1 13 14 package org.ejbca.ui.web.admin.cainterface; 15 16 import java.io.InputStream ; 17 import java.io.Serializable ; 18 import java.security.cert.CertPathValidatorException ; 19 import java.security.cert.Certificate ; 20 import java.security.cert.X509Certificate ; 21 import java.util.Collection ; 22 import java.util.HashMap ; 23 import java.util.Iterator ; 24 import java.util.List ; 25 26 import org.bouncycastle.jce.PKCS10CertificationRequest; 27 import org.ejbca.core.EjbcaException; 28 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 29 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 30 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 31 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 32 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal; 33 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 34 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 35 import org.ejbca.core.model.ca.caadmin.CADoesntExistsException; 36 import org.ejbca.core.model.ca.caadmin.CAExistsException; 37 import org.ejbca.core.model.ca.caadmin.CAInfo; 38 import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceInfo; 39 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo; 40 import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo; 41 import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo; 42 import org.ejbca.core.model.ca.catoken.CATokenAuthenticationFailedException; 43 import org.ejbca.core.model.ca.catoken.CATokenOfflineException; 44 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 45 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 46 import org.ejbca.core.model.log.Admin; 47 import org.ejbca.core.protocol.IRequestMessage; 48 import org.ejbca.core.protocol.IResponseMessage; 49 import org.ejbca.core.protocol.PKCS10RequestMessage; 50 import org.ejbca.core.protocol.X509ResponseMessage; 51 import org.ejbca.ui.web.admin.configuration.EjbcaWebBean; 52 import org.ejbca.ui.web.admin.configuration.InformationMemory; 53 import org.ejbca.util.CertTools; 54 55 61 public class CADataHandler implements Serializable { 62 63 64 65 public CADataHandler(Admin administrator, 66 ICAAdminSessionLocal caadminsession, 67 IUserAdminSessionLocal adminsession, 68 IRaAdminSessionLocal raadminsession, 69 ICertificateStoreSessionLocal certificatesession, 70 IAuthorizationSessionLocal authorizationsession, 71 ISignSessionLocal signsession, 72 EjbcaWebBean ejbcawebbean) { 73 74 this.caadminsession = caadminsession; 75 this.authorizationsession = authorizationsession; 76 this.adminsession = adminsession; 77 this.certificatesession = certificatesession; 78 this.raadminsession = raadminsession; 79 this.administrator = administrator; 80 this.signsession = signsession; 81 this.info = ejbcawebbean.getInformationMemory(); 82 this.ejbcawebbean = ejbcawebbean; 83 } 84 85 88 public void createCA(CAInfo cainfo) throws CAExistsException, CATokenOfflineException, CATokenAuthenticationFailedException, AuthorizationDeniedException{ 89 caadminsession.createCA(administrator, cainfo); 90 info.cAsEdited(); 91 } 92 93 96 public void importCAFromKeyStore(String caname, byte[] p12file, char[] keystorepass, char[] privkeypass, String privateSignatureKeyAlias, 97 String privateEncryptionKeyAlias) throws Exception { 98 caadminsession.importCAFromKeyStore(administrator, caname, p12file, keystorepass, privkeypass, privateSignatureKeyAlias, privateEncryptionKeyAlias); 99 info.cAsEdited(); 100 } 101 102 105 public void editCA(CAInfo cainfo) throws AuthorizationDeniedException{ 106 caadminsession.editCA(administrator, cainfo); 107 info.cAsEdited(); 108 } 109 110 113 public boolean removeCA(int caid) throws AuthorizationDeniedException{ 114 115 boolean caidexits = this.adminsession.checkForCAId(administrator, caid) || 116 this.certificatesession.existsCAInCertificateProfiles(administrator, caid) || 117 this.raadminsession.existsCAInEndEntityProfiles(administrator, caid) || 118 this.authorizationsession.existsCAInRules(administrator, caid); 119 120 if(!caidexits){ 121 caadminsession.removeCA(administrator, caid); 122 info.cAsEdited(); 123 } 124 125 return !caidexits; 126 } 127 128 131 public void renameCA(String oldname, String newname) throws CAExistsException, AuthorizationDeniedException{ 132 caadminsession.renameCA(administrator, oldname, newname); 133 info.cAsEdited(); 134 } 135 136 139 public CAInfoView getCAInfo(String name) throws Exception { 140 CAInfoView cainfoview = null; 141 CAInfo cainfo = caadminsession.getCAInfo(administrator, name); 142 if(cainfo != null) 143 cainfoview = new CAInfoView(cainfo, ejbcawebbean, info.getPublisherIdToNameMap()); 144 145 return cainfoview; 146 } 147 148 151 public CAInfoView getCAInfo(int caid) throws Exception { 152 CAInfoView cainfoview = null; 154 CAInfo cainfo = caadminsession.getCAInfo(administrator, caid); 155 if(cainfo != null) 156 cainfoview = new CAInfoView(cainfo, ejbcawebbean, info.getPublisherIdToNameMap()); 157 158 return cainfoview; 159 } 160 161 164 public HashMap getCAIdToNameMap(){ 165 return info.getCAIdToNameMap(); 166 } 167 168 171 public PKCS10CertificationRequest makeRequest(int caid, Collection cachain, boolean setstatustowaiting) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException , CATokenOfflineException{ 172 173 PKCS10RequestMessage result = (PKCS10RequestMessage) caadminsession.makeRequest(administrator, caid,cachain,setstatustowaiting); 174 return result.getCertificationRequest(); 175 } 176 177 