KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > ejb > ca > store > CertificateDataBean


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.ejb.ca.store;
15
16 import java.security.cert.Certificate JavaDoc;
17 import java.security.cert.CertificateEncodingException JavaDoc;
18 import java.security.cert.CertificateException JavaDoc;
19 import java.security.cert.X509Certificate JavaDoc;
20 import java.util.Date JavaDoc;
21
22 import javax.ejb.CreateException JavaDoc;
23
24 import org.apache.log4j.Logger;
25 import org.ejbca.core.ejb.BaseEntityBean;
26 import org.ejbca.core.model.SecConst;
27 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
28 import org.ejbca.util.Base64;
29 import org.ejbca.util.CertTools;
30
31
32
33 /**
34  * Entity Bean representing a certificate. Information stored:
35  * <pre>
36  * Certificate (base64Cert)
37  * Subject DN (subjectDN)
38  * Issuer DN (issuerDN)
39  * Serial number (serialNumber)
40  * SHA1 fingerprint (fingerprint)
41  * Status (status)
42  * Type (type; endentity, ca etc)
43  * CA SHA1 fingerprint (cAFingerprint)
44  * Expiration date (expireDate)
45  * Revocation date (revocationDate)
46  * Revocation reason (revocationReason)
47  * Username (username)
48  * </pre>
49  *
50  * @version $Id: CertificateDataBean.java,v 1.5 2006/11/10 09:28:51 anatom Exp $
51  *
52  * @ejb.bean description="This enterprise bean entity represents a certificate with accompanying data"
53  * display-name="CertificateDataEB"
54  * name="CertificateData"
55  * jndi-name="CertificateData"
56  * view-type="local"
57  * type="CMP"
58  * reentrant="False"
59  * cmp-version="2.x"
60  * transaction-type="Container"
61  * schema="CertificateDataBean"
62  *
63  * @ejb.transaction type="Required"
64  *
65  * @ejb.pk class="org.ejbca.core.ejb.ca.store.CertificateDataPK"
66  * extends="java.lang.Object"
67  * implements="java.io.Serializable"
68  *
69  * @ejb.persistence table-name = "CertificateData"
70  *
71  * @ejb.home
72  * generate="local"
73  * local-extends="javax.ejb.EJBLocalHome"
74  * local-class="org.ejbca.core.ejb.ca.store.CertificateDataLocalHome"
75  *
76  * @ejb.interface
77  * generate="local"
78  * local-extends="javax.ejb.EJBLocalObject"
79  * local-class="org.ejbca.core.ejb.ca.store.CertificateDataLocal"
80  *
81  * @ejb.finder description="findByExpireDate"
82  * signature="Collection findByExpireDate(long date)"
83  * query="SELECT OBJECT(a) from CertificateDataBean a WHERE a.expireDate<?1"
84  *
85  * @ejb.finder description="findBySubjectDNAndIssuerDN"
86  * signature="Collection findBySubjectDNAndIssuerDN(java.lang.String subjectDN, java.lang.String issuerDN)"
87  * query="SELECT OBJECT(a) from CertificateDataBean a WHERE a.subjectDN=?1 AND a.issuerDN=?2"
88   *
89  * @ejb.finder description="findBySubjectDN"
90  * signature="Collection findBySubjectDN(java.lang.String subjectDN)"
91  * query="SELECT OBJECT(a) from CertificateDataBean a WHERE a.subjectDN=?1"
92   *
93  * @ejb.finder description="findBySerialNumber"
94  * signature="Collection findBySerialNumber(java.lang.String sn)"
95  * query="SELECT OBJECT(a) from CertificateDataBean a WHERE a.serialNumber=?1"
96   *
97  * @ejb.finder description="findByIssuerDNSerialNumber"
98  * signature="Collection findByIssuerDNSerialNumber(java.lang.String issuerDN, java.lang.String serialNumber)"
99  * query="SELECT OBJECT(a) from CertificateDataBean a WHERE a.issuerDN=?1 AND a.serialNumber=?2"
100  *
101  * @ejb.finder description="findByUsername"
102  * signature="Collection findByUsername(java.lang.String username)"
103  * query="SELECT OBJECT(a) from CertificateDataBean a WHERE a.username=?1"
104  *
105  * @jonas.jdbc-mapping
106  * jndi-name="${datasource.jndi-name}"
107  */

