1 13 14 package org.ejbca.core.model.ra.raadmin; 15 16 import java.util.ArrayList ; 17 import java.util.Arrays ; 18 import java.util.Collection ; 19 import java.util.Collections ; 20 import java.util.HashMap ; 21 import java.util.Iterator ; 22 import java.util.Map ; 23 import java.util.Set ; 24 25 import org.apache.commons.lang.StringUtils; 26 import org.apache.log4j.Logger; 27 import org.ejbca.core.model.InternalResources; 28 import org.ejbca.core.model.SecConst; 29 import org.ejbca.core.model.UpgradeableDataHashMap; 30 import org.ejbca.util.Base64; 31 import org.ejbca.util.StringTools; 32 import org.ejbca.util.dn.DNFieldExtractor; 33 import org.ejbca.util.dn.DnComponents; 34 import org.ejbca.util.passgen.PasswordGeneratorFactory; 35 36 37 51 public class EndEntityProfile extends UpgradeableDataHashMap implements java.io.Serializable , Cloneable { 52 53 private static final Logger log = Logger.getLogger(EndEntityProfile.class); 54 55 private static final InternalResources intres = InternalResources.getInstance(); 56 57 public static final float LATEST_VERSION = 6; 58 59 68 private static final long serialVersionUID = -8356152324295231461L; 69 70 72 private static HashMap dataConstants = new HashMap (); 73 74 static { 78 dataConstants.put("USERNAME", new Integer (0)); 79 dataConstants.put("PASSWORD", new Integer (1)); 80 dataConstants.put("CLEARTEXTPASSWORD", new Integer (2)); 81 123 dataConstants.put("EMAIL", new Integer (26)); 124 dataConstants.put("ADMINISTRATOR", new Integer (27)); 125 dataConstants.put("KEYRECOVERABLE", new Integer (28)); 126 dataConstants.put("DEFAULTCERTPROFILE", new Integer (29)); 127 dataConstants.put("AVAILCERTPROFILES", new Integer (30)); 128 dataConstants.put("DEFKEYSTORE", new Integer (31)); 129 dataConstants.put("AVAILKEYSTORE", new Integer (32)); 130 dataConstants.put("DEFAULTTOKENISSUER", new Integer (33)); 131 dataConstants.put("AVAILTOKENISSUER", new Integer (34)); 132 dataConstants.put("SENDNOTIFICATION", new Integer (35)); 133 134 dataConstants.put("DEFAULTCA", new Integer (37)); 135 dataConstants.put("AVAILCAS", new Integer (38)); 136 137 dataConstants.putAll(DnComponents.getProfilenameIdMap()); 139 } 140 private static final int VALUE = 0; 142 private static final int USE = 1; 143 private static final int ISREQUIRED = 2; 144 private static final int MODIFYABLE = 3; 145 146 public static final String USERNAME = "USERNAME"; 148 public static final String PASSWORD = "PASSWORD"; 149 public static final String CLEARTEXTPASSWORD = "CLEARTEXTPASSWORD"; 150 151 public static final String EMAIL = "EMAIL"; 152 public static final String ADMINISTRATOR = "ADMINISTRATOR"; 153 public static final String KEYRECOVERABLE = "KEYRECOVERABLE"; 154 public static final String DEFAULTCERTPROFILE = "DEFAULTCERTPROFILE"; 155 public static final String AVAILCERTPROFILES = "AVAILCERTPROFILES"; 156 public static final String DEFKEYSTORE = "DEFKEYSTORE"; 157 public static final String AVAILKEYSTORE = "AVAILKEYSTORE"; 158 public static final String DEFAULTTOKENISSUER = "DEFAULTTOKENISSUER"; 159 public static final String AVAILTOKENISSUER = "AVAILTOKENISSUER"; 160 public static final String SENDNOTIFICATION = "SENDNOTIFICATION"; 161 public static final String DEFAULTCA = "DEFAULTCA"; 162 public static final String AVAILCAS = "AVAILCAS"; 163 164 165 166 public static final String SPLITCHAR = ";"; 167 168 public static final String TRUE = "true"; 169 public static final String FALSE = "false"; 170 171 172 173 public static final int FIELDTYPE = 0; 175 public static final int NUMBER = 1; 176 177 179 public EndEntityProfile() { 180 super(); 181 182 init(false); 184 } 185 186 187 public EndEntityProfile(boolean emptyprofile){ 188 super(); 189 190 init(emptyprofile); 191 } 192 193 private void init(boolean emptyprofile){ 194 if(emptyprofile){ 195 ArrayList numberoffields = new ArrayList (dataConstants.size()); 197 for(int i =0; i < dataConstants.size(); i++){ 198 numberoffields.add(new Integer (0)); 199 } 200 data.put(NUMBERARRAY,numberoffields); 201 data.put(SUBJECTDNFIELDORDER,new ArrayList ()); 202 data.put(SUBJECTALTNAMEFIELDORDER,new ArrayList ()); 203 data.put(SUBJECTDIRATTRFIELDORDER,new ArrayList ()); 204 205 Set keySet = dataConstants.keySet(); 206 Iterator iter = keySet.iterator(); 207 while (iter.hasNext()) { 208 String key = (String )iter.next(); 209 if (key.equals(SENDNOTIFICATION) || key.equals(DnComponents.OTHERNAME) 210 || key.equals(DnComponents.X400ADDRESS) || key.equals(DnComponents.EDIPARTNAME) || key.equals(DnComponents.REGISTEREDID)) { 211 continue; 212 } else { 213 addField(key); 214 setValue(key,0,""); 215 setRequired(key,0,false); 216 setUse(key,0,true); 217 setModifyable(key,0,true); 218 } 219 220 } 221 222 setRequired(USERNAME,0,true); 223 setRequired(PASSWORD,0,true); 224 setRequired(DnComponents.COMMONNAME,0,true); 225 setRequired(DEFAULTCERTPROFILE,0,true); 226 setRequired(AVAILCERTPROFILES,0,true); 227 setRequired(DEFKEYSTORE,0,true); 228 setRequired(AVAILKEYSTORE,0,true); 229 setRequired(DEFAULTCA,0,true); 230 setRequired(AVAILCAS,0,true); 231 setValue(DEFAULTCERTPROFILE,0,"1"); 232 setValue(AVAILCERTPROFILES,0,"1"); 233 setValue(DEFKEYSTORE,0, "" + SecConst.TOKEN_SOFT_BROWSERGEN); 234 setValue(AVAILKEYSTORE,0, SecConst.TOKEN_SOFT_BROWSERGEN + ";" + SecConst.TOKEN_SOFT_P12 + ";" + SecConst.TOKEN_SOFT_JKS + ";" + SecConst.TOKEN_SOFT_PEM); 235 setValue(AVAILCAS,0, Integer.toString(SecConst.ALLCAS)); 236 setUse(AVAILTOKENISSUER, 0, false); 238 239 }else{ 240 ArrayList numberoffields = new ArrayList (dataConstants.size()); 242 for(int i =0; i < dataConstants.size(); i++){ 243 numberoffields.add(new Integer (0)); 244 } 245 246 data.put(NUMBERARRAY,numberoffields); 247 data.put(SUBJECTDNFIELDORDER,new ArrayList ()); 248 data.put(SUBJECTALTNAMEFIELDORDER,new ArrayList ()); 249 data.put(SUBJECTDIRATTRFIELDORDER,new ArrayList ()); 250 251 addField(USERNAME); 252 addField(PASSWORD); 253 addField(DnComponents.COMMONNAME); 254 addField(EMAIL); 255 addField(DEFAULTCERTPROFILE); 256 addField(AVAILCERTPROFILES); 257 addField(DEFKEYSTORE); 258 addField(AVAILKEYSTORE); 259 addField(DEFAULTTOKENISSUER); 260 addField(AVAILTOKENISSUER); 261 addField(AVAILCAS); 262 addField(DEFAULTCA); 263 264 setRequired(USERNAME,0,true); 265 setRequired(PASSWORD,0,true); 266 setRequired(DnComponents.COMMONNAME,0,true); 267 setRequired(DEFAULTCERTPROFILE,0,true); 268 setRequired(AVAILCERTPROFILES,0,true); 269 setRequired(DEFKEYSTORE,0,true); 270 setRequired(AVAILKEYSTORE,0,true); 271 setRequired(DEFAULTCA,0,true); 272 setRequired(AVAILCAS,0,true); 273 274 setValue(DEFAULTCERTPROFILE,0,"1"); 275 setValue(AVAILCERTPROFILES,0,"1;2;3"); 276 setValue(DEFKEYSTORE,0, "" + SecConst.TOKEN_SOFT_BROWSERGEN); 277 setValue(AVAILKEYSTORE,0, SecConst.TOKEN_SOFT_BROWSERGEN + ";" + SecConst.TOKEN_SOFT_P12 + ";" + SecConst.TOKEN_SOFT_JKS + ";" + SecConst.TOKEN_SOFT_PEM); 278 279 setUse(AVAILTOKENISSUER, 0, false); 281 282 } 283 } 284 285 public void addField(String parameter){ 286 addField(getParameterNumber(parameter)); 287 } 288 293 public void addField(int parameter){ 294 int size = getNumberOfField(parameter); 295 setValue(parameter,size,""); 296 setRequired(parameter,size,false); 297 setUse(parameter,size,true); 298 setModifyable(parameter,size,true); 299 String param = getParameter(parameter); 300 ArrayList dns = DnComponents.getDnProfileFields(); 301 if(dns.contains(param)){ 302 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTDNFIELDORDER); 303 fieldorder.add(new Integer ((NUMBERBOUNDRARY*parameter) + size)); 304 Collections.sort(fieldorder); 305 } 306 ArrayList altNames = DnComponents.getAltNameFields(); 307 if(altNames.contains(param)) { 308 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTALTNAMEFIELDORDER); 309 fieldorder.add(new Integer ((NUMBERBOUNDRARY*parameter) + size)); 310 } 311 ArrayList dirAttrs = DnComponents.getDirAttrFields(); 312 if(dirAttrs.contains(param)){ 313 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTDIRATTRFIELDORDER); 314 fieldorder.add(new Integer ((NUMBERBOUNDRARY*parameter) + size)); 315 } 316 incrementFieldnumber(parameter); 317 } 318 319 public void removeField(String parameter, int number){ 320 removeField(getParameterNumber(parameter), number); 321 } 322 328 public void removeField(int parameter, int number){ 329 int size = getNumberOfField(parameter); 331 332 if(size>0){ 333 for(int n = number; n < size-1; n++){ 334 setValue(parameter,n,getValue(parameter,n+1)); 335 setRequired(parameter,n,isRequired(parameter,n+1)); 336 setUse(parameter,n,getUse(parameter,n+1)); 337 setModifyable(parameter,n,isModifyable(parameter,n+1)); 338 } 339 340 String param = getParameter(parameter); 341 ArrayList dns = DnComponents.getDnProfileFields(); 343 if(dns.contains(param)){ 344 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTDNFIELDORDER); 345 int value = (NUMBERBOUNDRARY*parameter) + number; 346 for(int i=0; i < fieldorder.size(); i++){ 347 if( value == ((Integer ) fieldorder.get(i)).intValue()){ 348 fieldorder.remove(i); 349 break; 350 } 351 } 352 } 353 354 ArrayList altNames = DnComponents.getAltNameFields(); 355 if(altNames.contains(param)) { 356 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTALTNAMEFIELDORDER); 357 int value = (NUMBERBOUNDRARY*parameter) + number; 358 for(int i=0; i < fieldorder.size(); i++){ 359 if( value == ((Integer ) fieldorder.get(i)).intValue()){ 360 fieldorder.remove(i); 361 break; 362 } 363 } 364 } 365 366 ArrayList dirAttrs = DnComponents.getDirAttrFields(); 367 if(dirAttrs.contains(param)){ 368 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTDIRATTRFIELDORDER); 369 int value = (NUMBERBOUNDRARY*parameter) + number; 370 for(int i=0; i < fieldorder.size(); i++){ 371 if( value == ((Integer ) fieldorder.get(i)).intValue()){ 372 fieldorder.remove(i); 373 break; 374 } 375 } 376 } 377 378 data.remove(new Integer ((VALUE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 379 data.remove(new Integer ((USE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 380 data.remove(new Integer ((ISREQUIRED*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 381 data.remove(new Integer ((MODIFYABLE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 382 383 decrementFieldnumber(parameter); 384 } 385 } 386 387 391 public int getNumberOfField(String parameter){ 392 return getNumberOfField(getParameterNumber(parameter)); 393 } 394 public int getNumberOfField(int parameter){ 395 ArrayList arr = (ArrayList )data.get(NUMBERARRAY); 396 if (parameter >= arr.size()) { 398 String msg = intres.getLocalizedMessage("ra.eeprofileaddfield", new Integer (parameter)); 399 log.info(msg); 400 for (int i = arr.size(); i <= parameter; i++) { 401 arr.add(new Integer (0)); 402 } 403 data.put(NUMBERARRAY,arr); 404 } 405 return ((Integer ) arr.get(parameter)).intValue(); 406 } 407 408 public void setValue(int parameter, int number, String value) { 409 if(value !=null){ 410 value=value.trim(); 411 data.put(new Integer ((VALUE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), value); 412 }else{ 413 data.put(new Integer ((VALUE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), ""); 414 } 415 } 416 public void setValue(String parameter, int number, String value) { 417 setValue(getParameterNumber(parameter), number, value); 418 } 419 420 public void setUse(int parameter, int number, boolean use){ 421 data.put(new Integer ((USE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), Boolean.valueOf(use)); 422 } 423 public void setUse(String parameter, int number, boolean use){ 424 setUse(getParameterNumber(parameter), number, use); 425 } 426 427 public void setRequired(int parameter, int number, boolean isrequired) { 428 data.put(new Integer ((ISREQUIRED*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), Boolean.valueOf(isrequired)); 429 } 430 public void setRequired(String parameter, int number, boolean isrequired) { 431 setRequired(getParameterNumber(parameter), number, isrequired); 432 } 433 434 public void setModifyable(int parameter, int number, boolean changeable) { 435 data.put(new Integer ((MODIFYABLE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter), Boolean.valueOf(changeable)); 436 } 437 public void setModifyable(String parameter, int number, boolean changeable) { 438 setModifyable(getParameterNumber(parameter), number, changeable); 439 } 440 441 public String getValue(int parameter, int number) { 442 String returnval = (String ) data.get(new Integer ((VALUE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 