KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > ejb > keyrecovery > LocalKeyRecoverySessionBean


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.ejb.keyrecovery;
15
16 import java.security.KeyPair JavaDoc;
17 import java.security.cert.X509Certificate JavaDoc;
18 import java.util.Collection JavaDoc;
19 import java.util.Iterator JavaDoc;
20
21 import javax.ejb.CreateException JavaDoc;
22 import javax.ejb.EJBException JavaDoc;
23 import javax.ejb.FinderException JavaDoc;
24
25 import org.ejbca.core.ejb.BaseSessionBean;
26 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
27 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome;
28 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
29 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome;
30 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
31 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome;
32 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
33 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome;
34 import org.ejbca.core.ejb.log.ILogSessionLocal;
35 import org.ejbca.core.ejb.log.ILogSessionLocalHome;
36 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal;
37 import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome;
38 import org.ejbca.core.ejb.approval.IApprovalSessionLocal;
39 import org.ejbca.core.ejb.approval.IApprovalSessionLocalHome;
40 import org.ejbca.core.model.InternalResources;
41 import org.ejbca.core.model.approval.ApprovalException;
42 import org.ejbca.core.model.approval.ApprovalExecutorUtil;
43 import org.ejbca.core.model.approval.ApprovalOveradableClassName;
44 import org.ejbca.core.model.approval.WaitingForApprovalException;
45 import org.ejbca.core.model.approval.approvalrequests.KeyRecoveryApprovalRequest;
46 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
47 import org.ejbca.core.model.authorization.AvailableAccessRules;
48 import org.ejbca.core.model.ca.caadmin.CAInfo;
49 import org.ejbca.core.model.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceRequest;
50 import org.ejbca.core.model.ca.caadmin.extendedcaservices.KeyRecoveryCAServiceResponse;
51 import org.ejbca.core.model.keyrecovery.KeyRecoveryData;
52 import org.ejbca.core.model.log.Admin;
53 import org.ejbca.core.model.log.LogEntry;
54 import org.ejbca.core.model.ra.UserDataConstants;
55 import org.ejbca.util.CertTools;
56
57
58 /**
59  * Stores key recovery data. Uses JNDI name for datasource as defined in env 'Datasource' in
60  * ejb-jar.xml.
61  *
62  * @version $Id: LocalKeyRecoverySessionBean.java,v 1.10 2006/12/13 10:33:10 anatom Exp $
63  *
64  * @ejb.bean
65  * display-name="Stores key recovery data"
66  * name="KeyRecoverySession"
67  * jndi-name="KeyRecoverySession"
68  * local-jndi-name="KeyRecoverySessionLocal"
69  * view-type="both"
70  * type="Stateless"
71  * transaction-type="Container"
72  *
73  * @ejb.transaction type="Required"
74  *
75  * @weblogic.enable-call-by-reference True
76  *
77  * @ejb.env-entry description="JDBC datasource to be used"
78  * name="DataSource"
79  * type="java.lang.String"
80  * value="${datasource.jndi-name-prefix}${datasource.jndi-name}"
81  *
82  * @ejb.ejb-external-ref
83  * description="The key recovery data entity bean"
84  * view-type="local"
85  * ref-name="ejb/KeyRecoveryDataLocal"
86  * type="Entity"
87  * home="org.ejbca.core.ejb.keyrecovery.KeyRecoveryDataLocalHome"
88  * business="org.ejbca.core.ejb.keyrecovery.KeyRecoveryDataLocal"
89  * link="KeyRecoveryData"
90  *
91  * @ejb.ejb-external-ref
92  * description="The Sign Session Bean"
93  * view-type="local"
94  * ref-name="ejb/RSASignSessionLocal"
95  * type="Session"
96  * home="org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome"
97  * business="org.ejbca.core.ejb.ca.sign.ISignSessionLocal"
98  * link="RSASignSession"
99  *
100  * @ejb.ejb-external-ref
101  * description="The Certificate Store session bean"
102  * view-type="local"
103  * ref-name="ejb/CertificateStoreSessionLocal"
104  * type="Session"
105  * home="org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome"
106  * business="org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal"
107  * link="CertificateStoreSession"
108  *
109  * @ejb.ejb-external-ref description="The CAAdmin Session Bean"
110  * view-type="local"
111  * ref-name="ejb/CAAdminSessionLocal"
112  * type="Session"
113  * home="org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome"
114  * business="org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal"
115  * link="CAAdminSession"
116  *
117  * @ejb.ejb-external-ref
118  * description="The User Admin session bean"
119  * view-type="local"
120  * ref-name="ejb/UserAdminSessionLocal"
121  * type="Session"
122  * home="org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome"
123  * business="org.ejbca.core.ejb.ra.IUserAdminSessionLocal"
124  * link="UserAdminSession"
125  *
126  * @ejb.ejb-external-ref description="The Approval Session Bean"
127  * view-type="local"
128  * ref-name="ejb/ApprovalSessionLocal"
129  * type="Session"
130  * home="org.ejbca.core.ejb.approval.IApprovalSessionLocalHome"
131  * business="org.ejbca.core.ejb.approval.IApprovalSessionLocal"
132  * link="ApprovalSession"
133  *
134  * @ejb.ejb-external-ref
135  * description="The Authorization session bean"
136  * view-type="local"
137  * ref-name="ejb/AuthorizationSessionLocal"
138  * type="Session"
139  * home="org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome"
140  * business="org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal"
141  * link="AuthorizationSession"
142  *
143  * @ejb.ejb-external-ref
144  * description="The log session bean"
145  * view-type="local"
146  * ref-name="ejb/LogSessionLocal"
147  * type="Session"
148  * home="org.ejbca.core.ejb.log.ILogSessionLocalHome"
149  * business="org.ejbca.core.ejb.log.ILogSessionLocal"
150  * link="LogSession"
151  *
152  * @ejb.home
153  * extends="javax.ejb.EJBHome"
154  * local-extends="javax.ejb.EJBLocalHome"
155  * local-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocalHome"
156  * remote-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionHome"
157  *
158  * @ejb.interface
159  * extends="javax.ejb.EJBObject"
160  * local-extends="javax.ejb.EJBLocalObject"
161  * local-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocal"
162  * remote-class="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionRemote"
163  *
164  * @jonas.bean
165  * ejb-name="KeyRecoverySession"
166  *
167  */

