logger log = Logger.getLogger(LocalApprovalSessionBean.class); 197 198 199 private static final InternalResources intres = InternalResources.getInstance(); 200 201 204 private ApprovalDataLocalHome approvalHome = null; 205 206 207 210 private IRaAdminSessionLocal raadminsession; 211 212 215 private IUserAdminSessionLocal useradminsession; 216 217 220 private IAuthorizationSessionLocal authorizationsession = null; 221 222 225 private ILogSessionLocal logsession = null; 226 227 228 229 private ICertificateStoreSessionLocal certificatestoresession; 230 231 234 private static final String APPROVALDATA_COL = "id, approvalid, approvaltype, endentityprofileid, caid, reqadmincertissuerdn, reqadmincertsn, status, approvaldata, requestdata, requestdate, expiredate, remainingapprovals"; 235 236 237 242 public void ejbCreate() throws CreateException { 243 approvalHome = (ApprovalDataLocalHome) getLocator().getLocalHome(ApprovalDataLocalHome.COMP_NAME); 244 } 245 246 247 252 private ILogSessionLocal getLogSession() { 253 if (logsession == null) { 254 try { 255 ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) getLocator().getLocalHome(ILogSessionLocalHome.COMP_NAME); 256 logsession = logsessionhome.create(); 257 } catch (CreateException e) { 258 throw new EJBException (e); 259 } 260 } 261 return logsession; 262 } 264 269 private IRaAdminSessionLocal getRAAdminSession() { 270 if (raadminsession == null) { 271 try { 272 IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) getLocator().getLocalHome(IRaAdminSessionLocalHome.COMP_NAME); 273 raadminsession = raadminsessionhome.create(); 274 } catch (CreateException e) { 275 throw new EJBException (e); 276 } 277 } 278 return raadminsession; 279 } 281 286 private IUserAdminSessionLocal getUserAdminSession() { 287 if (useradminsession == null) { 288 try { 289 IUserAdminSessionLocalHome useradminsessionhome = (IUserAdminSessionLocalHome) getLocator().getLocalHome(IUserAdminSessionLocalHome.COMP_NAME); 290 useradminsession = useradminsessionhome.create(); 291 } catch (CreateException e) { 292 throw new EJBException (e); 293 } 294 } 295 return useradminsession; 296 } 298 301 private ICertificateStoreSessionLocal getCertificateStoreSession() { 302 if(certificatestoresession == null){ 303 try{ 304 ICertificateStoreSessionLocalHome home = (ICertificateStoreSessionLocalHome) getLocator().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME); 305 certificatestoresession = home.create(); 306 }catch(Exception e){ 307 throw new EJBException (e); 308 } 309 } 310 return certificatestoresession; 311 } 313 318 private IAuthorizationSessionLocal getAuthorizationSession() { 319 if (authorizationsession == null) { 320 try { 321 IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) getLocator().getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME); 322 authorizationsession = authorizationsessionhome.create(); 323 } catch (CreateException e) { 324 throw new EJBException (e); 325 } 326 } 327 return authorizationsession; 328 } 330 331 346 public void addApprovalRequest(Admin admin, ApprovalRequest approvalRequest) throws ApprovalException{ 347 log.debug(">addApprovalRequest"); 348 int approvalId = approvalRequest.generateApprovalId(); 349 350 351 ApprovalDataVO data = findNonExpiredApprovalRequest(admin, approvalId); 352 if(data != null){ 353 getLogSession().log(admin,approvalRequest.getCAId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Approval with id : " +approvalId +" already exists"); 354 throw new ApprovalException("Approval Request " + approvalId + " already exists in database"); 355 } else { 356 try { 358 Integer freeId = this.findFreeApprovalId(); 359 approvalHome.create(freeId,approvalRequest); 360 GlobalConfiguration gc = getRAAdminSession().loadGlobalConfiguration(admin); 361 if(gc.getUseApprovalNotifications()){ 362 sendApprovalNotification(admin, gc, 363 intres.getLocalizedMessage("notification.newrequest.subject"), 364 intres.getLocalizedMessage("notification.newrequest.msg"), 365 freeId, approvalRequest.getNumOfRequiredApprovals(), new Date (), approvalRequest,null); 366 } 367 getLogSession().log(admin,approvalRequest.getCAId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_INFO_APPROVALREQUESTED,"Approval with id : " +approvalId +" added with status waiting."); 368 } catch (CreateException e1) { 369 getLogSession().log(admin,approvalRequest.getCAId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Approval with id : " +approvalId +" couldn't be created"); 370 log.error("Error creating approval request",e1); 371 372 } 373 } 374 log.debug("<addApprovalRequest"); 375 } 376 377 378 387 public void removeApprovalRequest(Admin admin, int id) throws ApprovalException{ 388 log.debug(">removeApprovalRequest"); 389 390 391 try { 392 ApprovalDataLocal adl = approvalHome.findByPrimaryKey(new Integer (id)); 393 adl.remove(); 394 getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_INFO_APPROVALREQUESTED,"Approval with unique id : " + id +" removed successfully."); 395 } catch (FinderException e) { 396 getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Error removing approvalrequest with unique id : " +id +", doesn't exist"); 397 throw new ApprovalException("Error removing approvalrequest with unique id : " +id +", doesn't exist"); 398 } catch (EJBException e) { 399 getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Error removing approvalrequest with unique id : " +id); 400 log.error("Error removing approval request",e); 401 } catch (RemoveException e) { 402 getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREQUESTED,"Error removing approvalrequest with unique id : " +id); 403 log.error("Error removing approval request",e); 404 } 405 406 log.debug("<removeApprovalRequest"); 407 } 408 409 439 public void approve(Admin admin, int approvalId, Approval approval) throws ApprovalRequestExpiredException, ApprovalRequestExecutionException, 440 AuthorizationDeniedException, ApprovalException, AdminAlreadyApprovedRequestException{ 441 log.debug(">approve"); 442 ApprovalDataLocal adl; 443 try { 444 adl = isAuthorizedBeforeApproveOrReject(admin,approvalId,approval); 445 } catch (ApprovalException e1) { 446 getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval request with id : " +approvalId +" doesn't exists."); 447 throw e1; 448 } 449 450 X509Certificate approvingCert = admin.getAdminInformation().getX509Certificate(); 452 ApprovalDataVO data = adl.getApprovalDataVO(); 453 String username = getCertificateStoreSession().findUsernameByCertSerno(admin,approvingCert.getSerialNumber(),CertTools.getIssuerDN(approvingCert)); 454 455 if(data.getReqadmincertissuerdn() != null){ 457 String requsername = getCertificateStoreSession().findUsernameByCertSerno(admin,new BigInteger (data.getReqadmincertsn(),16),data.getReqadmincertissuerdn()); 458 if(username.equals(requsername)){ 459 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Error administrator have already approved, rejected or requested current request, approveId " + approvalId); 460 throw new AdminAlreadyApprovedRequestException("Error administrator have already approved, rejected or requested current request, approveId : " + approvalId); 461 } 462 } 463 if(username != null){ 464 Iterator iter = data.getApprovals().iterator(); 465 while(iter.hasNext()){ 466 Approval next = (Approval) iter.next(); 467 if(next.getUsername().equals(username)){ 468 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Error administrator have already approved or rejected current request, approveId " + approvalId); 469 throw new AdminAlreadyApprovedRequestException("Error administrator have already approved or rejected current request, approveId : " + approvalId); 470 } 471 } 472 approval.setApprovalCertificateAndUsername(true, approvingCert,username); 473 }else{ 474 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval request with id : " +approvalId +", Error no username exists for the given approver certificate."); 475 throw new ApprovalException("Error no username exists for the given approver or requestor certificate"); 476 } 477 478 479 try { 480 adl.approve(approval); 481 GlobalConfiguration gc = getRAAdminSession().loadGlobalConfiguration(admin); 482 if(gc.getUseApprovalNotifications()){ 483 if(adl.getApprovalDataVO().getRemainingApprovals() != 0){ 484 sendApprovalNotification(admin, gc, 485 intres.getLocalizedMessage("notification.requestconcured.subject"), 486 intres.getLocalizedMessage("notification.requestconcured.msg"), 487 adl.getId(), adl.getApprovalDataVO().getRemainingApprovals(), adl.getApprovalDataVO().getRequestDate(), 488 adl.getApprovalDataVO().getApprovalRequest(), 489 approval); 490 }else{ 491 sendApprovalNotification(admin, gc, 492 intres.getLocalizedMessage("notification.requestapproved.subject"), 493 intres.getLocalizedMessage("notification.requestapproved.msg"), 494 adl.getId(), adl.getApprovalDataVO().getRemainingApprovals(), adl.getApprovalDataVO().getRequestDate(), 495 adl.getApprovalDataVO().getApprovalRequest(), 496 approval); 497 } 498 } 499 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_INFO_APPROVALAPPROVED,"Approval request with id : " +approvalId +" have been approved."); 500 } catch (ApprovalRequestExpiredException e) { 501 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval request with id : " +approvalId +" have expired."); 502 throw e; 503 } catch (ApprovalRequestExecutionException e) { 504 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALAPPROVED,"Approval with id : " +approvalId +" couldn't execute properly"); 505 throw e; 506 } 507 log.debug("<approve"); 508 } 509 510 539 public void reject(Admin admin, int approvalId, Approval approval) throws ApprovalRequestExpiredException, 540 AuthorizationDeniedException, ApprovalException, AdminAlreadyApprovedRequestException{ 541 log.debug(">reject"); 542 ApprovalDataLocal adl; 543 try { 544 adl = isAuthorizedBeforeApproveOrReject(admin,approvalId,approval); 545 } catch (ApprovalException e1) { 546 getLogSession().log(admin,admin.getCaId(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Approval request with id : " +approvalId +" doesn't exists."); 547 throw e1; 548 } 549 550 X509Certificate approvingCert = admin.getAdminInformation().getX509Certificate(); 552 String username = getCertificateStoreSession().findUsernameByCertSerno(admin,approvingCert.getSerialNumber(),CertTools.getIssuerDN(approvingCert)); 553 ApprovalDataVO data = adl.getApprovalDataVO(); 554 555 if(data.getReqadmincertissuerdn() != null){ 556 String requsername = getCertificateStoreSession().findUsernameByCertSerno(admin,new BigInteger (data.getReqadmincertsn(),16),data.getReqadmincertissuerdn()); 558 if(username.equals(requsername)){ 559 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Error administrator have already approved, rejected or requested current request, approveId "); 560 throw new AdminAlreadyApprovedRequestException("Error administrator have already approved, rejected or requested current request, approveId : " + approvalId); 561 } 562 } 563 if(username != null){ 564 Iterator iter = data.getApprovals().iterator(); 565 while(iter.hasNext()){ 566 Approval next = (Approval) iter.next(); 567 if(next.getUsername().equals(username)){ 568 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Error administrator have already approved or rejected current request, approveId "); 569 throw new AdminAlreadyApprovedRequestException("Error administrator have already approved or rejected current request, approveId : " + approvalId); 570 } 571 } 572 approval.setApprovalCertificateAndUsername(false, approvingCert,username); 573 }else{ 574 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Approval request with id : " +approvalId +", Error no username exists for the given approver certificate."); 575 throw new ApprovalException("Error no username exists for the given approver or requestor certificate"); 576 } 577 578 579 try { 580 adl.reject(approval); 581 GlobalConfiguration gc = getRAAdminSession().loadGlobalConfiguration(admin); 582 if(gc.getUseApprovalNotifications()){ 583 sendApprovalNotification(admin, gc, 584 intres.getLocalizedMessage("notification.requestrejected.subject"), 585 intres.getLocalizedMessage("notification.requestrejected.msg"), 586 adl.getId(), adl.getApprovalDataVO().getRemainingApprovals(), adl.getApprovalDataVO().getRequestDate(), 587 adl.getApprovalDataVO().getApprovalRequest(), 588 approval); 589 } 590 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_INFO_APPROVALREJECTED,"Approval request with id : " +approvalId +" have been rejected."); 591 } catch (ApprovalRequestExpiredException e) { 592 getLogSession().log(admin,adl.getCaid(),LogEntry.MODULE_APPROVAL,new Date (),null,null,LogEntry.EVENT_ERROR_APPROVALREJECTED,"Approval request with id : " +approvalId +" have expired."); 593 throw e; 594 } 595 log.debug("<reject"); 596 } 597 598 599 602 private ApprovalDataLocal isAuthorizedBeforeApproveOrReject(Admin admin, int approvalId, Approval approval) throws ApprovalException, AuthorizationDeniedException{ 603 ApprovalDataLocal retval = null; 604 605 retval = findNonExpiredApprovalDataLocal(admin,approvalId); 606 607 if(retval != null){ 608 if(retval.getEndentityprofileid() == ApprovalDataVO.ANY_ENDENTITYPROFILE){ 609 getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.REGULAR_APPROVECAACTION); 610 }else{ 611 getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.REGULAR_APPROVEENDENTITY); 612 getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.ENDENTITYPROFILEPREFIX + retval.getEndentityprofileid() + AvailableAccessRules.APPROVAL_RIGHTS); 613 } 614 if(retval.getCaid() != ApprovalDataVO.ANY_CA){ 615 getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.CAPREFIX + retval.getCaid()); 616 } 617 618 619 } else { 620 throw new ApprovalException("Suitable approval with id : " + approvalId + " doesn't exist"); 621 } 622 return retval; 623 } 624 625 643 public int isApproved(Admin admin, int approvalId) throws ApprovalException, ApprovalRequestExpiredException{ 644 log.debug(">isApproved, approvalId" + approvalId); 645 int retval = ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED; 646 647 try { 648 Collection result = approvalHome.findByApprovalId(approvalId); 649 Iterator iter = result.iterator(); 650 while(iter.hasNext()){ 651 ApprovalDataLocal adl = (ApprovalDataLocal) iter.next(); 652 retval = adl.isApproved(); 653 if(adl.