1 13 14 package org.ejbca.core.ejb.ra; 15 16 import java.awt.print.PrinterException ; 17 import java.math.BigInteger ; 18 import java.sql.Connection ; 19 import java.sql.PreparedStatement ; 20 import java.sql.ResultSet ; 21 import java.util.ArrayList ; 22 import java.util.Collection ; 23 import java.util.Date ; 24 import java.util.HashMap ; 25 import java.util.Iterator ; 26 27 import javax.ejb.CreateException ; 28 import javax.ejb.DuplicateKeyException ; 29 import javax.ejb.EJBException ; 30 import javax.ejb.FinderException ; 31 import javax.ejb.ObjectNotFoundException ; 32 import javax.ejb.RemoveException ; 33 import javax.mail.Message ; 34 import javax.mail.Session ; 35 import javax.mail.Transport ; 36 import javax.mail.internet.InternetAddress ; 37 38 import org.ejbca.core.ejb.BaseSessionBean; 39 import org.ejbca.core.ejb.JNDINames; 40 import org.ejbca.core.ejb.approval.IApprovalSessionLocal; 41 import org.ejbca.core.ejb.approval.IApprovalSessionLocalHome; 42 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 43 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome; 44 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 45 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome; 46 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 47 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome; 48 import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocal; 49 import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocalHome; 50 import org.ejbca.core.ejb.log.ILogSessionLocal; 51 import org.ejbca.core.ejb.log.ILogSessionLocalHome; 52 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 53 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome; 54 import org.ejbca.core.model.InternalResources; 55 import org.ejbca.core.model.SecConst; 56 import org.ejbca.core.model.approval.ApprovalException; 57 import org.ejbca.core.model.approval.ApprovalExecutorUtil; 58 import org.ejbca.core.model.approval.ApprovalOveradableClassName; 59 import org.ejbca.core.model.approval.WaitingForApprovalException; 60 import org.ejbca.core.model.approval.approvalrequests.AddEndEntityApprovalRequest; 61 import org.ejbca.core.model.approval.approvalrequests.ChangeStatusEndEntityApprovalRequest; 62 import org.ejbca.core.model.approval.approvalrequests.EditEndEntityApprovalRequest; 63 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 64 import org.ejbca.core.model.authorization.AvailableAccessRules; 65 import org.ejbca.core.model.ca.caadmin.CAInfo; 66 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 67 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 68 import org.ejbca.core.model.log.Admin; 69 import org.ejbca.core.model.log.LogConstants; 70 import org.ejbca.core.model.log.LogEntry; 71 import org.ejbca.core.model.ra.ExtendedInformation; 72 import org.ejbca.core.model.ra.NotFoundException; 73 import org.ejbca.core.model.ra.RAAuthorization; 74 import org.ejbca.core.model.ra.UserAdminConstants; 75 import org.ejbca.core.model.ra.UserDataConstants; 76 import org.ejbca.core.model.ra.UserDataVO; 77 import org.ejbca.core.model.ra.raadmin.EndEntityProfile; 78 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration; 79 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile; 80 import org.ejbca.util.CertTools; 81 import org.ejbca.util.JDBCUtil; 82 import org.ejbca.util.NotificationParamGen; 83 import org.ejbca.util.PrinterManager; 84 import org.ejbca.util.StringTools; 85 import org.ejbca.util.TemplateMimeMessage; 86 import org.ejbca.util.query.BasicMatch; 87 import org.ejbca.util.query.IllegalQueryException; 88 import org.ejbca.util.query.Query; 89 import org.ejbca.util.query.UserMatch; 90 91 92 93 232 public class LocalUserAdminSessionBean extends BaseSessionBean { 233 234 235 private static final InternalResources intres = InternalResources.getInstance(); 236 237 240 private IRaAdminSessionLocal raadminsession; 241 242 245 private ICertificateStoreSessionLocal certificatesession; 246 247 250 private IAuthorizationSessionLocal authorizationsession; 251 252 255 private IKeyRecoverySessionLocal keyrecoverysession; 256 257 260 private ICAAdminSessionLocal caadminsession; 261 262 265 private IApprovalSessionLocal approvalsession; 266 267 270 private ILogSessionLocal logsession; 271 272 private UserDataLocalHome home = null; 273 276 private static final String USERDATA_COL = "username, subjectDN, subjectAltName, subjectEmail, status, type, clearpassword, timeCreated, timeModified, endEntityprofileId, certificateProfileId, tokenType, hardTokenIssuerId, cAId, extendedInformationData"; 277 278 284 public void ejbCreate() throws CreateException { 285 try { 286 home = (UserDataLocalHome) getLocator().getLocalHome(UserDataLocalHome.COMP_NAME); 287 288 ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) getLocator().getLocalHome(ILogSessionLocalHome.COMP_NAME); 289 logsession = logsessionhome.create(); 290 291 IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) getLocator().getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME); 292 authorizationsession = authorizationsessionhome.create(); 293 294 IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) getLocator().getLocalHome(IRaAdminSessionLocalHome.COMP_NAME); 295 raadminsession = raadminsessionhome.create(); 296 297 ICertificateStoreSessionLocalHome certificatesessionhome = (ICertificateStoreSessionLocalHome) getLocator().getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME); 298 certificatesession = certificatesessionhome.create(); 299 300 301 ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) getLocator().getLocalHome(ICAAdminSessionLocalHome.COMP_NAME); 302 caadminsession = caadminsessionhome.create(); 303 304 305 } catch (Exception e) { 306 error("Error creating session bean:", e); 307 throw new EJBException (e); 308 } 309 310 } 311 312 private IApprovalSessionLocal getApprovalSession(){ 313 if(approvalsession == null){ 314 try { 315 IApprovalSessionLocalHome approvalsessionhome = (IApprovalSessionLocalHome) getLocator().getLocalHome(IApprovalSessionLocalHome.COMP_NAME); 316 approvalsession = approvalsessionhome.create(); 317 } catch (CreateException e) { 318 throw new EJBException (e); 319 } 320 } 321 return approvalsession; 322 } 323 324 private IKeyRecoverySessionLocal getKeyRecoverySession(){ 325 if(keyrecoverysession == null){ 326 try { 327 IKeyRecoverySessionLocalHome keyrecoverysessionhome = (IKeyRecoverySessionLocalHome) getLocator().getLocalHome(IKeyRecoverySessionLocalHome.COMP_NAME); 328 keyrecoverysession = keyrecoverysessionhome.create(); 329 } catch (CreateException e) { 330 throw new EJBException (e); 331 } 332 } 333 return keyrecoverysession; 334 } 335 336 337 340 private GlobalConfiguration getGlobalConfiguration(Admin admin) { 341 return raadminsession.loadGlobalConfiguration(admin); 342 } 343 344 private boolean authorizedToCA(Admin admin, int caid) { 345 boolean returnval = false; 346 try { 347 returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.CAPREFIX + caid); 348 } catch (AuthorizationDeniedException e) { 349 } 350 return returnval; 351 } 352 353 private boolean authorizedToEndEntityProfile(Admin admin, int profileid, String rights) { 354 boolean returnval = false; 355 try { 356 if (profileid == SecConst.EMPTY_ENDENTITYPROFILE && (rights.equals(AvailableAccessRules.CREATE_RIGHTS) || rights.equals(AvailableAccessRules.EDIT_RIGHTS))) 357 returnval = authorizationsession.isAuthorizedNoLog(admin, "/super_administrator"); 358 else 359 returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + rights) && 360 authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_RAFUNCTIONALITY + rights); 361 } catch (AuthorizationDeniedException e) { 362 } 363 return returnval; 364 } 365 366 367 393 public void addUser(Admin admin, String username, String password, String subjectdn, String subjectaltname, String email, boolean clearpwd, int endentityprofileid, int certificateprofileid, 394 int type, int tokentype, int hardwaretokenissuerid, int caid) 395 throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, DuplicateKeyException , ApprovalException, WaitingForApprovalException { 396 397 UserDataVO userdata = new UserDataVO(username, subjectdn, caid, subjectaltname, 398 email, UserDataConstants.STATUS_NEW, type, endentityprofileid, certificateprofileid, 399 null,null, tokentype, hardwaretokenissuerid, null); 400 userdata.setPassword(password); 401 addUser(admin, userdata, clearpwd); 402 } 403 404 private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_ADDUSER = { 405 new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.AddEndEntityApprovalRequest",null), 406 }; 407 408 424 public void addUser(Admin admin, UserDataVO userdata, boolean clearpwd) throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, DuplicateKeyException , ApprovalException, WaitingForApprovalException { 425 String dn = CertTools.stringToBCDNString(userdata.getDN()); 427 dn = StringTools.strip(dn); 428 String altName = StringTools.strip(userdata.getSubjectAltName()); 429 String username = StringTools.strip(userdata.getUsername()); 430 String email = StringTools.strip(userdata.getEmail()); 431 userdata.setUsername(username); 432 userdata.setDN(dn); 433 userdata.setSubjectAltName(altName); 434 userdata.setEmail(email); 435 int type = userdata.getType(); 436 String newpassword = userdata.getPassword(); 437 debug(">addUser(" + userdata.getUsername() + ", password, " + dn + ", "+ userdata.getDN() + ", " + userdata.getSubjectAltName()+", "+userdata.getEmail() + ")"); 438 int profileId = userdata.getEndEntityProfileId(); 439 String profileName = raadminsession.getEndEntityProfileName(admin, profileId); 440 EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, profileId); 441 442 if (profile.useAutoGeneratedPasswd() && userdata.getPassword() == null) { 443 newpassword = profile.getAutoGeneratedPasswd(); 445 } 446 447 448 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 449 try { 451 profile.doesUserFullfillEndEntityProfile(userdata.getUsername(), userdata.getPassword(), dn, userdata.getSubjectAltName(), userdata.getExtendedinformation().getSubjectDirectoryAttributes(), userdata.getEmail(), userdata.getCertificateProfileId(), clearpwd, 452 (type & SecConst.USER_ADMINISTRATOR) != 0, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0, 453 userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getCAId()); 454 } catch (UserDoesntFullfillEndEntityProfile udfp) { 455 String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", profileName, dn, udfp.getMessage()); 456 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg); 457 throw new UserDoesntFullfillEndEntityProfile(udfp.getMessage()); 458 } 459 460 if (!authorizedToEndEntityProfile(admin, userdata.getEndEntityProfileId(), AvailableAccessRules.CREATE_RIGHTS)) { 462 String msg = intres.getLocalizedMessage("ra.errorauthprofile", profileName); 463 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg); 464 throw new AuthorizationDeniedException(msg); 465 } 466 } 467 468 if (!authorizedToCA(admin, userdata.getCAId())) { 470 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (userdata.getCAId())); 471 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg); 472 throw new AuthorizationDeniedException(msg); 473 } 474 475 int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, userdata.getCAId()); 477 AddEndEntityApprovalRequest ar = new AddEndEntityApprovalRequest(userdata,clearpwd,admin,null,numOfApprovalsRequired,userdata.getCAId(),userdata.getEndEntityProfileId()); 478 if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_ADDUSER)) { 479 getApprovalSession().addApprovalRequest(admin, ar); 480 String msg = intres.getLocalizedMessage("ra.approvalad"); 481 throw new WaitingForApprovalException(msg); 482 } 483 484 try { 485 UserDataLocal data1 = home.create(userdata.getUsername(), newpassword, dn, userdata.getCAId()); 486 if (userdata.getSubjectAltName() != null) 487 data1.setSubjectAltName(userdata.getSubjectAltName()); 488 489 if (userdata.getEmail() != null) 490 data1.setSubjectEmail(userdata.getEmail()); 491 492 data1.setType(type); 493 data1.setEndEntityProfileId(userdata.getEndEntityProfileId()); 494 data1.setCertificateProfileId(userdata.getCertificateProfileId()); 495 data1.setTokenType(userdata.getTokenType()); 496 data1.setHardTokenIssuerId(userdata.getHardTokenIssuerId()); 497 data1.setExtendedInformation(userdata.getExtendedinformation()); 498 499 if (clearpwd) { 500 try { 501 if (newpassword == null) { 502 data1.setClearPassword(""); 503 } else { 504 data1.setOpenPassword(newpassword); 505 } 506 } catch (java.security.NoSuchAlgorithmException nsae) { 507 debug("NoSuchAlgorithmException while setting password for user " + userdata.getUsername()); 508 throw new EJBException (nsae); 509 } 510 } 511 if ((type & SecConst.USER_SENDNOTIFICATION) != 0) { 512 sendNotification(admin, profile, userdata.getUsername(), newpassword, dn, userdata.getEmail(), userdata.getCAId()); 513 } 514 if ((type & SecConst.USER_PRINT) != 0) { 515 print(admin,profile,userdata); 516 } 517 String msg = intres.getLocalizedMessage("ra.addedentity", userdata.getUsername()); 518 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_INFO_ADDEDENDENTITY, msg); 519 520 } catch (DuplicateKeyException e) { 521 String msg = intres.getLocalizedMessage("ra.errorentityexist", userdata.getUsername()); 522 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg); 523 throw e; 524 } catch (Exception e) { 525 String msg = intres.getLocalizedMessage("ra.erroraddentity", userdata.getUsername()); 526 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_ADDEDENDENTITY, msg, e); 527 error(msg, e); 528 throw new EJBException (e); 529 } 530 531 debug("<addUser(" + userdata.getUsername() + ", password, " + dn + ", " + userdata.getEmail() + ")"); 532 } 534 541 private int getNumOfApprovalRequired(Admin admin,int action, int caid) { 542 CAInfo cainfo = caadminsession.getCAInfo(admin, caid); 543 return ApprovalExecutorUtil.getNumOfApprovalRequired(action, cainfo); 544 } 545 546 571 public void changeUser(Admin admin, String username, String password, String subjectdn, String subjectaltname, String email, boolean clearpwd, int endentityprofileid, int certificateprofileid, 572 int type, int tokentype, int hardwaretokenissuerid, int status, int caid) 573 throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException { 574 UserDataVO userdata = new UserDataVO(username, subjectdn, caid, subjectaltname, 575 email, status, type, endentityprofileid, certificateprofileid, 576 null,null, tokentype, hardwaretokenissuerid, null); 577 578 userdata.setPassword(password); 579 changeUser(admin, userdata, clearpwd); 580 } 581 582 private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_CHANGEUSER = { 583 new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.EditEndEntityApprovalRequest",null), 584 new ApprovalOveradableClassName("se.primeKey.cardPersonalization.ra.connection.ejbca.EjbcaConnection",null) 585 }; 586 587 602 public void changeUser(Admin admin, UserDataVO userdata, boolean clearpwd) 603 throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, ApprovalException, WaitingForApprovalException { 604 String dn = CertTools.stringToBCDNString(userdata.getDN()); 606 dn = StringTools.strip(dn); 607 String newpassword = userdata.getPassword(); 608 int type = userdata.getType(); 609 debug(">changeUser(" + userdata.getUsername() + ", " + dn + ", " + userdata.getEmail() + ")"); 610 int oldstatus; 611 EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, userdata.getEndEntityProfileId()); 612 613 if (profile.useAutoGeneratedPasswd() && userdata.getPassword() != null) { 614 newpassword = profile.getAutoGeneratedPasswd(); 616 } 617 618 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 620 try { 621 profile.doesUserFullfillEndEntityProfileWithoutPassword(userdata.getUsername(), dn, userdata.getSubjectAltName(), userdata.getExtendedinformation().getSubjectDirectoryAttributes(), userdata.getEmail(), userdata.getCertificateProfileId(), 622 (type & SecConst.USER_ADMINISTRATOR) != 0, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0, 623 userdata.getTokenType(), userdata.getHardTokenIssuerId(), userdata.getCAId()); 624 } catch (UserDoesntFullfillEndEntityProfile udfp) { 625 String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", new Integer (userdata.getEndEntityProfileId()), dn, udfp.getMessage()); 626 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 627 throw udfp; 628 } 629 if (!authorizedToEndEntityProfile(admin, userdata.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) { 631 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (userdata.getEndEntityProfileId())); 632 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 633 throw new AuthorizationDeniedException(msg); 634 } 635 } 636 637 if (!authorizedToCA(admin, userdata.getCAId())) { 639 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (userdata.getCAId())); 640 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 641 throw new AuthorizationDeniedException(msg); 642 } 643 int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, userdata.getCAId()); 645 if (numOfApprovalsRequired > 0){ 646 UserDataVO orguserdata; 647 try { 648 orguserdata = findUser(admin, userdata.getUsername()); 649 } catch (FinderException e) { 650 String msg = intres.getLocalizedMessage("ra.errorentitynotexist", userdata.getUsername()); 651 throw new ApprovalException(msg); 652 } 653 EditEndEntityApprovalRequest ar = new EditEndEntityApprovalRequest(userdata, clearpwd, orguserdata, admin,null,numOfApprovalsRequired,userdata.getCAId(),userdata.getEndEntityProfileId()); 654 if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_CHANGEUSER)){ 655 getApprovalSession().addApprovalRequest(admin, ar); 656 String msg = intres.getLocalizedMessage("ra.approvaledit"); 657 throw new WaitingForApprovalException(msg); 658 } 659 660 } 661 662 663 try { 664 UserDataPK pk = new UserDataPK(userdata.getUsername()); 665 UserDataLocal data1 = home.findByPrimaryKey(pk); 666 data1.setDN(dn); 667 if (userdata.getSubjectAltName() != null) 668 data1.setSubjectAltName(userdata.getSubjectAltName()); 669 if (userdata.getEmail() != null) 670 data1.setSubjectEmail(userdata.getEmail()); 671 data1.setCaId(userdata.getCAId()); 672 data1.setType(type); 673 data1.setEndEntityProfileId(userdata.getEndEntityProfileId()); 674 data1.setCertificateProfileId(userdata.getCertificateProfileId()); 675 data1.setTokenType(userdata.getTokenType()); 676 data1.setHardTokenIssuerId(userdata.getHardTokenIssuerId()); 677 data1.setExtendedInformation(userdata.getExtendedinformation()); 678 oldstatus = data1.getStatus(); 679 if(oldstatus == UserDataConstants.STATUS_KEYRECOVERY && !(userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INPROCESS)){ 680 getKeyRecoverySession().unmarkUser(admin,userdata.getUsername()); 681 } 682 data1.setStatus(userdata.getStatus()); 683 data1.setTimeModified((new java.util.Date ()).getTime()); 684 685 if(newpassword != null){ 686 if(clearpwd) { 687 try { 688 data1.setOpenPassword(newpassword); 689 } catch (java.security.NoSuchAlgorithmException nsae) { 690 debug("NoSuchAlgorithmException while setting password for user "+userdata.getUsername()); 691 throw new EJBException (nsae); 692 } 693 } else { 694 data1.setPassword(newpassword); 695 } 696 } 697 698 boolean statuschanged = userdata.getStatus() != oldstatus; 699 if ((type & SecConst.USER_SENDNOTIFICATION) != 0 && (userdata.getStatus() == UserDataConstants.STATUS_NEW || userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INITIALIZED)) { 701 702 sendNotification(admin, profile, userdata.getUsername(), newpassword, dn, userdata.getEmail(), userdata.getCAId()); 703 } 704 if ((type & SecConst.USER_PRINT) != 0 && statuschanged && (userdata.getStatus() == UserDataConstants.STATUS_NEW || userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY || userdata.getStatus() == UserDataConstants.STATUS_INITIALIZED)) { 706 print(admin,profile,userdata); 707 } 708 if (statuschanged) { 709 String msg = intres.getLocalizedMessage("ra.editedentitystatus", userdata.getUsername(), new Integer (userdata.getStatus())); 710 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg ); 711 } else { 712 String msg = intres.getLocalizedMessage("ra.editedentity", userdata.getUsername()); 713 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg); 714 } 715 } catch (Exception e) { 716 String msg = intres.getLocalizedMessage("ra.erroreditentity", userdata.getUsername()); 717 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (), userdata.getUsername(), null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 718 error("ChangeUser:", e); 719 throw new EJBException (e); 720 } 721 debug("<changeUser(" + userdata.getUsername() + ", password, " + dn + ", " + userdata.getEmail() + ")"); 722 } 724 725 733 public void deleteUser(Admin admin, String username) throws AuthorizationDeniedException, NotFoundException , RemoveException { 734 debug(">deleteUser(" + username + ")"); 735 int caid = LogConstants.INTERNALCAID; 737 try { 738 UserDataPK pk = new UserDataPK(username); 739 UserDataLocal data1 = home.findByPrimaryKey(pk); 740 caid = data1.getCaId(); 741 742 if (!authorizedToCA(admin, caid)) { 743 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (caid)); 744 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg); 745 throw new AuthorizationDeniedException(msg); 746 } 747 748 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 749 if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.DELETE_RIGHTS)) { 750 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data1.getEndEntityProfileId())); 751 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg); 752 throw new AuthorizationDeniedException(msg); 753 } 754 } 755 } catch (FinderException e) { 756 String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username); 757 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg); 758 throw new NotFoundException (msg); 759 } 760 try { 761 UserDataPK pk = new UserDataPK(username); 762 home.remove(pk); 763 String msg = intres.getLocalizedMessage("ra.removedentity", username); 764 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_INFO_DELETEDENDENTITY, msg); 765 } catch (EJBException e) { 766 String msg = intres.getLocalizedMessage("ra.errorremoveentity", username); 767 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY, msg); 768 throw new RemoveException (msg); 769 } 770 debug("<deleteUser(" + username + ")"); 771 } 773 private static final ApprovalOveradableClassName[] NONAPPROVABLECLASSNAMES_SETUSERSTATUS = { 774 new ApprovalOveradableClassName("org.ejbca.core.model.approval.approvalrequests.ChangeStatusEndEntityApprovalRequest",null), 775 new ApprovalOveradableClassName("org.ejbca.core.ejb.ra.LocalUserAdminSessionBean","revokeUser"), 776 new ApprovalOveradableClassName("org.ejbca.core.ejb.ra.LocalUserAdminSessionBean","revokeCert"), 777 new ApprovalOveradableClassName("org.ejbca.ui.web.admin.rainterface.RAInterfaceBean","unrevokeCert"), 778 new ApprovalOveradableClassName("org.ejbca.ui.web.admin.rainterface.RAInterfaceBean","markForRecovery"), 779 new ApprovalOveradableClassName("org.ejbca.extra.caservice.ExtRACAProcess","processExtRARevocationRequest"), 780 new ApprovalOveradableClassName("se.primeKey.cardPersonalization.ra.connection.ejbca.EjbcaConnection",null) 781 }; 782 783 793 public void setUserStatus(Admin admin, String username, int status) throws AuthorizationDeniedException, FinderException , ApprovalException, WaitingForApprovalException { 794 debug(">setUserStatus(" + username + ", " + status + ")"); 795 int caid = LogConstants.INTERNALCAID; 797 try { 798 UserDataPK pk = new UserDataPK(username); 799 UserDataLocal data1 = home.findByPrimaryKey(pk); 800 caid = data1.getCaId(); 801 802 if (!authorizedToCA(admin, caid)) { 803 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (caid)); 804 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 805 throw new AuthorizationDeniedException(msg); 806 } 807 808 809 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 810 if (!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) { 811 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data1.getEndEntityProfileId())); 812 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 813 throw new AuthorizationDeniedException(msg); 814 } 815 } 816 817 int numOfApprovalsRequired = getNumOfApprovalRequired(admin, CAInfo.REQ_APPROVAL_ADDEDITENDENTITY, caid); 819 ChangeStatusEndEntityApprovalRequest ar = new ChangeStatusEndEntityApprovalRequest(username, data1.getStatus(), status , admin,null,numOfApprovalsRequired,data1.getCaId(),data1.getEndEntityProfileId()); 820 if (ApprovalExecutorUtil.requireApproval(ar, NONAPPROVABLECLASSNAMES_SETUSERSTATUS)){ 821 getApprovalSession().addApprovalRequest(admin, ar); 822 String msg = intres.getLocalizedMessage("ra.approvaledit"); 823 throw new WaitingForApprovalException(msg); 824 } 825 826 if(data1.getStatus() == UserDataConstants.STATUS_KEYRECOVERY && !(status == UserDataConstants.STATUS_KEYRECOVERY || status == UserDataConstants.STATUS_INPROCESS || status == UserDataConstants.STATUS_INITIALIZED)){ 827 getKeyRecoverySession().unmarkUser(admin,username); 828 } 829 830 data1.setStatus(status); 831 data1.setTimeModified((new java.util.Date ()).getTime()); 832 String msg = intres.getLocalizedMessage("ra.editedentitystatus", username, new Integer (status)); 833 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg); 834 } catch (FinderException e) { 835 String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username); 836 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 837 throw e; 838 } 839 840 debug("<setUserStatus(" + username + ", " + status + ")"); 841 } 843 844 852 public void setPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException { 853 setPassword(admin, username, password, false); 854 } 856 865 public void setClearTextPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException { 866 setPassword(admin, username, password, true); 867 } 869 878 private void setPassword(Admin admin, String username, String password, boolean cleartext) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException { 879 debug(">setPassword(" + username + ", hiddenpwd), " + cleartext); 880 String newpasswd = password; 882 UserDataPK pk = new UserDataPK(username); 883 UserDataLocal data = home.findByPrimaryKey(pk); 884 int caid = data.getCaId(); 885 String dn = data.getSubjectDN(); 886 887 EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, data.getEndEntityProfileId()); 888 889 if (profile.useAutoGeneratedPasswd()) 890 newpasswd = profile.getAutoGeneratedPasswd(); 891 892 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 893 try { 895 profile.doesPasswordFulfillEndEntityProfile(password, true); 896 } catch (UserDoesntFullfillEndEntityProfile ufe) { 897 String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", new Integer (data.getEndEntityProfileId()), dn, ufe.getMessage()); 898 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 899 throw ufe; 900 } 901 902 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) { 904 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data.getEndEntityProfileId())); 905 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 906 throw new AuthorizationDeniedException(msg); 907 } 908 } 909 910 if (!authorizedToCA(admin, caid)) { 911 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (caid)); 912 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 913 throw new AuthorizationDeniedException(msg); 914 } 915 916 try { 917 if ((newpasswd == null) && (cleartext)) { 918 data.setClearPassword(""); 919 data.setTimeModified((new java.util.Date ()).getTime()); 920 } else { 921 if (cleartext) { 922 data.setOpenPassword(newpasswd); 923 } else { 924 data.setPassword(newpasswd); 925 } 926 data.setTimeModified((new java.util.Date ()).getTime()); 927 } 928 String msg = intres.getLocalizedMessage("ra.editpwdentity", username); 929 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY, msg); 930 } catch (java.security.NoSuchAlgorithmException nsae) { 931 error("NoSuchAlgorithmException while setting password for user " + username); 932 throw new EJBException (nsae); 933 } 934 debug("<setPassword(" + username + ", hiddenpwd), " + cleartext); 935 } 937 945 public boolean verifyPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException { 946 debug(">verifyPassword(" + username + ", hiddenpwd)"); 947 boolean ret = false; 948 UserDataPK pk = new UserDataPK(username); 950 UserDataLocal data = home.findByPrimaryKey(pk); 951 int caid = data.getCaId(); 952 953 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 954 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)) { 956 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data.getEndEntityProfileId())); 957 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 958 throw new AuthorizationDeniedException(msg); 959 } 960 } 961 962 if (!authorizedToCA(admin, caid)) { 963 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (caid)); 964 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY, msg); 965 throw new AuthorizationDeniedException(msg); 966 } 967 968 try { 969 ret = data.comparePassword(password); 970 } catch (java.security.NoSuchAlgorithmException nsae) { 971 debug("NoSuchAlgorithmException while verifying password for user " + username); 972 throw new EJBException (nsae); 973 } 974 debug("<verifyPassword(" + username + ", hiddenpwd)"); 975 return ret; 976 } 978 984 public void revokeUser(Admin admin, String username, int reason) throws AuthorizationDeniedException, FinderException { 985 debug(">revokeUser(" + username + ")"); 986 UserDataPK pk = new UserDataPK(username); 987 UserDataLocal data; 988 try { 989 data = home.findByPrimaryKey(pk); 990 } catch (ObjectNotFoundException oe) { 991 throw new EJBException (oe); 992 } 993 994 int caid = data.getCaId(); 995 if (!authorizedToCA(admin, caid)) { 996 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (caid)); 997 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg); 998 throw new AuthorizationDeniedException(msg); 999 } 1000 1001 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 1002 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)) { 1003 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data.getEndEntityProfileId())); 1004 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg); 1005 throw new AuthorizationDeniedException(msg); 1006 } 1007 } 1008 1009 CertificateProfile prof = this.certificatesession.getCertificateProfile(admin, data.getCertificateProfileId()); 1010 Collection publishers; 1011 if (prof == null) { 1012 publishers = new ArrayList (); 1013 } else { 1014 publishers = prof.getPublisherList(); 1015 } 1016 String actionMessage = "ra.revokedentity"; 1017 try { 1018 if ( reason == RevokedCertInfo.NOT_REVOKED ) { 1019 setUserStatus(admin, username, UserDataConstants.STATUS_GENERATED); 1020 actionMessage = "ra.unrevokedentity"; 1021 } else { 1022 setUserStatus(admin, username, UserDataConstants.STATUS_REVOKED); 1023 } 1024 } catch (ApprovalException e) { 1025 throw new EJBException ("This should never happen",e); 1026 } catch (WaitingForApprovalException e) { 1027 throw new EJBException ("This should never happen",e); 1028 } 1029 certificatesession.setRevokeStatus(admin, username, publishers, reason); String msg = intres.getLocalizedMessage(actionMessage, username); 1031 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_INFO_REVOKEDENDENTITY, msg); 1032 debug("<revokeUser()"); 1033 } 1035 1044 public void revokeCert(Admin admin, BigInteger certserno, String issuerdn, String username, int reason) throws AuthorizationDeniedException, FinderException { 1045 debug(">revokeCert(" + certserno + ", IssuerDN: " + issuerdn + ", username, " + username + ")"); 1046 UserDataPK pk = new UserDataPK(username); 1047 UserDataLocal data; 1048 try { 1049 data = home.findByPrimaryKey(pk); 1050 } catch (ObjectNotFoundException oe) { 1051 throw new FinderException (oe.getMessage()+": username"); 1052 } 1053 authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.REGULAR_REVOKEENDENTITY); 1055 1056 int caid = data.getCaId(); 1057 if (!authorizedToCA(admin, caid)) { 1058 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (caid)); 1059 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg); 1060 throw new AuthorizationDeniedException(msg); 1061 } 1062 1063 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 1064 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)) { 1065 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data.getEndEntityProfileId())); 1066 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg); 1067 throw new AuthorizationDeniedException(msg); 1068 } 1069 } 1070 if (reason == RevokedCertInfo.NOT_REVOKED) { 1072 RevokedCertInfo revinfo = certificatesession.isRevoked(admin, issuerdn, certserno); 1073 if ( (revinfo == null) || (revinfo != null && revinfo.getReason() != RevokedCertInfo.REVOKATION_REASON_CERTIFICATEHOLD) ) { 1074 String msg = intres.getLocalizedMessage("ra.errorunrevokenotonhold", issuerdn, certserno.toString(16)); 1075 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY, msg); 1076 throw new AuthorizationDeniedException(msg); 1077 } 1078 } 1079 CertificateProfile prof = this.certificatesession.getCertificateProfile(admin, data.getCertificateProfileId()); 1080 Collection publishers; 1081 if (prof == null) { 1082 publishers = new ArrayList (); 1083 } else { 1084 publishers = prof.getPublisherList(); 1085 } 1086 certificatesession.setRevokeStatus(admin, issuerdn, certserno, publishers, reason); 1088 1089 ExtendedInformation inf = data.getExtendedInformation(); 1091 if (inf != null) { 1092 inf.setRevocationCodeIdentifier(null); 1093 } 1094 1095 if (certificatesession.checkIfAllRevoked(admin, username)) { 1096 try { 1097 setUserStatus(admin, username, UserDataConstants.STATUS_REVOKED); 1098 } catch (ApprovalException e) { 1099 throw new EJBException ("This should never happen",e); 1100 } catch (WaitingForApprovalException e) { 1101 throw new EJBException ("This should never happen",e); 1102 } 1103 String msg = intres.getLocalizedMessage("ra.revokedentitycert", issuerdn, certserno.toString(16)); 1104 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_INFO_REVOKEDENDENTITY, msg); 1105 } else if (reason == RevokedCertInfo.NOT_REVOKED) { 1106 if (data.getStatus() != UserDataConstants.STATUS_GENERATED) { 1108 try { 1109 setUserStatus(admin, username, UserDataConstants.STATUS_GENERATED); 1110 } catch (ApprovalException e) { 1111 throw new EJBException ("This should never happen",e); 1112 } catch (WaitingForApprovalException e) { 1113 throw new EJBException ("This should never happen",e); 1114 } 1115 } 1116 } 1117 debug("<revokeCert()"); 1118 } 1120 1129 public void unRevokeCert(Admin admin, BigInteger certserno, String issuerdn, String username) throws AuthorizationDeniedException, FinderException { 1130 log.debug(">unrevokeCert()"); 1131 revokeCert(admin, certserno, issuerdn, username, RevokedCertInfo.NOT_REVOKED); 1132 log.debug("<unrevokeCert()"); 1133 } 1134 1135 1144 public UserDataVO findUser(Admin admin, String username) throws FinderException , AuthorizationDeniedException { 1145 debug(">findUser(" + username + ")"); 1146 UserDataPK pk = new UserDataPK(username); 1147 UserDataLocal data; 1148 try { 1149 data = home.findByPrimaryKey(pk); 1150 } catch (ObjectNotFoundException oe) { 1151 return null; 1152 } 1153 1154 if (!authorizedToCA(admin, data.getCaId())) { 1155 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (data.getCaId())); 1156 throw new AuthorizationDeniedException(msg); 1157 } 1158 1159 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 1160 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)){ 1162 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data.getEndEntityProfileId())); 1163 throw new AuthorizationDeniedException(msg); 1164 } 1165 } 1166 1167 UserDataVO ret = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(), data.getStatus() 1168 , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId() 1169 , new java.util.Date (data.getTimeCreated()), new java.util.Date (data.getTimeModified()) 1170 , data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation()); 1171 ret.setPassword(data.getClearPassword()); 1172 debug("<findUser(" + username + ")"); 1173 return ret; 1174 } 1176 1186 public UserDataVO findUserBySubjectAndIssuerDN(Admin admin, String subjectdn, String issuerdn) throws AuthorizationDeniedException { 1187 debug(">findUserBySubjectAndIssuerDN(" + subjectdn + ", "+issuerdn+")"); 1188 String bcdn = CertTools.stringToBCDNString(subjectdn); 1189 String dn = StringTools.strip(bcdn); 1191 debug("Looking for users with subjectdn: " + dn + ", issuerdn : " + issuerdn); 1192 UserDataVO returnval = null; 1193 1194 UserDataLocal data = null; 1195 1196 try { 1197 data = home.findBySubjectDNAndCAId(dn, issuerdn.hashCode()); 1198 } catch (FinderException e) { 1199 log.debug("Cannot find user with DN='" + dn + "'"); 1200 } 1201 returnval = returnUserDataVO(admin, returnval, data); 1202 debug("<findUserBySubjectAndIssuerDN(" + subjectdn + ", "+issuerdn+")"); 1203 return returnval; 1204 } 1206 1215 public UserDataVO findUserBySubjectDN(Admin admin, String subjectdn) throws AuthorizationDeniedException { 1216 debug(">findUserBySubjectDN(" + subjectdn + ")"); 1217 String bcdn = CertTools.stringToBCDNString(subjectdn); 1218 String dn = StringTools.strip(bcdn); 1220 debug("Looking for users with subjectdn: " + dn); 1221 UserDataVO returnval = null; 1222 1223 UserDataLocal data = null; 1224 1225 try { 1226 data = home.findBySubjectDN(dn); 1227 } catch (FinderException e) { 1228 log.debug("Cannot find user with DN='" + dn + "'"); 1229 } 1230 returnval = returnUserDataVO(admin, returnval, data); 1231 debug("<findUserBySubjectDN(" + subjectdn + ")"); 1232 return returnval; 1233 } 1235 private UserDataVO returnUserDataVO(Admin admin, UserDataVO returnval, UserDataLocal data) throws AuthorizationDeniedException { 1236 if (data != null) { 1237 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 1238 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)) { 1240 String msg = intres.getLocalizedMessage("ra.errorauthprofile", new Integer (data.getEndEntityProfileId())); 1241 throw new AuthorizationDeniedException(msg); 1242 } 1243 } 1244 1245 if (!authorizedToCA(admin, data.getCaId())) { 1246 String msg = intres.getLocalizedMessage("ra.errorauthca", new Integer (data.getCaId())); 1247 throw new AuthorizationDeniedException(msg); 1248 } 1249 1250 returnval = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(), data.getStatus() 1251 , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId() 1252 , new java.util.Date (data.getTimeCreated()), new java.util.Date (data.getTimeModified()) 1253 , data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation()); 1254 1255 returnval.setPassword(data.getClearPassword()); 1256 } 1257 return returnval; 1258 } 1259 1260 1268 public Collection findUserByEmail(Admin admin, String email) throws AuthorizationDeniedException { 1269 debug(">findUserByEmail(" + email + ")"); 1270 debug("Looking for user with email: " + email); 1271 ArrayList returnval = new ArrayList (); 1272 1273 Collection result = null; 1274 try { 1275 result = home.findBySubjectEmail(email); 1276 } catch (FinderException e) { 1277 log.debug("Cannot find user with Email='" + email + "'"); 1278 } 1279 1280 Iterator iter = result.iterator(); 1281 while (iter.hasNext()) { 1282 UserDataLocal data = (UserDataLocal) iter.next(); 1283 1284 if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) { 1285 if (!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.VIEW_RIGHTS)) 1287 break; 1288 } 1289 1290 if (!authorizedToCA(admin, data.getCaId())) { 1291 break; 1292 } 1293 1294 UserDataVO user = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(), data.getStatus() 1295 , data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId() 1296 , new java.util.Date (data.getTimeCreated()), new java.util.Date (data.getTimeModified()) 1297 , data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation()); 1298 user.setPassword(data.getClearPassword()); 1299 returnval.add(user); 1300 } 1301 debug("<findUserByEmail(" + email + ")"); 1302 return returnval; 1303 } 1305 1313 public void checkIfCertificateBelongToAdmin(Admin admin, BigInteger certificatesnr, String issuerdn) throws AuthorizationDeniedException { 1314 debug(">checkIfCertificateBelongToAdmin(" + certificatesnr + ")"); 1315 String username = certificatesession.findUsernameByCertSerno(admin, certificatesnr, issuerdn); 1316 1317 UserDataLocal data = null; 1318 if (username != null) { 1319 UserDataPK pk = new UserDataPK(username); 1320 try { 1321 data = home.findByPrimaryKey(pk); 1322 } catch (FinderException e) { 1323 log.debug("Cannot find user with username='" + username + "'"); 1324 } 1325 } 1326 1327 if (data != null) { 1328 int type = data.getType(); 1329 if ((type & SecConst.USER_ADMINISTRATOR) == 0) { 1330 String msg = intres.getLocalizedMessage("ra.errorcertnoadmin", issuerdn, certificatesnr.toString(16)); 1331 logsession.log(admin, data.getCaId(), LogEntry.MODULE_RA, new java.util.Date (), null, null, LogEntry.EVENT_ERROR_ADMINISTRATORLOGGEDIN, msg); 1332 throw new AuthorizationDeniedException(msg); 1333 } 1334 } else { 1335 String msg = intres.getLocalizedMessage("ra.errorcertnouser", issuerdn, certificatesnr.toString(16)); 1336 logsession.log(admin, LogConstants.INTERNALCAID, LogEntry.MODULE_RA, new java.util.Date (), null, null, LogEntry.EVENT_ERROR_ADMINISTRATORLOGGEDIN, msg); 1337 throw new AuthorizationDeniedException(msg); 1338 } 1339 1340 debug("<checkIfCertificateBelongToAdmin()"); 1341 } 1343 1344 1352 public Collection findAllUsersByStatus(Admin admin, int status) throws FinderException { 1353 debug(">findAllUsersByStatus(" + status + ")"); 1354 debug("Looking for users with status: " + status); 1355 1356 Query query = new Query(Query.TYPE_USERQUERY); 1357 query.add(UserMatch.MATCH_WITH_STATUS, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(status)); 1358 Collection returnval = null; 1359 1360 try { 1361 returnval = query(admin, query, false, null, null, false,0); 1362 } catch (IllegalQueryException e) { 1363 } 1364 debug("found " + returnval.size() + " user(s) with status=" + status); 1365 debug("<findAllUsersByStatus(" + status + ")"); 1366 return returnval; 1367 } 1368 1376 public Collection findAllUsersByCaId(Admin admin, int caid) throws FinderException { 1377 debug(">findAllUsersByCaId("+caid+")"); 1378 debug("Looking for users with caid: " + caid); 1379 1380 Query query = new Query(Query.TYPE_USERQUERY); 1381 query.add(UserMatch.MATCH_WITH_CA, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(caid)); 1382 Collection returnval = null; 1383 1384 try{ 1385 returnval = query(admin, query, false, null, null, false,0); 1386 }catch(IllegalQueryException e){} 1387 debug("found "+returnval.size()+" user(s) with caid="+caid); 1388 debug("<findAllUsersByCaId("+caid+")"); 1389 return returnval; 1390 } 1391 1392 1393 1400 public Collection findAllUsersWithLimit(Admin admin) throws FinderException { 1401 debug(">findAllUsersWithLimit()"); 1402 Collection returnval = null; 1403 try { 1404 returnval = query(admin, null, true, null, null, false, 0); 1405 } catch (IllegalQueryException e) { 1406 } 1407 debug("<findAllUsersWithLimit()"); 1408 return returnval; 1409 } 1410 1411 1418 public Collection findAllUsersByStatusWithLimit(Admin admin, int status, boolean onlybatchusers) throws FinderException { 1419 debug(">findAllUsersByStatusWithLimit()"); 1420 1421 Query query = new Query(Query.TYPE_USERQUERY); 1422 query.add(UserMatch.MATCH_WITH_STATUS, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(status)); 1423 Collection returnval = null; 1424 1425 try { 1426 returnval = query(admin, query, false, null, null, onlybatchusers, 0); 1427 } catch (IllegalQueryException e) { 1428 } 1429 1430 debug("<findAllUsersByStatusWithLimit()"); 1431 return returnval; 1432 } 1433 1434 1435 1448 public Collection query(Admin admin, Query query, String caauthorizationstring, String endentityprofilestring, int numberofrows) throws IllegalQueryException { 1449 return query(admin, query, true, caauthorizationstring, endentityprofilestring, false, numberofrows); 1450 } 1451 1452 1459 private Collection query(Admin admin, Query query, boolean withlimit, String caauthorizationstr, String endentityprofilestr, boolean onlybatchusers, int numberofrows) throws IllegalQueryException { 1460 debug(">query(): withlimit="+withlimit); 1461 boolean authorizedtoanyprofile = true; 1462 Connection con = null; 1463 PreparedStatement ps = null; 1464 ResultSet rs = null; 1465 String caauthorizationstring = StringTools.strip(caauthorizationstr); 1466 String endentityprofilestring = StringTools.strip(endentityprofilestr); 1467 ArrayList returnval = new ArrayList (); 1468 GlobalConfiguration globalconfiguration = getGlobalConfiguration(admin); 1469 RAAuthorization raauthorization = null; 1470 String caauthstring = caauthorizationstring; 1471 String endentityauth = endentityprofilestring; 1472 String sqlquery = "select " + USERDATA_COL + " from UserData where "; 1473 int fetchsize = UserAdminConstants.MAXIMUM_QUERY_ROWCOUNT; 1474 1475 if(numberofrows != 0){ 1476 fetchsize = numberofrows; 1477 } 1478 1479 1480 if (query != null && !query.isLegalQuery()) 1482 throw new IllegalQueryException(); 1483 1484 if (query != null) 1485 sqlquery = sqlquery + query.getQueryString(); 1486 1487 if (caauthorizationstring == null || endentityprofilestring == null) { 1488 raauthorization = new RAAuthorization(admin, raadminsession, authorizationsession); 1489 caauthstring = raauthorization.getCAAuthorizationString(); 1490 if (globalconfiguration.getEnableEndEntityProfileLimitations()) 1491 endentityauth = raauthorization.getEndEntityProfileAuthorizationString(true); 1492 else 1493 endentityauth = ""; 1494 } 1495 1496 if (!caauthstring.trim().equals("") && query != null) 1497 sqlquery = sqlquery + " AND " + caauthstring; 1498 else 1499 sqlquery = sqlquery + caauthstring; 1500 1501 1502 if (globalconfiguration.getEnableEndEntityProfileLimitations()) { 1503 if (caauthstring.trim().equals("") && query == null) 1504 sqlquery = sqlquery + endentityauth; 1505 else 1506 sqlquery = sqlquery + " AND " + endentityauth; 1507 1508 if (endentityauth == null || endentityauth.trim().equals("")) { 1509 authorizedtoanyprofile = false; 1510 } 1511 } 1512 1513 try { 1514 if (authorizedtoanyprofile) { 1515 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 1517 log.debug("generated query: " + sqlquery); 1518 ps = con.prepareStatement(sqlquery); 1519 1520 rs = ps.executeQuery(); 1522 1523 while (rs.next() && (!withlimit || returnval.size() <= fetchsize)) { 1525 String user = rs.getString(1); 1528 String dn = rs.getString(2); 1529 String subaltname = rs.getString(3); 1530 String email = rs.getString(4); 1531 int status = rs.getInt(5); 1532 int type = rs.getInt(6); 1533 String pwd = rs.getString(7); 1534 Date timecreated = new java.util.Date (rs.getLong(8)); 1535 Date timemodified = new java.util.Date (rs.getLong(9)); 1536 int eprofileid = rs.getInt(10); 1537 int cprofileid = rs.getInt(11); 1538 int tokentype = rs.getInt(12); 1539 int tokenissuerid = rs.getInt(13); 1540 int caid = rs.getInt(14); 1541 String extendedInformation = rs.getString(15); 1542 UserDataVO data = new UserDataVO(user, dn, caid, subaltname, email, status, type 1543 , eprofileid, cprofileid, timecreated, timemodified, tokentype, tokenissuerid, 1544 UserDataVO.getExtendedInformation(extendedInformation)); 1545 data.setPassword(pwd); 1546 1547 if (!onlybatchusers || (data.getPassword() != null && data.getPassword().length() > 0)) 1548 returnval.add(data); 1549 } 1550 } 1551 debug("<query()"); 1552 return returnval; 1553 1554 } catch (Exception e) { 1555 throw new EJBException (e); 1556 } finally { 1557 JDBCUtil.close(con, ps, rs); 1558 } 1559 1560 } 1562 1563 1572 public boolean checkForEndEntityProfileId(Admin admin, int endentityprofileid) { 1573 debug(">checkForEndEntityProfileId()"); 1574 Connection con = null; 1575 PreparedStatement ps = null; 1576 ResultSet rs = null; 1577 int count = 1; 1579 Query query = new Query(Query.TYPE_USERQUERY); 1580 query.add(UserMatch.MATCH_WITH_ENDENTITYPROFILE, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(endentityprofileid)); 1581 1582 try { 1583 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 1585 ps = con.prepareStatement("select COUNT(*) from UserData where " + query.getQueryString()); 1586 rs = ps.executeQuery(); 1588 if (rs.next()) { 1590 count = rs.getInt(1); 1591 } 1592 debug("<checkForEndEntityProfileId()"); 1593 return count > 0; 1594 1595 } catch (Exception e) { 1596 throw new EJBException (e); 1597 } finally { 1598 JDBCUtil.close(con, ps, rs); 1599 } 1600 1601 1602 } 1603 1604 1613 public boolean checkForCertificateProfileId(Admin admin, int certificateprofileid) { 1614 debug(">checkForCertificateProfileId()"); 1615 Connection con = null; 1616 PreparedStatement ps = null; 1617 ResultSet rs = null; 1618 int count = 1; 1620 Query query = new Query(Query.TYPE_USERQUERY); 1621 query.add(UserMatch.MATCH_WITH_CERTIFICATEPROFILE, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(certificateprofileid)); 1622 1623 try { 1624 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 1626 ps = con.prepareStatement("select COUNT(*) from UserData where " + query.getQueryString()); 1627 rs = ps.executeQuery(); 1629 if (rs.next()) { 1631 count = rs.getInt(1); 1632 } 1633 debug("<checkForCertificateProfileId()"); 1634 return count > 0; 1635 1636 } catch (Exception e) { 1637 throw new EJBException (e); 1638 } finally { 1639 JDBCUtil.close(con, ps, rs); 1640 } 1641 } 1643 1652 public boolean checkForCAId(Admin admin, int caid) { 1653 debug(">checkForCAId()"); 1654 Connection con = null; 1655 PreparedStatement ps = null; 1656 ResultSet rs = null; 1657 int count = 1; 1659 Query query = new Query(Query.TYPE_USERQUERY); 1660 query.add(UserMatch.MATCH_WITH_CA, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(caid)); 1661 1662 try { 1663 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 1665 ps = con.prepareStatement("select COUNT(*) from UserData where " + query.getQueryString()); 1666 rs = ps.executeQuery(); 1668 if (rs.next()) { 1670 count = rs.getInt(1); 1671 } 1672 debug("<checkForCAId()"); 1673 return count > 0; 1674 1675 } catch (Exception e) { 1676 throw new EJBException (e); 1677 } finally { 1678 JDBCUtil.close(con, ps, rs); 1679 } 1680 } 1682 1683 1692 public boolean checkForHardTokenProfileId(Admin admin, int profileid) { 1693 debug(">checkForHardTokenProfileId()"); 1694 Connection con = null; 1695 PreparedStatement ps = null; 1696 ResultSet rs = null; 1697 int count = 1; 1699 Query query = new Query(Query.TYPE_USERQUERY); 1700 query.add(UserMatch.MATCH_WITH_TOKEN, BasicMatch.MATCH_TYPE_EQUALS, Integer.toString(profileid)); 1701 1702 try { 1703 con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); 1705 ps = con.prepareStatement("select COUNT(*) from UserData where " + query.getQueryString()); 1706 rs = ps.executeQuery(); 1708 if (rs.next()) { 1710 count = rs.getInt(1); 1711 } 1712 debug("<checkForHardTokenProfileId()"); 1713 return count > 0; 1714 1715 } catch (Exception e) { 1716 throw new EJBException (e); 1717 } finally { 1718 JDBCUtil.close(con, ps, rs); 1719 } 1720 } 1722 1723 private void print(Admin admin, EndEntityProfile profile, UserDataVO userdata){ 1724 try{ 1725 if(profile.getUsePrinting()){ 1726 String [] pINs = new String [1]; 1727 pINs[0] = userdata.getPassword(); 1728 PrinterManager.print(profile.getPrinterName(), profile.getPrinterSVGFileName(), profile.getPrinterSVGData(), profile.getPrintedCopies(), 0, userdata, pINs, new String [0], "", "", ""); 1729 } 1730 }catch(PrinterException e){ 1731 String msg = intres.getLocalizedMessage("ra.errorprint", userdata.getUsername(), e.getMessage()); 1732 error(msg, e); 1733 try{ 1734 logsession.log(admin, userdata.getCAId(), LogEntry.MODULE_RA, new java.util.Date (),userdata.getUsername(), null, LogEntry.EVENT_ERROR_NOTIFICATION, msg); 1735 }catch(Exception f){ 1736 throw new EJBException (f); 1737 } 1738 } 1739 } 1740 1741 private void sendNotification(Admin admin, EndEntityProfile profile, String username, String password, String dn, String email, int caid) { 1742 debug(">sendNotification: user="+username+", email="+email); 1743 try { 1744 if (email == null) { 1745 String msg = intres.getLocalizedMessage("ra.errornotificationnoemail", username); 1746 throw new Exception (msg); 1747 } 1748 1749 String mailJndi = getLocator().getString("java:comp/env/MailJNDIName"); 1750 Session mailSession = getLocator().getMailSession(mailJndi); 1751 NotificationParamGen paramGen = new NotificationParamGen(username,password,dn); 1752 HashMap params = paramGen.getParams(); 1753 1754 Message msg = new TemplateMimeMessage(params, mailSession); 1755 msg.setFrom(new InternetAddress (profile.getNotificationSender())); 1756 msg.setRecipients(javax.mail.Message.RecipientType.TO, InternetAddress.parse(email, false)); 1757 msg.setSubject(profile.getNotificationSubject()); 1758 msg.setContent(profile.getNotificationMessage(), "text/plain"); 1759 msg.setHeader("X-Mailer", "JavaMailer"); 1760 msg.setSentDate(new Date ()); 1761 Transport.send(msg); 1762 1763 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (), username, null, LogEntry.EVENT_INFO_NOTIFICATION, intres.getLocalizedMessage("ra.sentnotification", username, email)); 1764 } catch (Exception e) { 1765 String msg = intres.getLocalizedMessage("ra.errorsendnotification", username, email); 1766 error(msg, e); 1767 try{ 1768 logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date (),username, null, LogEntry.EVENT_ERROR_NOTIFICATION, msg); 1769 }catch(Exception f){ 1770 throw new EJBException (f); 1771 } 1772 } 1773 debug("<sendNotification: user="+username+", email="+email); 1774 } 1776 1783 public boolean existsUser(Admin admin, String username) { 1784 boolean returnval = true; 1785 1786 try { 1787 home.findByPrimaryKey(new UserDataPK(username)); 1788 } catch (FinderException fe) { 1789 returnval = false; 1790 } 1791 1792 return returnval; 1793 } 1794 1795} | Popular Tags |