1 13 14 package org.ejbca.core.ejb.log; 15 16 import java.io.InputStream ; 17 import java.lang.reflect.Method ; 18 import java.security.cert.X509Certificate ; 19 import java.sql.Connection ; 20 import java.sql.PreparedStatement ; 21 import java.sql.ResultSet ; 22 import java.util.ArrayList ; 23 import java.util.Collection ; 24 import java.util.Date ; 25 import java.util.Iterator ; 26 import java.util.Properties ; 27 28 import javax.ejb.CreateException ; 29 import javax.ejb.EJBException ; 30 import javax.ejb.FinderException ; 31 32 import org.apache.commons.lang.StringUtils; 33 import org.ejbca.core.ejb.BaseSessionBean; 34 import org.ejbca.core.ejb.JNDINames; 35 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 36 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome; 37 import org.ejbca.core.ejb.protect.TableProtectSessionLocal; 38 import org.ejbca.core.ejb.protect.TableProtectSessionLocalHome; 39 import org.ejbca.core.model.InternalResources; 40 import org.ejbca.core.model.ca.caadmin.CADoesntExistsException; 41 import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceRequest; 42 import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceResponse; 43 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException; 44 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceRequestException; 45 import org.ejbca.core.model.ca.caadmin.extendedcaservices.IllegalExtendedCAServiceRequestException; 46 import org.ejbca.core.model.log.Admin; 47 import org.ejbca.core.model.log.ILogDevice; 48 import org.ejbca.core.model.log.ILogExporter; 49 import org.ejbca.core.model.log.LogConfiguration; 50 import org.ejbca.core.model.log.LogConstants; 51 import org.ejbca.core.model.log.LogEntry; 52 import org.ejbca.core.model.protect.TableVerifyResult; 53 import org.ejbca.util.CertTools; 54 import org.ejbca.util.JDBCUtil; 55 import org.ejbca.util.query.IllegalQueryException; 56 import org.ejbca.util.query.Query; 57 58 59 151 public class LocalLogSessionBean extends BaseSessionBean { 152 153 154 private static final InternalResources intres = InternalResources.getInstance(); 155 156 157 private LogEntryDataLocalHome logentryhome; 158 159 160 private TableProtectSessionLocalHome protecthome; 161 162 163 private LogConfigurationDataLocalHome logconfigurationhome; 164 165 166 private ISignSessionLocalHome signsessionhome; 167 168 169 private LogConfigurationDataLocal logconfigurationdata; 170 171 private static final String LOGDEVICE_FACTORIES = "java:comp/env/logDeviceFactories"; 172 private static final String LOGDEVICE_PROPERTIES = "java:comp/env/logDevicePropertyFiles"; 173 private static final String LOGSIGNING_PROPERTIES = "java:comp/env/logSigning"; 174 175 176 private ArrayList logdevices; 177 178 private boolean logsigning = false; 179 180 181 private final String LOGENTRYDATA_TABLE = "LogEntryData"; 182 private final String LOGENTRYDATA_COL = "id, adminType, adminData, caid, module, time, username, certificateSNR, event"; 183 private final String LOGENTRYDATA_COL_COMMENT_OLD = "comment"; 186 private final String LOGENTRYDATA_COL_COMMENT_ORA = "comment_"; 187 188 191 public void ejbCreate() { 192 try { 193 logentryhome = (LogEntryDataLocalHome) getLocator().getLocalHome(LogEntryDataLocalHome.COMP_NAME); 194 logconfigurationhome = (LogConfigurationDataLocalHome) getLocator().getLocalHome(LogConfigurationDataLocalHome.COMP_NAME); 195 signsessionhome = (ISignSessionLocalHome) getLocator().getLocalHome(ISignSessionLocalHome.COMP_NAME); 196 197 logdevices = new ArrayList (); 199 200 String factoryclassesstring = getLocator().getString(LOGDEVICE_FACTORIES); 202 String propertyfilesstring = getLocator().getString(LOGDEVICE_PROPERTIES); 203 String sign = getLocator().getString(LOGSIGNING_PROPERTIES); 204 if (StringUtils.equalsIgnoreCase(sign, "true")) { 205 logsigning = true; 206 protecthome = (TableProtectSessionLocalHome) getLocator().getLocalHome(TableProtectSessionLocalHome.COMP_NAME); 207 } 208 209 String [] propertyfiles = propertyfilesstring.split(";"); 210 Properties [] properties = new Properties [propertyfiles.length]; 211 for (int i = 0; i < propertyfiles.length; i++) { 212 properties[i] = new Properties (); 213 if (!(propertyfiles[i] == null || propertyfiles[i].trim().equals(""))) { 214 InputStream is = null; 215 try { 216 is = this.getClass().getResourceAsStream("/logdeviceproperties/" + propertyfiles[i].trim()); 217 properties[i].load(is); 218 } finally { 219 if (is != null) is.close(); 220 } 221 } 222 } 223 224 String [] factoryclasses = factoryclassesstring.split(";"); 225 for (int i = 0; i < factoryclasses.length; i++) { 226 Class implClass = Class.forName(factoryclasses[i].trim()); 227 Object fact = implClass.newInstance(); 228 Class [] paramTypes = new Class []{properties[0].getClass()}; 229 Method method = implClass.getMethod("makeInstance", paramTypes); 230 Object [] params = new Object [1]; 231 if (i < properties.length) 232 params[0] = properties[i]; 233 else 234 params[0] = new Properties (); 235 logdevices.add(method.invoke(fact, params)); 236 } 237 } catch (Exception e) { 238 throw new EJBException (e); 239 } 240 } 241 242 255 public void log(Admin admin, int caid, int module, Date time, String username, X509Certificate certificate, int event, String comment) { 256 doLog(admin, caid, module, time, username, certificate, event, comment, null); 257 } 259 265 public void log(Admin admin, X509Certificate caid, int module, Date time, String username, X509Certificate certificate, int event, String comment) { 266 log(admin, CertTools.getIssuerDN(caid).hashCode(), module, time, username, certificate, event, comment); 267 } 269 279 public void log(Admin admin, int caid, int module, Date time, String username, X509Certificate certificate, int event, String comment, Exception exception) { 280 doLog(admin, caid, module, time, username, certificate, event, comment, exception); 281 } 282 283 289 public void log(Admin admin, X509Certificate caid, int module, Date time, String username, X509Certificate certificate, int event, String comment, Exception exception) { 290 log(admin, CertTools.getIssuerDN(caid).hashCode(), module, time, username, certificate, event, comment, exception); 291 } 293 294 297 private synchronized void doLog(Admin admin, int caid, int module, Date time, String username, X509Certificate certificate, int event, String comment, Exception ex) { 298 final LogConfiguration config = loadLogConfiguration(caid); 299 if (config.logEvent(event)) { 300 try { 301 if (config.useLogDB()) { 302 logDB(admin, caid, module, time, username, certificate, event, comment); 303 } 304 } finally { 305 if (config.useExternalLogDevices()) { 307 logExternal(admin, caid, module, time, username, certificate, event, comment, ex); 308 } 309 } 310 } 311 } 312 313 316 private void logExternal(Admin admin, int caid, int module, Date time, String username, X509Certificate certificate, int event, String comment, Exception ex) { 317 Iterator i = logdevices.iterator(); 318 while (i.hasNext()) { 319 ILogDevice dev = (ILogDevice) i.next(); 320 dev.log(admin, caid, module, time, username, certificate, event, comment, ex); 321 } 322 } 323 324 327 private void logDB(Admin admin, int caid, int module, Date time, String username, X509Certificate certificate, int event, String comment) { 328 try { 329 String uid = certificate == null ? null : certificate.getSerialNumber().toString(16) + "," + certificate.getIssuerDN().toString(); 330 Integer id = getAndIncrementRowCount(); 331 logentryhome.create(id, admin.getAdminType(), admin.getAdminData(), caid, module, time, username, uid, event, comment); 332 if (logsigning) { 333 LogEntry le = new LogEntry(id.intValue(), admin.getAdminType(), admin.getAdminData(), caid, module, time, username, uid, event, comment); 334 TableProtectSessionLocal protect = protecthome.create(); 335 protect.protect(admin, le); 336 } 337 } catch (Throwable e) { 338 String msg = intres.getLocalizedMessage("log.errormissingentry"); 340 log.error(msg, e); 341 getAndIncrementRowCount(); 342 } 343 } 344 345 363 public byte[] export(Admin admin, Query query, String viewlogprivileges, String capriviledges, ILogExporter logexporter) throws IllegalQueryException, CADoesntExistsException, ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException { 364 byte[] ret = null; 365 if (query != null) { 366 Collection logentries = query(query, viewlogprivileges, capriviledges); 367 if (log.isDebugEnabled()) { 368 log.debug("Found "+logentries.size()+" entries when exporting"); 369 } 370 logexporter.setEntries(logentries); 371 ret = logexporter.export(); 372 String ca = logexporter.getSigningCA(); 373 if (log.isDebugEnabled()) { 374 log.debug("Signing CA is '"+ca+"'"); 375 } 376 if ( (ret != null) && StringUtils.isNotEmpty(ca) ) { 377 try { 378 int caid = Integer.parseInt(ca); 379 ISignSessionLocal sign = signsessionhome.create(); 380 CmsCAServiceRequest