443 if(returnval != null) 444 return returnval; 445 return ""; 446 } 447 public String getValue(String parameter, int number) { 448 return getValue(getParameterNumber(parameter), number); 449 } 450 451 public boolean getUse(int parameter, int number){ 452 Boolean returnval = (Boolean ) data.get(new Integer ((USE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 453 if(returnval != null) 454 return returnval.booleanValue(); 455 return false; 456 } 457 public boolean getUse(String parameter, int number){ 458 return getUse(getParameterNumber(parameter), number); 459 } 460 461 public boolean isRequired(int parameter, int number) { 462 Boolean returnval = (Boolean ) data.get(new Integer ((ISREQUIRED*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 463 if(returnval != null) 464 return returnval.booleanValue(); 465 return false; 466 } 467 public boolean isRequired(String parameter, int number) { 468 return isRequired(getParameterNumber(parameter), number); 469 } 470 471 public boolean isModifyable(int parameter, int number){ 472 Boolean returnval = (Boolean ) data.get(new Integer ((MODIFYABLE*FIELDBOUNDRARY) + (NUMBERBOUNDRARY*number) + parameter)); 473 if(returnval != null) 474 return returnval.booleanValue(); 475 return false; 476 } 477 public boolean isModifyable(String parameter, int number) { 478 return isModifyable(getParameterNumber(parameter), number); 479 } 480 481 public int getSubjectDNFieldOrderLength(){ 482 return ((ArrayList ) data.get(SUBJECTDNFIELDORDER)).size(); 483 } 484 public int getSubjectAltNameFieldOrderLength(){ 485 return ((ArrayList ) data.get(SUBJECTALTNAMEFIELDORDER)).size(); 486 } 487 public int getSubjectDirAttrFieldOrderLength(){ 488 return ((ArrayList ) data.get(SUBJECTDIRATTRFIELDORDER)).size(); 489 } 490 491 495 public int[] getSubjectDNFieldsInOrder(int index){ 496 int[] returnval = new int[2]; 497 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTDNFIELDORDER); 498 returnval[NUMBER] = ((Integer ) fieldorder.get(index)).intValue() % NUMBERBOUNDRARY; 499 returnval[FIELDTYPE] = ((Integer ) fieldorder.get(index)).intValue() / NUMBERBOUNDRARY; 500 501 return returnval; 502 } 503 504 public int[] getSubjectAltNameFieldsInOrder(int index){ 505 int[] returnval = new int[2]; 506 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTALTNAMEFIELDORDER); 507 returnval[NUMBER] = ((Integer ) fieldorder.get(index)).intValue() % NUMBERBOUNDRARY; 508 returnval[FIELDTYPE] = ((Integer ) fieldorder.get(index)).intValue() / NUMBERBOUNDRARY; 509 510 return returnval; 511 } 512 513 public int[] getSubjectDirAttrFieldsInOrder(int index){ 514 int[] returnval = new int[2]; 515 ArrayList fieldorder = (ArrayList ) data.get(SUBJECTDIRATTRFIELDORDER); 516 returnval[NUMBER] = ((Integer ) fieldorder.get(index)).intValue() % NUMBERBOUNDRARY; 517 returnval[FIELDTYPE] = ((Integer ) fieldorder.get(index)).intValue() / NUMBERBOUNDRARY; 518 519 return returnval; 520 } 521 522 public Collection getAvailableCAs(){ 523 ArrayList availablecaids = new ArrayList (); 524 availablecaids.addAll(Arrays.asList(getValue(AVAILCAS,0).split(SPLITCHAR))); 525 return availablecaids; 526 } 527 528 public boolean useAutoGeneratedPasswd(){ 529 return !this.getUse(EndEntityProfile.PASSWORD,0); 530 } 531 532 public String getAutoGeneratedPasswd(){ 533 return PasswordGeneratorFactory.getInstance(PasswordGeneratorFactory.PASSWORDTYPE_LETTERSANDDIGITS).getNewPassword(6,8); 534 } 535 536 public String getNotificationSender(){ 537 if(data.get(NOTIFICATIONSENDER) == null) 538 return ""; 539 540 return (String ) data.get(NOTIFICATIONSENDER); 541 } 542 543 public void setNotificationSender(String sender){ 544 data.put(NOTIFICATIONSENDER, sender); 545 } 546 547 public String getNotificationSubject(){ 548 if(data.get(NOTIFICATIONSUBJECT) == null) 549 return ""; 550 551 return (String ) data.get(NOTIFICATIONSUBJECT); 552 } 553 554 public void setNotificationSubject(String subject){ 555 data.put(NOTIFICATIONSUBJECT, subject); 556 } 557 558 public String getNotificationMessage(){ 559 if(data.get(NOTIFICATIONMESSAGE) == null) 560 return ""; 561 562 return (String ) data.get(NOTIFICATIONMESSAGE); 563 } 564 565 public void setNotificationMessage(String message){ 566 data.put(NOTIFICATIONMESSAGE, message); 567 } 568 569 572 public boolean getReUseKeyRevoceredCertificate(){ 573 if(data.get(REUSECERTIFICATE) == null){ 574 return false; 575 } 576 577 return ((Boolean ) data.get(REUSECERTIFICATE)).booleanValue(); 578 } 579 580 public void setReUseKeyRevoceredCertificate(boolean reuse){ 581 data.put(REUSECERTIFICATE, new Boolean (reuse)); 582 } 583 584 588 public boolean getReverseFieldChecks(){ 589 if(data.get(REVERSEFFIELDCHECKS) == null){ 590 return false; 591 } 592 593 return ((Boolean ) data.get(REVERSEFFIELDCHECKS)).booleanValue(); 594 } 595 596 public void setReverseFieldChecks(boolean reverse){ 597 data.put(REVERSEFFIELDCHECKS, new Boolean (reverse)); 598 } 599 600 604 public boolean getUsePrinting(){ 605 if(data.get(PRINTINGUSE) == null){ 606 return false; 607 } 608 609 return ((Boolean ) data.get(PRINTINGUSE)).booleanValue(); 610 } 611 612 public void setUsePrinting(boolean use){ 613 data.put(PRINTINGUSE, new Boolean (use)); 614 } 615 616 620 public boolean getPrintingDefault(){ 621 if(data.get(PRINTINGDEFAULT) == null){ 622 return false; 623 } 624 625 return ((Boolean ) data.get(PRINTINGDEFAULT)).booleanValue(); 626 } 627 628 public void setPrintingDefault(boolean printDefault){ 629 data.put(PRINTINGDEFAULT, new Boolean (printDefault)); 630 } 631 632 636 public boolean getPrintingRequired(){ 637 if(data.get(PRINTINGREQUIRED) == null){ 638 return false; 639 } 640 return ((Boolean ) data.get(PRINTINGREQUIRED)).booleanValue(); 641 } 642 643 public void setPrintingRequired(boolean printRequired){ 644 data.put(PRINTINGREQUIRED, new Boolean (printRequired)); 645 } 646 647 651 public int getPrintedCopies(){ 652 if(data.get(PRINTINGCOPIES) == null){ 653 return 1; 654 } 655 656 return ((Integer ) data.get(PRINTINGCOPIES)).intValue(); 657 } 658 659 public void setPrintedCopies(int copies){ 660 data.put(PRINTINGCOPIES, new Integer (copies)); 661 } 662 663 666 public String getPrinterName(){ 667 if(data.get(PRINTINGPRINTERNAME) == null){ 668 return ""; 669 } 670 671 return (String ) data.get(PRINTINGPRINTERNAME); 672 } 673 674 public void setPrinterName(String printerName){ 675 data.put(PRINTINGPRINTERNAME, printerName); 676 } 677 678 681 public String getPrinterSVGFileName(){ 682 if(data.get(PRINTINGSVGFILENAME) == null){ 683 return ""; 684 } 685 686 return (String ) data.get(PRINTINGSVGFILENAME); 687 } 688 689 public void setPrinterSVGFileName(String printerSVGFileName){ 690 data.put(PRINTINGSVGFILENAME, printerSVGFileName); 691 } 692 693 697 public String getPrinterSVGData(){ 698 if(data.get(PRINTINGSVGDATA) == null){ 699 return null; 700 } 701 702 return new String (Base64.decode(((String ) data.get(PRINTINGSVGDATA)).getBytes())); 703 } 704 705 public void setPrinterSVGData(String sVGData){ 706 data.put(PRINTINGSVGDATA, new String (Base64.encode(sVGData.getBytes()))); 707 } 708 709 710 711 712 public void doesUserFullfillEndEntityProfile(String username, String password, String dn, String subjectaltname, String subjectdirattr, String email, int certificateprofileid, 713 boolean clearpwd, boolean administrator, boolean keyrecoverable, boolean sendnotification, 714 int tokentype, int hardwaretokenissuerid, int caid) 715 throws UserDoesntFullfillEndEntityProfile{ 716 717 if(useAutoGeneratedPasswd()){ 718 if(password !=null) 719 throw new UserDoesntFullfillEndEntityProfile("Autogenerated password must have password==null"); 720 }else{ 721 if(!isModifyable(PASSWORD,0)){ 722 if(!password.equals(getValue(PASSWORD,0))) 723 throw new UserDoesntFullfillEndEntityProfile("Password didn't match requirement of it's profile."); 724 } 725 else 726 if(isRequired(PASSWORD,0)){ 727 if(password == null || password.trim().equals("")) 728 throw new UserDoesntFullfillEndEntityProfile("Password cannot be empty or null."); 729 } 730 } 731 732 if(!getUse(CLEARTEXTPASSWORD,0) && clearpwd) 733 throw new UserDoesntFullfillEndEntityProfile("Clearpassword (used in batch proccessing) cannot be used."); 734 735 if(isRequired(CLEARTEXTPASSWORD,0)){ 736 if(getValue(CLEARTEXTPASSWORD,0).equals(TRUE) && !clearpwd) 737 throw new UserDoesntFullfillEndEntityProfile("Clearpassword (used in batch proccessing) cannot be false."); 738 if(getValue(CLEARTEXTPASSWORD,0).equals(FALSE) && clearpwd) 739 throw new UserDoesntFullfillEndEntityProfile("Clearpassword (used in batch proccessing) cannot be true."); 740 } 741 742 doesUserFullfillEndEntityProfileWithoutPassword(username, dn, subjectaltname, subjectdirattr, email, certificateprofileid, administrator, keyrecoverable, sendnotification, tokentype, hardwaretokenissuerid, caid); 743 744 } 745 746 public void doesUserFullfillEndEntityProfileWithoutPassword(String username, String dn, String subjectaltname, String subjectdirattr, String email, int certificateprofileid, 747 boolean administrator, boolean keyrecoverable, boolean sendnotification, 748 int tokentype, int hardwaretokenissuerid, int caid) throws UserDoesntFullfillEndEntityProfile{ 749 DNFieldExtractor subjectdnfields = new DNFieldExtractor(dn, DNFieldExtractor.TYPE_SUBJECTDN); 750 if (subjectdnfields.isIllegal()) { 751 throw new UserDoesntFullfillEndEntityProfile("Subject DN is illegal."); 752 } 753 DNFieldExtractor subjectaltnames = new DNFieldExtractor(subjectaltname, DNFieldExtractor.TYPE_SUBJECTALTNAME); 754 if (subjectaltnames.isIllegal()) { 755 throw new UserDoesntFullfillEndEntityProfile("Subject alt names are illegal."); 756 } 757 DNFieldExtractor subjectdirattrs = new DNFieldExtractor(subjectdirattr, DNFieldExtractor.TYPE_SUBJECTDIRATTR); 758 if (subjectdirattrs.isIllegal()) { 759 throw new UserDoesntFullfillEndEntityProfile("Subject directory attributes are illegal."); 760 } 761 762 if(subjectdnfields.existsOther()) 764 throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject DN Field found in:" + dn); 765 766 if(subjectaltnames.existsOther()) 767 throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Alternate Name Field found in:" + subjectaltname ); 768 769 if(subjectdirattrs.existsOther()) 770 throw new UserDoesntFullfillEndEntityProfile("Unsupported Subject Directory Attribute Field found in:" + subjectdirattr ); 771 772 checkIfAllRequiredFieldsExists(subjectdnfields, subjectaltnames, subjectdirattrs, username, email); 773 774 checkIfForIllegalNumberOfFields(subjectdnfields, subjectaltnames, subjectdirattrs); 775 776 checkIfDataFullfillProfile(USERNAME,0,username, "Username",null); 778 779 if(email == null) 781 email = ""; 782 checkIfDomainFullfillProfile(EMAIL,0,email,"Email"); 783 784 HashMap subjectdnfieldnumbers = subjectdnfields.getNumberOfFields(); 786 Integer [] dnids = DNFieldExtractor.getUseFields(DNFieldExtractor.TYPE_SUBJECTDN); 787 for(int i = 0; i < dnids.length; i++){ 788 Integer dnid = dnids[i]; 789 int nof = ((Integer )subjectdnfieldnumbers.get(dnid)).intValue(); 790 if(getReverseFieldChecks()){ 791 for(int j=getNumberOfField(DnComponents.dnIdToProfileName(dnid.intValue())) -1; j >= 0; j--){ 792 checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(dnid.intValue()),j,subjectdnfields.getField(dnid.intValue(),--nof), DnComponents.getErrTextFromDnId(dnid.intValue()), email); 793 } 794 }else{ 795 for(int j=0; j < nof; j++){ 796 checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(dnid.intValue()),j,subjectdnfields.getField(dnid.intValue(),j), DnComponents.getErrTextFromDnId(dnid.intValue()), email); 797 } 798 } 799 } 800 HashMap subjectaltnamesnumbers = subjectaltnames.getNumberOfFields(); 802 Integer [] altnameids = DNFieldExtractor.getUseFields(DNFieldExtractor.TYPE_SUBJECTALTNAME); 803 for(int i = 0; i < altnameids.length; i++){ 804 Integer altnameid = altnameids[i]; 805 int nof = ((Integer )subjectaltnamesnumbers.get(altnameid)).intValue(); 806 if(getReverseFieldChecks()){ 807 for(int j=getNumberOfField(DnComponents.dnIdToProfileName(altnameid.intValue())) -1; j >= 0; j--){ 808 if(i == DNFieldExtractor.UPN){ 809 checkIfDomainFullfillProfile(DnComponents.UPN,j,subjectaltnames.getField(altnameid.intValue(),--nof),"UPN"); 810 }else{ 811 checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(altnameid.intValue()),j,subjectaltnames.getField(altnameid.intValue(),--nof), DnComponents.getErrTextFromDnId(altnameid.intValue()), email); 812 } 813 } 814 }else{ 815 for(int j=0; j < nof; j++){ 816 if(altnameid.intValue() == DNFieldExtractor.UPN){ 817 checkIfDomainFullfillProfile(DnComponents.UPN,j,subjectaltnames.getField(altnameid.intValue(),j),"UPN"); 818 }else{ 819 checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(altnameid.intValue()),j,subjectaltnames.getField(altnameid.intValue(),j), DnComponents.getErrTextFromDnId(altnameid.intValue()), email); 820 } 821 } 822 } 823 } 824 825 HashMap subjectdirattrnumbers = subjectdirattrs.getNumberOfFields(); 827 Integer [] dirattrids = DNFieldExtractor.getUseFields(DNFieldExtractor.TYPE_SUBJECTDIRATTR); 828 for(int i = 0; i < dirattrids.length; i++){ 829 Integer dirattrid = dirattrids[i]; 830 int nof = ((Integer )subjectdirattrnumbers.get(dirattrid)).intValue(); 831 for(int j=0; j < nof; j++){ 832 checkForIllegalChars(subjectdirattrs.getField(dirattrid.intValue(),j)); 833 if(dirattrid.intValue() == DNFieldExtractor.COUNTRYOFCITIZENSHIP){ 834 checkIfISO3166FullfillProfile(DnComponents.COUNTRYOFCITIZENSHIP,j,subjectdirattrs.getField(dirattrid.intValue(),j),"COUNTRYOFCITIZENSHIP"); 835 } else if(dirattrid.intValue() == DNFieldExtractor.COUNTRYOFRESIDENCE){ 836 checkIfISO3166FullfillProfile(DnComponents.COUNTRYOFRESIDENCE,j,subjectdirattrs.getField(dirattrid.intValue(),j),"COUNTRYOFRESIDENCE"); 837 } else if(dirattrid.intValue() == DNFieldExtractor.DATEOFBIRTH){ 838 checkIfDateFullfillProfile(DnComponents.DATEOFBIRTH,j,subjectdirattrs.getField(dirattrid.intValue(),j),"DATEOFBIRTH"); 839 } else if(dirattrid.intValue() == DNFieldExtractor.GENDER){ 840 checkIfGenderFullfillProfile(DnComponents.GENDER,j,subjectdirattrs.getField(dirattrid.intValue(),j),"GENDER"); 841 }else{ 842 checkIfDataFullfillProfile(DnComponents.dnIdToProfileName(dirattrid.intValue()),j,subjectdirattrs.getField(dirattrid.intValue(),j), DnComponents.getErrTextFromDnId(dirattrid.intValue()), email); 843 } 844 } 845 } 846 847 if(!getUse(ADMINISTRATOR,0) && administrator) 849 throw new UserDoesntFullfillEndEntityProfile("Administrator cannot be set."); 850 851 if(isRequired(ADMINISTRATOR,0)){ 852 if(getValue(ADMINISTRATOR,0).equals(TRUE) && !administrator) 853 throw new UserDoesntFullfillEndEntityProfile("Administrator flag is required."); 854 if(getValue(ADMINISTRATOR,0).equals(FALSE) && administrator) 855 throw new UserDoesntFullfillEndEntityProfile("Administrator flag cannot be set in current end entity profile."); 856 } 857 if(!getUse(KEYRECOVERABLE,0) && keyrecoverable) 859 throw new UserDoesntFullfillEndEntityProfile("Key Recoverable cannot be used."); 860 861 if(isRequired(KEYRECOVERABLE,0)){ 862 if(getValue(KEYRECOVERABLE,0).equals(TRUE) && !keyrecoverable) 863 throw new UserDoesntFullfillEndEntityProfile("Key Recoverable is required."); 864 if(getValue(KEYRECOVERABLE,0).equals(FALSE) && keyrecoverable) 865 throw new UserDoesntFullfillEndEntityProfile("Key Recoverable cannot be set in current end entity profile."); 866 } 867 868 if(!getUse(SENDNOTIFICATION,0) && sendnotification) 870 throw new UserDoesntFullfillEndEntityProfile("Email notification cannot be used."); 871 872 if(isRequired(SENDNOTIFICATION,0)){ 873 if(getValue(SENDNOTIFICATION,0).equals(TRUE) && !sendnotification) 874 throw new UserDoesntFullfillEndEntityProfile("Email notification is required."); 875 if(getValue(SENDNOTIFICATION,0).equals(FALSE) && sendnotification) 876 throw new UserDoesntFullfillEndEntityProfile("Email notification cannot be set in current end entity profile."); 877 } 878 879 String [] availablecertprofiles; 881 try{ 882 availablecertprofiles = getValue(AVAILCERTPROFILES,0).split(SPLITCHAR); 883 }catch(Exception e){ 884 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 885 } 886 if(availablecertprofiles == null) 887 throw new UserDoesntFullfillEndEntityProfile("Error Available certificate profiles is null."); 888 boolean found=false; 889 for(int i=0; i < availablecertprofiles.length;i++){ 890 if( Integer.parseInt(availablecertprofiles[i]) == certificateprofileid) 891 found=true; 892 } 893 894 if(!found) 895 throw new UserDoesntFullfillEndEntityProfile("Couldn't find certificate profile ("+certificateprofileid+") among available certificate profiles."); 896 897 String [] availablesofttokentypes; 899 try{ 900 availablesofttokentypes = getValue(AVAILKEYSTORE,0).split(SPLITCHAR); 901 }catch(Exception e){ 902 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 903 } 904 if(availablesofttokentypes == null) 905 throw new UserDoesntFullfillEndEntityProfile("Error available token types is null."); 906 found=false; 907 for(int i=0; i < availablesofttokentypes.length;i++){ 908 if( Integer.parseInt(availablesofttokentypes[i]) == tokentype) 909 found=true; 910 } 911 912 if(tokentype <= SecConst.TOKEN_SOFT){ 914 if(hardwaretokenissuerid != 0) 915 throw new UserDoesntFullfillEndEntityProfile("Soft tokens cannot have a hardware token issuer."); 916 } 917 if(tokentype > SecConst.TOKEN_SOFT && getUse(AVAILTOKENISSUER, 0) ){ String [] availablehardtokenissuers; 920 try{ 921 availablehardtokenissuers = getValue(AVAILTOKENISSUER, 0).split(SPLITCHAR); 922 }catch(Exception e){ 923 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 924 } 925 if(availablehardtokenissuers == null) 926 throw new UserDoesntFullfillEndEntityProfile("Error available hard token issuers is null."); 927 found=false; 928 for(int i=0; i < availablehardtokenissuers.length;i++){ 929 if( Integer.parseInt(availablehardtokenissuers[i]) == hardwaretokenissuerid) 930 found=true; 931 } 932 933 if(!found) 934 throw new UserDoesntFullfillEndEntityProfile("Couldn't find hard token issuers among available hard token issuers."); 935 } 936 937 String [] availablecaids; 939 try{ 940 availablecaids = getValue(AVAILCAS,0).split(SPLITCHAR); 941 }catch(Exception e){ 942 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 943 } 944 if(availablecaids == null) 945 throw new UserDoesntFullfillEndEntityProfile("Error End Entity Profiles Available CAs is null."); 946 found=false; 947 for(int i=0; i < availablecaids.length;i++){ 948 int tmp = Integer.parseInt(availablecaids[i]); 949 if( tmp == caid || tmp == SecConst.ALLCAS) 950 found=true; 951 } 952 953 if(!found) 954 throw new UserDoesntFullfillEndEntityProfile("Couldn't find CA among End Entity Profiles Available CAs."); 955 } 956 957 public void doesPasswordFulfillEndEntityProfile(String password, boolean clearpwd) 958 throws UserDoesntFullfillEndEntityProfile{ 959 960 boolean fullfillsprofile = true; 961 if(useAutoGeneratedPasswd()){ 962 if(password !