KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > ui > web > admin > cainterface > CADataHandler


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.ui.web.admin.cainterface;
15
16 import java.io.InputStream JavaDoc;
17 import java.io.Serializable JavaDoc;
18 import java.security.cert.CertPathValidatorException JavaDoc;
19 import java.security.cert.Certificate JavaDoc;
20 import java.security.cert.X509Certificate JavaDoc;
21 import java.util.Collection JavaDoc;
22 import java.util.HashMap JavaDoc;
23 import java.util.Iterator JavaDoc;
24 import java.util.List JavaDoc;
25
26 import org.bouncycastle.jce.PKCS10CertificationRequest;
27 import org.ejbca.core.EjbcaException;
28 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
29 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
30 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
31 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
32 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal;
33 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal;
34 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
35 import org.ejbca.core.model.ca.caadmin.CADoesntExistsException;
36 import org.ejbca.core.model.ca.caadmin.CAExistsException;
37 import org.ejbca.core.model.ca.caadmin.CAInfo;
38 import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceInfo;
39 import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;
40 import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;
41 import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo;
42 import org.ejbca.core.model.ca.catoken.CATokenAuthenticationFailedException;
43 import org.ejbca.core.model.ca.catoken.CATokenOfflineException;
44 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
45 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
46 import org.ejbca.core.model.log.Admin;
47 import org.ejbca.core.protocol.IRequestMessage;
48 import org.ejbca.core.protocol.IResponseMessage;
49 import org.ejbca.core.protocol.PKCS10RequestMessage;
50 import org.ejbca.core.protocol.X509ResponseMessage;
51 import org.ejbca.ui.web.admin.configuration.EjbcaWebBean;
52 import org.ejbca.ui.web.admin.configuration.InformationMemory;
53 import org.ejbca.util.CertTools;
54
55 /**
56  * A class help administrating CAs.
57  *
58  * @author TomSelleck
59  * @version $Id: CADataHandler.java,v 1.7.2.1 2007/04/02 08:22:51 jeklund Exp $
60  */

61 public class CADataHandler implements Serializable JavaDoc {
62
63     
64     /** Creates a new instance of CertificateProfileDataHandler */
65     public CADataHandler(Admin administrator,
66                          ICAAdminSessionLocal caadminsession,
67                          IUserAdminSessionLocal adminsession,
68                          IRaAdminSessionLocal raadminsession,
69                          ICertificateStoreSessionLocal certificatesession,
70                          IAuthorizationSessionLocal authorizationsession,
71                          ISignSessionLocal signsession,
72                          EjbcaWebBean ejbcawebbean) {
73                             
74        this.caadminsession = caadminsession;
75        this.authorizationsession = authorizationsession;
76        this.adminsession = adminsession;
77        this.certificatesession = certificatesession;
78        this.raadminsession = raadminsession;
79        this.administrator = administrator;
80        this.signsession = signsession;
81        this.info = ejbcawebbean.getInformationMemory();
82        this.ejbcawebbean = ejbcawebbean;
83     }
84     
85   /**
86    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
87    */

88   public void createCA(CAInfo cainfo) throws CAExistsException, CATokenOfflineException, CATokenAuthenticationFailedException, AuthorizationDeniedException{
89     caadminsession.createCA(administrator, cainfo);
90     info.cAsEdited();
91   }
92
93   /**
94    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
95    */

96   public void importCAFromKeyStore(String JavaDoc caname, byte[] p12file, char[] keystorepass, char[] privkeypass, String JavaDoc privateSignatureKeyAlias,
97           String JavaDoc privateEncryptionKeyAlias) throws Exception JavaDoc {
98     caadminsession.importCAFromKeyStore(administrator, caname, p12file, keystorepass, privkeypass, privateSignatureKeyAlias, privateEncryptionKeyAlias);
99     info.cAsEdited();
100   }
101
102   /**
103    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
104    */

105   public void editCA(CAInfo cainfo) throws AuthorizationDeniedException{
106     caadminsession.editCA(administrator, cainfo);
107     info.cAsEdited();
108   }
109
110   /**
111    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
112    */

