UserDataBean


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13  
14  package org.ejbca.core.ejb.ra;
15  
16  import java.io.UnsupportedEncodingException  ;
17  import java.security.MessageDigest  ;
18  import java.security.NoSuchAlgorithmException  ;
19  import java.util.Date  ;
20  import java.util.HashMap  ;
21  
22  import javax.ejb.CreateException  ;
23  import javax.ejb.EJBException  ;
24  
25  import org.apache.log4j.Logger;
26  import org.bouncycastle.util.encoders.Hex;
27  import org.ejbca.core.ejb.BaseEntityBean;
28  import org.ejbca.core.model.SecConst;
29  import org.ejbca.core.model.ra.ExtendedInformation;
30  import org.ejbca.core.model.ra.UserDataConstants;
31  import org.ejbca.core.model.ra.UserDataVO;
32  import org.ejbca.util.Base64PutHashMap;
33  import org.ejbca.util.CertTools;
34  import org.ejbca.util.StringTools;
35  
36  /**
37   * Entity bean should not be used directly, use though Session beans.
38   * <p/>
39   * Entity Bean representing a User.
40   * Information stored:
41   * <pre>
42   * Username (username)
43   * SHA1 hash of password (passwordHash)
44   * Clear text password if needed (clearPassword)
45   * Subject DN (subjectDN)
46   * CAId of CA the user is belonging to.
47   * Subject Alternative Name (subjectAltName
48   * Subject Email (subjectEmail)
49   * Status (status)
50   * Type (type, from SecConst)
51   * End Entity Profile (endEntityProfileId)
52   * Certificate Profile (certificateProfileId)
53   * Token Type (tokenType)
54   * Hard Token Issuer (hardTokenIssuerId)
55   * KeyStore Password (keyStorePassword), reserved for future use.
56   * ExtendedInformation, extra information about a user.
57   * </pre>
58   * <p/>
59   * Passwords should me manipulated through helper functions setPassword() and setOpenPassword().
60   * The setPassword() function sets the hashed password, while the setOpenPassword() method sets
61   * both the hashed password and the clear text password.
62   * The method comparePassword() is used to verify a password againts the hashed password.
63   *
64   * @version $Id: UserDataBean.java,v 1.12 2006/11/10 09:29:34 anatom Exp $
65   *
66   * @ejb.bean description="This enterprise bean entity represents a Log Entry with accompanying data"
67   * display-name="UserDataEB"
68   * name="UserData"
69   * jndi-name="UserData"
70   * view-type="local"
71   * type="CMP"
72   * reentrant="False"
73   * cmp-version="2.x"
74   * transaction-type="Container"
75   * schema="UserDataBean"
76   *
77   * @ejb.pk class="org.ejbca.core.ejb.ra.UserDataPK"
78   * extends="java.lang.Object"
79   * implements="java.io.Serializable"
80   *
81   * @ejb.persistence table-name = "UserData"
82   * 
83   * @ejb.transaction type="Required"
84   * 
85   * @ejb.home extends="javax.ejb.EJBHome"
86   * local-extends="javax.ejb.EJBLocalHome"
87   * local-class="org.ejbca.core.ejb.ra.UserDataLocalHome"
88   *
89   * @ejb.interface extends="javax.ejb.EJBObject"
90   * local-extends="javax.ejb.EJBLocalObject"
91   * local-class="org.ejbca.core.ejb.ra.UserDataLocal"
92   *
93   * @ejb.finder
94   *   description="findBySubjectDNAndCAId"
95   *   signature="org.ejbca.core.ejb.ra.UserDataLocal findBySubjectDNAndCAId(java.lang.String subjectdn, int caId)"
96   *   query="SELECT OBJECT(a) from UserDataBean a WHERE a.subjectDN=?1 AND a.caId=?2"
97   *
98   * @ejb.finder
99   *   description="findBySubjectDN"
100  *   signature="org.ejbca.core.ejb.ra.UserDataLocal findBySubjectDN(java.lang.String subjectdn)"
101  *   query="SELECT OBJECT(a) from UserDataBean a WHERE a.subjectDN=?1"
102  *   
103  * @ejb.finder
104  *   description="findBySubjectEmail"
105  *   signature="java.util.Collection findBySubjectEmail(java.lang.String subjectEmail)"
106  *   query="SELECT OBJECT(a) from UserDataBean a WHERE a.subjectEmail=?1"
107  *
108  * @ejb.finder
109  *   description="findByStatus"
