1 13 14 package org.ejbca.ui.web.admin.configuration; 15 16 import java.net.URLDecoder ; 17 import java.security.cert.X509Certificate ; 18 import java.text.DateFormat ; 19 import java.util.Collection ; 20 import java.util.Date ; 21 22 import javax.servlet.ServletContext ; 23 import javax.servlet.http.HttpServletRequest ; 24 25 import org.apache.log4j.Logger; 26 import org.ejbca.core.ejb.ServiceLocator; 27 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 28 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocalHome; 29 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 30 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocalHome; 31 import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocal; 32 import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocalHome; 33 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 34 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocalHome; 35 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal; 36 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocalHome; 37 import org.ejbca.core.ejb.log.ILogSessionLocal; 38 import org.ejbca.core.ejb.log.ILogSessionLocalHome; 39 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal; 40 import org.ejbca.core.ejb.ra.IUserAdminSessionLocalHome; 41 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 42 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome; 43 import org.ejbca.core.model.authorization.AuthenticationFailedException; 44 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 45 import org.ejbca.core.model.log.Admin; 46 import org.ejbca.core.model.log.LogEntry; 47 import org.ejbca.core.model.ra.raadmin.AdminPreference; 48 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration; 49 import org.ejbca.util.CertTools; 50 import org.ejbca.util.HTMLTools; 51 import org.ejbca.util.dn.DNFieldExtractor; 52 53 59 public class EjbcaWebBean implements java.io.Serializable { 60 61 private static Logger log = Logger.getLogger(EjbcaWebBean.class); 62 63 public static final int AUTHORIZED_RA_VIEW_RIGHTS = 0; 65 public static final int AUTHORIZED_RA_EDIT_RIGHTS = 1; 66 public static final int AUTHORIZED_RA_CREATE_RIGHTS = 2; 67 public static final int AUTHORIZED_RA_DELETE_RIGHTS = 3; 68 public static final int AUTHORIZED_RA_REVOKE_RIGHTS = 4; 69 public static final int AUTHORIZED_RA_HISTORY_RIGHTS = 5; 70 public static final int AUTHORIZED_HARDTOKEN_VIEW_RIGHTS = 6; 71 public static final int AUTHORIZED_CA_VIEW_CERT = 7; 72 public static final int AUTHORIZED_RA_KEYRECOVERY_RIGHTS = 8; 73 74 private static final int AUTHORIZED_FIELD_LENGTH = 9; 75 private static final String [] AUTHORIZED_RA_RESOURCES = {"/ra_functionality/view_end_entity", "/ra_functionality/edit_end_entity", 76 "/ra_functionality/create_end_entity", "/ra_functionality/delete_end_entity", 77 "/ra_functionality/revoke_end_entity","/ra_functionality/view_end_entity_history", 78 "/ra_functionality/view_hardtoken","/ca_functionality/view_certificate", 79 "/ra_functionality/keyrecovery"}; 80 81 private ILogSessionLocal logsession; 83 private AdminPreferenceDataHandler adminspreferences; 84 private AdminPreference currentadminpreference; 85 private GlobalConfiguration globalconfiguration; 86 private ServletContext servletContext = null; 87 private GlobalConfigurationDataHandler globaldataconfigurationdatahandler; 88 private AuthorizationDataHandler authorizedatahandler; 89 private WebLanguages adminsweblanguage; 90 private String usercommonname = ""; 91 private String certificatefingerprint; 92 private X509Certificate [] certificates; 93 private InformationMemory informationmemory; 94 private boolean initialized=false; 95 private boolean errorpage_initialized=false; 96 private Boolean [] raauthorized; 97 private Admin administrator; 98 private String requestServerName; 99 100 101 102 103 public EjbcaWebBean() { 104 initialized=false; 105 raauthorized = new Boolean [AUTHORIZED_FIELD_LENGTH]; 106 } 107 108 109 private void commonInit() throws Exception { 110 ServiceLocator locator = ServiceLocator.getInstance(); 111 112 IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) locator.getLocalHome(IRaAdminSessionLocalHome.COMP_NAME); 113 IRaAdminSessionLocal raadminsession = raadminsessionhome.create(); 114 115 ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) locator.getLocalHome(ILogSessionLocalHome.COMP_NAME); 116 logsession = logsessionhome.create(); 117 118 ICAAdminSessionLocalHome caadminsessionhome = (ICAAdminSessionLocalHome) locator.getLocalHome(ICAAdminSessionLocalHome.COMP_NAME); 119 ICAAdminSessionLocal caadminsession = caadminsessionhome.create(); 120 121 ICertificateStoreSessionLocalHome certificatestoresessionhome = (ICertificateStoreSessionLocalHome) locator.getLocalHome(ICertificateStoreSessionLocalHome.COMP_NAME); 122 ICertificateStoreSessionLocal certificatestoresession = certificatestoresessionhome.create(); 123 124 IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) locator.getLocalHome(IAuthorizationSessionLocalHome.COMP_NAME); 125 IAuthorizationSessionLocal authorizationsession = authorizationsessionhome.create(); 126 127 IHardTokenSessionLocalHome hardtokensessionhome = (IHardTokenSessionLocalHome) locator.getLocalHome(IHardTokenSessionLocalHome.COMP_NAME); 128 IHardTokenSessionLocal hardtokensession = hardtokensessionhome.create(); 129 130 IPublisherSessionLocalHome publishersessionhome = (IPublisherSessionLocalHome) locator.getLocalHome(IPublisherSessionLocalHome.COMP_NAME); 131 IPublisherSessionLocal publishersession = publishersessionhome.create(); 132 133 globaldataconfigurationdatahandler = new GlobalConfigurationDataHandler(administrator, raadminsession, authorizationsession); 134 globalconfiguration = this.globaldataconfigurationdatahandler.loadGlobalConfiguration(); 135 if(informationmemory == null){ 136 informationmemory = new InformationMemory(administrator, caadminsession, raadminsession, authorizationsession, certificatestoresession, hardtokensession, publishersession, globalconfiguration); 137 } 138 authorizedatahandler = new AuthorizationDataHandler(administrator, informationmemory, authorizationsession); 139 140 } 141 142 public GlobalConfiguration initialize(HttpServletRequest request, String resource) throws Exception { 143 144 certificates = (X509Certificate []) request.getAttribute( "javax.servlet.request.X509Certificate" ); 145 if(certificates == null) throw new AuthenticationFailedException("Client certificate required."); 146 147 148 String userdn = ""; 149 150 if(!initialized){ 151 requestServerName = getRequestServerName(request); 152 153 administrator = new Admin(certificates[0]) ; 154 155 commonInit(); 156 ServiceLocator locator = ServiceLocator.getInstance(); 157 IUserAdminSessionLocalHome adminsessionhome = (IUserAdminSessionLocalHome) locator.getLocalHome(IUserAdminSessionLocalHome.COMP_NAME); 158 IUserAdminSessionLocal adminsession = adminsessionhome.create(); 159 160 adminspreferences = new AdminPreferenceDataHandler(administrator); 161 162 authorizedatahandler.authenticate(certificates[0]); 164 165 servletContext = request.getSession(true).getServletContext(); 167 168 userdn = CertTools.getSubjectDN(certificates[0]); 170 log.debug("Verifying authorization of '"+userdn); 171 adminsession.checkIfCertificateBelongToAdmin(administrator, certificates[0].getSerialNumber(), certificates[0].getIssuerDN().toString()); 172 logsession.log(administrator, certificates[0], LogEntry.MODULE_ADMINWEB, new java.util.Date (),null, null, LogEntry.EVENT_INFO_ADMINISTRATORLOGGEDIN,""); 173 } 174 175 try { 176 isAuthorized(URLDecoder.decode(resource,"UTF-8")); 177 } catch(AuthorizationDeniedException e) { 178 throw new AuthorizationDeniedException("You are not authorized to view this page."); 179 } catch(java.io.UnsupportedEncodingException e) {} 180 181 182 if(!initialized){ 183 certificatefingerprint = CertTools.getFingerprintAsString(certificates[0]); 184 185 currentadminpreference=null; 187 if(certificatefingerprint != null){ 188 currentadminpreference = adminspreferences.getAdminPreference(certificatefingerprint); 189 } 190 if(currentadminpreference == null){ 191 currentadminpreference = adminspreferences.getDefaultAdminPreference(); 192 } 193 adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage() 194 ,currentadminpreference.getSecondaryLanguage()); 195 196 DNFieldExtractor dn = new DNFieldExtractor(userdn, DNFieldExtractor.TYPE_SUBJECTDN); 198 usercommonname = dn.getField(DNFieldExtractor.CN,0); 199 200 