113   public boolean removeCA(int caid) throws AuthorizationDeniedException{
114       
115     boolean caidexits = this.adminsession.checkForCAId(administrator, caid) ||
116                         this.certificatesession.existsCAInCertificateProfiles(administrator, caid) ||
117                         this.raadminsession.existsCAInEndEntityProfiles(administrator, caid) ||
118                         this.authorizationsession.existsCAInRules(administrator, caid);
119      
120     if(!caidexits){
121       caadminsession.removeCA(administrator, caid);
122       info.cAsEdited();
123     }
124     
125     return !caidexits;
126   }
127
128   /**
129    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
130    */

131   public void renameCA(String JavaDoc oldname, String JavaDoc newname) throws CAExistsException, AuthorizationDeniedException{
132     caadminsession.renameCA(administrator, oldname, newname);
133     info.cAsEdited();
134   }
135
136   /**
137    * @see org.ejbca.core.model.ca.caadmin.ICAAdminSessionLocal
138    */

139   public CAInfoView getCAInfo(String JavaDoc name) throws Exception JavaDoc{
140     CAInfoView cainfoview = null;
141     CAInfo cainfo = caadminsession.getCAInfo(administrator, name);
142     if(cainfo != null)
143       cainfoview = new CAInfoView(cainfo, ejbcawebbean, info.getPublisherIdToNameMap());
144     
145     return cainfoview;
146   }
147   
148   /**
149    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
150    */

151   public CAInfoView getCAInfo(int caid) throws Exception JavaDoc{
152     // temporate
153
CAInfoView cainfoview = null;
154     CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
155     if(cainfo != null)
156       cainfoview = new CAInfoView(cainfo, ejbcawebbean, info.getPublisherIdToNameMap());
157     
158     return cainfoview;
159   }
160
161   /**
162    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
163    */

164   public HashMap JavaDoc getCAIdToNameMap(){
165     return info.getCAIdToNameMap();
166   }
167   
168   /**
169    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
170    */

171   public PKCS10CertificationRequest makeRequest(int caid, Collection JavaDoc cachain, boolean setstatustowaiting) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException JavaDoc, CATokenOfflineException{
172     
173       PKCS10RequestMessage result = (PKCS10RequestMessage) caadminsession.makeRequest(administrator, caid,cachain,setstatustowaiting);
174       return result.getCertificationRequest();
175   }
176
177   /**
178    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
179    */

180   public void receiveResponse(int caid, InputStream JavaDoc is) throws Exception JavaDoc{
181      Collection JavaDoc certs = CertTools.getCertsFromPEM(is);
182      Iterator JavaDoc iter = certs.iterator();
183      Certificate JavaDoc cert = (Certificate JavaDoc) iter.next();
184      X509ResponseMessage resmes = new X509ResponseMessage();
185      resmes.setCertificate(cert);
186   
187      caadminsession.receiveResponse(administrator, caid, resmes);
188      info.cAsEdited();
189   }
190
191   /**
192    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
193    */

194   public Certificate JavaDoc processRequest(CAInfo cainfo, IRequestMessage requestmessage) throws Exception JavaDoc {
195       Certificate JavaDoc returnval = null;
196       IResponseMessage result = caadminsession.processRequest(administrator, cainfo, requestmessage);
197       if(result instanceof X509ResponseMessage){
198          returnval = ((X509ResponseMessage) result).getCertificate();
199       }
200       info.cAsEdited();
201       
202       return returnval;
203   }
204
205   /**
206    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
207    */

208   public void renewCA(int caid, IResponseMessage responsemessage, boolean regenerateKeys) throws CADoesntExistsException, AuthorizationDeniedException, CertPathValidatorException JavaDoc, CATokenOfflineException{
209       caadminsession.renewCA(administrator, caid, responsemessage,regenerateKeys );
210       info.cAsEdited();
211   }
212
213   /**
214    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
215    */

216   public void revokeCA(int caid, int reason) throws CADoesntExistsException, AuthorizationDeniedException {
217       caadminsession.revokeCA(administrator, caid, reason);
218       info.cAsEdited();
219   }
220       
221   /**
222    * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
223    */

224  public void publishCA(int caid){
225     CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
226     CertificateProfile certprofile = certificatesession.getCertificateProfile(administrator, cainfo.getCertificateProfileId());
227     // A CA certificate is published where the CRL is published and if there is a publisher noted in the certificate profile
228
// (which there is probably not)
229
Collection JavaDoc publishers = cainfo.getCRLPublishers();
230     publishers.addAll(certprofile.getPublisherList());
231     signsession.publishCACertificate(administrator, cainfo.getCertificateChain(), publishers);
232
233     // Publish ExtendedCAServices certificates as well
234
Iterator JavaDoc iter = cainfo.getExtendedCAServiceInfos().iterator();
235     while(iter.hasNext()){
236         ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
237         if(next instanceof OCSPCAServiceInfo){
238             List JavaDoc ocspcert = ((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath();
239             if (ocspcert != null) {
240                 signsession.publishCACertificate(administrator, ocspcert, publishers);
241             }
242         }
243         if(next instanceof XKMSCAServiceInfo){
244             List JavaDoc xkmscert = ((XKMSCAServiceInfo) next).getXKMSSignerCertificatePath();
245             if (xkmscert != null) {
246                 signsession.publishCACertificate(administrator, xkmscert, publishers);
247             }
248         }
249         if(next instanceof CmsCAServiceInfo){
250             List JavaDoc cmscert = ((CmsCAServiceInfo) next).getCertificatePath();
251             if (cmscert != null) {
252                 signsession.publishCACertificate(administrator, cmscert, publishers);
253             }
254         }
255     }
256  }
257  
258  public void revokeOCSPCertificate(int caid){
259     CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
260     Iterator JavaDoc iter = cainfo.getExtendedCAServiceInfos().iterator();
261     while(iter.hasNext()){
262       ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
263       if(next instanceof OCSPCAServiceInfo){
264         X509Certificate JavaDoc ocspcert = (X509Certificate JavaDoc)((OCSPCAServiceInfo) next).getOCSPSignerCertificatePath().get(0);
265         certificatesession.revokeCertificate(administrator,ocspcert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
266       }
267     }
268  }
269  
270  public void revokeXKMSCertificate(int caid){
271         CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
272         Iterator JavaDoc iter = cainfo.getExtendedCAServiceInfos().iterator();
273         while(iter.hasNext()){
274           ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
275           if(next instanceof XKMSCAServiceInfo){
276             X509Certificate JavaDoc xkmscert = (X509Certificate JavaDoc)((XKMSCAServiceInfo) next).getXKMSSignerCertificatePath().get(0);
277             certificatesession.revokeCertificate(administrator,xkmscert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
278           }
279         }
280      }
281  
282  public void revokeCmsCertificate(int caid){
283         CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
284         Iterator JavaDoc iter = cainfo.getExtendedCAServiceInfos().iterator();
285         while(iter.hasNext()){
286           ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter.next();
287           if(next instanceof CmsCAServiceInfo){
288             X509Certificate JavaDoc cmscert = (X509Certificate JavaDoc)((CmsCAServiceInfo) next).getCertificatePath().get(0);
289             certificatesession.revokeCertificate(administrator,cmscert, cainfo.getCRLPublishers(), RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
290           }
291         }
292      }
293  
294  public void activateCAToken(int caid, String JavaDoc authorizationcode) throws AuthorizationDeniedException, CATokenAuthenticationFailedException, CATokenOfflineException {
295    caadminsession.activateCAToken(administrator,caid,authorizationcode);
296  }
297  
298  public void deactivateCAToken(int caid) throws AuthorizationDeniedException, EjbcaException{
299     caadminsession.deactivateCAToken(administrator, caid);
300  }
301  
302  public boolean isCARevoked(CAInfo cainfo){
303      boolean retval = false;
304      
305      if(cainfo != null){
306        retval = cainfo.getRevokationReason() != RevokedCertInfo.NOT_REVOKED;
307      }
308      return retval;
309  }
310    
311   private ICAAdminSessionLocal caadminsession;
312   private Admin administrator;
313   private IAuthorizationSessionLocal authorizationsession;
314   private InformationMemory info;
315   private IUserAdminSessionLocal adminsession;
316   private IRaAdminSessionLocal raadminsession;
317   private ICertificateStoreSessionLocal certificatesession;
318   private EjbcaWebBean ejbcawebbean;
319   private ISignSessionLocal signsession;
320 }
321
Popular Tags