110  *   signature="java.util.Collection findByStatus(int status)"
111  *   query="SELECT OBJECT(a) from UserDataBean a WHERE a.status=?1"
112  *
113  * @ejb.finder
114  *   description="findAll"
115  *   signature="java.util.Collection findAll()"
116  *   query="SELECT OBJECT(a) from UserDataBean a"
117  */
118 public abstract class UserDataBean extends BaseEntityBean {
119 
120     private static final Logger log = Logger.getLogger(UserDataBean.class);
121 
122 
123     /**
124      * @ejb.pk-field
125      * @ejb.persistence column-name="username"
126      * @ejb.interface-method
127      */
128     public abstract String   getUsername();
129 
130     /**
131      * username must be called 'striped' using StringTools.strip()
132      *
133      */
134     public abstract void setUsername(String   username);
135 
136     /**
137      * @ejb.persistence column-name="subjectDN"
138      * @ejb.interface-method
139      */
140     public abstract String   getSubjectDN();
141 
142     /**
143      * @ejb.interface-method
144      */
145     public abstract void setSubjectDN(String   subjectDN);
146 
147     /**
148      * @ejb.persistence column-name="cAId"
149      * @ejb.interface-method
150      */
151     public abstract int getCaId();
152 
153     /**
154      * @ejb.interface-method
155      */
156     public abstract void setCaId(int caid);
157 
158     /**
159      * @ejb.persistence column-name="subjectAltName"
160      * @ejb.interface-method
161      */
162     public abstract String   getSubjectAltName();
163 
164     /**
165      * @ejb.interface-method
166      */
167     public abstract void setSubjectAltName(String   subjectAltName);
168 
169     /**
170      * @ejb.persistence column-name="subjectEmail"
171      * @ejb.interface-method
172      */
173     public abstract String   getSubjectEmail();
174 
175     /**
176      * @ejb.interface-method
177      */
178     public abstract void setSubjectEmail(String   subjectEmail);
179 
180     /**
181      * @ejb.persistence column-name="status"
182      * @ejb.interface-method
183      */
184     public abstract int getStatus();
185 
186     /**
187      * @ejb.interface-method
188      */
189     public abstract void setStatus(int status);
190 
191     /**
192      * @ejb.persistence column-name="type"
193      * @ejb.interface-method
194      */
195     public abstract int getType();
196 
197     /**
198      * @ejb.interface-method
199      */
200     public abstract void setType(int type);
201 
202     /**
203      * Returns clear text password or null.
204      *
205      * @ejb.persistence column-name="clearPassword"
206      * @ejb.interface-method
207      */
208     public abstract String   getClearPassword();
209 
210     /**
211      * Sets clear text password, the preferred method is setOpenPassword().
212      *
213      * @ejb.interface-method
214      */
215     public abstract void setClearPassword(String   clearPassword);
216 
217     /**
218      * Returns hashed password or null.
219      *
220      * @ejb.persistence column-name="passwordHash"
221      * @ejb.interface-method
222      */
223     public abstract String   getPasswordHash();
224 
225     /**
226      * Sets hash of password, this is the normal way to store passwords, but use the method setPassword() instead.
227      *
228      * @ejb.interface-method
229      */
230     public abstract void setPasswordHash(String   passwordHash);
231 
232     /**
233      * Returns the time when the user was created.
234      *
235      * @ejb.persistence column-name="timeCreated"
236      * @ejb.interface-method
237      */
238     public abstract long getTimeCreated();
239 
240     /**
241      * Sets the time when the user was created.
242      *
243      */
244     public abstract void setTimeCreated(long createtime);
245 
246     /**
247      * Returns the time when the user was last modified.
248      *
249      * @ejb.persistence column-name="timeModified"
250      * @ejb.interface-method
251      */
252     public abstract long getTimeModified();
253 
254     /**
255      * Sets the time when the user was last modified.
256      *
257      * @ejb.interface-method
258      */
259     public abstract void setTimeModified(long createtime);
260 
261     /**
262      * Returns the end entity profile id the user belongs to.
263      *
264      * @ejb.persistence column-name="endEntityProfileId"
265      * @ejb.interface-method
266      */
267     public abstract int getEndEntityProfileId();
268 
269     /**
270      * Sets the end entity profile id the user should belong to. 0 if profileid is not applicable.
271      *
272      * @ejb.interface-method
273      */
274     public abstract void setEndEntityProfileId(int endentityprofileid);
275 
276     /**
277      * Returns the certificate profile id that should be generated for the user.
278      *
279      * @ejb.persistence column-name="certificateProfileId"
280      * @ejb.interface-method
281      */
282     public abstract int getCertificateProfileId();
283 
284     /**
285      * Sets the certificate profile id that should be generated for the user. 0 if profileid is not applicable.
286      *
287      * @ejb.interface-method
288      */
289     public abstract void setCertificateProfileId(int certificateprofileid);
290 
291     /**
292      * Returns the token type id that should be generated for the user.
293      *
294      * @ejb.persistence column-name="tokenType"
295      * @ejb.interface-method
296      */
297     public abstract int getTokenType();
298 
299     /**
300      * Sets the token type  that should be generated for the user. Available token types can be found in SecConst.
301      *
302      * @ejb.interface-method
303      */
304     public abstract void setTokenType(int tokentype);
305 
306     /**
307      * Returns the hard token issuer id that should genererate for the users hard token.
308      *
309      * @ejb.persistence column-name="hardTokenIssuerId"
310      * @ejb.interface-method
311      */
312     public abstract int getHardTokenIssuerId();
313 
314     /**
315      * Sets the hard token issuer id that should genererate for the users hard token. 0 if issuerid is not applicable.
316      *
317      * @ejb.interface-method
318      */
319     public abstract void setHardTokenIssuerId(int hardtokenissuerid);
320 
321     /**
322      * Non-searchable information about a user.
323      *
324      * @ejb.persistence jdbc-type="LONGVARCHAR" column-name="extendedInformationData"
325      */
326     public abstract String   getExtendedInformationData();
327 
328     /**
329      * Non-searchable information about a user.
330      *
331      */
332     public abstract void setExtendedInformationData(String   data);
333 
334 
335     // Reserved for future use.
336     /**
337      * @ejb.persistence column-name="keyStorePassword"
338      */
339     public abstract String   getKeyStorePassword();
340 
341     /**
342      */
343     public abstract void setKeyStorePassword(String   keystorepassword);
344 
345 
346     //
347     // Public methods used to help us manage passwords
348     //
349 
350     /**
351      * Function that sets the BCDN representation of the string.
352      * @ejb.interface-method
353      */
354     public void setDN(String   dn) {
355         setSubjectDN(CertTools.stringToBCDNString(dn));
356     }
357 
358     /**
359      * Sets password in ahsed form in the database, this way it cannot be read in clear form
360      * @ejb.interface-method
361      */
362     public void setPassword(String   password) throws NoSuchAlgorithmException   {
363         String   passwordHash = makePasswordHash(password);
364         setPasswordHash(passwordHash);
365         setClearPassword(null);
366     }
367 
368     /**
369      * Sets the password in clear form in the database, needed for machine processing,
370      * also sets the hashed password to the same value
371      * @ejb.interface-method
372      */
373     public void setOpenPassword(String   password) throws NoSuchAlgorithmException   {
374 
375         String   passwordHash = makePasswordHash(password);
376         setPasswordHash(passwordHash);
377         setClearPassword(password);
378     }
379 
380     /**
381      * Verifies password by verifying against passwordhash
382      * @ejb.interface-method
383      */
384     public boolean comparePassword(String   password) throws NoSuchAlgorithmException   {
385         log.debug(">comparePassword()");
386         if (password == null)
387             return false;
388 
389         log.debug("<comparePassword()");
390         //log.debug("Newhash="+makePasswordHash(password)+", OldHash="+passwordHash);
391         return (makePasswordHash(password).equals(getPasswordHash()));
392     }
393 
394 
395     //
396     // Helper functions
397     //
398 
399 
400 
401     /**
402      * Creates the hashed password
403      */
404 
405     private String   makePasswordHash(String   password) throws NoSuchAlgorithmException   {
406         log.debug(">makePasswordHash()");
407 
408         if (password == null)
409             return null;
410 
411         String   ret = null;
412         try {
413             MessageDigest   md = MessageDigest.getInstance("SHA1");
414             byte[] pwdhash = md.digest(password.trim().getBytes());
415             ret = new String  (Hex.encode(pwdhash));
416         } catch (NoSuchAlgorithmException   nsae) {
417             log.error("SHA1 algorithm not supported.", nsae);
418             throw nsae;
419         }
420 
421         log.debug("<makePasswordHash()");
422         return ret;
423     }
424 
425 
426     /**
427      * Non-searchable information about a user. for future use.
