1 13 14 package org.ejbca.ui.web.admin.cainterface; 15 16 import java.io.ByteArrayOutputStream ; 17 import java.rmi.RemoteException ; 18 import java.security.cert.Certificate ; 19 import java.security.cert.X509Certificate ; 20 import java.util.Collection ; 21 import java.util.Collections ; 22 import java.util.Comparator ; 23 import java.util.HashMap ; 24 import java.util.Iterator ; 25 import java.util.List ; 26 import java.util.TreeMap ; 27 28 import javax.ejb.CreateException ; 29 import javax.naming.InitialContext ; 30 import javax.naming.NamingException ; 31 import javax.servlet.http.HttpServletRequest ; 32 33 import org.bouncycastle.asn1.DEROutputStream; 34 import org.bouncycastle.jce.PKCS10CertificationRequest; 35 import org.ejbca.core.ejb.ServiceLocator; 36 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 37 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome; 38 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 39 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome; 40 import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionHome; 41 import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocal; 42 import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocalHome; 43 import org.ejbca.core.ejb.ca.sign.ISignSessionLocal; 44 import org.ejbca.core.ejb.ca.sign.ISignSessionLocalHome; 45 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 46 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome; 47 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal; 48 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocalHome; 49 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal; 50 import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome; 51 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 52 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome; 53 import org.ejbca.core.model.ca.caadmin.CAInfo; 54 import org.ejbca.core.model.ca.catoken.CATokenOfflineException; 55 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 56 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 57 import org.ejbca.core.model.ca.store.CRLInfo; 58 import org.ejbca.core.model.ca.store.CertReqHistory; 59 import org.ejbca.core.model.ca.store.CertificateInfo; 60 import org.ejbca.core.model.log.Admin; 61 import org.ejbca.ui.web.RequestHelper; 62 import org.ejbca.ui.web.admin.configuration.EjbcaWebBean; 63 import org.ejbca.ui.web.admin.configuration.InformationMemory; 64 import org.ejbca.ui.web.admin.rainterface.CertificateView; 65 import org.ejbca.ui.web.admin.rainterface.RevokedInfoView; 66 import org.ejbca.util.Base64; 67 import org.ejbca.util.CertTools; 68 69 70 76 public class CAInterfaceBean implements java.io.Serializable { 77 78 79 80 public CAInterfaceBean() { 81 } 82 83 public void initialize(HttpServletRequest request, EjbcaWebBean ejbcawebbean) throws Exception { 85 86 if(!initialized){ 87 administrator = new Admin(((X509Certificate []) request.getAttribute( "javax.servlet.request.X509Certificate" ))[0]); 88 ServiceLocator locator = ServiceLocator.getInstance(); 89 ICertificateStoreSessionLocalHome certificatesessionhome = (ICertificateStoreSessionLocalHome) locator.getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME); 90 certificatesession = certificatesessionhome.create(); 91 92 ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) locator.getLocalHome(ICAAdminSessionLocalHome.COMP_NAME); 93 caadminsession = caadminsessionhome.create(); 94 95 IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) locator.getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME); 96 authorizationsession = authorizationsessionhome.create(); 97 98 IUserAdminSessionLocalHome adminsessionhome = (IUserAdminSessionLocalHome) locator.getLocalHome(IUserAdminSessionLocalHome.COMP_NAME); 99 adminsession = adminsessionhome.create(); 100 101 IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) locator.getLocalHome(IRaAdminSessionLocalHome.COMP_NAME); 102 raadminsession = raadminsessionhome.create(); 103 104 ISignSessionLocalHome home = (ISignSessionLocalHome)locator.getLocalHome(ISignSessionLocalHome.COMP_NAME ); 105 signsession = home.create(); 106 107 IHardTokenSessionLocalHome hardtokensessionhome = (IHardTokenSessionLocalHome)locator.getLocalHome(IHardTokenSessionLocalHome.COMP_NAME); 108 hardtokensession = hardtokensessionhome.create(); 109 110 IPublisherSessionLocalHome publishersessionhome = (IPublisherSessionLocalHome) locator.getLocalHome(IPublisherSessionLocalHome.COMP_NAME); 111 publishersession = publishersessionhome.create(); 112 113 114 this.informationmemory = ejbcawebbean.getInformationMemory(); 115 116 certificateprofiles = new CertificateProfileDataHandler(administrator, certificatesession, authorizationsession, informationmemory); 117 cadatahandler = new CADataHandler(administrator, caadminsession, adminsession, raadminsession, certificatesession, authorizationsession, signsession, ejbcawebbean); 118 publisherdatahandler = new PublisherDataHandler(administrator, publishersession, authorizationsession, 119 caadminsession, certificatesession, informationmemory); 120 initialized =true; 121 } 122 } 123 124 public CertificateView[] getCACertificates(int caid) { 125 CertificateView[] returnval = null; 126 127 Collection chain = signsession.getCertificateChain(administrator, caid); 128 129 returnval = new CertificateView[chain.size()]; 130 Iterator iter = chain.iterator(); 131 int i=0; 132 while(iter.hasNext()){ 133 Certificate next = (Certificate ) iter.next(); 134 RevokedInfoView revokedinfo = null; 135 RevokedCertInfo revinfo = certificatesession.isRevoked(administrator, CertTools.getIssuerDN((X509Certificate ) next), ((X509Certificate ) next).getSerialNumber()); 136 if(revinfo != null && revinfo.getReason() != RevokedCertInfo.NOT_REVOKED) 137 revokedinfo = new RevokedInfoView(revinfo); 138 returnval[i] = new CertificateView((X509Certificate ) next, revokedinfo,null); 139 i++; 140 } 141 142 return returnval; 143 } 144 145 149 150 public HashMap getCAIdToNameMap(){ 151 return informationmemory.getCAIdToNameMap(); 152 } 153 154 159 public String getName(Integer caId) { 160 return (String )informationmemory.getCAIdToNameMap().get(caId); 161 } 162 163 public Collection getAuthorizedCAs(){ 164 return informationmemory.getAuthorizedCAIds(); 165 } 166 167 168 public TreeMap getEditCertificateProfileNames() { 169 return informationmemory.getEditCertificateProfileNames(); 170 } 171 172 173 public String getCertificateProfileName(int profileid) { 174 return this.informationmemory.getCertificateProfileNameProxy().getCertificateProfileName(profileid); 175 } 176 177 public int getCertificateProfileId(String profilename){ 178 return certificateprofiles.getCertificateProfileId(profilename); 179 } 180 181 182 public CertificateProfile getCertificateProfile(String name) throws Exception { 183 return certificateprofiles.getCertificateProfile(name); 184 } 185 186 public CertificateProfile getCertificateProfile(int id) throws Exception { 187 return certificateprofiles.getCertificateProfile(id); 188 } 189 190 public void addCertificateProfile(String name) throws Exception { 191 CertificateProfile profile = new CertificateProfile(); 192 profile.setAvailableCAs(informationmemory.getAuthorizedCAIds()); 193 194 certificateprofiles.addCertificateProfile(name, profile); 195 196 } 197 198 199 public void changeCertificateProfile(String name, CertificateProfile profile) throws Exception { 200 certificateprofiles.changeCertificateProfile(name, profile); 201 } 202 203 204 public boolean removeCertificateProfile(String name) throws Exception { 205 206 boolean certificateprofileused = false; 207 int certificateprofileid = certificatesession.getCertificateProfileId(administrator, name); 208 CertificateProfile certprofile = this.certificatesession.getCertificateProfile(administrator, name); 209 210 if(certprofile.getType() == CertificateProfile.TYPE_ENDENTITY){ 211 certificateprofileused = adminsession.checkForCertificateProfileId(administrator, certificateprofileid) 213 || raadminsession.existsCertificateProfileInEndEntityProfiles(administrator, certificateprofileid) 214 || hardtokensession.existsCertificateProfileInHardTokenProfiles(administrator, certificateprofileid); 215 }else{ 216 certificateprofileused = caadminsession.exitsCertificateProfileInCAs(administrator, certificateprofileid); 217 } 218 219 220 if(!certificateprofileused){ 221 certificateprofiles.removeCertificateProfile(name); 222 } 223 224 return !certificateprofileused; 225 } 226 227 public void renameCertificateProfile(String oldname, String newname) throws Exception { 228 certificateprofiles.renameCertificateProfile(oldname, newname); 229 } 230 231 public void cloneCertificateProfile(String originalname, String newname) throws Exception { 232 certificateprofiles.cloneCertificateProfile(originalname, newname); 233 } 234 235 public void createCRL(String issuerdn) throws RemoteException , NamingException , CreateException , CATokenOfflineException { 236 InitialContext jndicontext = new InitialContext (); 237 ICreateCRLSessionHome home = (ICreateCRLSessionHome)javax.rmi.PortableRemoteObject.narrow( jndicontext.lookup("CreateCRLSession") , ICreateCRLSessionHome.class ); 238 home.create().run(administrator, issuerdn); 239 } 240 241 public int getLastCRLNumber(String issuerdn) { 242 return certificatesession.getLastCRLNumber(administrator, issuerdn); 243 } 244 245 public CRLInfo getLastCRLInfo(String issuerdn) { 246 return certificatesession.getLastCRLInfo(administrator, issuerdn); 247 } 248 249 250 public CertificateProfileDataHandler getCertificateProfileDataHandler(){ 251 return certificateprofiles; 252 } 253 254 public HashMap getAvailablePublishers() { 255 return publishersession.getPublisherIdToNameMap(administrator); 256 } 257 258 public PublisherDataHandler getPublisherDataHandler() { 259 return this.publisherdatahandler; 260 } 261 262 public CADataHandler getCADataHandler(){ 263 return cadatahandler; 264 } 265 266 public CAInfoView getCAInfo(String name) throws Exception { 267 return cadatahandler.getCAInfo(name); 268 } 269 270 public CAInfoView getCAInfo(int caid) throws Exception { 271 return cadatahandler.getCAInfo(caid); 272 } 273 274 public void saveRequestInfo(CAInfo cainfo){ 275 this.cainfo = cainfo; 276 } 277 278 public CAInfo getRequestInfo(){ 279 return this.cainfo; 280 } 281 282 public void savePKCS10RequestData(PKCS10CertificationRequest request){ 283 this.request = request; 284 } 285 286 public PKCS10CertificationRequest getPKCS10RequestData(){ 287 return this.request; 288 } 289 290 public String getPKCS10RequestDataAsString() throws Exception { 291 String returnval = null; 292 if(request != null ){ 293 294 ByteArrayOutputStream bOut = new ByteArrayOutputStream (); 295 DEROutputStream dOut = new DEROutputStream(bOut); 296 dOut.writeObject(request); 297 dOut.close(); 298 299 returnval = RequestHelper.BEGIN_CERTIFICATE_REQUEST_WITH_NL 300 + new String (Base64.encode(bOut.toByteArray())) 301 + RequestHelper.END_CERTIFICATE_REQUEST_WITH_NL; 302 303 } 304 return returnval; 305 } 306 307 public void saveProcessedCertificate(Certificate cert){ 308 this.processedcert =cert; 309 } 310 311 public Certificate getProcessedCertificate(){ 312 return this.processedcert; 313 } 314 315 public String getProcessedCertificateAsString() throws Exception { 316 String returnval = null; 317 if(request != null ){ 318 byte[] b64cert = Base64.encode(this.processedcert.getEncoded()); 319 returnval = RequestHelper.BEGIN_CERTIFICATE_WITH_NL; 320 returnval += new String (b64cert); 321 returnval += RequestHelper.END_CERTIFICATE_WITH_NL; 322 } 323 return returnval; 324 } 325 326 public String republish(CertificateView certificatedata){ 327 String returnval = "CERTREPUBLISHFAILED"; 328 329 CertReqHistory certreqhist = certificatesession.getCertReqHistory(administrator,certificatedata.getSerialNumberBigInt(), certificatedata.getIssuerDN()); 330 if(certreqhist != null){ 331 CertificateProfile certprofile = certificatesession.getCertificateProfile(administrator,certreqhist.getUserDataVO().getCertificateProfileId()); 332 if(certprofile != null){ 333 CertificateInfo certinfo = certificatesession.getCertificateInfo(administrator, CertTools.getFingerprintAsString(certificatedata.getCertificate())); 334 if(certprofile.getPublisherList().size() > 0){ 335 if(publishersession.storeCertificate(administrator, certprofile.getPublisherList(), certificatedata.getCertificate(), certreqhist.getUserDataVO().getUsername(), certreqhist.getUserDataVO().getPassword(), 336 certinfo.getCAFingerprint(), certinfo.getStatus() , certinfo.getType(), certinfo.getRevocationDate().getTime(), certinfo.getRevocationReason(), certreqhist.getUserDataVO().getExtendedinformation())){ 337 returnval = "CERTREPUBLISHEDSUCCESS"; 338 } 339 }else{ 340 returnval = "NOPUBLISHERSDEFINED"; 341 } 342 343 }else{ 344 returnval = "CERTPROFILENOTFOUND"; 345 } 346 } 347 return returnval; 348 } 349 350 351 private class CertReqUserCreateComparator implements Comparator { 352 353 public int compare(Object arg0, Object arg1) { 354 return 0 - (((CertReqHistory) arg0).getUserDataVO().getTimeModified().compareTo( 355 ((CertReqHistory) arg1).getUserDataVO().getTimeModified())); 356 } 357 358 } 359 360 364 public List getCertReqUserDatas(String username){ 365 List history = this.certificatesession.getCertReqHistory(administrator, username); 366 367 Collections.sort(history, new CertReqUserCreateComparator()); 369 370 return history; 371 } 372 373 375 private ICertificateStoreSessionLocal certificatesession; 377 private ICAAdminSessionLocal caadminsession; 378 private IAuthorizationSessionLocal authorizationsession; 379 private IUserAdminSessionLocal adminsession; 380 private IRaAdminSessionLocal raadminsession; 381 private ISignSessionLocal signsession; 382 private IHardTokenSessionLocal hardtokensession; 383 private IPublisherSessionLocal publishersession; 384 private CertificateProfileDataHandler certificateprofiles; 385 private CADataHandler cadatahandler; 386 private PublisherDataHandler publisherdatahandler; 387 private boolean initialized; 388 private Admin administrator; 389 private InformationMemory informationmemory; 390 private CAInfo cainfo; 391 transient private PKCS10CertificationRequest request; 392 private Certificate processedcert; 393 394 } 395 | Popular Tags |