KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > ui > cli > RaAddUserCommand


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.ui.cli;
15
16 import java.rmi.RemoteException JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.HashMap JavaDoc;
19 import java.util.Iterator JavaDoc;
20
21 import javax.ejb.FinderException JavaDoc;
22 import javax.naming.InitialContext JavaDoc;
23
24 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome;
25 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote;
26 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionHome;
27 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
28 import org.ejbca.core.ejb.ca.store.CertificateDataBean;
29 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
30 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
31 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionHome;
32 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionRemote;
33 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionHome;
34 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionRemote;
35 import org.ejbca.core.model.SecConst;
36 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
37 import org.ejbca.core.model.log.Admin;
38 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration;
39 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile;
40
41
42
43
44 /**
45  * Adds a user to the database.
46  *
47  * @version $Id: RaAddUserCommand.java,v 1.3 2006/09/22 13:05:11 herrvendil Exp $
48  */
49 public class RaAddUserCommand extends BaseRaAdminCommand {
50     
51     private static final String JavaDoc USERGENERATED = "USERGENERATED";
52     private static final String JavaDoc P12 = "P12";
53     private static final String JavaDoc JKS = "JKS";
54     private static final String JavaDoc PEM = "PEM";
55     
56     private final String JavaDoc[] softtokennames = {USERGENERATED,P12,JKS,PEM};
57     private final int[] softtokenids = {SecConst.TOKEN_SOFT_BROWSERGEN,
58             SecConst.TOKEN_SOFT_P12, SecConst.TOKEN_SOFT_JKS, SecConst.TOKEN_SOFT_PEM};
59     
60     /**
61      * Creates a new instance of RaAddUserCommand
62      *
63      * @param args command line arguments
64      */
65     public RaAddUserCommand(String JavaDoc[] args) {
66         super(args);
67     }
68
69     /**
70      * Runs the command
71      *
72      * @throws IllegalAdminCommandException Error in command args
73      * @throws ErrorAdminCommandException Error running command
74      */
75     public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
76         try {
77             InitialContext JavaDoc jndicontext = getInitialContext();
78
79             Object JavaDoc obj1 = jndicontext.lookup("CertificateStoreSession");
80             ICertificateStoreSessionHome certificatesessionhome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1,
81                     ICertificateStoreSessionHome.class);
82             ICertificateStoreSessionRemote certificatesession = certificatesessionhome.create();
83
84             IRaAdminSessionHome raadminsessionhome = (IRaAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("RaAdminSession"),
85                                                                                  IRaAdminSessionHome.class);
86
87             IRaAdminSessionRemote raadminsession = raadminsessionhome.create();
88
89
90             ICAAdminSessionHome caadminsessionhome = (ICAAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("CAAdminSession"),
91                                                                                  ICAAdminSessionHome.class);
92             ICAAdminSessionRemote caadminsession = caadminsessionhome.create();
93
94             IAuthorizationSessionHome authorizationsessionhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("AuthorizationSession"),
95                                                                                  IAuthorizationSessionHome.class);
96             IAuthorizationSessionRemote authorizationsession = authorizationsessionhome.create();
97             
98             
99             GlobalConfiguration globalconfiguration = raadminsession.loadGlobalConfiguration(administrator);
100             boolean usehardtokens = globalconfiguration.getIssueHardwareTokens();
101             boolean usekeyrecovery = globalconfiguration.getEnableKeyRecovery();
102             String JavaDoc[] hardtokenissueraliases = null;
103             Collection JavaDoc authorizedhardtokenprofiles = null;
104             HashMap JavaDoc hardtokenprofileidtonamemap = null;
105
106             IHardTokenSessionRemote hardtokensession=null;
107             if(usehardtokens){
108               IHardTokenSessionHome hardtokensessionhome = (IHardTokenSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("HardTokenSession"),
109                                                                                  IHardTokenSessionHome.class);
110               hardtokensession = hardtokensessionhome.create();
111               hardtokenissueraliases = (String JavaDoc[]) hardtokensession.getHardTokenIssuerAliases(administrator).toArray(new String JavaDoc[0]);
112
113               authorizedhardtokenprofiles = hardtokensession.getAuthorizedHardTokenProfileIds(administrator);
114               hardtokenprofileidtonamemap = hardtokensession.getHardTokenProfileIdToNameMap(administrator);
115             }
116             
117             if ( (args.length < 9) || (args.length > 12) ) {
118                 Collection JavaDoc certprofileids = certificatesession.getAuthorizedCertificateProfileIds(administrator, CertificateDataBean.CERTTYPE_ENDENTITY);
119                 HashMap JavaDoc certificateprofileidtonamemap = certificatesession.getCertificateProfileIdToNameMap(administrator);
120                 
121                 Collection JavaDoc endentityprofileids = raadminsession.getAuthorizedEndEntityProfileIds(administrator);
122                 HashMap JavaDoc endentityprofileidtonamemap = raadminsession.getEndEntityProfileIdToNameMap(administrator);
123                 
124                 Collection JavaDoc caids = authorizationsession.getAuthorizedCAIds(administrator);
125                 HashMap JavaDoc caidtonamemap = caadminsession.getCAIdToNameMap(administrator);
126                 
127                 if( usehardtokens)
128                   getOutputStream().println("Usage: RA adduser <username> <password> <dn> <subjectAltName> <caname> <email> <type> <token> [<certificateprofile>] [<endentityprofile>] [<hardtokenissuer>]");
129                 else
130                   getOutputStream().println("Usage: RA adduser <username> <password> <dn> <subjectAltName> <caname> <email> <type> <token> [<certificateprofile>] [<endentityprofile>] ");
131
132
133                 getOutputStream().println("");
134                 getOutputStream().println("DN is of form \"C=SE, O=MyOrg, OU=MyOrgUnit, CN=MyName\" etc.");
135                 getOutputStream().println(
136                     "SubjectAltName is of form \"rfc822Name=<email>, dNSName=<host name>, uri=<http://host.com/>, ipaddress=<address>, guid=<globally unique id>, directoryName=<LDAP escaped DN>\"");
137                 getOutputStream().println("An LDAP escaped DN is for example:");
138                 getOutputStream().println("DN: CN=Tomas Gustavsson, O=PrimeKey Solutions, C=SE");
139                 getOutputStream().println("LDAP escaped DN: CN=Tomas Gustavsson\\, O=PrimeKey Solutions\\, C=SE");
140
141                 if (usekeyrecovery) {
142                     getOutputStream().println(
143                         "Type (mask): INVALID=0; END-USER=1; ADMINISTRATOR=64; KEYRECOVERABLE=128; SENDNOTIFICATION=256; PRINTUSERDATA=512");
144                 } else {
145                     getOutputStream().println(
146                         "Type (mask): INVALID=0; END-USER=1; ADMINISTRATOR=64; SENDNOTIFICATION=256; PRINTUSERDATA=512");
147                 }
148
149                 getOutputStream().print("Existing tokens : " + USERGENERATED + ", " +
150                                           P12 + ", "+ JKS + ", " + PEM);
151
152                 if (usehardtokens) {
153                   Iterator JavaDoc iter = authorizedhardtokenprofiles.iterator();
154                   while(iter.hasNext()){
155                     getOutputStream().print(", " + hardtokenprofileidtonamemap.get(iter.next()));
156                   }
157                 }
158
159                 getOutputStream().print("\n");
160                 
161                 
162                 getOutputStream().print("Existing cas : ");
163                 boolean first = true;
164                 Iterator JavaDoc iter = caids.iterator();
165                 while(iter.hasNext()){
166                   if(first)
167                     first= false;
168                   else
169                     getOutputStream().print(", ");
170                   getOutputStream().print(caidtonamemap.get(iter.next()));
171                 }
172                 getOutputStream().print("\n");
173                 
174                 getOutputStream().print("Existing certificate profiles : ");
175                 first = true;
176                 iter = certprofileids.iterator();
177                 while(iter.hasNext()){
178                   if(first)
179                     first= false;
180                   else
181                     getOutputStream().print(", ");
182                   getOutputStream().print(certificateprofileidtonamemap.get(iter.next()));
183                 }
184                 getOutputStream().print("\n");
185
186
187                 getOutputStream().print("Existing endentity profiles : ");
188                 first = true;
189                 iter = endentityprofileids.iterator();
190                 while(iter.hasNext()){
191                   if(first)
192                     first= false;
193                   else
194                     getOutputStream().print(", ");
195                   getOutputStream().print(endentityprofileidtonamemap.get(iter.next()));
196                 }
197                 
198                 getOutputStream().print("\n");
199                 if( usehardtokens && hardtokenissueraliases.length > 0){
200                   getOutputStream().print("Existing hardtoken issuers : ");
201                   for(int i=0; i < hardtokenissueraliases.length-1; i++){
202                     getOutputStream().print(hardtokenissueraliases[i] + ", ");
203                   }
204                   getOutputStream().print(hardtokenissueraliases[hardtokenissueraliases.length-1] + "\n");
205                 }
206
207                 getOutputStream().println(
208                     "If the user does not have a SubjectAltName or an email address,\n or you want the password to be auto-generated use the value 'null'. ");
209                 return;
210             }
211
212             String JavaDoc username = args[1];
213             String JavaDoc password = args[2];
214             String JavaDoc dn = args[3];
215             String JavaDoc subjectaltname = args[4];
216             String JavaDoc caname = args[5];
217             String JavaDoc email = args[6];
218             int type = Integer.parseInt(args[7]);
219             String JavaDoc tokenname = args[8];
220             int profileid = SecConst.EMPTY_ENDENTITYPROFILE;
221             int certificatetypeid = SecConst.CERTPROFILE_FIXED_ENDUSER;
222             int hardtokenissuerid = SecConst.NO_HARDTOKENISSUER;
223             boolean error = false;
224             boolean usehardtokenissuer = false;
225
226             int caid = 0;
227             try{
228               caid = caadminsession.getCAInfo(administrator, caname).getCAId();
229             }catch(Exception JavaDoc e){
230             }
231             
232             if(args.length > 9){
233               // Use certificate type, no end entity profile.
234 certificatetypeid = certificatesession.getCertificateProfileId(administrator, args[9]);
235               getOutputStream().println("Using certificate profile: "+args[9]+", with id: "+certificatetypeid);
236             }
237
238             if(args.length > 10){
239               // Use certificate type and end entity profile.
240 profileid = raadminsession.getEndEntityProfileId(administrator, args[10]);
241               getOutputStream().println("Using entity profile: "+args[10]+", with id: "+profileid);
242             }
243
244             if(args.length == 12 && usehardtokens){
245               // Use certificate type, end entity profile and hardtokenisseur.
246 hardtokenissuerid = hardtokensession.getHardTokenIssuerId(administrator,args[11]);
247               usehardtokenissuer = true;
248               getOutputStream().println("Using hard token issuer: "+args[11]+", with id: "+hardtokenissuerid);
249             }
250             
251             int tokenid =getTokenId(administrator, tokenname, usehardtokens, hardtokensession);
252             if (tokenid == 0) {
253                 getOutputStream().println("Error : Invalid token id.");
254                 error = true;
255             }
256
257             if (certificatetypeid == SecConst.PROFILE_NO_PROFILE) { // Certificate profile not found i database.
258 getOutputStream().println("Error : Couldn't find certificate profile in database.");
259                 error = true;
260             }
261
262             if(profileid == 0){ // End entity profile not found i database.
263 getOutputStream().println("Error : Couldn't find end entity profile in database." );
264               error = true;
265             }
266             
267             if(caid == 0){ // CA not found i database.
268 getOutputStream().println("Error : Couldn't find CA in database." );
269               error = true;
270             }
271             
272             if(usehardtokenissuer && hardtokenissuerid == SecConst.NO_HARDTOKENISSUER){
273               getOutputStream().println("Error : Couldn't find hard token issuer in database." );
274               error = true;
275             }
276
277             if ((tokenid > SecConst.TOKEN_SOFT) &&
278                     (hardtokenissuerid == SecConst.NO_HARDTOKENISSUER)) {
279                 getOutputStream().println(
280                     "Error : HardTokenIssuer has to be choosen when user with hard tokens is added.");
281                 error = true;
282             }
283
284             if (email.equalsIgnoreCase("NULL") &&
285                     ((type & SecConst.USER_SENDNOTIFICATION) == SecConst.USER_SENDNOTIFICATION)) {
286                 getOutputStream().println(
287                     "Error : Email field cannot be null when send notification type is given.");
288                 error = true;
289             }
290
291             // Check if username already exists.
292 try {
293                 if (getAdminSession().findUser(administrator, username) != null) {
294                     getOutputStream().println("Error : User already exists in the database.");
295                     error = true;
296                 }
297             } catch (FinderException JavaDoc e) {
298             }
299
300
301             if(!error){
302               getOutputStream().println("Trying to add user:");
303               getOutputStream().println("Username: "+username);
304               getOutputStream().println("Password (hashed only): "+password);
305               getOutputStream().println("DN: "+dn);
306               getOutputStream().println("CA Name: "+caname);
307               getOutputStream().println("SubjectAltName: "+subjectaltname);
308               getOutputStream().println("Email: "+email);
309               getOutputStream().println("Type: "+type);
310               getOutputStream().println("Token: "+tokenname);
311               getOutputStream().println("Certificate profile: "+certificatetypeid);
312               getOutputStream().println("End entity profile: "+profileid);
313               if (password.toUpperCase().equals("NULL"))
314                   password = null;
315               if (subjectaltname.toUpperCase().equals("NULL"))
316                   subjectaltname = null;
317               if (email.toUpperCase().equals("NULL"))
318                   email = null;
319               try{
320                 getAdminSession().addUser(administrator, username, password, dn, subjectaltname, email, false, profileid, certificatetypeid,
321                                          type, tokenid, hardtokenissuerid, caid);
322                 getOutputStream().println("User '"+username+"' has been added.");
323                 getOutputStream().println();
324                 getOutputStream().println("Note: If batch processing should be possible, \nalso use 'ra setclearpwd "+username+" <pwd>'.");
325               }catch(AuthorizationDeniedException e){
326                   getOutputStream().println("Error : " + e.getMessage());
327               }catch(UserDoesntFullfillEndEntityProfile e){
328                  getOutputStream().println("Error : Given userdata doesn't fullfill end entity profile. : " + e.getMessage());
329               }
330             }
331         } catch (Exception JavaDoc e) {
332             throw new ErrorAdminCommandException(e);
333         }
334     }
335
336     // execute
337 /**
338      * Returns the tokenid type of the user, returns 0 if invalid tokenname.
339      */
340     
341     private int getTokenId(Admin administrator, String JavaDoc tokenname, boolean usehardtokens, IHardTokenSessionRemote hardtokensession) throws RemoteException JavaDoc {
342         int returnval = 0;
343         
344         // First check for soft token type
345 for(int i=0;i< softtokennames.length;i++){
346             if(softtokennames[i].equals(tokenname)){
347                 returnval = softtokenids[i];
348                 break;
349             }
350         }
351
352         if (returnval == 0 && usehardtokens) {
353              returnval = hardtokensession.getHardTokenProfileId(administrator , tokenname);
354         }
355
356         return returnval;
357     }
358 }
359
Popular Tags