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL || 654 adl.getStatus() == ApprovalDataVO.STATUS_APPROVED || 655 adl.getStatus() == ApprovalDataVO.STATUS_REJECTED ){ 656 break; 657 } 658 } 659 660 } catch (FinderException e) { 661 throw new ApprovalException("Approval request with id : " + approvalId + " doesn't exists"); 662 } 663 664 log.debug("<isApproved, result" + retval); 665 return retval; 666 } 667 668 674 public ApprovalDataVO findNonExpiredApprovalRequest(Admin admin, int approvalId){ 675 ApprovalDataVO retval = null; 676 ApprovalDataLocal data = findNonExpiredApprovalDataLocal(admin,approvalId); 677 678 if(data != null){ 679 retval = data.getApprovalDataVO(); 680 } 681 682 return retval; 683 } 684 685 private ApprovalDataLocal findNonExpiredApprovalDataLocal(Admin admin, int approvalId){ 686 ApprovalDataLocal retval = null; 687 try { 688 Collection result = approvalHome.findByApprovalIdNonExpired(approvalId); 689 Iterator iter = result.iterator(); 690 while(iter.hasNext()){ 691 ApprovalDataLocal next = (ApprovalDataLocal) iter.next(); 692 ApprovalDataVO data = next.getApprovalDataVO(); 693 if(data.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL || 694 data.getStatus() == ApprovalDataVO.STATUS_APPROVED || 695 data.getStatus() == ApprovalDataVO.STATUS_REJECTED){ 696 retval = next; 697 } 698 699 } 700 } catch (FinderException e) {} 701 702 return retval; 703 } 704 705 716 public Collection findApprovalDataVO(Admin admin, int approvalId){ 717 log.debug(">findApprovalDataVO"); 718 ArrayList retval = new ArrayList (); 719 720 try { 721 Collection result = approvalHome.findByApprovalId(approvalId); 722 Iterator iter = result.iterator(); 723 while(iter.hasNext()){ 724 ApprovalDataLocal adl = (ApprovalDataLocal) iter.next(); 725 retval.add(adl.getApprovalDataVO()); 726 } 727 } catch (FinderException e) { 728 } 729 730 log.debug("<findApprovalDataVO"); 731 return retval; 732 } 733 734 735 748 749 public List query(Admin admin, Query query, int index, int numberofrows) throws IllegalQueryException, AuthorizationDeniedException { 750 debug(">query(): "); 751 752 boolean authorizedToApproveCAActions = false; boolean authorizedToApproveRAActions = false; 755 try { 756 authorizedToApproveCAActions = getAuthorizationSession().isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_APPROVECAACTION); 757 } catch (AuthorizationDeniedException e1) {} 758 try { 759 authorizedToApproveRAActions = getAuthorizationSession().isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_APPROVEENDENTITY); 760 } catch (AuthorizationDeniedException e1) { 761 } 762 763 if(!authorizedToApproveCAActions && !authorizedToApproveRAActions){ 764 throw new AuthorizationDeniedException("Not authorized to query apporvals"); 765 } 766 767 ArrayList returnData = new ArrayList (); 768 GlobalConfiguration globalconfiguration = getRAAdminSession().loadGlobalConfiguration(admin); 769 RAAuthorization raauthorization = null; 770 String sqlquery = "select " + APPROVALDATA_COL + " from ApprovalData where "; 771 772 773 if (query != null && !query.isLegalQuery()) 775 throw new IllegalQueryException(); 776 777 if (query != null) 778 sqlquery = sqlquery + query.getQueryString(); 779 780 raauthorization = new RAAuthorization(admin, getRAAdminSession(), getAuthorizationSession()); 781 String caauthstring = raauthorization.getCAAuthorizationString(); 782 String endentityauth = ""; 783 if (globalconfiguration.getEnableEndEntityProfileLimitations()){ 784 endentityauth = raauthorization.getEndEntityProfileAuthorizationString(true); 785 if(authorizedToApproveCAActions && authorizedToApproveRAActions){ 786 endentityauth = raauthorization.getEndEntityProfileAuthorizationString(true); 787 if(endentityauth != null){ 788 endentityauth = "(" + raauthorization.getEndEntityProfileAuthorizationString(false) + " OR endEntityprofileId=" + ApprovalDataVO.ANY_ENDENTITYPROFILE + " ) "; 789 } 790 }else if (authorizedToApproveCAActions) { 791 endentityauth = " endEntityprofileId=" + ApprovalDataVO.ANY_ENDENTITYPROFILE; 792 }else if (authorizedToApproveRAActions) { 793 endentityauth = raauthorization.getEndEntityProfileAuthorizationString(true); 794 } 795 796 } 797 798 799 if (!caauthstring.trim().equals("") && query != null){ 800 sqlquery = sqlquery + " AND " + caauthstring; 801 }else{ 802 sqlquery = sqlquery + caauthstring; 803 } 804 805 if (StringUtils.isNotEmpty(endentityauth)) { 806 if (caauthstring.trim().equals("") && query == null){ 807 sqlquery = sqlquery + endentityauth; 808 }else{ 809 sqlquery = sqlquery + " AND " + endentityauth; 810 } 811 } 812 813 814 Connection con = null; 815 PreparedStatement ps = null; 816 ResultSet rs = null; 817 try { 818 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 820 log.debug(sqlquery); 821 822 ps = con.prepareStatement(sqlquery); 823 824 rs = ps.executeQuery(); 826 int direction = rs.getFetchDirection(); 827 if (direction == ResultSet.FETCH_FORWARD) { 828 if (index < 0) { 830 throw new Exception ("Database does only support forward fetching, but index is "+index); 831 } 832 for (int i = 0; i < index; i++) { 833 rs.next(); 834 } 835 } else { 836 boolean forward = true; 839 if (index < 0) { 840 forward = false; 841 } 842 for (int i = 0; i < index; i++) { 843 if (forward) { 844 rs.next(); 845 } else { 846 rs.previous(); 847 } 848 } 849 } 850 while (rs.next() && returnData.size() < numberofrows) { 852 853 int id = rs.getInt(1); 856 int approvalid = rs.getInt(2); 857 int approvaltype = rs.getInt(3); 858 int endentityprofileId = rs.getInt(4); 859 int caid = rs.getInt(5); 860 String reqadmincertissuerdn = rs.getString(6); 861 String reqadmincertserial = rs.getString(7); 862 int status = rs.getInt(8); 863 String approvaldatastring = rs.getString(9); 864 String requestdatastring = rs.getString(10); 865 long requestdate = rs.getLong(11); 866 long expiredate = rs.getLong(12); 867 int remainingapprovals = rs.getInt(13); 868 ApprovalDataVO data = new ApprovalDataVO(id,approvalid,approvaltype,endentityprofileId,caid, 869 reqadmincertissuerdn, reqadmincertserial, status, 870 ApprovalDataUtil.getApprovals(approvaldatastring), 871 ApprovalDataUtil.getApprovalRequest(requestdatastring), 872 new Date (requestdate), new Date (expiredate), remainingapprovals); 873 874 returnData.add(data); 875 } 876 877 878 debug("<query()"); 879 return returnData; 880 881 } catch (Exception e) { 882 throw new EJBException (e); 883 } finally { 884 JDBCUtil.close(con, ps, rs); 885 } 886 887 } 889 890 private void sendApprovalNotification(Admin admin, GlobalConfiguration gc, String notificationSubject, String notificationMsg, Integer id, int numberOfApprovalsLeft, Date requestDate, ApprovalRequest approvalRequest, Approval approval) { 891 debug(">sendNotification approval notification: id="+id); 892 try { 893 String requestAdminEmail = null; 894 String approvalAdminsEmail = null; 895 String fromAddress = null; 896 X509Certificate requestAdminCert = approvalRequest.getRequestAdminCert(); 898 String requestAdminDN = null; 899 String requestAdminUsername = null; 900 if(requestAdminCert != null){ 901 requestAdminDN = CertTools.getSubjectDN(requestAdminCert); 902 requestAdminUsername = getCertificateStoreSession().findUsernameByCertSerno(admin,requestAdminCert.getSerialNumber(),CertTools.getIssuerDN(requestAdminCert)); 903 UserDataVO requestAdminData = getUserAdminSession().findUser(admin, requestAdminUsername); 904 if (requestAdminData == null || requestAdminData.getEmail() == null || requestAdminData.getEmail().equals("")) { 905 getLogSession().log(admin, approvalRequest.getCAId(), LogEntry.MODULE_APPROVAL, new java.util.Date (),requestAdminUsername, null, LogEntry.EVENT_ERROR_NOTIFICATION, "Error sending notification to