108 public abstract class CertificateDataBean extends BaseEntityBean {
109
110     /** Certificate doesn't belong to anyone */
111     public static final int CERT_UNASSIGNED = 0;
112
113     /** Assigned, but not yet active */
114     public static final int CERT_INACTIVE = 10;
115
116     /** Certificate is active and assigned */
117     public static final int CERT_ACTIVE = 20;
118     
119     /** Certificate is still active and the user is notified that it
120      * will soon expire. */

121     public static final int CERT_NOTIFIEDABOUTEXPIRATION = 21;
122
123     /** Certificate is temporarily blocked (reversible) */
124     public static final int CERT_TEMP_REVOKED = 30;
125
126     /** Certificate is permanently blocked (terminated) */
127     public static final int CERT_REVOKED = 40;
128
129     /** Certificate is expired */
130     public static final int CERT_EXPIRED = 50;
131
132     /** Certificate is expired and kept for archive purpose */
133     public static final int CERT_ARCHIVED = 60;
134
135     // Certificate types used to create certificates
136
/** Certificate used for encryption. */
137     public static final int CERT_TYPE_ENCRYPTION = 0x1;
138
139     /** Certificate used for digital signatures. */
140     public static final int CERT_TYPE_SIGNATURE = 0x2;
141
142     /** Certificate used for both encryption and signatures. */
143     public static final int CERT_TYPE_ENCSIGN = 0x3;
144
145     // Constants used in certificate generation and publication. */
146
/** Certificate belongs to an end entity. */
147     public static final int CERTTYPE_ENDENTITY = 0x1;
148     /** Certificate belongs to a sub ca. */
149     public static final int CERTTYPE_SUBCA = 0x2;
150     /** Certificate belongs to a root ca. */
151     public static final int CERTTYPE_ROOTCA = 0x8;
152     /** Certificate belongs on a hard token. */
153     public static final int CERTTYPE_HARDTOKEN = 0x16;
154
155     // Constants used to contruct KeyUsage
156
/**
157      * @see org.ejbca.core.ejb.ca.sign.ISignSessionRemote
158      */

159     public static final int digitalSignature = (1 << 7);
160     public static final int nonRepudiation = (1 << 6);
161     public static final int keyEncipherment = (1 << 5);
162     public static final int dataEncipherment = (1 << 4);
163     public static final int keyAgreement = (1 << 3);
164     public static final int keyCertSign = (1 << 2);
165     public static final int cRLSign = (1 << 1);
166     public static final int encipherOnly = (1 << 0);
167     public static final int decipherOnly = (1 << 15);
168
169     private static final Logger log = Logger.getLogger(CertificateDataBean.class);
170
171     /**
172      * DN of issuer of certificate
173      *
174      * @return issuer dn
175      * @ejb.persistence column-name="issuerDN"
176      * @ejb.interface-method
177      */

178     public abstract String JavaDoc getIssuerDN();
179
180     /**
181      * Use setIssuer instead
182      *
183      * @param issuerDN issuer dn
184      *
185      * @see #setIssuer(String)
186      */

187     public abstract void setIssuerDN(String JavaDoc issuerDN);
188
189     /**
190      * DN of subject in certificate
191      *
192      * @return subject dn
193      * @ejb.persistence column-name="subjectDN"
194      * @ejb.interface-method
195      */

196     public abstract String JavaDoc getSubjectDN();
197
198     /**
199      * Use setSubject instead
200      *
201      * @param subjectDN subject dn
202      *
203      * @see #setSubject(String)
204      */

205     public abstract void setSubjectDN(String JavaDoc subjectDN);
206
207     /**
208      * Fingerprint of certificate
209      *
210      * @return fingerprint
211      * @ejb.persistence column-name="fingerprint"
212      * @ejb.interface-method
213      * @ejb.pk-field
214      */

215     public abstract String JavaDoc getFingerprint();
216
217     /**
218      * Fingerprint of certificate
219      *
220      * @param fingerprint fingerprint
221      */

222     public abstract void setFingerprint(String JavaDoc fingerprint);
223
224     /**
225      * Fingerprint of CA certificate
226      *
227      * @return fingerprint
228      * @ejb.persistence column-name="cAFingerprint"
229      * @ejb.interface-method
230      */

231     public abstract String JavaDoc getCaFingerprint();
232
233     /**
234      * Fingerprint of CA certificate
235      *
236      * @param cAFingerprint fingerprint
237      * @ejb.interface-method
238      */

239     public abstract void setCaFingerprint(String JavaDoc caFingerprint);
240
241     /**
242      * status of certificate, ex CertificateData.CERT_ACTIVE
243      *
244      * @return status
245      * @ejb.persistence column-name="status"
246      * @ejb.interface-method
247      */

248     public abstract int getStatus();
249
250     /**
251      * status of certificate, ex CertificateData.CERT_ACTIVE
252      *
253      * @param status status
254      * @ejb.interface-method
255      */

256     public abstract void setStatus(int status);
257
258     /**
259      * What type of user the certificate belongs to, ex SecConst.USER_ENDUSER
260      *
261      * @return user type
262      * @ejb.persistence column-name="type"
263      * @ejb.interface-method
264      */

265     public abstract int getType();
266
267     /**
268      * What type of user the certificate belongs to, ex SecConst.USER_ENDUSER
269      *
270      * @param type type
271      * @ejb.interface-method
272      */

273     public abstract void setType(int type);
274
275     /**
276      * Serialnumber formated as BigInteger.toString()
277      *
278      * @return serial number
279      * @ejb.persistence column-name="serialNumber"
280      * @ejb.interface-method
281      */

282     public abstract String JavaDoc getSerialNumber();
283
284     /**
285      * Serialnumber formated as BigInteger.toString()
286      *
287      * @param serialNumber serial number
288      * @ejb.interface-method
289      */

290     public abstract void setSerialNumber(String JavaDoc serialNumber);
291
292     /**
293      * Date formated as seconds since 1970 (== Date.getTime())
294      *
295      * @return expire date
296      * @ejb.persistence column-name="expireDate"
297      * @ejb.interface-method
298      */

299     public abstract long getExpireDate();
300
301     /**
302      * Date formated as seconds since 1970 (== Date.getTime())
303      *
304      * @param expireDate expire date
305      * @ejb.interface-method
306      */

307     public abstract void setExpireDate(long expireDate);
308
309     /**
310      * Set to date when revocation occured if status== CERT_REVOKED. Format == Date.getTime()
311      *
312      * @return revocation date
313      * @ejb.persistence column-name="revocationDate"
314      * @ejb.interface-method
315      */

316     public abstract long getRevocationDate();
317
318     /**
319      * Set to date when revocation occured if status== CERT_REVOKED. Format == Date.getTime()
320      *
321      * @param revocationDate revocation date
322      * @ejb.interface-method
323      */

324     public abstract void setRevocationDate(long revocationDate);
325
326     /**
327      * Set to revocation reason if status== CERT_REVOKED
328      *
329      * @return revocation reason
330      * @ejb.persistence column-name="revocationReason"
331      * @ejb.interface-method
332      */

333     public abstract int getRevocationReason();
334
335     /**
336      * Set to revocation reason if status== CERT_REVOKED
337      *
338      * @param revocationReason revocation reason
339      * @ejb.interface-method
340      */

341     public abstract void setRevocationReason(int revocationReason);
342
343     /**
344      * certificate itself
345      *
346      * @return base64 encoded certificate
347      * @ejb.persistence jdbc-type="LONGVARCHAR" column-name="base64Cert"
348      * @ejb.interface-method
349      */

350     public abstract String JavaDoc getBase64Cert();
351
352     /**
353      * certificate itself
354      *
355      * @param base64Cert base64 encoded certificate
356      * @ejb.interface-method
357      */

358     public abstract void setBase64Cert(String JavaDoc base64Cert);
359
360     /**
361      * username in database
362      *
363      * @return username
364      * @ejb.persistence column-name="username"
365      * @ejb.interface-method
366      */

367     public abstract String JavaDoc getUsername();
368
369     /**
370      * username must be called 'striped' using StringTools.strip()
371      *
372      * @param username username
373      *
374      * @see org.ejbca.util.StringTools
375      * @ejb.interface-method
376      */

377     public abstract void setUsername(String JavaDoc username);
378
379     //
380
// Public business methods used to help us manage certificates
381
//
382

383     /**
384      * certificate itself
385      *
386      * @return certificate
387      * @ejb.interface-method
388      */

389     public Certificate JavaDoc getCertificate() {
390         X509Certificate JavaDoc cert = null;
391         try {
392             cert = CertTools.getCertfromByteArray(Base64.decode(getBase64Cert().getBytes()));
393         } catch (CertificateException JavaDoc ce) {
394             log.error("Can't decode certificate.", ce);
395             return null;
396         }
397         return cert;
398     }
399
400     /**
401      * certificate itself
402      *
403      * @param incert certificate
404      * @ejb.interface-method
405      */

406     public void setCertificate(Certificate JavaDoc incert) {
407         try {
408             String JavaDoc b64Cert = new String JavaDoc(Base64.encode(incert.getEncoded()));
409             setBase64Cert(b64Cert);
410
411             X509Certificate JavaDoc tmpcert = (X509Certificate JavaDoc) incert;
412             String JavaDoc fp = CertTools.getFingerprintAsString(tmpcert);
413             setFingerprint(fp);
414             setSubjectDN(CertTools.getSubjectDN(tmpcert));
415             setIssuerDN(CertTools.getIssuerDN(tmpcert));
416             setSerialNumber(tmpcert.getSerialNumber().toString());
417         } catch (CertificateEncodingException JavaDoc cee) {
418             log.error("Can't extract DER encoded certificate information.", cee);
419         }
420     }
421
422     /**
423      * DN of issuer of certificate
424      *
425      * @param dn issuer dn
426      * @ejb.interface-method
427      */

428     public void setIssuer(String JavaDoc dn) {
429         setIssuerDN(CertTools.stringToBCDNString(dn));
430     }
431
432     /**
433      * DN of subject in certificate
434      *
435      * @param dn subject dn
436      * @ejb.interface-method
437      */

438     public void setSubject(String JavaDoc dn) {
439         setSubjectDN(CertTools.stringToBCDNString(dn));
440     }
441
442     /**
443      * expire date of certificate
444      *
445      * @param expireDate expire date
446      * @ejb.interface-method
447      */

448     public void setExpireDate(Date JavaDoc expireDate) {
449         if (expireDate == null) {
450             setExpireDate(-1L);
451         } else {
452             setExpireDate(expireDate.getTime());
453         }
454     }
455
456     /**
457      * date the certificate was revoked
458      *
459      * @param revocationDate revocation date
460      * @ejb.interface-method
461      */

462     public void setRevocationDate(Date JavaDoc revocationDate) {
463         if (revocationDate == null) {
464             setRevocationDate(-1L);
465         } else {
466             setRevocationDate(revocationDate.getTime());
467         }
468     }
469
470     //
471
// Fields required by Container
472
//
473

474     /**
475      * Entity Bean holding info about a certficate. Create by sending in the certificate, which
476      * extracts (from the cert) fingerprint (primary key), subjectDN, issuerDN, serial number,
477      * expiration date. Status, Type, CAFingerprint, revocationDate and revocationReason are set
478      * to default values (CERT_UNASSIGNED, USER_INVALID, null, null and
479      * REVOKATION_REASON_UNSPECIFIED) and should be set using the respective set-methods.
480      *
481      * @param incert the (X509)Certificate to be stored in the database.
482      *
483      * @return primary key
484      * @ejb.create-method
485      */

486     public CertificateDataPK ejbCreate(Certificate JavaDoc incert)
487         throws CreateException JavaDoc {
488         // Exctract all fields to store with the certificate.
489
X509Certificate JavaDoc tmpcert;
490
491         try {
492             String JavaDoc b64Cert = new String JavaDoc(Base64.encode(incert.getEncoded()));
493             setBase64Cert(b64Cert);
494             tmpcert = (X509Certificate JavaDoc) incert;
495
496             String JavaDoc fp = CertTools.getFingerprintAsString(tmpcert);
497             setFingerprint(fp);
498
499             // Make sure names are always looking the same
500
setSubjectDN(CertTools.getSubjectDN(tmpcert));
501             setIssuerDN(CertTools.getIssuerDN(tmpcert));
502             log.debug("Creating certdata, subject=" + getSubjectDN() + ", issuer=" + getIssuerDN());
503             setSerialNumber(tmpcert.getSerialNumber().toString());
504
505             // Default values for status and type
506
setStatus(CERT_UNASSIGNED);
507             setType(SecConst.USER_INVALID);
508             setCaFingerprint(null);
509             setExpireDate(tmpcert.getNotAfter());
510             setRevocationDate(-1L);
511             setRevocationReason(RevokedCertInfo.NOT_REVOKED);
512         } catch (CertificateEncodingException JavaDoc cee) {
513             log.error("Can't extract DER encoded certificate information.", cee);
514             // TODO should throw an exception
515
}
516         return null;
517     }
518
519     /**
520      * required method, does nothing
521      *
522      * @param incert certificate
523      */

524     public void ejbPostCreate(Certificate JavaDoc incert) {
525         // Do nothing. Required.
526
}
527 }
528
Popular Tags