KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > ejb > ra > UserDataBean


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.ejb.ra;
15
16 import java.io.UnsupportedEncodingException JavaDoc;
17 import java.security.MessageDigest JavaDoc;
18 import java.security.NoSuchAlgorithmException JavaDoc;
19 import java.util.Date JavaDoc;
20 import java.util.HashMap JavaDoc;
21
22 import javax.ejb.CreateException JavaDoc;
23 import javax.ejb.EJBException JavaDoc;
24
25 import org.apache.log4j.Logger;
26 import org.bouncycastle.util.encoders.Hex;
27 import org.ejbca.core.ejb.BaseEntityBean;
28 import org.ejbca.core.model.SecConst;
29 import org.ejbca.core.model.ra.ExtendedInformation;
30 import org.ejbca.core.model.ra.UserDataConstants;
31 import org.ejbca.core.model.ra.UserDataVO;
32 import org.ejbca.util.Base64PutHashMap;
33 import org.ejbca.util.CertTools;
34 import org.ejbca.util.StringTools;
35
36 /**
37  * Entity bean should not be used directly, use though Session beans.
38  * <p/>
39  * Entity Bean representing a User.
40  * Information stored:
41  * <pre>
42  * Username (username)
43  * SHA1 hash of password (passwordHash)
44  * Clear text password if needed (clearPassword)
45  * Subject DN (subjectDN)
46  * CAId of CA the user is belonging to.
47  * Subject Alternative Name (subjectAltName
48  * Subject Email (subjectEmail)
49  * Status (status)
50  * Type (type, from SecConst)
51  * End Entity Profile (endEntityProfileId)
52  * Certificate Profile (certificateProfileId)
53  * Token Type (tokenType)
54  * Hard Token Issuer (hardTokenIssuerId)
55  * KeyStore Password (keyStorePassword), reserved for future use.
56  * ExtendedInformation, extra information about a user.
57  * </pre>
58  * <p/>
59  * Passwords should me manipulated through helper functions setPassword() and setOpenPassword().
60  * The setPassword() function sets the hashed password, while the setOpenPassword() method sets
61  * both the hashed password and the clear text password.
62  * The method comparePassword() is used to verify a password againts the hashed password.
63  *
64  * @version $Id: UserDataBean.java,v 1.12 2006/11/10 09:29:34 anatom Exp $
65  *
66  * @ejb.bean description="This enterprise bean entity represents a Log Entry with accompanying data"
67  * display-name="UserDataEB"
68  * name="UserData"
69  * jndi-name="UserData"
70  * view-type="local"
71  * type="CMP"
72  * reentrant="False"
73  * cmp-version="2.x"
74  * transaction-type="Container"
75  * schema="UserDataBean"
76  *
77  * @ejb.pk class="org.ejbca.core.ejb.ra.UserDataPK"
78  * extends="java.lang.Object"
79  * implements="java.io.Serializable"
80  *
81  * @ejb.persistence table-name = "UserData"
82  *
83  * @ejb.transaction type="Required"
84  *
85  * @ejb.home extends="javax.ejb.EJBHome"
86  * local-extends="javax.ejb.EJBLocalHome"
87  * local-class="org.ejbca.core.ejb.ra.UserDataLocalHome"
88  *
89  * @ejb.interface extends="javax.ejb.EJBObject"
90  * local-extends="javax.ejb.EJBLocalObject"
91  * local-class="org.ejbca.core.ejb.ra.UserDataLocal"
92  *
93  * @ejb.finder
94  * description="findBySubjectDNAndCAId"
95  * signature="org.ejbca.core.ejb.ra.UserDataLocal findBySubjectDNAndCAId(java.lang.String subjectdn, int caId)"
96  * query="SELECT OBJECT(a) from UserDataBean a WHERE a.subjectDN=?1 AND a.caId=?2"
97  *
98  * @ejb.finder
99  * description="findBySubjectDN"
100  * signature="org.ejbca.core.ejb.ra.UserDataLocal findBySubjectDN(java.lang.String subjectdn)"
101  * query="SELECT OBJECT(a) from UserDataBean a WHERE a.subjectDN=?1"
102  *
103  * @ejb.finder
104  * description="findBySubjectEmail"
105  * signature="java.util.Collection findBySubjectEmail(java.lang.String subjectEmail)"
106  * query="SELECT OBJECT(a) from UserDataBean a WHERE a.subjectEmail=?1"
107  *
108  * @ejb.finder
109  * description="findByStatus"
110  * signature="java.util.Collection findByStatus(int status)"
111  * query="SELECT OBJECT(a) from UserDataBean a WHERE a.status=?1"
112  *
113  * @ejb.finder
114  * description="findAll"
115  * signature="java.util.Collection findAll()"
116  * query="SELECT OBJECT(a) from UserDataBean a"
117  */

118 public abstract class UserDataBean extends BaseEntityBean {
119
120     private static final Logger log = Logger.getLogger(UserDataBean.class);
121
122
123     /**
124      * @ejb.pk-field
125      * @ejb.persistence column-name="username"
126      * @ejb.interface-method
127      */

128     public abstract String JavaDoc getUsername();
129
130     /**
131      * username must be called 'striped' using StringTools.strip()
132      *
133      */

134     public abstract void setUsername(String JavaDoc username);
135
136     /**
137      * @ejb.persistence column-name="subjectDN"
138      * @ejb.interface-method
139      */

140     public abstract String JavaDoc getSubjectDN();
141
142     /**
143      * @ejb.interface-method
144      */

145     public abstract void setSubjectDN(String JavaDoc subjectDN);
146
147     /**
148      * @ejb.persistence column-name="cAId"
149      * @ejb.interface-method
150      */

151     public abstract int getCaId();
152
153     /**
154      * @ejb.interface-method
155      */

156     public abstract void setCaId(int caid);
157
158     /**
159      * @ejb.persistence column-name="subjectAltName"
160      * @ejb.interface-method
161      */

162     public abstract String JavaDoc getSubjectAltName();
163
164     /**
165      * @ejb.interface-method
166      */

167     public abstract void setSubjectAltName(String JavaDoc subjectAltName);
168
169     /**
170      * @ejb.persistence column-name="subjectEmail"
171      * @ejb.interface-method
172      */

173     public abstract String JavaDoc getSubjectEmail();
174
175     /**
176      * @ejb.interface-method
177      */

178     public abstract void setSubjectEmail(String JavaDoc subjectEmail);
179
180     /**
181      * @ejb.persistence column-name="status"
182      * @ejb.interface-method
183      */

184     public abstract int getStatus();
185
186     /**
187      * @ejb.interface-method
188      */

189     public abstract void setStatus(int status);
190
191     /**
192      * @ejb.persistence column-name="type"
193      * @ejb.interface-method
194      */

195     public abstract int getType();
196
197     /**
198      * @ejb.interface-method
199      */

200     public abstract void setType(int type);
201
202     /**
203      * Returns clear text password or null.
204      *
205      * @ejb.persistence column-name="clearPassword"
206      * @ejb.interface-method
207      */

208     public abstract String JavaDoc getClearPassword();
209
210     /**
211      * Sets clear text password, the preferred method is setOpenPassword().
212      *
213      * @ejb.interface-method
214      */

215     public abstract void setClearPassword(String JavaDoc clearPassword);
216
217     /**
218      * Returns hashed password or null.
219      *
220      * @ejb.persistence column-name="passwordHash"
221      * @ejb.interface-method
222      */

223     public abstract String JavaDoc getPasswordHash();
224
225     /**
226      * Sets hash of password, this is the normal way to store passwords, but use the method setPassword() instead.
227      *
228      * @ejb.interface-method
229      */

230     public abstract void setPasswordHash(String JavaDoc passwordHash);
231
232     /**
233      * Returns the time when the user was created.
234      *
235      * @ejb.persistence column-name="timeCreated"
236      * @ejb.interface-method
237      */

238     public abstract long getTimeCreated();
239
240     /**
241      * Sets the time when the user was created.
242      *
243      */

244     public abstract void setTimeCreated(long createtime);
245
246     /**
247      * Returns the time when the user was last modified.
248      *
249      * @ejb.persistence column-name="timeModified"
250      * @ejb.interface-method
251      */

252     public abstract long getTimeModified();
253
254     /**
255      * Sets the time when the user was last modified.
256      *
257      * @ejb.interface-method
258      */