=null) 963 throw new UserDoesntFullfillEndEntityProfile("Autogenerated password must have password==null"); 964 }else{ 965 if(!isModifyable(EndEntityProfile.PASSWORD,0)){ 966 if(!password.equals(getValue(EndEntityProfile.PASSWORD,0))) 967 fullfillsprofile=false; 968 } 969 else 970 if(isRequired(EndEntityProfile.PASSWORD,0)){ 971 if((!clearpwd && password == null) || (password != null && password.trim().equals(""))) 972 fullfillsprofile=false; 973 } 974 } 975 976 if(clearpwd && isRequired(EndEntityProfile.CLEARTEXTPASSWORD,0) && getValue(EndEntityProfile.CLEARTEXTPASSWORD,0).equals(EndEntityProfile.FALSE)){ 977 fullfillsprofile=false; 978 } 979 980 if(!fullfillsprofile) 981 throw new UserDoesntFullfillEndEntityProfile("Password doesn't fullfill profile."); 982 } 983 984 public Object clone() throws CloneNotSupportedException { 985 EndEntityProfile clone = new EndEntityProfile(); 986 HashMap clonedata = (HashMap ) clone.saveData(); 987 988 Iterator i = (data.keySet()).iterator(); 989 while(i.hasNext()){ 990 Object key = i.next(); 991 clonedata.put(key,data.get(key)); 992 } 993 994 clone.loadData(clonedata); 995 return clone; 996 } 997 998 999 public float getLatestVersion(){ 1000 return LATEST_VERSION; 1001 } 1002 1003 1004 1005 public void upgrade() { 1006 log.debug(">upgrade"); 1007 if(Float.compare(LATEST_VERSION, getVersion()) != 0) { 1008 String msg = intres.getLocalizedMessage("ra.eeprofileupgrade", new Float (getVersion())); 1009 log.info(msg); 1010 if(getVersion() < 1){ 1012 ArrayList numberarray = (ArrayList ) data.get(NUMBERARRAY); 1013 while(numberarray.size() < 37){ 1014 numberarray.add(new Integer (0)); 1015 } 1016 data.put(NUMBERARRAY,numberarray); 1017 } 1018 if(getVersion() < 2){ 1019 ArrayList numberarray = (ArrayList ) data.get(NUMBERARRAY); 1020 while(numberarray.size() < 39){ 1021 numberarray.add(new Integer (0)); 1022 } 1023 data.put(NUMBERARRAY,numberarray); 1024 1025 addField(AVAILCAS); 1026 addField(DEFAULTCA); 1027 setRequired(AVAILCAS,0,true); 1028 setRequired(DEFAULTCA,0,true); 1029 } 1030 if(getVersion() < 3){ 1031 setNotificationSubject(""); 1032 setNotificationSender(""); 1033 setNotificationMessage(""); 1034 } 1035 1036 if(getVersion() < 4){ 1037 ArrayList numberoffields = (ArrayList ) data.get(NUMBERARRAY); 1038 for(int i =numberoffields.size(); i < dataConstants.size(); i++){ 1039 numberoffields.add(new Integer (0)); 1040 } 1041 data.put(NUMBERARRAY,numberoffields); 1042 } 1043 if (getVersion() < 5) { 1045 addField(DnComponents.DIRECTORYNAME); 1046 setValue(DnComponents.DIRECTORYNAME,0,""); 1047 setRequired(DnComponents.DIRECTORYNAME,0,false); 1048 setUse(DnComponents.DIRECTORYNAME,0,true); 1049 setModifyable(DnComponents.DIRECTORYNAME,0,true); 1050 } 1051 if (getVersion() < 6) { 1053 ArrayList numberoffields = (ArrayList ) data.get(NUMBERARRAY); 1054 for(int i =numberoffields.size(); i < dataConstants.size(); i++){ 1055 numberoffields.add(new Integer (0)); 1056 } 1057 data.put(NUMBERARRAY,numberoffields); 1058 data.put(SUBJECTDIRATTRFIELDORDER,new ArrayList ()); 1059 1060 for(int i=getParameterNumber(DnComponents.DATEOFBIRTH); i <= getParameterNumber(DnComponents.COUNTRYOFRESIDENCE); i++){ 1061 addField(getParameter(i)); 1062 setValue(getParameter(i),0,""); 1063 setRequired(getParameter(i),0,false); 1064 setUse(getParameter(i),0,false); 1065 setModifyable(getParameter(i),0,true); 1066 } 1067 1068 } 1069 data.put(VERSION, new Float (LATEST_VERSION)); 1070 } 1071 log.debug("<upgrade"); 1072 } 1073 1074 1075 public static boolean isFieldImplemented(int field) { 1076 String f = getParameter(field); 1077 if (f == null) { 1078 log.info("isFieldImplemented got call for non-implemented field: "+field); 1079 return false; 1080 } 1081 return isFieldImplemented(f); 1082 } 1083 public static boolean isFieldImplemented(String field) { 1084 boolean ret = true; 1085 if(field.equals(DnComponents.OTHERNAME) 1086 || field.equals(DnComponents.X400ADDRESS) 1087 || field.equals(DnComponents.EDIPARTNAME) 1088 || field.equals(DnComponents.REGISTEREDID)) { 1089 log.info("isFieldImplemented got call for non-implemented field: "+field); 1090 ret = false; 1091 } 1092 return ret; 1093 } 1094 1095 public static boolean isFieldOfType(int fieldNumber, String fieldString) { 1096 boolean ret = false; 1097 int number = getParameterNumber(fieldString); 1098 if (fieldNumber == number) { 1099 ret = true; 1100 } 1101 return ret; 1102 } 1103 1104 1105 1109 1110 1114 private void checkIfDomainFullfillProfile(String field, int number, String nameAndDomain, String text) throws UserDoesntFullfillEndEntityProfile { 1115 1116 if(!nameAndDomain.trim().equals("") && nameAndDomain.indexOf('@') == -1) 1117 throw new UserDoesntFullfillEndEntityProfile("Invalid " + text + ". There must have '@' in the field."); 1118 1119 String domain = nameAndDomain.substring(nameAndDomain.indexOf('@') + 1); 1120 1121 if(!getUse(field,number) && !nameAndDomain.trim().equals("")) 1122 throw new UserDoesntFullfillEndEntityProfile(text + " cannot be used in end entity profile."); 1123 1124 if(!isModifyable(field,number) && !nameAndDomain.equals("")){ 1125 String [] values; 1126 try{ 1127 values = getValue(field, number).split(SPLITCHAR); 1128 }catch(Exception e){ 1129 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 1130 } 1131 boolean exists = false; 1132 for(int i = 0; i < values.length ; i++){ 1133 if(domain.equals(values[i].trim())) 1134 exists = true; 1135 } 1136 if(!exists) 1137 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " data didn't match requirement of end entity profile."); 1138 } 1139 } 1140 1141 private void checkForIllegalChars(String str) throws UserDoesntFullfillEndEntityProfile { 1142 if (StringTools.hasSqlStripChars(str)) { 1143 throw new UserDoesntFullfillEndEntityProfile("Invalid " + str + ". Contains illegal characters."); 1144 } 1145 } 1146 1150 private void checkIfISO3166FullfillProfile(String field, int number, String country, String text) throws UserDoesntFullfillEndEntityProfile { 1151 1152 if(!country.trim().equals("") && country.trim().length() != 2) 1153 throw new UserDoesntFullfillEndEntityProfile("Invalid " + text + ". Must be of length two."); 1154 1155 if(!getUse(field,number) && !country.trim().equals("")) 1156 throw new UserDoesntFullfillEndEntityProfile(text + " cannot be used in end entity profile."); 1157 1158 if(!isModifyable(field,number) && !country.trim().equals("")){ 1159 String [] values; 1160 try{ 1161 values = getValue(field, number).split(SPLITCHAR); 1162 }catch(Exception e){ 1163 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 1164 } 1165 boolean exists = false; 1166 for(int i = 0; i < values.length ; i++){ 1167 if(country.equals(values[i].trim())) 1168 exists = true; 1169 } 1170 if(!exists) 1171 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " data didn't match requirement of end entity profile."); 1172 } 1173 } 1174 1175 1179 private void checkIfGenderFullfillProfile(String field, int number, String gender, String text) throws UserDoesntFullfillEndEntityProfile { 1180 1181 if(!gender.trim().equals("") && !(gender.equalsIgnoreCase("m") || gender.equalsIgnoreCase("f"))) 1182 throw new UserDoesntFullfillEndEntityProfile("Invalid " + text + ". Must be M or F."); 1183 1184 if(!getUse(field,number) && !gender.trim().equals("")) 1185 throw new UserDoesntFullfillEndEntityProfile(text + " cannot be used in end entity profile."); 1186 1187 if(!isModifyable(field,number) && !gender.trim().equals("")){ 1188 String [] values; 1189 try{ 1190 values = getValue(field, number).split(SPLITCHAR); 1191 }catch(Exception e){ 1192 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 1193 } 1194 boolean exists = false; 1195 for(int i = 0; i < values.length ; i++){ 1196 if(gender.equals(values[i].trim())) 1197 exists = true; 1198 } 1199 if(!exists) 1200 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " data didn't match requirement of end entity profile."); 1201 } 1202 } 1203 1204 1208 private void checkIfDateFullfillProfile(String field, int number, String date, String text) throws UserDoesntFullfillEndEntityProfile { 1209 1210 if(!date.trim().equals("") && date.trim().length() != 8) 1211 throw new UserDoesntFullfillEndEntityProfile("Invalid " + text + ". Must be of length eight."); 1212 if(!date.trim().equals("") && !StringUtils.isNumeric(date.trim())) 1213 throw new UserDoesntFullfillEndEntityProfile("Invalid " + text + ". Must be only numbers."); 1214 1215 if(!getUse(field,number) && !date.trim().equals("")) 1216 throw new UserDoesntFullfillEndEntityProfile(text + " cannot be used in end entity profile."); 1217 1218 if(!isModifyable(field,number) && !date.trim().equals("")){ 1219 String [] values; 1220 try{ 1221 values = getValue(field, number).split(SPLITCHAR); 1222 }catch(Exception e){ 1223 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 1224 } 1225 boolean exists = false; 1226 for(int i = 0; i < values.length ; i++){ 1227 if(date.equals(values[i].trim())) 1228 exists = true; 1229 } 1230 if(!exists) 1231 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " data didn't match requirement of end entity profile."); 1232 } 1233 } 1234 1235 private void checkIfDataFullfillProfile(String field, int number, String data, String text, String email) throws UserDoesntFullfillEndEntityProfile { 1236 1237 if(data == null && !field.equals(EMAIL)) 1238 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " cannot be null."); 1239 1240 if(data !=null) 1241 if(!getUse(field,number) && !data.trim().equals("")) 1242 throw new UserDoesntFullfillEndEntityProfile(text + " cannot be used in end entity profile."); 1243 1244 if(field.equals(DnComponents.DNEMAIL) || field.equals(DnComponents.RFC822NAME)){ 1245 if(isRequired(field,number)){ 1246 if(!data.trim().equals(email.trim())) 1247 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " data didn't match Email field."); 1248 } 1249 } 1250 else{ 1251 if(!isModifyable(field,number)){ 1252 String [] values; 1253 try{ 1254 values = getValue(field, number).split(SPLITCHAR); 1255 }catch(Exception e){ 1256 throw new UserDoesntFullfillEndEntityProfile("Error parsing end entity profile."); 1257 } 1258 boolean exists = false; 1259 for(int i = 0; i < values.length ; i++){ 1260 if(data.equals(values[i].trim())) 1261 exists = true; 1262 } 1263 if(!exists) 1264 throw new UserDoesntFullfillEndEntityProfile("Field " + text + " data didn't match requirement of end entity profile."); 1265 } 1266 } 1267 } 1268 1269 private void checkIfAllRequiredFieldsExists(DNFieldExtractor subjectdnfields, DNFieldExtractor subjectaltnames, DNFieldExtractor subjectdirattrs, String username, String email) throws UserDoesntFullfillEndEntityProfile{ 1270 int size; 1271 1272 if(isRequired(USERNAME,0)){ 1274 if(username == null || username.trim().equals("")) 1275 throw new UserDoesntFullfillEndEntityProfile("Username cannot be empty or null."); 1276 } 1277 1278 if(isRequired(EMAIL,0)){ 1280 if(email == null || email.trim().equals("")) 1281 throw new UserDoesntFullfillEndEntityProfile("Email address cannot be empty or null."); 1282 } 1283 1284 1285 String [] dnfields = getSubjectDNProfileFields(); 1287 Integer [] dnFieldExtractorIds = (Integer [])DnComponents.getDnDnIds().toArray(new Integer [0]); 1288 for(int i = 0; i < dnfields.length; i++){ 1289 if(getReverseFieldChecks()){ 1290 int nof = subjectdnfields.getNumberOfFields(dnFieldExtractorIds[i].intValue()); 1291 int numRequiredFields = getNumberOfRequiredFields(dnfields[i]); 1292 if(nof < numRequiredFields){ 1293 throw new UserDoesntFullfillEndEntityProfile("Subject DN field '" + dnfields[i] + "' must exist."); 1294 } 1295 }else{ 1296 size = getNumberOfField(dnfields[i]); 1297 for(int j = 0; j < size; j++){ 1298 if(isRequired(dnfields[i],j)) 1299 if(subjectdnfields.getField(dnFieldExtractorIds[i].intValue(),j).trim().equals("")) 1300 throw new UserDoesntFullfillEndEntityProfile("Subject DN field '" + dnfields[i] + "' must exist."); 1301 } 1302 } 1303 } 1304 1305 1306 1307 String [] altnamefields = getSubjectAltnameProfileFields(); 1309 Integer [] altNameFieldExtractorIds = (Integer [])DnComponents.getAltNameDnIds().toArray(new Integer [0]); 1310 for(int i = 0; i < altnamefields.length; i++){ 1311 if(getReverseFieldChecks()){ 1312 int nof = subjectaltnames.getNumberOfFields(altNameFieldExtractorIds[i].intValue()); 1313 int numRequiredFields = getNumberOfRequiredFields(altnamefields[i]); 1314 if(nof < numRequiredFields){ 1315 throw new UserDoesntFullfillEndEntityProfile("Subject Alternative Name field '" + altnamefields[i] + "' must exist."); 1316 } 1317 }else{ 1318 size = getNumberOfField(altnamefields[i]); 1319 for(int j = 0; j < size; j++){ 1320 if(isRequired(altnamefields[i],j)) 1321 if(subjectaltnames.getField(altNameFieldExtractorIds[i].intValue(),j).trim().equals("")) 1322 throw new UserDoesntFullfillEndEntityProfile("Subject Alterntive Name field '" + altnamefields[i] + "' must exist."); 1323 } 1324 } 1325 } 1326 1327 String [] dirattrfields = getSubjectDirAttrProfileFields(); 1329 Integer [] dirAttrFieldExtractorIds = (Integer [])DnComponents.getDirAttrDnIds().toArray(new Integer [0]); 1330 for(int i = 0; i < dirattrfields.length; i++){ 1331 size = getNumberOfField(dirattrfields[i]); 1332 for(int j = 0; j < size; j++){ 1333 if(isRequired(dirattrfields[i],j)) 1334 if(subjectdirattrs.getField(dirAttrFieldExtractorIds[i].intValue(),j).trim().equals("")) 1335 throw new UserDoesntFullfillEndEntityProfile("Subject Directory Attribute field '" + dirattrfields[i] + "' must exist."); 1336 } 1337 } 1338 1339 } 1340 1341 1346 private int getNumberOfRequiredFields(String field) { 1347 int retval = 0; 1348 int size = getNumberOfField(field); 1349 for(int j = 0; j < size; j++){ 1350 if(isRequired(field,j)){ 1351 retval++; 1352 } 1353 } 1354 1355 return retval; 1356 } 1357 1358 private void checkIfForIllegalNumberOfFields(DNFieldExtractor subjectdnfields, DNFieldExtractor subjectaltnames, DNFieldExtractor subjectdirattrs) throws UserDoesntFullfillEndEntityProfile{ 1359 1360 String [] dnfields = getSubjectDNProfileFields(); 1362 Integer [] dnFieldExtractorIds = (Integer [])DnComponents.getDnDnIds().toArray(new Integer [0]); 1363 for(int i = 0; i < dnfields.length; i++){ 1364 if(getNumberOfField(dnfields[i]) < subjectdnfields.getNumberOfFields(dnFieldExtractorIds[i].intValue())) 1365 throw new UserDoesntFullfillEndEntityProfile("Wrong number of " + dnfields[i] + " fields in Subject DN."); 1366 } 1367 1368 String [] altnamefields = getSubjectAltnameProfileFields(); 1370 Integer [] altNameFieldExtractorIds = (Integer [])DnComponents.getAltNameDnIds().toArray(new Integer [0]); 1371 for(int i = 0; i < altnamefields.length; i++){ 1372 if(getNumberOfField(altnamefields[i]) < subjectaltnames.getNumberOfFields(altNameFieldExtractorIds[i].intValue())) 1373 throw new UserDoesntFullfillEndEntityProfile("Wrong number of " + altnamefields[i] + " fields in Subject Alternative Name."); 1374 } 1375 1376 String [] dirattrfields = getSubjectDirAttrProfileFields(); 1378 Integer [] dirAttrFieldExtractorIds = (Integer [])DnComponents.getDirAttrDnIds().toArray(new Integer [0]); 1379 for(int i = 0; i < dirattrfields.length; i++){ 1380 if(getNumberOfField(dirattrfields[i]) < subjectdirattrs.getNumberOfFields(dirAttrFieldExtractorIds[i].intValue())) 1381 throw new UserDoesntFullfillEndEntityProfile("Wrong number of " + dirattrfields[i] + " fields in Subject Directory Attributes."); 1382 } 1383 } 1384 1385 1388 private static int getParameterNumber(String parameter) { 1389 Integer number = (Integer )dataConstants.get(parameter); 1390 if (number != null) { 1391 return number.intValue(); 1392 } 1393 log.error("No parameter number for "+parameter); 1394 return -1; 1395 } 1396 1399 private static String getParameter(int parameterNumber) { 1400 Set set = dataConstants.entrySet(); 1401 Iterator iter = set.iterator(); 1402 String ret = null; 1403 while (iter.hasNext() && ret == null) { 1404 Map.Entry entry = (Map.Entry )iter.next(); 1405 Integer val = (Integer )entry.getValue(); 1406 if (val.intValue() == parameterNumber) { 1407 ret = (String )entry.getKey(); 1408 } 1409 } 1410 if (ret == null) { 1411 log.error("No parameter for "+parameterNumber); 1412 } 1413 return ret; 1414 } 1415 1416 private void incrementFieldnumber(int parameter){ 1417 ArrayList numberarray = (ArrayList ) data.get(NUMBERARRAY); 1418 numberarray.set(parameter, new Integer (((Integer ) numberarray.get(parameter)).intValue() + 1)); 1419 } 1420 1421 private void decrementFieldnumber(int parameter){ 1422 ArrayList numberarray = (ArrayList ) data.get(NUMBERARRAY); 1423 numberarray.set(parameter, new Integer (((Integer ) numberarray.get(parameter)).intValue() - 1)); 1424 } 1425 1426 1427 1428 private static final int FIELDBOUNDRARY = 10000; 1430 private static final int NUMBERBOUNDRARY = 100; 1431 1432 1433 public static String [] getSubjectDNProfileFields() { 1434 return (String [])DnComponents.getDnProfileFields().toArray(new String [0]); 1435 } 1436 1437 public static String [] getSubjectAltnameProfileFields() { 1438 return (String [])DnComponents.getAltNameFields().toArray(new String [0]); 1439 } 1440 1441 public static String [] getSubjectDirAttrProfileFields() { 1442 return (String [])DnComponents.getDirAttrFields().toArray(new String [0]); 1443 } 1444 1445 1446 private static final String NUMBERARRAY = "NUMBERARRAY"; 1447 private static final String SUBJECTDNFIELDORDER = "SUBJECTDNFIELDORDER"; 1448 private static final String SUBJECTALTNAMEFIELDORDER = "SUBJECTALTNAMEFIELDORDER"; 1449 private static final String SUBJECTDIRATTRFIELDORDER = "SUBJECTDIRATTRFIELDORDER"; 1450 1451 private static final String NOTIFICATIONSENDER = "NOTIFICATIONSENDER"; 1452 private static final String NOTIFICATIONSUBJECT = "NOTIFICATIONSSUBJECT"; 1453 private static final String NOTIFICATIONMESSAGE = "NOTIFICATIONSMESSAGE"; 1454 1455 private static final String REUSECERTIFICATE = "REUSECERTIFICATE"; 1456 private static final String REVERSEFFIELDCHECKS = "REVERSEFFIELDCHECKS"; 1457 1458 private static final String PRINTINGUSE = "PRINTINGUSE"; 1459 private static final String PRINTINGDEFAULT = "PRINTINGDEFAULT"; 1460 private static final String PRINTINGREQUIRED = "PRINTINGREQUIRED"; 1461 private static final String PRINTINGCOPIES = "PRINTINGCOPIES"; 1462 private static final String PRINTINGPRINTERNAME = "PRINTINGPRINTERNAME"; 1463 private static final String PRINTINGSVGFILENAME = "PRINTINGSVGFILENAME"; 1464 private static final String PRINTINGSVGDATA = "PRINTINGSVGDATA"; 1465 1467 1468} 1469 | Popular Tags |