initialized=true; 201 } 202 return globalconfiguration; 203 } 204 205 206 211 private String getRequestServerName(HttpServletRequest request) { 212 String requestURL = request.getRequestURL().toString(); 213 214 requestURL = requestURL.substring(8); 216 int firstSlash = requestURL.indexOf("/"); 217 requestURL =requestURL.substring(0,firstSlash); 219 220 return requestURL; 221 } 222 223 224 public GlobalConfiguration initialize_errorpage(HttpServletRequest request) throws Exception { 225 226 if(!errorpage_initialized){ 227 228 if(administrator == null){ 229 String remoteAddr = request.getRemoteAddr(); 230 administrator = new Admin(Admin.TYPE_PUBLIC_WEB_USER, remoteAddr); 231 } 232 commonInit(); 233 234 adminspreferences = new AdminPreferenceDataHandler(administrator); 235 236 servletContext = request.getSession(true).getServletContext(); 238 239 if(currentadminpreference == null){ 240 currentadminpreference = adminspreferences.getDefaultAdminPreference(); 241 } 242 adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage() 243 ,currentadminpreference.getSecondaryLanguage()); 244 errorpage_initialized=true; 245 } 246 return globalconfiguration; 247 } 248 249 250 public String getUsersCommonName(){ 251 return usercommonname; 252 } 253 254 255 public String getCertificateFingerprint(){ 256 return certificatefingerprint; 257 } 258 259 260 261 public String getCssFile(){ 262 return globalconfiguration.getAdminWebPath() + globalconfiguration.getThemePath() + "/" + currentadminpreference.getTheme() + ".css"; 263 } 264 265 266 public int getPreferedLanguage() { 267 return currentadminpreference.getPreferedLanguage(); 268 } 269 270 271 public int getSecondaryLanguage() { 272 return currentadminpreference.getSecondaryLanguage(); 273 } 274 275 public int getEntriesPerPage(){ 276 return currentadminpreference.getEntriesPerPage(); 277 } 278 279 public int getLogEntriesPerPage(){ 280 return currentadminpreference.getLogEntriesPerPage(); 281 } 282 283 public void setLogEntriesPerPage(int logentriesperpage) throws Exception { 284 currentadminpreference.setLogEntriesPerPage(logentriesperpage); 285 if(existsAdminPreference()){ 286 adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference); 287 }else{ 288 addAdminPreference(currentadminpreference); 289 } 290 } 291 292 public int getLastFilterMode(){ return currentadminpreference.getLastFilterMode();} 293 public void setLastFilterMode(int lastfiltermode) throws Exception { 294 currentadminpreference.setLastFilterMode(lastfiltermode); 295 if(existsAdminPreference()){ 296 adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference); 297 }else{ 298 addAdminPreference(currentadminpreference); 299 } 300 } 301 public int getLastLogFilterMode(){ return currentadminpreference.getLastLogFilterMode();} 302 public void setLastLogFilterMode(int lastlogfiltermode) throws Exception { 303 currentadminpreference.setLastLogFilterMode(lastlogfiltermode); 304 if(existsAdminPreference()){ 305 adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference); 306 }else{ 307 addAdminPreference(currentadminpreference); 308 } 309 } 310 311 public int getLastEndEntityProfile(){ return currentadminpreference.getLastProfile();} 312 public void setLastEndEntityProfile(int lastprofile) throws Exception { 313 currentadminpreference.setLastProfile(lastprofile); 314 if(existsAdminPreference()){ 315 adminspreferences.changeAdminPreferenceNoLog(certificatefingerprint,currentadminpreference); 316 }else{ 317 addAdminPreference(currentadminpreference); 318 } 319 } 320 321 public Object clone() throws CloneNotSupportedException { 322 return super.clone(); 323 } 324 325 326 public boolean isAuthorized(String resource) throws AuthorizationDeniedException { 327 boolean returnval=false; 328 if(certificates != null){ 329 returnval= authorizedatahandler.isAuthorized(administrator,resource); 330 } 331 else{ 332 throw new AuthorizationDeniedException("Client certificate required."); 333 } 334 return returnval; 335 } 336 337 338 public boolean isAuthorizedNoLog(String resource) throws AuthorizationDeniedException { 339 boolean returnval=false; 340 if(certificates != null){ 341 returnval= authorizedatahandler.isAuthorizedNoLog(administrator,resource); 342 } 343 else{ 344 throw new AuthorizationDeniedException("Client certificate required."); 345 } 346 return returnval; 347 } 348 349 350 352 public boolean isAuthorizedNoLog(int resource) throws AuthorizationDeniedException { 353 boolean returnval=false; 354 if(certificates != null){ 355 if(raauthorized[resource] == null) 356 raauthorized[resource] = Boolean.valueOf(authorizedatahandler.isAuthorizedNoLog(new Admin(certificates[0]),AUTHORIZED_RA_RESOURCES[resource])); 357 358 returnval = raauthorized[resource].booleanValue(); 359 } 360 else{ 361 throw new AuthorizationDeniedException("Client certificate required."); 362 } 363 return returnval; 364 } 365 366 public String getBaseUrl(){return globalconfiguration.getBaseUrl(requestServerName);} 367 368 369 public AdminPreference getAdminPreference() throws Exception { 370 AdminPreference returnval = adminspreferences.getAdminPreference(certificatefingerprint); 371 if(returnval==null) 372 returnval = currentadminpreference; 373 return returnval; 374 } 375 376 377 public AdminPreferenceDataHandler getAdminPreferences() { 378 return adminspreferences; 379 } 380 381 public AuthorizationDataHandler getAuthorizationDataHandler(){ 382 return authorizedatahandler; 383 } 384 385 386 public GlobalConfiguration getGlobalConfiguration() { 387 return this.informationmemory.getGlobalConfiguration(); 388 } 389 390 394 public String getHelpfileInfix(String helpfilename) { 395 String returnedurl=null; 396 String [] strs = adminsweblanguage.getAvailableLanguages(); 397 int index = currentadminpreference.getPreferedLanguage(); 398 String prefered = strs[index]; 399 prefered = prefered.toLowerCase(); 400 String secondary = adminsweblanguage.getAvailableLanguages()[currentadminpreference.getSecondaryLanguage()] 401 .toLowerCase(); 402 403 String helpfile = helpfilename.substring(0,helpfilename.lastIndexOf('.')); 404 String postfix = helpfilename.substring(helpfilename.lastIndexOf('.')+1); 405 406 String preferedfilename = "/" + globalconfiguration.getHelpPath()+"/" 407 + helpfile + "." + prefered + "." + postfix; 408 409 String preferedurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 410 + globalconfiguration .getHelpPath()+"/" 411 + helpfile + "." + prefered + "." + postfix; 412 413 String secondaryurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 414 + globalconfiguration .getHelpPath()+"/" 415 + helpfile + "." + secondary + "." + postfix; 416 417 if(this.getClass().getResourceAsStream(preferedfilename) != null) 418 returnedurl = preferedurl; 419 else 420 returnedurl = secondaryurl; 421 422 return returnedurl; 423 } 424 425 439 440 public String getImagefileInfix(String imagefilename) { 441 String returnedurl=null; 442 String [] strs = adminsweblanguage.getAvailableLanguages(); 443 int index = currentadminpreference.getPreferedLanguage(); 444 String prefered = strs[index]; 445 prefered = prefered.toLowerCase(); 446 String secondary = adminsweblanguage.getAvailableLanguages()[currentadminpreference.getSecondaryLanguage()] 447 .toLowerCase(); 448 449 String imagefile = imagefilename.substring(0,imagefilename.lastIndexOf('.')); 450 String theme = currentadminpreference.getTheme().toLowerCase(); 451 String postfix = imagefilename.substring(imagefilename.lastIndexOf('.')+1); 452 453 String preferedthemefilename = "/" + globalconfiguration .getImagesPath()+"/" 454 + imagefile + "." + theme + "." + prefered + "." + postfix; 455 String secondarythemefilename = "/" + globalconfiguration .getImagesPath()+"/" 456 + imagefile + "." + theme + "." + secondary + "." + postfix; 457 String themefilename = "/" + globalconfiguration .getImagesPath()+"/" 458 + imagefile + "." + theme + "." + postfix; 459 460 String preferedfilename = "/" + globalconfiguration .getImagesPath()+"/" 461 + imagefile + "." + prefered + "." + postfix; 462 463 String secondaryfilename = "/" + globalconfiguration .getImagesPath()+"/" 464 + imagefile + "." + secondary + "." + postfix; 465 466 String preferedthemeurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 467 + globalconfiguration .getImagesPath()+"/" 468 + imagefile + "." + theme + "." + prefered + "." + postfix; 469 470 String secondarythemeurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 471 + globalconfiguration .getImagesPath()+"/" 472 + imagefile + "." + theme + "." + secondary + "." + postfix; 473 474 String imagethemeurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 475 + globalconfiguration .getImagesPath()+"/" 476 + imagefile + "." + theme + "." + postfix; 477 478 479 String preferedurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 480 + globalconfiguration .getImagesPath()+"/" 481 + imagefile + "." + prefered + "." + postfix; 482 483 String secondaryurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 484 + globalconfiguration .getImagesPath()+"/" 485 + imagefile + "." + secondary + "." + postfix; 486 487 String imageurl = getBaseUrl() + globalconfiguration .getAdminWebPath() 488 + globalconfiguration .getImagesPath()+"/" 489 + imagefile + "." + postfix; 490 if(this.getClass().getResourceAsStream(preferedthemefilename) != null) 491 returnedurl = preferedthemeurl; 492 else{ 493 if(this.getClass().getResourceAsStream(secondarythemefilename) != null) 494 returnedurl = secondarythemeurl; 495 else{ 496 if(this.getClass().getResourceAsStream(themefilename) != null) 497 returnedurl = imagethemeurl; 498 else{ 499 if(this.getClass().getResourceAsStream(preferedfilename) != null) 500 returnedurl = preferedurl; 501 else{ 502 if(this.getClass().getResourceAsStream(secondaryfilename) != null) 503 returnedurl = secondaryurl; 504 else 505 returnedurl = imageurl; 506 } 507 } 508 } 509 } 510 return returnedurl; 511 } 512 513 514 public String [] getAvailableLanguages() { 515 return adminsweblanguage.getAvailableLanguages(); 516 } 517 public String getText(String template){ 518 return adminsweblanguage.getText(template); 519 } 520 525 public String getText(String template, boolean unescape){ 526 String str = getText(template); 527 return HTMLTools.htmlunescape(str); 528 } 529 530 public String printDate(Date date){ 531 return DateFormat.getDateInstance(DateFormat.SHORT).format(date); 532 } 533 534 public String printDateTime(Date date){ 535 return DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT).format(date); 536 } 537 538 public void reloadGlobalConfiguration() throws Exception { 539 globalconfiguration = globaldataconfigurationdatahandler.loadGlobalConfiguration(); 540 informationmemory.systemConfigurationEdited(globalconfiguration); 541 } 542 543 public void saveGlobalConfiguration() throws Exception { 544 globaldataconfigurationdatahandler.saveGlobalConfiguration(globalconfiguration); 545 informationmemory.systemConfigurationEdited(globalconfiguration); 546 } 547 548 public boolean existsAdminPreference() throws Exception { 549 return adminspreferences.existsAdminPreference(certificatefingerprint); 550 } 551 552 public void addAdminPreference(AdminPreference ap) throws Exception { 553 currentadminpreference = ap; 554 adminspreferences.addAdminPreference(certificatefingerprint,ap); 555 adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage() 556 ,currentadminpreference.getSecondaryLanguage()); 557 } 558 559 public Collection getAuthorizedCAIds(){ 560 return this.informationmemory.getAuthorizedCAIds(); 561 } 562 563 public void changeAdminPreference(AdminPreference ap) throws Exception { 564 currentadminpreference = ap; 565 adminspreferences.changeAdminPreference(certificatefingerprint,ap); 566 adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage() 567 ,currentadminpreference.getSecondaryLanguage()); 568 } 569 570 public AdminPreference getDefaultAdminPreference() throws Exception { 571 return adminspreferences.getDefaultAdminPreference(); 572 } 574 public void saveDefaultAdminPreference(AdminPreference dap) throws Exception { 575 adminspreferences.saveDefaultAdminPreference(dap); 576 577 currentadminpreference = adminspreferences.getAdminPreference(certificatefingerprint); 579 if(currentadminpreference == null){ 580 currentadminpreference = adminspreferences.getDefaultAdminPreference(); 581 } 582 adminsweblanguage = new WebLanguages(servletContext, globalconfiguration, currentadminpreference.getPreferedLanguage() 583 ,currentadminpreference.getSecondaryLanguage()); 584 } 586 public InformationMemory getInformationMemory(){ 587 return this.informationmemory; 588 } 589 590 public Admin getAdminObject(){ 591 return this.administrator; 592 } 593 } 594 | Popular Tags |