180 public void receiveResponse(int caid, InputStream is) throws Exception { 181 Collection certs = CertTools.getCertsFromPEM(is); 182 Iterator iter = certs.iterator(); 183 Certificate cert = (Certificate ) iter.next(); 184 X509ResponseMessage resmes = new X509ResponseMessage(); 185 resmes.setCertificate(cert); 186 187 caadminsession.receiveResponse(administrator, caid, resmes); 188 info.cAsEdited(); 189 } 190 191 194 public Certificate processRequest(CAInfo cainfo, IRequestMessage requestmessage) throws Exception { 195 Certificate returnval = null; 196 IResponseMessage result = caadminsession.processRequest(administrator, cainfo, requestmessage); 197 if(result instanceof X509ResponseMessage){ 198 returnval = ((X509ResponseMessage) result).getCertificate(); 199 } 200 info.cAsEdited(); 201 202 return returnval; 203 } 204 205 208 public void renewCA(int caid, IResponseMessage responsemessage, boolean regenerateKeys) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException , CATokenOfflineException{ 209 caadminsession.renewCA(administrator, caid, responsemessage,regenerateKeys ); 210 info.cAsEdited(); 211 } 212 213 216 public void revokeCA(int caid, int reason) throws CADoesntExistsException, AuthorizationDeniedException { 217 caadminsession.revokeCA(administrator, caid, reason); 218 info.cAsEdited(); 219 } 220 221 224 public void publishCA(int caid){ 225 CAInfo cainfo = caadminsession.getCAInfo(administrator, caid); 226 CertificateProfile certprofile = certificatesession.getCertificateProfile(administrator, cainfo.getCertificateProfileId()); 227 Collection publishers = cainfo.getCRLPublishers(); 230 publishers.addAll(certprofile.getPublisherList()); 231 signsession.publishCACertificate(administrator, cainfo.getCertificateChain(), publishers); 232 233 Iterator iter = cainfo.getExtendedCAServiceInfos().iterator(); 235 while(iter.hasNext()){ 236 ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next(); 237 if(next instanceof OCSPCAServiceInfo){ 238 List ocspcert = ((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath(); 239 if (ocspcert != null) { 240 signsession.publishCACertificate(administrator, ocspcert, publishers); 241 } 242 } 243 if(next instanceof XKMSCAServiceInfo){ 244 List xkmscert = ((XKMSCAServiceInfo) next).getXKMSSignerCertificatePath(); 245 if (xkmscert != null) { 246 signsession.publishCACertificate(administrator, xkmscert, publishers); 247 } 248 } 249 if(next instanceof CmsCAServiceInfo){ 250 List cmscert = ((CmsCAServiceInfo) next).getCertificatePath(); 251 if (cmscert != null) { 252 signsession.publishCACertificate(administrator, cmscert, publishers); 253 } 254 } 255 } 256 } 257 258 public void revokeOCSPCertificate(int caid){ 259 CAInfo cainfo = caadminsession.getCAInfo(administrator, caid); 260 Iterator iter = cainfo.getExtendedCAServiceInfos().iterator(); 261 while(iter.hasNext()){ 262 ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next(); 263 if(next instanceof OCSPCAServiceInfo){ 264 X509Certificate ocspcert = (X509Certificate )((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath().get(0); 265 certificatesession.revokeCertificate(administrator,ocspcert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED); 266 } 267 } 268 } 269 270 public void revokeXKMSCertificate(int caid){ 271 CAInfo cainfo = caadminsession.getCAInfo(administrator, caid); 272 Iterator iter = cainfo.getExtendedCAServiceInfos().iterator(); 273 while(iter.hasNext()){ 274 ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next(); 275 if(next instanceof XKMSCAServiceInfo){ 276 X509Certificate xkmscert = (X509Certificate )((XKMSCAServiceInfo) next).getXKMSSignerCertificatePath().get(0); 277 certificatesession.revokeCertificate(administrator,xkmscert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED); 278 } 279 } 280 } 281 282 public void revokeCmsCertificate(int caid){ 283 CAInfo cainfo = caadminsession.getCAInfo(administrator, caid); 284 Iterator iter = cainfo.getExtendedCAServiceInfos().iterator(); 285 while(iter.hasNext()){ 286 ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next(); 287 if(next instanceof CmsCAServiceInfo){ 288 X509Certificate cmscert = (X509Certificate )((CmsCAServiceInfo) next).getCertificatePath().get(0); 289 certificatesession.revokeCertificate(administrator,cmscert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED); 290 } 291 } 292 } 293 294 public void activateCAToken(int caid, String authorizationcode) throws AuthorizationDeniedException, CATokenAuthenticationFailedException, CATokenOfflineException { 295 caadminsession.activateCAToken(administrator,caid,authorizationcode); 296 } 297 298 public void deactivateCAToken(int caid) throws AuthorizationDeniedException, EjbcaException{ 299 caadminsession.deactivateCAToken(administrator, caid); 300 } 301 302 public boolean isCARevoked(CAInfo cainfo){ 303 boolean retval = false; 304 305 if(cainfo != null){ 306 retval = cainfo.getRevokationReason() != RevokedCertInfo.NOT_REVOKED; 307 } 308 return retval; 309 } 310 311 private ICAAdminSessionLocal caadminsession; 312 private Admin administrator; 313 private IAuthorizationSessionLocal authorizationsession; 314 private InformationMemory info; 315 private IUserAdminSessionLocal adminsession; 316 private IRaAdminSessionLocal raadminsession; 317 private ICertificateStoreSessionLocal certificatesession; 318 private EjbcaWebBean ejbcawebbean; 319 private ISignSessionLocal signsession; 320 } 321 | Popular Tags |