168 public class LocalKeyRecoverySessionBean extends BaseSessionBean {
169
170     /** Internal localization of logs and errors */
171     private static final InternalResources intres = InternalResources.getInstance();
172     
173     /** The local home interface of hard token issuer entity bean. */
174     private KeyRecoveryDataLocalHome keyrecoverydatahome = null;
175
176     /** The local interface of sign session bean */
177     private ISignSessionLocal signsession = null;
178
179     /** The local interface of certificate store session bean */
180     private ICertificateStoreSessionLocal certificatestoresession = null;
181     
182     /** The local interface of the caadmin session bean*/
183     private ICAAdminSessionLocal caadminsession = null;
184     
185     /** The local interface of the approval session bean*/
186     private IApprovalSessionLocal approvalsession = null;
187     
188     /** The local interface of the useradmin session bean*/
189     private IUserAdminSessionLocal useradminsession = null;
190     
191     
192
193     /** The local interface of log session bean */
194     private ILogSessionLocal logsession = null;
195
196     /** The local interface of authorization session bean */
197     private IAuthorizationSessionLocal authorizationsession;
198     
199     
200     /**
201      * Method checking the following authorizations:
202      *
203      * If /superadmin -> true
204      *
205      * Other must have both
206      * AvailableAccessRules.
207      * /ra_functionality/keyrecovery
208      * and /endentityprofilesrules/<endentityprofile>/ keyrecovery
209      *
210      *
211      * @param admin
212      * @param profileid end entity profile
213      * @return true if the admin is authorized to keyrecover
214      * @throws AuthorizationDeniedException if administrator isn't authorized.
215      */

216     private boolean authorizedToKeyRecover(Admin admin, int profileid) throws AuthorizationDeniedException{
217         boolean returnval = false;
218         try{
219             authorizationsession.isAuthorizedNoLog(admin, "/super_administrator");
220             returnval = true;
221         }catch(AuthorizationDeniedException e){}
222         
223         if(admin.getAdminType() == Admin.TYPE_PUBLIC_WEB_USER){
224             returnval = true; // Special Case, public web use should be able to key recover
225
}
226             
227         if(!returnval){
228             returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + AvailableAccessRules.KEYRECOVERY_RIGHTS) &&
229             authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_KEYRECOVERY);
230         }
231             
232         return returnval;
233     }
234
235     /**
236      * Help method that checks the CA data config if specified action
237      * requires approvals and how many
238      * @param action one of CAInfo.REQ_APPROVAL_ constants
239      * @param caid of the ca to check
240      * @return 0 of no approvals is required othervise the number of approvals
241      */

242     private int getNumOfApprovalRequired(Admin admin,int action, int caid) {
243         CAInfo cainfo = caadminsession.getCAInfo(admin, caid);
244         return ApprovalExecutorUtil.getNumOfApprovalRequired(action, cainfo);
245     }
246     
247     private IUserAdminSessionLocal getUserAdminSession(){
248         if(useradminsession == null){
249           try {
250             IUserAdminSessionLocalHome useradminhome = (IUserAdminSessionLocalHome) getLocator().getLocalHome(IUserAdminSessionLocalHome.COMP_NAME);
251             useradminsession = useradminhome.create();
252           } catch (CreateException JavaDoc e) {
253             throw new EJBException JavaDoc(e);
254           }
255         }
256         return useradminsession;
257     }
258     
259     /**
260      * Help method to check if approval of key recovery is required
261      * @param admin
262      * @param certificate
263      * @param username
264      * @param userdata
265      * @param checkNewest
266      * @throws ApprovalException
267      * @throws WaitingForApprovalException
268      */

269     private void checkIfApprovalRequired(Admin admin, X509Certificate JavaDoc certificate, String JavaDoc username, int endEntityProfileId, boolean checkNewest) throws ApprovalException, WaitingForApprovalException{
270         final int caid = CertTools.getIssuerDN(certificate).hashCode();
271         
272         // Check if approvals is required.
273
int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_KEYRECOVER, caid );
274         if (numOfApprovalsRequired > 0){
275
276             KeyRecoveryApprovalRequest ar = new KeyRecoveryApprovalRequest(certificate,username,checkNewest, admin,null,numOfApprovalsRequired,caid,endEntityProfileId);
277             if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_KEYRECOVERY)){
278                 approvalsession.addApprovalRequest(admin, ar);
279                 String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.addedforapproval");
280                 throw new WaitingForApprovalException(msg);
281             }
282
283         }
284     }
285     
286     /**
287      * Default create for SessionBean without any creation Arguments.
288      *
289      * @throws CreateException if bean instance can't be created
290      */

291     public void ejbCreate() throws CreateException JavaDoc {
292         debug(">ejbCreate()");
293
294         try {
295             keyrecoverydatahome = (KeyRecoveryDataLocalHome) getLocator().getLocalHome(KeyRecoveryDataLocalHome.COMP_NAME);
296
297             ILogSessionLocalHome logHome = (ILogSessionLocalHome) getLocator().getLocalHome(ILogSessionLocalHome.COMP_NAME);
298             logsession = logHome.create();
299
300             ICertificateStoreSessionLocalHome storeHome = (ICertificateStoreSessionLocalHome) getLocator().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME);
301             certificatestoresession = storeHome.create();
302
303             ISignSessionLocalHome signsessionhome = (ISignSessionLocalHome) getLocator().getLocalHome(ISignSessionLocalHome.COMP_NAME);
304             signsession = signsessionhome.create();
305             
306             IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) getLocator().getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME);
307             authorizationsession = authorizationsessionhome.create();
308
309             ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) getLocator().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME);
310             caadminsession = caadminsessionhome.create();
311             
312             IApprovalSessionLocalHome approvalsessionhome = (IApprovalSessionLocalHome) getLocator().getLocalHome(IApprovalSessionLocalHome.COMP_NAME);
313             approvalsession = approvalsessionhome.create();
314             
315
316             
317             debug("<ejbCreate()");
318         } catch (Exception JavaDoc e) {
319             throw new EJBException JavaDoc(e);
320         }
321     }
322
323     /**
324      * Adds a certificates keyrecovery data to the database.
325      *
326      * @param admin the administrator calling the function
327      * @param certificate the certificate used with the keypair.
328      * @param username of the administrator
329      * @param keypair the actual keypair to save.
330      *
331      * @return false if the certificates keyrecovery data already exists.
332      *
333      * @throws EJBException if a communication or other error occurs.
334      *
335      * @ejb.interface-method view-type="both"
336      */

337     public boolean addKeyRecoveryData(Admin admin, X509Certificate JavaDoc certificate, String JavaDoc username,
338                                       KeyPair JavaDoc keypair) {
339         debug(">addKeyRecoveryData(user: " + username + ")");
340
341         boolean returnval = false;
342
343         try {
344             int caid = CertTools.getIssuerDN(certificate).hashCode();
345
346             KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
347                     new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS, keypair));
348
349             keyrecoverydatahome.create(certificate.getSerialNumber(),
350                     CertTools.getIssuerDN(certificate), username, response.getKeyData());
351             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.addeddata", certificate.getSerialNumber().toString(16), CertTools.getIssuerDN(certificate));
352             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), username,
353                     certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
354             returnval = true;
355         } catch (Exception JavaDoc e) {
356             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.erroradddata", certificate.getSerialNumber().toString(16), CertTools.getIssuerDN(certificate));
357             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(),
358                     username, certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
359         }
360
361         debug("<addKeyRecoveryData()");
362
363         return returnval;
364     } // addKeyRecoveryData
365

366     /**
367      * Updates keyrecovery data
368      *
369      * @param admin DOCUMENT ME!
370      * @param certificate DOCUMENT ME!
371      * @param markedasrecoverable DOCUMENT ME!
372      * @param keypair DOCUMENT ME!
373      *
374      * @return false if certificates keyrecovery data doesn't exists
375      *
376      * @throws EJBException if a communication or other error occurs.
377      *
378      * @ejb.interface-method view-type="both"
379      */

380     public boolean changeKeyRecoveryData(Admin admin, X509Certificate JavaDoc certificate,
381                                          boolean markedasrecoverable, KeyPair JavaDoc keypair) {
382         debug(">changeKeyRecoveryData(certsn: " + certificate.getSerialNumber().toString(16) + ", " +
383                 CertTools.getIssuerDN(certificate) + ")");
384
385         boolean returnval = false;
386         final String JavaDoc hexSerial = certificate.getSerialNumber().toString(16);
387         final String JavaDoc dn = CertTools.getIssuerDN(certificate);
388         try {
389             KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
390             krd.setMarkedAsRecoverable(markedasrecoverable);
391
392             int caid = dn.hashCode();
393
394             KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
395                     new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_ENCRYPTKEYS, keypair));
396
397
398             krd.setKeyDataFromByteArray(response.getKeyData());
399             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.changeddata", hexSerial, dn);
400             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(),
401                     krd.getUsername(), certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
402             returnval = true;
403         } catch (Exception JavaDoc e) {
404             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.errorchangedata", hexSerial, dn);
405             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), null,
406                     certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
407         }
408
409         debug("<changeKeyRecoveryData()");
410
411         return returnval;
412     } // changeKeyRecoveryData
413

414     /**
415      * Removes a certificates keyrecovery data from the database.
416      *
417      * @param admin the administrator calling the function
418      * @param certificate the certificate used with the keys about to be removed.
419      *
420      * @throws EJBException if a communication or other error occurs.
421      *
422      * @ejb.interface-method view-type="both"
423      */

424     public void removeKeyRecoveryData(Admin admin, X509Certificate JavaDoc certificate) {
425         debug(">removeKeyRecoveryData(certificate: " + certificate.getSerialNumber().toString() +
426                 ")");
427         final String JavaDoc hexSerial = certificate.getSerialNumber().toString(16);
428         final String JavaDoc dn = CertTools.getIssuerDN(certificate);
429         try {
430             String JavaDoc username = null;
431             KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
432             username = krd.getUsername();
433             krd.remove();
434             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.removeddata", hexSerial, dn);
435             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), username,
436                     certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
437         } catch (Exception JavaDoc e) {
438             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.errorremovedata", hexSerial, dn);
439             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), null,
440                     certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
441         }
442
443         debug("<removeKeyRecoveryData()");
444     } // removeKeyRecoveryData
445

446     /**
447      * Removes a all keyrecovery data saved for a user from the database.
448      *
449      * @param admin DOCUMENT ME!
450      * @param username DOCUMENT ME!
451      *
452      * @throws EJBException if a communication or other error occurs.
453      *
454      * @ejb.interface-method view-type="both"
455      */

456     public void removeAllKeyRecoveryData(Admin admin, String JavaDoc username) {
457         debug(">removeAllKeyRecoveryData(user: " + username + ")");
458
459         try {
460             Collection JavaDoc result = keyrecoverydatahome.findByUsername(username);
461             Iterator JavaDoc iter = result.iterator();
462
463             while (iter.hasNext()) {
464                 ((KeyRecoveryDataLocal) iter.next()).remove();
465             }
466
467             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.removeduser", username);
468             logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), username,
469                     null, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
470         } catch (Exception JavaDoc e) {
471             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.errorremoveuser", username);
472             logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), null,
473                     null, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
474         }
475
476         debug("<removeAllKeyRecoveryData()");
477     } // removeAllKeyRecoveryData
478

479     /**
480      * Returns the keyrecovery data for a user. Observe only one certificates key can be recovered
481      * for every user at the time.
482      *
483      * @param admin
484      * @param username
485      * @param endentityprofileid, the end entity profile id the user belongs to.
486      *
487      * @return the marked keyrecovery data or null if no recoverydata can be found.
488      * @throws AuthorizationDeniedException
489      *
490      * @throws EJBException if a communication or other error occurs.
491      *
492      * @ejb.interface-method view-type="both"
493      */

494     public KeyRecoveryData keyRecovery(Admin admin, String JavaDoc username, int endEntityProfileId) throws AuthorizationDeniedException {
495         debug(">keyRecovery(user: " + username + ")");
496
497         KeyRecoveryData returnval = null;
498         KeyRecoveryDataLocal krd = null;
499         X509Certificate JavaDoc certificate = null;
500         
501         if(authorizedToKeyRecover(admin, endEntityProfileId)){
502             
503             try {
504                 Collection JavaDoc result = keyrecoverydatahome.findByUserMark(username);
505                 Iterator JavaDoc i = result.iterator();
506                 
507                 try {
508                     while (i.hasNext()) {
509                         krd = (KeyRecoveryDataLocal) i.next();
510                         
511                         if (returnval == null) {
512                             int caid = krd.getIssuerDN().hashCode();
513                             
514                             KeyRecoveryCAServiceResponse response = (KeyRecoveryCAServiceResponse) signsession.extendedService(admin, caid,
515                                     new KeyRecoveryCAServiceRequest(KeyRecoveryCAServiceRequest.COMMAND_DECRYPTKEYS, krd.getKeyDataAsByteArray()));
516                             KeyPair JavaDoc keys = response.getKeyPair();
517                             certificate = (X509Certificate JavaDoc) certificatestoresession
518                             .findCertificateByIssuerAndSerno(admin,
519                                     krd.getIssuerDN(), krd.getCertificateSN());
520                             returnval = new KeyRecoveryData(krd.getCertificateSN(), krd.getIssuerDN(),
521                                     krd.getUsername(), krd.getMarkedAsRecoverable(), keys, certificate);
522                             
523                             
524                         }
525                         
526                         // krd.setMarkedAsRecoverable(false);
527
}
528                     
529                     String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.sentdata", username);
530                     logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(),
531                             username, certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
532                 } catch (Exception JavaDoc e) {
533                     String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.errorsenddata", username);
534                     log.error(msg, e);
535                     logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(),
536                             username, null, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
537                 }
538             } catch (FinderException JavaDoc e) {
539             }
540         }
541
542         debug("<keyRecovery()");
543
544         return returnval;
545     } // keyRecovery
546

547     
548     private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_KEYRECOVERY = {
549         new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.KeyRecoveryApprovalRequest",null),
550     };
551     
552     /**
553      * Marks a users newest certificate for key recovery. Newest means certificate with latest not
554      * before date.
555      *
556      * @param admin the administrator calling the function
557      * @param username or the user.
558      * @param the end entity profile of the user, used for access control
559      *
560      * @return true if operation went successful or false if no certificates could be found for
561      * user, or user already marked.
562      * @throws AuthorizationDeniedException
563      * @throws WaitingForApprovalException
564      * @throws ApprovalException
565      *
566      * @throws EJBException if a communication or other error occurs.
567      *
568      * @ejb.interface-method view-type="both"
569      */

570     public boolean markNewestAsRecoverable(Admin admin, String JavaDoc username, int endEntityProfileId) throws AuthorizationDeniedException, ApprovalException, WaitingForApprovalException {
571         debug(">markNewestAsRecoverable(user: " + username + ")");
572
573         boolean returnval = false;
574         long newesttime = 0;
575         KeyRecoveryDataLocal krd = null;
576         KeyRecoveryDataLocal newest = null;
577         X509Certificate JavaDoc certificate = null;
578         X509Certificate JavaDoc newestcertificate = null;
579
580         if (!isUserMarked(admin, username)) {
581             try {
582                 Collection JavaDoc result = keyrecoverydatahome.findByUsername(username);
583                 Iterator JavaDoc iter = result.iterator();
584
585                 while (iter.hasNext()) {
586                     krd = (KeyRecoveryDataLocal) iter.next();
587                     certificate = (X509Certificate JavaDoc) certificatestoresession
588                             .findCertificateByIssuerAndSerno(admin,
589                                     krd.getIssuerDN(), krd.getCertificateSN());
590
591                     if (certificate != null) {
592                         if (certificate.getNotBefore().getTime() > newesttime) {
593                             newesttime = certificate.getNotBefore().getTime();
594                             newest = krd;
595                             newestcertificate = certificate;
596                         }
597                     }
598                 }
599
600                 if (newest != null) {
601                     
602
603                     
604                     // Check that the administrator is authorized to keyrecover
605
authorizedToKeyRecover(admin, endEntityProfileId);
606                     // Check if approvals is required.
607
checkIfApprovalRequired(admin,newestcertificate,username,endEntityProfileId,true);
608                     newest.setMarkedAsRecoverable(true);
609                     getUserAdminSession().setUserStatus(admin, username, UserDataConstants.STATUS_KEYRECOVERY);
610                     returnval = true;
611                 }
612
613                 String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.markeduser", username);
614                 logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(),
615                         username, newestcertificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
616             } catch (FinderException JavaDoc e) {
617                 String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.errormarkuser", username);
618                 logsession.log(admin, admin.getCaId(), LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(),
619                         username, null, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
620             }
621         }
622
623         debug("<markNewestAsRecoverable()");
624
625         return returnval;
626     } // markNewestAsRecoverable
627

628     /**
629      * Marks a users certificate for key recovery.
630      *
631      * @param admin the administrator calling the function
632      * @param certificate the certificate used with the keys about to be removed.
633      *
634      * @return true if operation went successful or false if certificate couldn't be found.
635      * @throws AuthorizationDeniedException
636      * @throws WaitingForApprovalException
637      * @throws ApprovalException
638      *
639      * @throws EJBException if a communication or other error occurs.
640      *
641      * @ejb.interface-method view-type="both"
642      */

643     public boolean markAsRecoverable(Admin admin, X509Certificate JavaDoc certificate, int endEntityProfileId) throws AuthorizationDeniedException, WaitingForApprovalException, ApprovalException {
644         debug(">markAsRecoverable(certificatesn: " + certificate.getSerialNumber() + ")");
645         
646         boolean returnval = false;
647         final String JavaDoc hexSerial = certificate.getSerialNumber().toString(16);
648         final String JavaDoc dn = CertTools.getIssuerDN(certificate);
649         try {
650             String JavaDoc username = null;
651             KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
652             username = krd.getUsername();
653             
654             // Check that the administrator is authorized to keyrecover
655
authorizedToKeyRecover(admin, endEntityProfileId);
656             // Check if approvals is required.
657
checkIfApprovalRequired(admin,certificate,username,endEntityProfileId,false);
658             krd.setMarkedAsRecoverable(true);
659             getUserAdminSession().setUserStatus(admin, username, UserDataConstants.STATUS_KEYRECOVERY);
660             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.markedcert", hexSerial, dn);
661             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), username,
662                     certificate, LogEntry.EVENT_INFO_KEYRECOVERY, msg);
663             returnval = true;
664         } catch (FinderException JavaDoc e) {
665             String JavaDoc msg = intres.getLocalizedMessage("keyrecovery.errormarkcert", hexSerial, dn);
666             log.error(msg, e);
667             logsession.log(admin, certificate, LogEntry.MODULE_KEYRECOVERY, new java.util.Date JavaDoc(), null,
668                     certificate, LogEntry.EVENT_ERROR_KEYRECOVERY, msg);
669         }
670
671         debug("<markAsRecoverable()");
672
673         return returnval;
674     } // markAsRecoverable
675

