CertificateProfileDataHandler


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13   
14  package org.ejbca.ui.web.admin.cainterface;
15  
16  import java.io.Serializable  ;
17  import java.util.Collection  ;
18  import java.util.HashSet  ;
19  
20  import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
21  import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
22  import org.ejbca.core.model.SecConst;
23  import org.ejbca.core.model.authorization.AuthorizationDeniedException;
24  import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
25  import org.ejbca.core.model.ca.certificateprofiles.CertificateProfileExistsException;
26  import org.ejbca.core.model.log.Admin;
27  import org.ejbca.ui.web.admin.configuration.InformationMemory;
28  
29  /**
30   * A class handling the certificate type data. It saves and retrieves them currently from a database.
31   *
32   * @author  TomSelleck
33   * @version $Id: CertificateProfileDataHandler.java,v 1.1 2006/01/17 20:28:08 anatom Exp $
34   */
35  public class CertificateProfileDataHandler implements Serializable   {
36  
37      public static final int FIXED_CERTIFICATEPROFILE_BOUNDRY        = SecConst.FIXED_CERTIFICATEPROFILE_BOUNDRY;
38      /** Creates a new instance of CertificateProfileDataHandler */
39      public CertificateProfileDataHandler(Admin administrator, ICertificateStoreSessionLocal certificatesession, IAuthorizationSessionLocal authorizationsession, InformationMemory info) {
40         this.certificatestoresession = certificatesession;           
41         this.authorizationsession = authorizationsession;
42         this.administrator = administrator;          
43         this.info = info;       
44      }
45      
46         /** Method to add a certificate profile. Throws CertificateProfileExitsException if profile already exists  */
47      public void addCertificateProfile(String   name, CertificateProfile profile) throws CertificateProfileExistsException, AuthorizationDeniedException {
48        if(authorizedToProfile(profile, true)){
49          certificatestoresession.addCertificateProfile(administrator, name, profile);
50          this.info.certificateProfilesEdited();
51        }else
52          throw new AuthorizationDeniedException("Not authorized to add certificate profile");  
53      }    
54  
55         /** Method to change a certificate profile. */     
56      public void changeCertificateProfile(String   name, CertificateProfile profile) throws AuthorizationDeniedException{
57        if(authorizedToProfile(profile, true)){ 
58          certificatestoresession.changeCertificateProfile(administrator, name,profile);   
59          this.info.certificateProfilesEdited();
60        }else
61          throw new AuthorizationDeniedException("Not authorized to edit certificate profile");      
62      }
63      
64      /** Method to remove a end entity profile.*/ 
65      public void removeCertificateProfile(String   name) throws AuthorizationDeniedException{
66       if(authorizedToProfileName(name, true)){    
67          certificatestoresession.removeCertificateProfile(administrator, name);
68          this.info.certificateProfilesEdited();
69       }else
70          throw new AuthorizationDeniedException("Not authorized to remove certificate profile");        
71      }
72      
73      /** Metod to rename a end entity profile */
74      public void renameCertificateProfile(String   oldname, String   newname) throws CertificateProfileExistsException, AuthorizationDeniedException{
75       if(authorizedToProfileName(oldname, true)){    
76         certificatestoresession.renameCertificateProfile(administrator, oldname,newname);
77         this.info.certificateProfilesEdited();
78       }else
79         throw new AuthorizationDeniedException("Not authorized to rename certificate profile");
80      }
81      
82  
83      public void cloneCertificateProfile(String   originalname, String   newname) throws CertificateProfileExistsException, AuthorizationDeniedException{         
84        if(authorizedToProfileName(originalname, false)){
85          certificatestoresession.cloneCertificateProfile(administrator, originalname,newname);
86          this.info.certificateProfilesEdited();
87        }else
88           throw new AuthorizationDeniedException("Not authorized to clone certificate profile");          
89      }        
90      
91  
92  
93        /** Method to get a reference to a end entity profile.*/ 
94      public CertificateProfile getCertificateProfile(int id) throws AuthorizationDeniedException{
95        if(!authorizedToProfileId(id, false))
96          throw new AuthorizationDeniedException("Not authorized to certificate profile");            
97        
98        return certificatestoresession.getCertificateProfile(administrator, id); 
99      }      
100           
101     public CertificateProfile getCertificateProfile(String   profilename) throws AuthorizationDeniedException{
102      if(!authorizedToProfileName(profilename, false))
103         throw new AuthorizationDeniedException("Not authorized to certificate profile");            
104          
105       return certificatestoresession.getCertificateProfile(administrator, profilename);
106     }
107    
108       
109     public int getCertificateProfileId(String   profilename){
110       return certificatestoresession.getCertificateProfileId(administrator, profilename);  
111     }
112     
113     
114     /**
115      * Help function that checks if administrator is authorized to edit profile with given name.
116      */
117     private boolean authorizedToProfileName(String   profilename, boolean editcheck){
118       CertificateProfile profile = certificatestoresession.getCertificateProfile(administrator, profilename);
119       return authorizedToProfile(profile, editcheck);
120     }
121      
122     
123     /**
124      * Help function that checks if administrator is authorized to edit profile with given name.
125      */
126     private boolean authorizedToProfileId(int profileid, boolean editcheck){
127       CertificateProfile profile = certificatestoresession.getCertificateProfile(administrator, profileid);
128       return authorizedToProfile(profile, editcheck);
129     }
130     
131     /**
132      * Help function that checks if administrator is authorized to edit profile.
133      */    
134     private boolean authorizedToProfile(CertificateProfile profile, boolean editcheck){
135       boolean returnval = false;  
136       try{  
137         boolean issuperadministrator = false;
138         try{
139           issuperadministrator = authorizationsession.isAuthorizedNoLog(administrator, "/super_administrator");  
140         }catch(AuthorizationDeniedException ade){}
141         
142         if(editcheck)        
143           authorizationsession.isAuthorizedNoLog(administrator, "/ca_functionality/edit_certificate_profiles");
144           
145         HashSet   authorizedcaids = new HashSet  (authorizationsession.getAuthorizedCAIds(administrator));
146        
147         if(profile != null){       
148           if(!issuperadministrator && profile.getType() != CertificateProfile.TYPE_ENDENTITY)
149             returnval = false;
150           else{                       
151             Collection   availablecas = profile.getAvailableCAs();
152             if(availablecas.contains(new Integer  (CertificateProfile.ANYCA))){
153               if(issuperadministrator && editcheck)
154                 returnval = true;  
155               if(!editcheck)
156                 returnval = true;  
157             }else
158               returnval = authorizedcaids.containsAll(availablecas);
159           }                           
160         }
161       }catch(AuthorizationDeniedException e){}
162          
163       return returnval;  
164     }    
165    
166     private ICertificateStoreSessionLocal  certificatestoresession; 
167     private Admin                          administrator;
168     private IAuthorizationSessionLocal     authorizationsession;
169     private InformationMemory              info;
170 }
171
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags