1 13 14 package org.ejbca.ui.web.admin.cainterface; 15 16 import java.io.Serializable ; 17 import java.util.Collection ; 18 import java.util.HashSet ; 19 20 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 21 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 22 import org.ejbca.core.model.SecConst; 23 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 24 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 25 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfileExistsException; 26 import org.ejbca.core.model.log.Admin; 27 import org.ejbca.ui.web.admin.configuration.InformationMemory; 28 29 35 public class CertificateProfileDataHandler implements Serializable { 36 37 public static final int FIXED_CERTIFICATEPROFILE_BOUNDRY = SecConst.FIXED_CERTIFICATEPROFILE_BOUNDRY; 38 39 public CertificateProfileDataHandler(Admin administrator, ICertificateStoreSessionLocal certificatesession, IAuthorizationSessionLocal authorizationsession, InformationMemory info) { 40 this.certificatestoresession = certificatesession; 41 this.authorizationsession = authorizationsession; 42 this.administrator = administrator; 43 this.info = info; 44 } 45 46 47 public void addCertificateProfile(String name, CertificateProfile profile) throws CertificateProfileExistsException, AuthorizationDeniedException { 48 if(authorizedToProfile(profile, true)){ 49 certificatestoresession.addCertificateProfile(administrator, name, profile); 50 this.info.certificateProfilesEdited(); 51 }else 52 throw new AuthorizationDeniedException("Not authorized to add certificate profile"); 53 } 54 55 56 public void changeCertificateProfile(String name, CertificateProfile profile) throws AuthorizationDeniedException{ 57 if(authorizedToProfile(profile, true)){ 58 certificatestoresession.changeCertificateProfile(administrator, name,profile); 59 this.info.certificateProfilesEdited(); 60 }else 61 throw new AuthorizationDeniedException("Not authorized to edit certificate profile"); 62 } 63 64 65 public void removeCertificateProfile(String name) throws AuthorizationDeniedException{ 66 if(authorizedToProfileName(name, true)){ 67 certificatestoresession.removeCertificateProfile(administrator, name); 68 this.info.certificateProfilesEdited(); 69 }else 70 throw new AuthorizationDeniedException("Not authorized to remove certificate profile"); 71 } 72 73 74 public void renameCertificateProfile(String oldname, String newname) throws CertificateProfileExistsException, AuthorizationDeniedException{ 75 if(authorizedToProfileName(oldname, true)){ 76 certificatestoresession.renameCertificateProfile(administrator, oldname,newname); 77 this.info.certificateProfilesEdited(); 78 }else 79 throw new AuthorizationDeniedException("Not authorized to rename certificate profile"); 80 } 81 82 83 public void cloneCertificateProfile(String originalname, String newname) throws CertificateProfileExistsException, AuthorizationDeniedException{ 84 if(authorizedToProfileName(originalname, false)){ 85 certificatestoresession.cloneCertificateProfile(administrator, originalname,newname); 86 this.info.certificateProfilesEdited(); 87 }else 88 throw new AuthorizationDeniedException("Not authorized to clone certificate profile"); 89 } 90 91 92 93 94 public CertificateProfile getCertificateProfile(int id) throws AuthorizationDeniedException{ 95 if(!authorizedToProfileId(id, false)) 96 throw new AuthorizationDeniedException("Not authorized to certificate profile"); 97 98 return certificatestoresession.getCertificateProfile(administrator, id); 99 } 100 101 public CertificateProfile getCertificateProfile(String profilename) throws AuthorizationDeniedException{ 102 if(!authorizedToProfileName(profilename, false)) 103 throw new AuthorizationDeniedException("Not authorized to certificate profile"); 104 105 return certificatestoresession.getCertificateProfile(administrator, profilename); 106 } 107 108 109 public int getCertificateProfileId(String profilename){ 110 return certificatestoresession.getCertificateProfileId(administrator, profilename); 111 } 112 113 114 117 private boolean authorizedToProfileName(String profilename, boolean editcheck){ 118 CertificateProfile profile = certificatestoresession.getCertificateProfile(administrator, profilename); 119 return authorizedToProfile(profile, editcheck); 120 } 121 122 123 126 private boolean authorizedToProfileId(int profileid, boolean editcheck){ 127 CertificateProfile profile = certificatestoresession.getCertificateProfile(administrator, profileid); 128 return authorizedToProfile(profile, editcheck); 129 } 130 131 134 private boolean authorizedToProfile(CertificateProfile profile, boolean editcheck){ 135 boolean returnval = false; 136 try{ 137 boolean issuperadministrator = false; 138 try{ 139 issuperadministrator = authorizationsession.isAuthorizedNoLog(administrator, "/super_administrator"); 140 }catch(AuthorizationDeniedException ade){} 141 142 if(editcheck) 143 authorizationsession.isAuthorizedNoLog(administrator, "/ca_functionality/edit_certificate_profiles"); 144 145 HashSet authorizedcaids = new HashSet (authorizationsession.getAuthorizedCAIds(administrator)); 146 147 if(profile != null){ 148 if(!issuperadministrator && profile.getType() != CertificateProfile.TYPE_ENDENTITY) 149 returnval = false; 150 else{ 151 Collection availablecas = profile.getAvailableCAs(); 152 if(availablecas.contains(new Integer (CertificateProfile.ANYCA))){ 153 if(issuperadministrator && editcheck) 154 returnval = true; 155 if(!editcheck) 156 returnval = true; 157 }else 158 returnval = authorizedcaids.containsAll(availablecas); 159 } 160 } 161 }catch(AuthorizationDeniedException e){} 162 163 return returnval; 164 } 165 166 private ICertificateStoreSessionLocal certificatestoresession; 167 private Admin administrator; 168 private IAuthorizationSessionLocal authorizationsession; 169 private InformationMemory info; 170 } 171 | Popular Tags |