676     /**
677      * Resets keyrecovery mark for a user,
678      *
679      * @param admin DOCUMENT ME!
680      * @param username DOCUMENT ME!
681      *
682      * @throws EJBException if a communication or other error occurs.
683      *
684      * @ejb.interface-method view-type="both"
685      */

686     public void unmarkUser(Admin admin, String JavaDoc username) {
687         debug(">unmarkUser(user: " + username + ")");
688
689         KeyRecoveryDataLocal krd = null;
690
691         try {
692             Collection JavaDoc result = keyrecoverydatahome.findByUserMark(username);
693             Iterator JavaDoc i = result.iterator();
694
695             while (i.hasNext()) {
696                 krd = (KeyRecoveryDataLocal) i.next();
697                 krd.setMarkedAsRecoverable(false);
698             }
699         } catch (Exception JavaDoc e) {
700             throw new EJBException JavaDoc(e);
701         }
702
703         debug("<unmarkUser()");
704     } // unmarkUser
705

706     /**
707      * Returns true if a user is marked for key recovery.
708      *
709      * @param admin DOCUMENT ME!
710      * @param username DOCUMENT ME!
711      *
712      * @return true if user is already marked for key recovery.
713      *
714      * @throws EJBException if a communication or other error occurs.
715      *
716      * @ejb.interface-method view-type="both"
717      * @ejb.transaction type="Supports"
718      */

719     public boolean isUserMarked(Admin admin, String JavaDoc username) {
720         debug(">isUserMarked(user: " + username + ")");
721
722         boolean returnval = false;
723         KeyRecoveryDataLocal krd = null;
724         try {
725             Collection JavaDoc result = keyrecoverydatahome.findByUserMark(username);
726             Iterator JavaDoc i = result.iterator();
727
728             while (i.hasNext()) {
729                 krd = (KeyRecoveryDataLocal) i.next();
730
731                 if (krd.getMarkedAsRecoverable()) {
732                     returnval = true;
733                     break;
734                 }
735             }
736         } catch (Exception JavaDoc e) {
737             throw new EJBException JavaDoc(e);
738         }
739         debug("<isUserMarked(" + returnval + ")");
740         return returnval;
741     } // isUserMarked
742

743     /**
744      * Returns true if specified certificates keys exists in database.
745      *
746      * @param admin the administrator calling the function
747      * @param certificate the certificate used with the keys about to be removed.
748      *
749      * @return true if user is already marked for key recovery.
750      *
751      * @throws EJBException if a communication or other error occurs.
752      *
753      * @ejb.interface-method view-type="both"
754      * @ejb.transaction type="Supports"
755      */

756     public boolean existsKeys(Admin admin, X509Certificate JavaDoc certificate) {
757         debug(">existsKeys()");
758
759         boolean returnval = false;
760         final String JavaDoc hexSerial = certificate.getSerialNumber().toString(16);
761         final String JavaDoc dn = CertTools.getIssuerDN(certificate);
762         try {
763             KeyRecoveryDataLocal krd = keyrecoverydatahome.findByPrimaryKey(new KeyRecoveryDataPK(hexSerial, dn));
764             debug("Found key for user: "+krd.getUsername());
765             returnval = true;
766         } catch (FinderException JavaDoc e) {
767         }
768         debug("<existsKeys(" + returnval + ")");
769         return returnval;
770     } // existsKeys
771

772 }// LocalKeyRecoverySessionBean
773

774
775
Popular Tags