Java > Open Source Codes > org > ejbca > ui > cli > InitializeHardTokenIssuing


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.ui.cli;
15
16 import java.io.BufferedReader ;
17 import java.io.FileReader ;
18 import java.util.ArrayList ;
19
20 import javax.naming.Context ;
21 import javax.naming.NamingException ;
22
23 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome;
24 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote;
25 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
26 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
27 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionHome;
28 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionRemote;
29 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
30 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
31 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome;
32 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote;
33 import org.ejbca.core.model.SecConst;
34 import org.ejbca.core.model.authorization.AdminEntity;
35 import org.ejbca.core.model.hardtoken.HardTokenIssuer;
36 import org.ejbca.core.model.hardtoken.profiles.IPINEnvelopeSettings;
37 import org.ejbca.core.model.hardtoken.profiles.SwedishEIDProfile;
38 import org.ejbca.core.model.log.Admin;
39 import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
40 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration;
41
42 /** Class used for easy setup primecard server.
43  *
44  * This isn't used as a commande line but used from withing it's run by the command
45  * ejbca.sh/cmd setup initializehardtokenissuing
46  *
47  * It's main method run sets up:
48  * 1. Sets the global setting use hard token funtionality to true.
49  * 2. A default 'Administrator Token' Hard Profile Token
50  * 3. A default 'Local' Hard Token Issuer with the 'Temporate Super Admin Group' as admin group.
51  * 4. Adds a 'Administrator Token End Entity Profile' End Entity Profile with the following fields:
52  * * CN, required
53  * * 'Administrator Token' as default and available tokens
54  * * 'local' as default and available issuers
55  * * default available CA is taken from parameter to run method
56  *
57  * 5. Adds a user SuperAdminToken with CN=SuperAdminToken with issuer local
58  * 6. Adds SuperAdminToken to Temporate Super Admin Group
59  *
60  * After run have been executed should it be easy to run primecard locally to just issue the first card.
61  *
62  * @author Philip Vendil
63  * @version $Id: InitializeHardTokenIssuing.java,v 1.3 2007/01/03 14:49:35 anatom Exp $
64  *
65  */
66 public class InitializeHardTokenIssuing extends BaseAdminCommand {
67      
68     private static final String SVGPINFILENAME = "src/cli/admincard_pintemplate.svg";
69     
70     private static final String ADMINTOKENPROFILENAME = "Administrator Token Profile";
71     
72     private static final String ISSUERALIAS = "local";
73     
74     private static final String SUPERADMINTOKENNAME = "SuperAdminToken";
75     
76     private static final String ADMINTOKENENDENTITYPROFILE = "Administration Token End Entity Profile";
77         
78     private IRaAdminSessionRemote raadminsession;
79     private IAuthorizationSessionRemote authorizationsession;
80     private IHardTokenSessionRemote hardtokensession;
81     private IUserAdminSessionRemote useradminsession;
82
83     private ICAAdminSessionRemote caadminsession;
84     
85     
86     
87     public InitializeHardTokenIssuing(String [] args){
88       super(args, Admin.TYPE_CACOMMANDLINE_USER, "cli");
89     }
90     
91     public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException{
92         if (args.length < 2) {
93            throw new IllegalAdminCommandException("Usage: SETUP initializehardtokenissuing <caname>\n");
94                                                                                        
95         }
96         String caname = args[1];
97         try{
98           runSetup(caname);
99         }catch(Exception e){
100           throw new ErrorAdminCommandException(e);
101         }
102     }
103                     
104     
105     
106     /**
107      * See class header for explaination.
108      *
109      */
110     private void runSetup(String caname) throws Exception {
111         getOutputStream().println("Adding Hard Token Super Administrator .....\n\n");
112         int caid = this.getCAAdminSession().getCAInfo(administrator, caname).getCAId();
113         int admingroupid = getAuthorizationSession().getAdminGroup(administrator, "Temporary Super Administrator Group", caid).getAdminGroupId();
114         
115         configureGlobalConfiguration();
116         createAdministratorTokenProfile();
117         createLocalHardTokenIssuer(caid, admingroupid);
118         createAdminTokenEndEntityProfile(caid);
119         createSuperAdminTokenUser(caid);
120         addSuperAdminTokenUserToTemporarySuperAdminGroup(caid);
121         
122         getOutputStream().print("A hard token Administrator have been added.\n\n" +
123                          "In order to issue the card. Startup PrimeCard in local mode using\n" +
124                          "the alias 'local'. Then insert an empty token.\n" +
125                          "This Administrator is also a super administrator for the EJBCA installation.\n");
126     }
127     
128     /**
129      * Sets the Issue Hard Tokens flag to true in the system configuration.
130      *
131      * @throws Exception
132      */
133     private void configureGlobalConfiguration() throws Exception {
134       GlobalConfiguration config = getRAAdminSession().loadGlobalConfiguration(administrator);
135       config.setIssueHardwareTokens(true);
136       this.getRAAdminSession().saveGlobalConfiguration(administrator, config);
137     }
138     
139     /**
140      * Creates the 'Administrator Token' Hard Token Profile
141      *
142      * @throws Exception
143      */
144     private void createAdministratorTokenProfile() throws Exception {
145       SwedishEIDProfile admintokenprofile = new SwedishEIDProfile();
146       
147       admintokenprofile.setPINEnvelopeType(IPINEnvelopeSettings.PINENVELOPETYPE_GENERALENVELOBE);
148       
149       BufferedReader br = new BufferedReader (new FileReader (SVGPINFILENAME));
150       String filecontent = "";
151       String nextline = "";
152       while(nextline!=null){
153         nextline = br.readLine();
154         if(nextline != null)
155             filecontent += nextline + "\n";
156       }
157       ((IPINEnvelopeSettings) admintokenprofile).setPINEnvelopeData(filecontent);
158       ((IPINEnvelopeSettings) admintokenprofile).setPINEnvelopeTemplateFilename(SVGPINFILENAME);
159       
160       this.getHardTokenSession().addHardTokenProfile(administrator,ADMINTOKENPROFILENAME, admintokenprofile);
161     }
162     
163     /**
164      * Creates the 'Local' Hard Token Issuer
165      *
166      * @throws Exception
167      */
168     private void createLocalHardTokenIssuer(int caid, int admingroupid) throws Exception {
169       HardTokenIssuer localissuer = new HardTokenIssuer();
170       
171       localissuer.setDescription("Issuer created by installation script, used to create the first administration token");
172       
173       ArrayList availableprofiles = new ArrayList ();
174       availableprofiles.add(new Integer (getHardTokenSession().getHardTokenProfileId(administrator, ADMINTOKENPROFILENAME)));
175       localissuer.setAvailableHardTokenProfiles(availableprofiles);
176               
177       this.getHardTokenSession().addHardTokenIssuer(administrator, ISSUERALIAS, admingroupid, localissuer);
178           
179     }
180
181     /**
182      * Creates the End Entity Profile used for issuing the superadmintoken
183      *
184      * @throws Exception
185      */
186     private void createAdminTokenEndEntityProfile(int caid) throws Exception {
187       int tokenid = getHardTokenSession().getHardTokenProfileId(administrator, ADMINTOKENPROFILENAME);
188       int hardtokenissuerid = getHardTokenSession().getHardTokenIssuerId(administrator, ISSUERALIAS);
189       EndEntityProfile profile = new EndEntityProfile();
190       
191       // Set autogenerated password
192 profile.setUse(EndEntityProfile.PASSWORD,0,false);
193       
194       // Batch
195 profile.setUse(EndEntityProfile.CLEARTEXTPASSWORD,0,true);
196       profile.setRequired(EndEntityProfile.CLEARTEXTPASSWORD,0,true);
197       profile.setValue(EndEntityProfile.CLEARTEXTPASSWORD,0,EndEntityProfile.TRUE);
198       
199       // Set CA
200 profile.setValue(EndEntityProfile.DEFAULTCA,0,"" + caid);
201       profile.setValue(EndEntityProfile.AVAILCAS,0,"" + caid);
202       
203       profile.setValue(EndEntityProfile.DEFAULTCERTPROFILE,0,"" + SecConst.CERTPROFILE_FIXED_ENDUSER);
204       profile.setValue(EndEntityProfile.AVAILCERTPROFILES,0,"" + SecConst.CERTPROFILE_FIXED_ENDUSER + ";" + SecConst.CERTPROFILE_FIXED_HARDTOKENAUTH
205                                                                + ";" + SecConst.CERTPROFILE_FIXED_HARDTOKENAUTHENC + ";" + SecConst.CERTPROFILE_FIXED_HARDTOKENSIGN
206                                                                + ";" + SecConst.CERTPROFILE_FIXED_HARDTOKENENC);
207       
208       // Set Default Token Type
209 profile.setValue(EndEntityProfile.DEFKEYSTORE,0,"" + tokenid);
210       profile.setValue(EndEntityProfile.AVAILKEYSTORE,0,"" + tokenid);
211       
212       // Set Default Issuers
213 profile.setUse(EndEntityProfile.AVAILTOKENISSUER,0,true);
214       
215       profile.setValue(EndEntityProfile.DEFAULTTOKENISSUER,0,"" + hardtokenissuerid);
216       profile.setValue(EndEntityProfile.AVAILTOKENISSUER,0,"" + hardtokenissuerid);
217       
218       // Set Administrator Flag
219 profile.setUse(EndEntityProfile.ADMINISTRATOR,0,true);
220       profile.setRequired(EndEntityProfile.ADMINISTRATOR,0,true);
221       profile.setValue(EndEntityProfile.ADMINISTRATOR,0,EndEntityProfile.TRUE);
222           
223       // Save Profile
224 this.getRAAdminSession().addEndEntityProfile(administrator, ADMINTOKENENDENTITYPROFILE, profile);
225     }
226     
227     /**
228      * Adds a new superadmintoken user to the user database and puts it to the local issuer queue.
229      *
230      * @throws Exception
231      */
232     private void createSuperAdminTokenUser(int caid) throws Exception {
233         int endentityprofileid = getRAAdminSession().getEndEntityProfileId(administrator, ADMINTOKENENDENTITYPROFILE);
234         int certificateprofileid = SecConst.CERTPROFILE_FIXED_ENDUSER;
235         int tokenid = getHardTokenSession().getHardTokenProfileId(administrator, ADMINTOKENPROFILENAME);
236         int hardtokenissuerid = getHardTokenSession().getHardTokenIssuerId(administrator, ISSUERALIAS);
237         
238         this.getUserAdminSession().addUser(administrator,SUPERADMINTOKENNAME, null, "CN=" + SUPERADMINTOKENNAME,
239                                            null,null,true, endentityprofileid, certificateprofileid, 65,
240                                            tokenid, hardtokenissuerid, caid);
241     }
242
243     /**
244      * Adds the new superadmintoken user to the Temporary Super Admin Group
245      *
246      * @throws Exception
247      */
248     private void addSuperAdminTokenUserToTemporarySuperAdminGroup(int caid) throws Exception {
249         ArrayList adminentities = new ArrayList ();
250         adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,SUPERADMINTOKENNAME,caid));
251         getAuthorizationSession().addAdminEntities(administrator, "Temporary Super Administrator Group", caid, adminentities);
252     }
253     
254     
255     private IHardTokenSessionRemote getHardTokenSession() throws Exception {
256         debug(">getHardTokenSession()");
257         try {
258             if( hardtokensession == null ) {
259                Context jndiContext = getInitialContext();
260                Object obj1 = jndiContext.lookup("HardTokenSession");
261                IHardTokenSessionHome homesession = (IHardTokenSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IHardTokenSessionHome.class);
262                hardtokensession = homesession.create();
263             }
264             debug("<getHardTokenSession()");
265             return hardtokensession;
266         } catch (NamingException e ) {
267             error("Can't get hardtoken session", e);
268             throw e;
269         }
270     }
271     
272     private IRaAdminSessionRemote getRAAdminSession() throws Exception {
273         debug(">getRaAdminSession()");
274         try {
275             if( raadminsession == null ) {
276                Context jndiContext = getInitialContext();
277                Object obj1 = jndiContext.lookup("RaAdminSession");
278                IRaAdminSessionHome raadminHomesession = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IRaAdminSessionHome.class);
279                 raadminsession = raadminHomesession.create();
280             }
281             debug("<getRaAdminSession()");
282             return raadminsession;
283         } catch (NamingException e ) {
284             error("Can't get RaAdmin session", e);
285             throw e;
286         }
287     }
288     
289     private IAuthorizationSessionRemote getAuthorizationSession() throws Exception {
290         debug(">getAuthorizationSession()");
291         try {
292             if( authorizationsession == null ) {
293                Context jndiContext = getInitialContext();
294                Object obj1 = jndiContext.lookup("AuthorizationSession");
295                IAuthorizationSessionHome homesession = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IAuthorizationSessionHome.class);
296                authorizationsession = homesession.create();
297             }
298             debug("<getAuthorizationSession()");
299             return authorizationsession;
300         } catch (NamingException e ) {
301             error("Can't get authorization session", e);
302             throw e;
303         }
304     }
305     
306     private IUserAdminSessionRemote getUserAdminSession() throws Exception {
307         debug(">getUserAdminSession()");
308         try {
309             if( useradminsession == null ) {
310                Context jndiContext = getInitialContext();
311                Object obj1 = jndiContext.lookup("UserAdminSession");
312                IUserAdminSessionHome homesession = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionHome.class);
313                useradminsession = homesession.create();
314             }
315             debug("<getUserAdminSession()");
316             return useradminsession;
317         } catch (NamingException e ) {
318             error("Can't get user admin session", e);
319             throw e;
320         }
321     }
322     
323     private ICAAdminSessionRemote getCAAdminSession() throws Exception {
324         debug(">getCAAdminSession()");
325         try {
326             if( caadminsession == null ) {
327                Context jndiContext = getInitialContext();
328                Object obj1 = jndiContext.lookup("CAAdminSession");
329                ICAAdminSessionHome homesession = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, ICAAdminSessionHome.class);
330                caadminsession = homesession.create();
331             }
332             debug("<getCAAdminSession()");
333             return caadminsession;
334         } catch (NamingException e ) {
335             error("Can't get user admin session", e);
336             throw e;
337         }
338     }
339             
340 }
341

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags