1 package org.ejbca.core.protocol.ws; 2 3 import java.io.IOException ; 4 import java.math.BigInteger ; 5 import java.rmi.RemoteException ; 6 import java.security.InvalidAlgorithmParameterException ; 7 import java.security.InvalidKeyException ; 8 import java.security.KeyPair ; 9 import java.security.KeyStoreException ; 10 import java.security.NoSuchAlgorithmException ; 11 import java.security.NoSuchProviderException ; 12 import java.security.cert.CertificateEncodingException ; 13 import java.security.cert.CertificateException ; 14 import java.security.cert.CertificateExpiredException ; 15 import java.security.cert.CertificateNotYetValidException ; 16 import java.security.cert.X509Certificate ; 17 import java.security.spec.InvalidKeySpecException ; 18 import java.util.ArrayList ; 19 import java.util.Collection ; 20 import java.util.Iterator ; 21 import java.util.List ; 22 23 import javax.annotation.Resource; 24 import javax.ejb.CreateException ; 25 import javax.ejb.EJBException ; 26 import javax.ejb.FinderException ; 27 import javax.ejb.ObjectNotFoundException ; 28 import javax.ejb.RemoveException ; 29 import javax.jws.WebService; 30 import javax.naming.Context ; 31 import javax.naming.InitialContext ; 32 import javax.naming.NamingException ; 33 import javax.servlet.http.HttpServletRequest ; 34 import javax.xml.ws.WebServiceContext; 35 import javax.xml.ws.handler.MessageContext; 36 37 import org.apache.log4j.Logger; 38 import org.ejbca.core.EjbcaException; 39 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 40 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome; 41 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 42 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome; 43 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 44 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome; 45 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 46 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome; 47 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal; 48 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocalHome; 49 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal; 50 import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome; 51 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 52 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome; 53 import org.ejbca.core.model.SecConst; 54 import org.ejbca.core.model.approval.ApprovalException; 55 import org.ejbca.core.model.approval.WaitingForApprovalException; 56 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 57 import org.ejbca.core.model.authorization.AvailableAccessRules; 58 import org.ejbca.core.model.ca.AuthLoginException; 59 import org.ejbca.core.model.ca.AuthStatusException; 60 import org.ejbca.core.model.ca.IllegalKeyException; 61 import org.ejbca.core.model.ca.caadmin.CADoesntExistsException; 62 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 63 import org.ejbca.core.model.log.Admin; 64 import org.ejbca.core.model.ra.NotFoundException; 65 import org.ejbca.core.model.ra.UserDataVO; 66 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile; 67 import org.ejbca.core.protocol.PKCS10RequestMessage; 68 import org.ejbca.core.protocol.ws.objects.Certificate; 69 import org.ejbca.core.protocol.ws.objects.KeyStore; 70 import org.ejbca.core.protocol.ws.objects.RevokeStatus; 71 import org.ejbca.core.protocol.ws.objects.UserDataVOWS; 72 import org.ejbca.core.protocol.ws.objects.UserMatch; 73 import org.ejbca.ui.web.RequestHelper; 74 import org.ejbca.util.CertTools; 75 import org.ejbca.util.KeyTools; 76 import org.ejbca.util.query.IllegalQueryException; 77 import org.ejbca.util.query.Query; 78 79 98 99 @WebService 100 public class EjbcaWS { 101 @Resource 102 private WebServiceContext wsContext; 103 104 105 private static final int MAXNUMBEROFROWS = 100; 106 107 private static final Logger log = Logger.getLogger(EjbcaWS.class); 108 127 public void editUser(UserDataVOWS userdata) 128 throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, EjbcaException, ApprovalException, WaitingForApprovalException { 129 130 try{ 131 Admin admin = getAdmin(); 132 UserDataVO userdatavo = convertUserDataVOWS(admin, userdata); 133 134 int caid = userdatavo.getCAId(); 135 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 136 137 if(getUserAdminSession().findUser(admin, userdatavo.getUsername()) != null){ 138 log.debug("User " + userdata.getUsername() + " exists, update the userdata." ); 139 getUserAdminSession().changeUser(admin,userdatavo,userdata.getClearPwd()); 140 }else{ 141 log.debug(" New User " + userdata.getUsername() + ", adding userdata." ); 142 getUserAdminSession().addUser(admin,userdatavo,userdata.getClearPwd()); 143 } 144 }catch(UserDoesntFullfillEndEntityProfile e){ 145 throw e; 146 } catch (ClassCastException e) { 147 log.error("EJBCA WebService error, editUser : ", e); 148 throw new EjbcaException(e.getMessage()); 149 } catch (AuthorizationDeniedException e) { 150 throw e; 151 } catch (CreateException e) { 152 log.error("EJBCA WebService error, editUser : ", e); 153 throw new EjbcaException(e.getMessage()); 154 } catch (NamingException e) { 155 log.error("EJBCA WebService error, editUser : ", e); 156 throw new EjbcaException(e.getMessage()); 157 } catch (FinderException e) { 158 log.error("EJBCA WebService error, editUser : ",e); 159 throw new EjbcaException(e.getMessage()); 160 } 161 } 162 163 164 180 181 public List <UserDataVOWS> findUser(UserMatch usermatch) throws AuthorizationDeniedException, IllegalQueryException, EjbcaException { 182 ArrayList <UserDataVOWS> retval = null; 183 try{ 184 Admin admin = getAdmin(); 185 186 Query query = convertUserMatch(admin, usermatch); 187 188 Collection result = getUserAdminSession().query(admin, query, null,null, MAXNUMBEROFROWS); 189 190 if(result.size() > 0){ 191 retval = new ArrayList <UserDataVOWS>(); 192 Iterator iter = result.iterator(); 193 for(int i=0; i<result.size();i++){ 194 UserDataVO userdata = (UserDataVO) iter.next(); 195 retval.add(convertUserDataVO(admin,userdata)); 196 } 197 } 198 199 }catch(AuthorizationDeniedException e){ 200 throw e; 201 } catch (ClassCastException e) { 202 log.error("EJBCA WebService error, findUser : ",e); 203 throw new EjbcaException(e.getMessage()); 204 } catch (CreateException e) { 205 log.error("EJBCA WebService error, findUser : ",e); 206 throw new EjbcaException(e.getMessage()); 207 } catch (NamingException e) { 208 log.error("EJBCA WebService error, findUser : ",e); 209 throw new EjbcaException(e.getMessage()); 210 } 211 return retval; 212 213 } 214 215 232 233 public List <Certificate > findCerts(String username, boolean onlyValid) 234 throws AuthorizationDeniedException, NotFoundException , EjbcaException { 235 236 List <Certificate > retval = null; 237 try{ 238 Admin admin = getAdmin(); 239 getUserAdminSession().findUser(admin,username); 240 241 Collection certs = getCertStoreSession().findCertificatesByUsername(admin,username); 242 243 if(onlyValid){ 244 certs = returnOnlyValidCertificates(admin,certs); 245 } 246 247 certs = returnOnlyAuthorizedCertificates(admin,certs); 248 249 if(certs.size() > 0){ 250 retval = new ArrayList <Certificate >(); 251 Iterator iter = certs.iterator(); 252 for(int i=0; i < certs.size(); i++){ 253 retval.add(new Certificate ((java.security.cert.Certificate ) iter.next())); 254 } 255 } 256 }catch(AuthorizationDeniedException e){ 257 throw e; 258 } catch (ClassCastException e) { 259 log.error("EJBCA WebService error, findCerts : ",e); 260 throw new EjbcaException(e.getMessage()); 261 } catch (CreateException e) { 262 log.error("EJBCA WebService error, findCerts : ",e); 263 throw new EjbcaException(e.getMessage()); 264 } catch (NamingException e) { 265 log.error("EJBCA WebService error, findCerts : ",e); 266 throw new EjbcaException(e.getMessage()); 267 } catch (FinderException e) { 268 throw new NotFoundException (e.getMessage()); 269 } catch (CertificateEncodingException e) { 270 log.error("EJBCA WebService error, findCerts : ",e); 271 throw new EjbcaException(e.getMessage()); 272 } 273 return retval; 274 } 275 276 277 301 302 public Certificate pkcs10Req(String username, String password, 303 String pkcs10, String hardTokenSN) throws AuthorizationDeniedException, NotFoundException , EjbcaException { 304 305 Certificate retval = null; 306 307 try{ 308 Admin admin = getAdmin(); 309 310 UserDataVO userdata = getUserAdminSession().findUser(admin,username); 312 if(userdata == null){ 313 throw new NotFoundException ("Error: User " + username + " doesn't exist"); 314 } 315 int caid = userdata.getCAId(); 316 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 317 318 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.REGULAR_CREATECERTIFICATE); 319 320 if(userdata.getTokenType() != SecConst.TOKEN_SOFT_BROWSERGEN){ 322 throw new EjbcaException("Error: Wrong Token Type of user, must be 'USERGENERATED' for PKCS10 requests"); 323 } 324 325 PKCS10RequestMessage pkcs10req=RequestHelper.genPKCS10RequestMessageFromPEM(pkcs10.getBytes()); 326 327 java.security.cert.Certificate cert = getSignSession().createCertificate(admin,username,password, pkcs10req.getRequestPublicKey()); 328 retval = new Certificate (cert); 329 330 if(hardTokenSN != null){ 331 getHardTokenSession().addHardTokenCertificateMapping(admin,hardTokenSN,(X509Certificate ) cert); 332 } 333 334 }catch(AuthorizationDeniedException ade){ 335 throw ade; 336 } catch (ClassCastException e) { 337 log.error("EJBCA WebService error, pkcs10Req : ",e); 338 throw new EjbcaException(e.getMessage()); 339 } catch (CreateException e) { 340 log.error("EJBCA WebService error, pkcs10Req : ",e); 341 throw new EjbcaException(e.getMessage()); 342 } catch (NamingException e) { 343 log.error("EJBCA WebService error, pkcs10Req : ",e); 344 throw new EjbcaException(e.getMessage()); 345 } catch (InvalidKeyException e) { 346 log.error("EJBCA WebService error, pkcs10Req : ",e); 347 throw new EjbcaException(e.getMessage()); 348 } catch (ObjectNotFoundException e) { 349 throw new NotFoundException (e.getMessage()); 350 } catch (AuthStatusException e) { 351 log.error("EJBCA WebService error, pkcs10Req : ",e); 352 throw new EjbcaException(e.getMessage()); 353 } catch (AuthLoginException e) { 354 log.error("EJBCA WebService error, pkcs10Req : ",e); 355 throw new EjbcaException(e.getMessage()); 356 } catch (IllegalKeyException e) { 357 log.error("EJBCA WebService error, pkcs10Req : ",e); 358 throw new EjbcaException(e.getMessage()); 359 } catch (CADoesntExistsException e) { 360 log.error("EJBCA WebService error, pkcs10Req : ",e); 361 throw new EjbcaException(e.getMessage()); 362 } catch (NoSuchAlgorithmException e) { 363 log.error("EJBCA WebService error, pkcs10Req : ",e); 364 throw new EjbcaException(e.getMessage()); 365 } catch (NoSuchProviderException e) { 366 log.error("EJBCA WebService error, pkcs10Req : ",e); 367 throw new EjbcaException(e.getMessage()); 368 } catch (CertificateEncodingException e) { 369 log.error("EJBCA WebService error, pkcs10Req : ",e); 370 throw new EjbcaException(e.getMessage()); 371 } catch (FinderException e) { 372 new NotFoundException (e.getMessage()); 373 } 374 375 return retval; 376 377 } 378 379 403 404 public KeyStore pkcs12Req(String username, String password, String hardTokenSN, String keyspec, String keyalg) throws AuthorizationDeniedException, NotFoundException , EjbcaException { 405 KeyStore retval = null; 406 407 try{ 408 Admin admin = getAdmin(); 409 410 UserDataVO userdata = getUserAdminSession().findUser(admin,username); 412 if(userdata == null){ 413 throw new NotFoundException ("Error: User " + username + " doesn't exist"); 414 } 415 int caid = userdata.getCAId(); 416 getAuthorizationSession().isAuthorized(admin,AvailableAccessRules.CAPREFIX +caid); 417 418 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.REGULAR_CREATECERTIFICATE); 419 420 if(userdata.getTokenType() != SecConst.TOKEN_SOFT_P12){ 422 throw new EjbcaException("Error: Wrong Token Type of user, must be 'P12' for PKCS12 requests"); 423 } 424 425 KeyPair keys = KeyTools.genKeys(keyspec, keyalg); 426 X509Certificate cert = (X509Certificate ) getSignSession().createCertificate(admin,username,password, keys.getPublic()); 428 429 Collection chain = getCAAdminSession().getCAInfo(admin, caid).getCertificateChain(); 432 String alias = CertTools.getPartFromDN(CertTools.getSubjectDN(cert), "CN"); 433 if (alias == null){ 434 alias = username; 435 } 436 java.security.KeyStore pkcs12 = KeyTools.createP12(alias, keys.getPrivate(), cert, chain); 437 438 retval = new KeyStore(pkcs12, password); 439 440 if(hardTokenSN != null){ 441 getHardTokenSession().addHardTokenCertificateMapping(admin,hardTokenSN,cert); 442 } 443 444 }catch(AuthorizationDeniedException ade){ 445 throw ade; 446 } catch (ClassCastException e) { 447 log.error("EJBCA WebService error, pkcs12Req : ",e); 448 throw new EjbcaException(e.getMessage()); 449 } catch (CreateException e) { 450 log.error("EJBCA WebService error, pkcs12Req : ",e); 451 throw new EjbcaException(e.getMessage()); 452 } catch (NamingException e) { 453 log.error("EJBCA WebService error, pkcs12Req : ",e); 454 throw new EjbcaException(e.getMessage()); 455 } catch (ObjectNotFoundException e) { 456 log.error("EJBCA WebService error, pkcs12Req : ",e); 457 throw new EjbcaException(e.getMessage()); 458 } catch (AuthStatusException e) { 459 log.error("EJBCA WebService error, pkcs12Req : ",e); 460 throw new EjbcaException(e.getMessage()); 461 } catch (AuthLoginException e) { 462 log.error("EJBCA WebService error, pkcs12Req : ",e); 463 throw new EjbcaException(e.getMessage()); 464 } catch (IllegalKeyException e) { 465 log.error("EJBCA WebService error, pkcs12Req : ",e); 466 throw new EjbcaException(e.getMessage()); 467 } catch (InvalidAlgorithmParameterException e) { 468 log.error("EJBCA WebService error, pkcs12Req : ",e); 469 throw new EjbcaException(e.getMessage()); 470 } catch (CADoesntExistsException e) { 471 log.error("EJBCA WebService error, pkcs12Req : ",e); 472 throw new EjbcaException(e.getMessage()); 473 } catch (NoSuchAlgorithmException e) { 474 log.error("EJBCA WebService error, pkcs12Req : ",e); 475 throw new EjbcaException(e.getMessage()); 476 } catch (NoSuchProviderException e) { 477 log.error("EJBCA WebService error, pkcs12Req : ",e); 478 throw new EjbcaException(e.getMessage()); 479 } catch (CertificateEncodingException e) { 480 log.error("EJBCA WebService error, pkcs12Req : ",e); 481 throw new EjbcaException(e.getMessage()); 482 } catch (FinderException e) { 483 new NotFoundException (e.getMessage()); 484 } catch (KeyStoreException e) { 485 log.error("EJBCA WebService error, pkcs12Req : ",e); 486 throw new EjbcaException(e.getMessage()); 487 } catch (CertificateException e) { 488 log.error("EJBCA WebService error, pkcs12Req : ",e); 489 throw new EjbcaException(e.getMessage()); 490 } catch (InvalidKeySpecException e) { 491 log.error("EJBCA WebService error, pkcs12Req : ",e); 492 throw new EjbcaException(e.getMessage()); 493 } catch (IOException e) { 494 log.error("EJBCA WebService error, pkcs12Req : ",e); 495 throw new EjbcaException(e.getMessage()); 496 } 497 498 return retval; 499 500 } 501 502 518 519 public void revokeCert(String issuerDN, String certificateSN, int reason) throws AuthorizationDeniedException, NotFoundException , EjbcaException { 520 521 try{ 522 Admin admin = getAdmin(); 523 BigInteger serno = new BigInteger (certificateSN,16); 524 String username = getCertStoreSession().findUsernameByCertSerno(admin,serno,issuerDN); 525 526 int caid = CertTools.stringToBCDNString(issuerDN).hashCode(); 528 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 529 530 getUserAdminSession().revokeCert(admin,serno, issuerDN, username, reason); 531 532 }catch(AuthorizationDeniedException e){ 533 throw e; 534 } catch (ClassCastException e) { 535 log.error("EJBCA WebService error, revokeCert : ",e); 536 throw new EjbcaException(e.getMessage()); 537 } catch (CreateException e) { 538 log.error("EJBCA WebService error, revokeCert : ",e); 539 throw new EjbcaException(e.getMessage()); 540 } catch (NamingException e) { 541 log.error("EJBCA WebService error, revokeCert : ",e); 542 throw new EjbcaException(e.getMessage()); 543 } catch (FinderException e) { 544 throw new NotFoundException (e.getMessage()); 545 } 546 } 547 548 565 public void revokeUser(String username, int reason, boolean deleteUser) 566 throws AuthorizationDeniedException, NotFoundException , EjbcaException { 567 568 try{ 569 Admin admin = getAdmin(); 570 571 UserDataVO userdata = getUserAdminSession().findUser(admin,username); 573 if(userdata == null){ 574 throw new NotFoundException ("Error: User " + username + " doesn't exist"); 575 } 576 int caid = userdata.getCAId(); 577 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 578 579 getUserAdminSession().revokeUser(admin,username,reason); 580 if(deleteUser){ 581 getUserAdminSession().deleteUser(admin,username); 582 } 583 }catch(AuthorizationDeniedException e){ 584 throw e; 585 } catch (ClassCastException e) { 586 log.error("EJBCA WebService error, revokeUser : ",e); 587 throw new EjbcaException(e.getMessage()); 588 } catch (CreateException e) { 589 log.error("EJBCA WebService error, revokeUser : ",e); 590 throw new EjbcaException(e.getMessage()); 591 } catch (NamingException e) { 592 log.error("EJBCA WebService error, revokeUser : ",e); 593 throw new EjbcaException(e.getMessage()); 594 } catch (FinderException e) { 595 throw new NotFoundException (e.getMessage()); 596 } catch (NotFoundException e) { 597 throw e; 598 } catch (RemoveException e) { 599 log.error("EJBCA WebService error, revokeUser : ",e); 600 throw new EjbcaException(e.getMessage()); 601 } 602 } 603 604 619 620 public void revokeToken(String hardTokenSN, int reason) 621 throws RemoteException , AuthorizationDeniedException, NotFoundException , EjbcaException { 622 623 try{ 624 Admin admin = getAdmin(); 625 Collection certs = getHardTokenSession().findCertificatesInHardToken(admin,hardTokenSN); 626 Iterator iter = certs.iterator(); 627 String username = null; 628 while(iter.hasNext()){ 629 X509Certificate next = (X509Certificate ) iter.next(); 630 if(username == null){ 631 username = getCertStoreSession().findUsernameByCertSerno(admin,next.getSerialNumber(),next.getIssuerDN().toString()); 632 } 633 634 int caid = CertTools.stringToBCDNString(next.getIssuerDN().toString()).hashCode(); 636 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 637 638 getUserAdminSession().revokeCert(admin,next.getSerialNumber(),next.getIssuerDN().toString(),username,reason); 639 } 640 }catch(AuthorizationDeniedException e){ 641 throw e; 642 } catch (ClassCastException e) { 643 log.error("EJBCA WebService error, revokeToken : ",e); 644 throw new EjbcaException(e.getMessage()); 645 } catch (CreateException e) { 646 log.error("EJBCA WebService error, revokeToken : ",e); 647 throw new EjbcaException(e.getMessage()); 648 } catch (NamingException e) { 649 log.error("EJBCA WebService error, revokeToken : ",e); 650 throw new EjbcaException(e.getMessage()); 651 } catch (FinderException e) { 652 throw new NotFoundException (e.getMessage()); 653 } 654 } 655 656 670 671 public RevokeStatus checkRevokationStatus(String issuerDN, String certificateSN) throws AuthorizationDeniedException, EjbcaException { 672 RevokeStatus retval = null; 673 674 try{ 675 Admin admin = getAdmin(); 676 677 int caid = CertTools.stringToBCDNString(issuerDN).hashCode(); 679 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 680 681 RevokedCertInfo certinfo = getCertStoreSession().isRevoked(admin,issuerDN,new BigInteger (certificateSN,16)); 682 retval = new RevokeStatus(certinfo,issuerDN); 683 }catch(AuthorizationDeniedException ade){ 684 throw ade; 685 } catch (ClassCastException e) { 686 log.error("EJBCA WebService error, checkRevokationStatus : ",e); 687 throw new EjbcaException(e.getMessage()); 688 } catch (CreateException e) { 689 log.error("EJBCA WebService error, checkRevokationStatus : ",e); 690 throw new EjbcaException(e.getMessage()); 691 } catch (NamingException e) { 692 log.error("EJBCA WebService error, checkRevokationStatus : ",e); 693 throw new EjbcaException(e.getMessage()); 694 } 695 return retval; 696 697 } 698 699 700 private Admin getAdmin() throws AuthorizationDeniedException, ClassCastException , CreateException , NamingException { 701 MessageContext msgContext = wsContext.getMessageContext(); 702 HttpServletRequest request = (HttpServletRequest ) msgContext.get(MessageContext.SERVLET_REQUEST); 703 X509Certificate [] certificates = (X509Certificate []) request.getAttribute("javax.servlet.request.X509Certificate"); 704 705 if(certificates == null){ 706 throw new AuthorizationDeniedException("Error no client certificate recieved used for authentication."); 707 } 708 709 Admin admin = new Admin(certificates[0]); 710 getUserAdminSession().checkIfCertificateBelongToAdmin(admin, certificates[0].getSerialNumber(), certificates[0].getIssuerDN().toString()); 712 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.ROLE_ADMINISTRATOR); 713 714 715 RevokedCertInfo revokeResult = getCertStoreSession().isRevoked(new Admin(Admin.TYPE_INTERNALUSER),CertTools.stringToBCDNString(certificates[0].getIssuerDN().toString()), certificates[0].getSerialNumber()); 716 if(revokeResult == null || revokeResult.getReason() != RevokedCertInfo.NOT_REVOKED){ 717 throw new AuthorizationDeniedException("Error Signer certificate doesn't exist or is revoked."); 718 } 719 720 return admin; 721 } 722 723 private UserDataVO convertUserDataVOWS(Admin admin, UserDataVOWS userdata) throws EjbcaException, ClassCastException , CreateException , NamingException { 724 725 int caid = getCAAdminSession().getCAInfo(admin,userdata.getCaName()).getCAId(); 726 if(caid == 0){ 727 throw new EjbcaException("Error CA " + userdata.getCaName() + " doesn't exists."); 728 } 729 730 int endentityprofileid = getRAAdminSession().getEndEntityProfileId(admin,userdata.getEndEntityProfileName()); 731 if(endentityprofileid == 0){ 732 throw new EjbcaException("Error End Entity profile " + userdata.getEndEntityProfileName() + " doesn't exists."); 733 } 734 735 int certificateprofileid = getCertStoreSession().getCertificateProfileId(admin,userdata.getCertificateProfileName()); 736 if(certificateprofileid == 0){ 737 throw new EjbcaException("Error Certificate profile " + userdata.getCertificateProfileName() + " doesn't exists."); 738 } 739 740 int hardtokenissuerid = 0; 741 if(userdata.getHardTokenIssuerName() != null){ 742 hardtokenissuerid = getHardTokenSession().getHardTokenIssuerId(admin,userdata.getHardTokenIssuerName()); 743 if(hardtokenissuerid == 0){ 744 throw new EjbcaException("Error Hard Token Issuer " + userdata.getHardTokenIssuerName() + " doesn't exists."); 745 } 746 } 747 748 int tokenid = getTokenId(admin,userdata.getTokenType()); 749 if(tokenid == 0){ 750 throw new EjbcaException("Error Token Type " + userdata.getTokenType() + " doesn't exists."); 751 } 752 753 UserDataVO userdatavo = new UserDataVO(userdata.getUsername(), 754 userdata.getSubjectDN(), 755 caid, 756 userdata.getSubjectAltName(), 757 userdata.getEmail(), 758 userdata.getStatus(), 759 userdata.getType(), 760 endentityprofileid, 761 certificateprofileid, 762 null, 763 null, 764 tokenid, 765 hardtokenissuerid, 766 null); 767 768 userdatavo.setPassword(userdata.getPassword()); 769 770 return userdatavo; 771 } 772 773 private UserDataVOWS convertUserDataVO(Admin admin, UserDataVO userdata) throws EjbcaException, ClassCastException , CreateException , NamingException { 774 775 String caname = getCAAdminSession().getCAInfo(admin,userdata.getCAId()).getName(); 776 if(caname == null){ 777 throw new EjbcaException("Error CA id " + userdata.getCAId() + " doesn't exists."); 778 } 779 780 String endentityprofilename = getRAAdminSession().getEndEntityProfileName(admin,userdata.getEndEntityProfileId()); 781 if(endentityprofilename == null){ 782 throw new EjbcaException("Error End Entity profile id " + userdata.getEndEntityProfileId() + " doesn't exists."); 783 } 784 785 String certificateprofilename = getCertStoreSession().getCertificateProfileName(admin,userdata.getCertificateProfileId()); 786 if(certificateprofilename == null){ 787 throw new EjbcaException("Error Certificate profile id" + userdata.getCertificateProfileId() + " doesn't exists."); 788 } 789 790 String hardtokenissuername = null; 791 if(userdata.getHardTokenIssuerId() != 0){ 792 hardtokenissuername = getHardTokenSession().getHardTokenIssuerAlias(admin,userdata.getHardTokenIssuerId()); 793 if(hardtokenissuername == null){ 794 throw new EjbcaException("Error Hard Token Issuer id " + userdata.getHardTokenIssuerId() + " doesn't exists."); 795 } 796 } 797 798 String tokenname = getTokenName(admin,userdata.getTokenType()); 799 if(tokenname == null){ 800 throw new EjbcaException("Error Token Type id " + userdata.getTokenType() + " doesn't exists."); 801 } 802 return new UserDataVOWS(userdata.getUsername(),null,false,userdata.getDN(),caname,userdata.getSubjectAltName(),userdata.getEmail(),userdata.getStatus(),tokenname,endentityprofilename,certificateprofilename,hardtokenissuername); 803 } 804 805 815 private Query convertUserMatch(Admin admin, UserMatch usermatch) throws NumberFormatException , ClassCastException , CreateException , NamingException { 816 Query retval = new Query(Query.TYPE_USERQUERY); 817 818 switch(usermatch.getMatchwith()){ 819 case UserMatch.MATCH_WITH_ENDENTITYPROFILE: 820 String endentityprofilename = Integer.toString(getRAAdminSession().getEndEntityProfileId(admin,usermatch.getMatchvalue())); 821 retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),endentityprofilename); 822 break; 823 case UserMatch.MATCH_WITH_CERTIFICATEPROFILE: 824 String certificateprofilename = Integer.toString(getCertStoreSession().getCertificateProfileId(admin,usermatch.getMatchvalue())); 825 retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),certificateprofilename); 826 break; 827 case UserMatch.MATCH_WITH_CA: 828 String caname = Integer.toString(getCAAdminSession().getCAInfo(admin,usermatch.getMatchvalue()).getCAId()); 829 retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),caname); 830 break; 831 case UserMatch.MATCH_WITH_TOKEN: 832 String tokenname = Integer.toString(getTokenId(admin,usermatch.getMatchvalue())); 833 retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),tokenname); 834 break; 835 default: 836 retval.add(usermatch.getMatchwith(),usermatch.getMatchtype(),usermatch.getMatchvalue()); 837 break; 838 } 839 840 841 return retval; 842 } 843 844 851 private Collection returnOnlyValidCertificates(Admin admin, Collection certs) throws ClassCastException , CreateException , NamingException { 852 ArrayList <X509Certificate > retval = new ArrayList <X509Certificate >(); 853 854 Iterator iter = certs.iterator(); 855 while(iter.hasNext()){ 856 X509Certificate next = (X509Certificate ) iter.next(); 857 858 RevokedCertInfo info = getCertStoreSession().isRevoked(admin,next.getIssuerDN().toString(),next.getSerialNumber()); 859 if(info.getReason() == RevokedCertInfo.NOT_REVOKED){ 860 try{ 861 next.checkValidity(); 862 retval.add(next); 863 }catch(CertificateExpiredException e){ 864 }catch (CertificateNotYetValidException e) { 865 } 866 } 867 } 868 869 return retval; 870 } 871 872 private Collection returnOnlyAuthorizedCertificates(Admin admin, Collection certs) { 873 ArrayList <X509Certificate > retval = new ArrayList <X509Certificate >(); 874 875 Iterator iter = certs.iterator(); 876 while(iter.hasNext()){ 877 X509Certificate next = (X509Certificate ) iter.next(); 878 879 try{ 880 int caid = CertTools.stringToBCDNString(next.getIssuerDN().toString()).hashCode(); 882 getAuthorizationSession().isAuthorizedNoLog(admin,AvailableAccessRules.CAPREFIX +caid); 883 retval.add(next); 884 }catch(AuthorizationDeniedException ade){ 885 log.debug("findCerts : not authorized to certificate " + next.getSerialNumber().toString(16)); 886 } 887 } 888 889 return retval; 890 } 891 892 893 private final String [] softtokennames = {UserDataVOWS.TOKEN_TYPE_USERGENERATED,UserDataVOWS.TOKEN_TYPE_P12, 894 UserDataVOWS.TOKEN_TYPE_JKS,UserDataVOWS.TOKEN_TYPE_PEM}; 895 private final int[] softtokenids = {SecConst.TOKEN_SOFT_BROWSERGEN, 896 SecConst.TOKEN_SOFT_P12, SecConst.TOKEN_SOFT_JKS, SecConst.TOKEN_SOFT_PEM}; 897 898 private int getTokenId(Admin admin, String tokenname){ 899 int returnval = 0; 900 901 for(int i=0;i< softtokennames.length;i++){ 903 if(softtokennames[i].equals(tokenname)){ 904 returnval = softtokenids[i]; 905 break; 906 } 907 } 908 909 if (returnval == 0) { 910 returnval = getHardTokenSession().getHardTokenProfileId(admin , tokenname); 911 } 912 913 return returnval; 914 } 915 916 private String getTokenName(Admin admin, int tokenid){ 917 String returnval = null; 918 919 for(int i=0;i< softtokenids.length;i++){ 921 if(softtokenids[i] == tokenid){ 922 returnval = softtokennames[i]; 923 break; 924 } 925 } 926 927 if (returnval == null) { 928 returnval = getHardTokenSession().getHardTokenProfileName(admin , tokenid); 929 } 930 931 return returnval; 932 } 933 934 private ICAAdminSessionLocal caadminsession = null; 935 private ICAAdminSessionLocal getCAAdminSession() throws ClassCastException , CreateException , NamingException { 936 if(caadminsession == null){ 937 Context context = new InitialContext (); 938 caadminsession = ((ICAAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 939 "CAAdminSessionLocal"), ICAAdminSessionLocalHome.class)).create(); 940 } 941 return caadminsession; 942 } 943 944 private IRaAdminSessionLocal raadminsession = null; 945 private IRaAdminSessionLocal getRAAdminSession() throws ClassCastException , CreateException , NamingException { 946 if(raadminsession == null){ 947 Context context = new InitialContext (); 948 raadminsession = ((IRaAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 949 "RaAdminSessionLocal"), IRaAdminSessionLocalHome.class)).create(); 950 } 951 return raadminsession; 952 } 953 954 private ICertificateStoreSessionLocal certificatestoresession = null; 955 private ICertificateStoreSessionLocal getCertStoreSession() throws ClassCastException , CreateException , NamingException { 956 if(certificatestoresession == null){ 957 Context context = new InitialContext (); 958 certificatestoresession = ((ICertificateStoreSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 959 "CertificateStoreSessionLocal"), ICertificateStoreSessionLocalHome.class)).create(); 960 } 961 return certificatestoresession; 962 } 963 964 private ISignSessionLocal signsession = null; 965 private ISignSessionLocal getSignSession() throws ClassCastException , CreateException , NamingException { 966 if(signsession == null){ 967 Context context = new InitialContext (); 968 signsession = ((ISignSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 969 "SignSessionLocal"), ISignSessionLocalHome.class)).create(); 970 } 971 return signsession; 972 } 973 974 private IUserAdminSessionLocal usersession = null; 975 private IUserAdminSessionLocal getUserAdminSession() { 976 try{ 977 if(usersession == null){ 978 Context context = new InitialContext (); 979 usersession = ((IUserAdminSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 980 "UserAdminSessionLocal"), IUserAdminSessionLocalHome.class)).create(); 981 } 982 }catch(Exception e) { 983 log.error("Error instancing User Admin Session Bean",e); 984 throw new EJBException (e); 985 } 986 return usersession; 987 } 988 989 private IHardTokenSessionLocal hardtokensession = null; 990 private IHardTokenSessionLocal getHardTokenSession() { 991 try{ 992 if(hardtokensession == null){ 993 Context context = new InitialContext (); 994 hardtokensession = ((IHardTokenSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 995 "HardTokenSessionLocal"), IHardTokenSessionLocalHome.class)).create(); 996 } 997 }catch(Exception e) { 998 log.error("Error instancing Hard Token Session Bean",e); 999 throw new EJBException (e); 1000 } 1001 return hardtokensession; 1002 } 1003 1004 private IAuthorizationSessionLocal authsession = null; 1005 private IAuthorizationSessionLocal getAuthorizationSession() { 1006 try{ 1007 if(authsession == null){ 1008 Context context = new InitialContext (); 1009 authsession = ((IAuthorizationSessionLocalHome) javax.rmi.PortableRemoteObject.narrow(context.lookup( 1010 "AuthorizationSessionLocal"), IAuthorizationSessionLocalHome.class)).create(); 1011 } 1012 }catch(Exception e) { 1013 log.error("Error instancing Authorization Session Bean",e); 1014 throw new EJBException (e); 1015 } 1016 return authsession; 1017 } 1018 1019 1020} 1021 | Popular Tags |