259     public abstract void setTimeModified(long createtime);
260
261     /**
262      * Returns the end entity profile id the user belongs to.
263      *
264      * @ejb.persistence column-name="endEntityProfileId"
265      * @ejb.interface-method
266      */

267     public abstract int getEndEntityProfileId();
268
269     /**
270      * Sets the end entity profile id the user should belong to. 0 if profileid is not applicable.
271      *
272      * @ejb.interface-method
273      */

274     public abstract void setEndEntityProfileId(int endentityprofileid);
275
276     /**
277      * Returns the certificate profile id that should be generated for the user.
278      *
279      * @ejb.persistence column-name="certificateProfileId"
280      * @ejb.interface-method
281      */

282     public abstract int getCertificateProfileId();
283
284     /**
285      * Sets the certificate profile id that should be generated for the user. 0 if profileid is not applicable.
286      *
287      * @ejb.interface-method
288      */

289     public abstract void setCertificateProfileId(int certificateprofileid);
290
291     /**
292      * Returns the token type id that should be generated for the user.
293      *
294      * @ejb.persistence column-name="tokenType"
295      * @ejb.interface-method
296      */

297     public abstract int getTokenType();
298
299     /**
300      * Sets the token type that should be generated for the user. Available token types can be found in SecConst.
301      *
302      * @ejb.interface-method
303      */

304     public abstract void setTokenType(int tokentype);
305
306     /**
307      * Returns the hard token issuer id that should genererate for the users hard token.
308      *
309      * @ejb.persistence column-name="hardTokenIssuerId"
310      * @ejb.interface-method
311      */

312     public abstract int getHardTokenIssuerId();
313
314     /**
315      * Sets the hard token issuer id that should genererate for the users hard token. 0 if issuerid is not applicable.
316      *
317      * @ejb.interface-method
318      */

319     public abstract void setHardTokenIssuerId(int hardtokenissuerid);
320
321     /**
322      * Non-searchable information about a user.
323      *
324      * @ejb.persistence jdbc-type="LONGVARCHAR" column-name="extendedInformationData"
325      */

326     public abstract String JavaDoc getExtendedInformationData();
327
328     /**
329      * Non-searchable information about a user.
330      *
331      */

332     public abstract void setExtendedInformationData(String JavaDoc data);
333
334
335     // Reserved for future use.
336
/**
337      * @ejb.persistence column-name="keyStorePassword"
338      */

339     public abstract String JavaDoc getKeyStorePassword();
340
341     /**
342      */

343     public abstract void setKeyStorePassword(String JavaDoc keystorepassword);
344
345
346     //
347
// Public methods used to help us manage passwords
348
//
349

350     /**
351      * Function that sets the BCDN representation of the string.
352      * @ejb.interface-method
353      */

354     public void setDN(String JavaDoc dn) {
355         setSubjectDN(CertTools.stringToBCDNString(dn));
356     }
357
358     /**
359      * Sets password in ahsed form in the database, this way it cannot be read in clear form
360      * @ejb.interface-method
361      */

362     public void setPassword(String JavaDoc password) throws NoSuchAlgorithmException JavaDoc {
363         String JavaDoc passwordHash = makePasswordHash(password);
364         setPasswordHash(passwordHash);
365         setClearPassword(null);
366     }
367
368     /**
369      * Sets the password in clear form in the database, needed for machine processing,
370      * also sets the hashed password to the same value
371      * @ejb.interface-method
372      */

373     public void setOpenPassword(String JavaDoc password) throws NoSuchAlgorithmException JavaDoc {
374
375         String JavaDoc passwordHash = makePasswordHash(password);
376         setPasswordHash(passwordHash);
377         setClearPassword(password);
378     }
379
380     /**
381      * Verifies password by verifying against passwordhash
382      * @ejb.interface-method
383      */

384     public boolean comparePassword(String JavaDoc password) throws NoSuchAlgorithmException JavaDoc {
385         log.debug(">comparePassword()");
386         if (password == null)
387             return false;
388
389         log.debug("<comparePassword()");
390         //log.debug("Newhash="+makePasswordHash(password)+", OldHash="+passwordHash);
391
return (makePasswordHash(password).equals(getPasswordHash()));
392     }
393
394
395     //
396
// Helper functions
397
//
398

399
400
401     /**
402      * Creates the hashed password
403      */

404
405     private String JavaDoc makePasswordHash(String JavaDoc password) throws NoSuchAlgorithmException JavaDoc {
406         log.debug(">makePasswordHash()");
407
408         if (password == null)
409             return null;
410
411         String JavaDoc ret = null;
412         try {
413             MessageDigest JavaDoc md = MessageDigest.getInstance("SHA1");
414             byte[] pwdhash = md.digest(password.trim().getBytes());
415             ret = new String JavaDoc(Hex.encode(pwdhash));
416         } catch (NoSuchAlgorithmException JavaDoc nsae) {
417             log.error("SHA1 algorithm not supported.", nsae);
418             throw nsae;
419         }
420
421         log.debug("<makePasswordHash()");
422         return ret;
423     }
424
425
426     /**
427      * Non-searchable information about a user. for future use.
428      * @ejb.interface-method
429      */

430     public ExtendedInformation getExtendedInformation() {
431         return UserDataVO.getExtendedInformation(getExtendedInformationData());
432     }
433
434     /**
435      * Non-searchable information about a user. for future use.
436      * @ejb.interface-method
437      */

438     public void setExtendedInformation(ExtendedInformation extendedinformation) {
439         if(extendedinformation != null){
440             // We must base64 encode string for UTF safety
441
HashMap JavaDoc a = new Base64PutHashMap();
442             a.putAll((HashMap JavaDoc)extendedinformation.saveData());
443
444             java.io.ByteArrayOutputStream JavaDoc baos = new java.io.ByteArrayOutputStream JavaDoc();
445             java.beans.XMLEncoder JavaDoc encoder = new java.beans.XMLEncoder JavaDoc(baos);
446             encoder.writeObject(a);
447             encoder.close();
448             try {
449                 setExtendedInformationData(baos.toString("UTF8"));
450             } catch (UnsupportedEncodingException JavaDoc e) {
451                 throw new EJBException JavaDoc("Problems storing extended information for user :" + getUsername(),e);
452             }
453             
454         }
455     }
456     
457     //
458
// Fields required by Container
459
//
460

461     /**
462      * Entity Bean holding info about a User.
463      * Create by sending in the instance, username, password and subject DN.
464      * SubjectEmail, Status and Type are set to default values (null, STATUS_NEW, USER_INVALID).
465      * and should be set using the respective set-methods. Clear text password is not set at all and must be set using setClearPassword();
466      *
467      * @param username the unique username used for authentication.
468      * @param password the password used for authentication. This inly sets passwordhash, to set cleartext password, the setPassword() method must be used.
469      * @param dn the DN the subject is given in his certificate.
470      * @return UserDataPK primary key
471      * @ejb.create-method
472      */

473     public UserDataPK ejbCreate(String JavaDoc username, String JavaDoc password, String JavaDoc dn, int caid)
474             throws CreateException JavaDoc, NoSuchAlgorithmException JavaDoc {
475
476         long time = (new Date JavaDoc()).getTime();
477
478         setUsername(StringTools.strip(username));
479         setClearPassword(null);
480         setPasswordHash(makePasswordHash(password));
481         setSubjectDN(CertTools.stringToBCDNString(dn));
482         setCaId(caid);
483         setSubjectAltName(null);
484         setSubjectEmail(null);
485         setStatus(UserDataConstants.STATUS_NEW);
486         setType(SecConst.USER_INVALID);
487         setTimeCreated(time);
488         setTimeModified(time);
489         setEndEntityProfileId(0);
490         setCertificateProfileId(0);
491         setTokenType(SecConst.TOKEN_SOFT_BROWSERGEN);
492         setHardTokenIssuerId(0);
493         setExtendedInformationData(null);
494         UserDataPK pk = new UserDataPK(username);
495         log.debug("Created user " + username);
496
497         return pk;
498     }
499
500     public void ejbPostCreate(String JavaDoc username, String JavaDoc password, String JavaDoc dn, int caid) {
501         // Do nothing. Required.
502
}
503     
504 }
505
Popular Tags