1 13 14 package org.ejbca.core.model.authorization; 15 16 import java.io.Serializable ; 17 import java.security.cert.X509Certificate ; 18 import java.util.regex.Pattern ; 19 20 import org.ejbca.util.CertTools; 21 import org.ejbca.util.StringTools; 22 import org.ejbca.util.dn.DNFieldExtractor; 23 24 25 35 public class AdminEntity implements Serializable , Comparable { 36 public static final int SPECIALADMIN_PUBLICWEBUSER = 2000; 38 public static final int SPECIALADMIN_CACOMMANDLINEADMIN = 2001; 39 public static final int SPECIALADMIN_RAADMIN = 2002; 40 public static final int SPECIALADMIN_BATCHCOMMANDLINEADMIN = 2003; 41 public static final int SPECIALADMIN_INTERNALUSER = 2004; 42 public static final int SPECIALADMIN_NOUSER = 2005; 43 44 public static final int TYPE_EQUALCASE = 1000; 46 public static final int TYPE_EQUALCASEINS = 1001; 47 public static final int TYPE_NOT_EQUALCASE = 1002; 48 public static final int TYPE_NOT_EQUALCASEINS = 1003; 49 50 51 public static final int WITH_COUNTRY = 1; 55 public static final int WITH_DOMAINCOMPONENT = 2; 56 public static final int WITH_STATE = 3; 57 public static final int WITH_LOCALE = 4; 58 public static final int WITH_ORGANIZATION = 5; 59 public static final int WITH_ORGANIZATIONUNIT = 6; 60 public static final int WITH_TITLE = 7; 61 public static final int WITH_COMMONNAME = 8; 62 public static final int WITH_UID = 9; 63 public static final int WITH_DNSERIALNUMBER = 10; 64 public static final int WITH_SERIALNUMBER = 11; 65 66 private static final Pattern serialPattern = 67 Pattern.compile("\\bSERIALNUMBER=", Pattern.CASE_INSENSITIVE); 68 69 70 public AdminEntity(int matchwith, int matchtype, String matchvalue, int caid) { 71 setMatchWith(matchwith); 72 setMatchType(matchtype); 73 setMatchValue(matchvalue); 74 this.caid=caid; 75 } 76 77 public AdminEntity(int specialadmin) { 78 this(WITH_SERIALNUMBER, specialadmin, "UNUSED", 0); 81 } 82 83 85 public boolean match(AdminInformation admininformation) { 86 boolean returnvalue=false; 87 88 if(admininformation.isSpecialUser()){ 89 if(this.matchtype == admininformation.getSpecialUser()){ 90 returnvalue = true; 92 } 93 } 94 else{ 95 X509Certificate certificate = admininformation.getX509Certificate(); 96 String certstring = certificate.getSubjectDN().toString(); 97 int admincaid = CertTools.getIssuerDN(certificate).hashCode(); 99 certstring = serialPattern.matcher(certstring).replaceAll("SN="); 101 102 int parameter; 103 int size=0; 104 String [] clientstrings=null; 105 106 107 if(this.caid == admincaid){ 109 DNFieldExtractor dn = new DNFieldExtractor(certstring,DNFieldExtractor.TYPE_SUBJECTDN); 111 if(matchwith == WITH_SERIALNUMBER){ 112 if(certificate!=null){ 113 switch(matchtype){ 114 case TYPE_EQUALCASE: 115 case TYPE_EQUALCASEINS: 116 try{ 117 returnvalue = (new java.math.BigInteger (matchvalue,16)).equals(certificate.getSerialNumber()); 118 }catch(java.lang.NumberFormatException nfe){} 119 break; 120 case TYPE_NOT_EQUALCASE: 121 case TYPE_NOT_EQUALCASEINS: 122 try{ 123 returnvalue = !(new java.math.BigInteger (matchvalue,16)).equals(certificate.getSerialNumber()); 124 }catch(java.lang.NumberFormatException nfe){} 125 break; 126 default: 127 } 128 } 129 } 130 else{ 131 parameter = DNFieldExtractor.CN; 132 switch(matchwith){ 133 case WITH_COUNTRY: 134 parameter = DNFieldExtractor.C; 135 break; 136 case WITH_DOMAINCOMPONENT: 137 parameter = DNFieldExtractor.DC; 138 break; 139 case WITH_STATE: 140 parameter = DNFieldExtractor.L; 141 break; 142 case WITH_LOCALE: 143 parameter = DNFieldExtractor.ST; 144 break; 145 case WITH_ORGANIZATION: 146 parameter = DNFieldExtractor.O; 147 break; 148 case WITH_ORGANIZATIONUNIT: 149 parameter = DNFieldExtractor.OU; 150 break; 151 case WITH_TITLE: 152 parameter = DNFieldExtractor.T; 153 break; 154 case WITH_DNSERIALNUMBER: 155 parameter = DNFieldExtractor.SN; 156 break; 157 case WITH_COMMONNAME: 158 parameter = DNFieldExtractor.CN; 159 break; 160 case WITH_UID: 161 parameter = DNFieldExtractor.UID; 162 break; 163 default: 164 } 165 size = dn.getNumberOfFields(parameter); 166 clientstrings = new String [size]; 167 for(int i=0; i < size; i++){ 168 clientstrings[i] = dn.getField(parameter,i); 169 } 170 171 if(clientstrings!=null){ 173 switch(matchtype){ 174 case TYPE_EQUALCASE: 175 for(int i=0; i < size ; i++){ 176 returnvalue = clientstrings[i].equals(matchvalue); 177 if(returnvalue) 178 break; 179 } 180 break; 181 case TYPE_EQUALCASEINS: 182 for(int i=0; i < size ; i++){ 183 returnvalue = clientstrings[i].equalsIgnoreCase(matchvalue); 184 if(returnvalue) 185 break; 186 } 187 break; 188 case TYPE_NOT_EQUALCASE: 189 for(int i=0; i < size ; i++){ 190 returnvalue = !clientstrings[i].equals(matchvalue); 191 if(returnvalue) 192 break; 193 } 194 break; 195 case TYPE_NOT_EQUALCASEINS: 196 for(int i=0; i < size ; i++){ 197 returnvalue = !clientstrings[i].equalsIgnoreCase(matchvalue); 198 if(returnvalue) 199 break; 200 } 201 break; 202 default: 203 } 204 } 205 } 206 } 207 } 208 209 return returnvalue; 210 } 211 212 public int getMatchWith(){ 214 return matchwith; 215 } 216 217 public void setMatchWith(int matchwith){ 218 if(matchwith == AdminEntity.WITH_SERIALNUMBER){ 219 this.matchvalue = StringTools.stripWhitespace(this.matchvalue); 220 } 221 this.matchwith=matchwith; 222 } 223 224 public int getMatchType(){ 225 return matchtype; 226 } 227 228 public void setMatchType(int matchtype){ 229 this.matchtype=matchtype; 230 } 231 232 public String getMatchValue(){ 233 return matchvalue; 234 } 235 236 public void setMatchValue(String matchvalue){ 237 if(this.matchwith == AdminEntity.WITH_SERIALNUMBER){ 238 this.matchvalue = StringTools.stripWhitespace(matchvalue); 239 }else 240 this.matchvalue=matchvalue; 241 } 242 243 public int getSpecialUser(){ 244 return this.matchtype; 245 } 246 247 public void setSpecialUser(int specialadmin){ 248 this.matchtype=specialadmin; 249 } 250 251 public boolean isSpecialUser(){ 252 return this.matchtype >= 2000 && this.matchtype <= 2999; 253 } 254 255 256 public int getPriority(){ 257 return matchwith; 258 } 259 260 public int compareTo(Object obj) { 261 return matchvalue.compareTo(((AdminEntity)obj).getMatchValue()); 262 } 263 264 266 267 private int matchwith; 269 private int matchtype; 270 private String matchvalue; 271 private int caid; 272 273 } 274 | Popular Tags |