administrator requesting approval. Set a correct email to the administrator"); 906 }else{ 907 requestAdminEmail = requestAdminData.getEmail(); 908 } 909 }else{ 910 requestAdminUsername = intres.getLocalizedMessage("CLITOOL"); 911 requestAdminDN = "CN=" + requestAdminUsername; 912 } 913 914 915 approvalAdminsEmail = gc.getApprovalAdminEmailAddress(); 917 fromAddress = gc.getApprovalNotificationFromAddress(); 919 920 if(approvalAdminsEmail.equals("") || fromAddress.equals("")){ 921 getLogSession().log(admin, approvalRequest.getCAId(), LogEntry.MODULE_APPROVAL, new java.util.Date (),requestAdminUsername, null, LogEntry.EVENT_ERROR_NOTIFICATION, "Error sending approval notification. The email-addresses, either to approval administrators or from-address isn't configured properly"); 922 }else{ 923 String approvalURL = gc.getBaseUrl() + "adminweb/approval/approveaction.jsf?uniqueId=" + id; 924 String approvalTypeText = intres.getLocalizedMessage(ApprovalDataVO.APPROVALTYPENAMES[approvalRequest.getApprovalType()]); 925 926 String approvalAdminUsername = null; 927 String approvalAdminDN = null; 928 String approveComment = null; 929 if(approval != null){ 930 approvalAdminUsername = approval.getUsername(); 931 X509Certificate approvalCert = (X509Certificate ) getCertificateStoreSession().findCertificateByIssuerAndSerno(admin, approval.getAdminCertIssuerDN(), approval.getAdminCertSerialNumber()); 932 approvalAdminDN = CertTools.getSubjectDN(approvalCert); 933 approveComment = approval.getComment(); 934 } 935 String mailJndi = getLocator().getString("java:comp/env/MailJNDIName"); 936 Session mailSession = getLocator().getMailSession(mailJndi); 937 Integer numAppr = new Integer (numberOfApprovalsLeft); 938 NotificationParamGen paramGen = new NotificationParamGen(requestDate,id,approvalTypeText,numAppr, 939 approvalURL, approveComment, requestAdminUsername, 940 requestAdminDN,approvalAdminUsername,approvalAdminDN); 941 HashMap params = paramGen.getParams(); 942 943 Message msg = new TemplateMimeMessage(params, mailSession); 944 msg.setFrom(new InternetAddress (fromAddress)); 945 msg.addRecipients(javax.mail.Message.RecipientType.TO, InternetAddress.parse(approvalAdminsEmail, false)); 946 if(requestAdminEmail != null){ 947 msg.addRecipients(javax.mail.Message.RecipientType.TO, InternetAddress.parse(requestAdminEmail, false)); 948 } 949 msg.setSubject(notificationSubject); 950 msg.setContent(notificationMsg, "text/plain"); 951 msg.setHeader("X-Mailer", "JavaMailer"); 952 msg.setSentDate(new Date ()); 953 Transport.send(msg); 954 955 getLogSession().log(admin, approvalRequest.getCAId(), LogEntry.MODULE_APPROVAL, new java.util.Date (), requestAdminUsername, null, LogEntry.EVENT_INFO_NOTIFICATION, "Approval notification with id " + id + " was sent successfully."); 956 } 957 } catch (Exception e) { 958 error("Error when sending notification approving notification", e); 959 try{ 960 getLogSession().log(admin, approvalRequest.getCAId(), LogEntry.MODULE_APPROVAL, new java.util.Date (),null, null, LogEntry.EVENT_ERROR_NOTIFICATION, "Error sending approval notification with id " + id + "."); 961 }catch(Exception f){ 962 throw new EJBException (f); 963 } 964 } 965 debug("<sendNotification approval notification: id="+id); 966 967 } 968 969 970 private Integer findFreeApprovalId() { 971 Random ran = (new Random ((new Date ()).getTime())); 972 int id = ran.nextInt(); 973 boolean foundfree = false; 974 975 while (!foundfree) { 976 try { 977 if (id > 1) 978 approvalHome.findByPrimaryKey(new Integer (id)); 979 id = ran.nextInt(); 980 } catch (FinderException e) { 981 foundfree = true; 982 } 983 } 984 return new Integer (id); 985 } 987 988 } | Popular Tags |