request = new CmsCAServiceRequest(ret, true); 381 CmsCAServiceResponse resp = (CmsCAServiceResponse)sign.extendedService(admin, caid, request); 382 ret = resp.getCmsDocument(); 383 } catch (CreateException e) { 384 log.error("Can not create sign session", e); 385 } 386 } 387 } 388 return ret; 389 } 390 391 404 public Collection query(Query query, String viewlogprivileges, String capriviledges) throws IllegalQueryException { 405 debug(">query()"); 406 if (capriviledges == null || capriviledges.length() == 0 || !query.isLegalQuery()) { 407 throw new IllegalQueryException(); 408 } 409 410 Connection con = null; 411 PreparedStatement ps = null; 412 ResultSet rs = null; 413 try { 414 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 416 String sql = "select "+LOGENTRYDATA_COL+", "+LOGENTRYDATA_COL_COMMENT_OLD+" from "+LOGENTRYDATA_TABLE+" where ( " 417 + query.getQueryString() + ") and (" + capriviledges + ")"; 418 if (!JDBCUtil.columnExists(con, LOGENTRYDATA_TABLE, LOGENTRYDATA_COL_COMMENT_OLD)) { 421 log.debug("Using oracle column name 'comment_' in LogEntryData."); 422 sql = StringUtils.replace(sql, LOGENTRYDATA_COL_COMMENT_OLD, LOGENTRYDATA_COL_COMMENT_ORA); 423 } 424 if (StringUtils.isNotEmpty(viewlogprivileges)) { 425 sql += " and (" + viewlogprivileges + ")"; 426 } 427 if (log.isDebugEnabled()) { 428 log.debug("Query: "+sql); 429 } 430 ps = con.prepareStatement(sql); 431 ps.setFetchSize(LogConstants.MAXIMUM_QUERY_ROWCOUNT + 1); 433 rs = ps.executeQuery(); 435 ArrayList returnval = new ArrayList (); 437 while (rs.next() && returnval.size() <= LogConstants.MAXIMUM_QUERY_ROWCOUNT) { 438 LogEntry data = new LogEntry(rs.getInt(1), rs.getInt(2), rs.getString(3), rs.getInt(4), rs.getInt(5), new Date (rs.getLong(6)), rs.getString(7), 439 rs.getString(8), rs.getInt(9), rs.getString(10)); 440 if (logsigning) { 441 TableProtectSessionLocal protect = protecthome.create(); 442 TableVerifyResult res = protect.verify(data); 443 data.setVerifyResult(res.getResultConstant()); 444 } 445 returnval.add(data); 446 } 447 return returnval; 448 449 } catch (Exception e) { 450 throw new EJBException (e); 451 } finally { 452 JDBCUtil.close(con, ps, rs); 453 } 454 } 456 465 public LogConfiguration loadLogConfiguration(int caid) { 466 LogConfiguration logconfiguration = null; 468 LogConfigurationDataLocal logconfigdata = null; 469 try { 470 logconfigdata = logconfigurationhome.findByPrimaryKey(new Integer (caid)); 471 logconfiguration = logconfigdata.loadLogConfiguration(); 472 } catch (FinderException e) { 473 log.debug("Can't find log configuration during load (caid="+caid+"), trying to create new: ", e); 474 try { 475 logconfiguration = new LogConfiguration(); 476 logconfigdata = logconfigurationhome.create(new Integer (caid), logconfiguration); 477 } catch (CreateException f) { 478 String msg = intres.getLocalizedMessage("log.errorcreateconf", new Integer (caid)); 479 log.error(msg, f); 480 throw new EJBException (f); 481 } 482 } 483 484 return logconfiguration; 485 } 487 496 public void saveLogConfiguration(Admin admin, int caid, LogConfiguration logconfiguration) { 497 try { 498 try { 499 (logconfigurationhome.findByPrimaryKey(new Integer (caid))).saveLogConfiguration(logconfiguration); 500 log(admin, caid, LogEntry.MODULE_LOG, new Date (), null, null, LogEntry.EVENT_INFO_EDITLOGCONFIGURATION, ""); 501 } catch (FinderException e) { 502 String msg = intres.getLocalizedMessage("log.createconf", new Integer (caid)); 503 log.info(msg); 504 logconfigurationhome.create(new Integer (caid), logconfiguration); 505 log(admin, caid, LogEntry.MODULE_LOG, new Date (), null, null, LogEntry.EVENT_INFO_EDITLOGCONFIGURATION, ""); 506 } 507 } catch (Exception e) { 508 log(admin, caid, LogEntry.MODULE_LOG, new Date (), null, null, LogEntry.EVENT_ERROR_EDITLOGCONFIGURATION, ""); 509 throw new EJBException (e); 510 } 511 } 513 514 private Integer getAndIncrementRowCount() { 515 if (this.logconfigurationdata == null) { 516 try { 517 logconfigurationdata = logconfigurationhome.findByPrimaryKey(new Integer (0)); 518 } catch (FinderException e) { 519 try { 520 LogConfiguration logconfiguration = new LogConfiguration(); 521 this.logconfigurationdata = logconfigurationhome.create(new Integer (0), logconfiguration); 522 } catch (CreateException f) { 523 throw new EJBException (f); 524 } 525 } 526 } 527 528 return this.logconfigurationdata.getAndIncrementRowCount(); 529 } 530 531 } | Popular Tags |