428      * @ejb.interface-method
429      */
430     public ExtendedInformation getExtendedInformation() {
431         return UserDataVO.getExtendedInformation(getExtendedInformationData());
432     }
433 
434     /**
435      * Non-searchable information about a user. for future use.
436      * @ejb.interface-method
437      */
438     public void setExtendedInformation(ExtendedInformation extendedinformation) {
439         if(extendedinformation != null){
440             // We must base64 encode string for UTF safety
441             HashMap   a = new Base64PutHashMap();
442             a.putAll((HashMap  )extendedinformation.saveData());
443 
444             java.io.ByteArrayOutputStream   baos = new java.io.ByteArrayOutputStream  ();
445             java.beans.XMLEncoder   encoder = new java.beans.XMLEncoder  (baos);
446             encoder.writeObject(a);
447             encoder.close();
448             try {
449                 setExtendedInformationData(baos.toString("UTF8"));
450             } catch (UnsupportedEncodingException   e) {
451                 throw new EJBException  ("Problems storing extended information for user :" + getUsername(),e);
452             }
453             
454         }
455     }
456     
457     //
458     // Fields required by Container
459     //
460 
461     /**
462      * Entity Bean holding info about a User.
463      * Create by sending in the instance, username, password and subject DN.
464      * SubjectEmail, Status and Type are set to default values (null, STATUS_NEW, USER_INVALID).
465      * and should be set using the respective set-methods. Clear text password is not set at all and must be set using setClearPassword();
466      *
467      * @param username the unique username used for authentication.
468      * @param password the password used for authentication. This inly sets passwordhash, to set cleartext password, the setPassword() method must be used.
469      * @param dn       the DN the subject is given in his certificate.
470      * @return UserDataPK primary key
471      * @ejb.create-method
472      */
473     public UserDataPK ejbCreate(String   username, String   password, String   dn, int caid)
474             throws CreateException  , NoSuchAlgorithmException   {
475 
476         long time = (new Date  ()).getTime();
477 
478         setUsername(StringTools.strip(username));
479         setClearPassword(null);
480         setPasswordHash(makePasswordHash(password));
481         setSubjectDN(CertTools.stringToBCDNString(dn));
482         setCaId(caid);
483         setSubjectAltName(null);
484         setSubjectEmail(null);
485         setStatus(UserDataConstants.STATUS_NEW);
486         setType(SecConst.USER_INVALID);
487         setTimeCreated(time);
488         setTimeModified(time);
489         setEndEntityProfileId(0);
490         setCertificateProfileId(0);
491         setTokenType(SecConst.TOKEN_SOFT_BROWSERGEN);
492         setHardTokenIssuerId(0);
493         setExtendedInformationData(null);
494         UserDataPK pk = new UserDataPK(username);
495         log.debug("Created user " + username);
496 
497         return pk;
498     }
499 
500     public void ejbPostCreate(String   username, String   password, String   dn, int caid) {
501         // Do nothing. Required.
502     }
503     
504 }
505
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags