1 13 14 19 20 package org.ejbca.ui.web.admin.configuration; 21 import java.util.ArrayList ; 22 import java.util.Collection ; 23 import java.util.HashMap ; 24 import java.util.HashSet ; 25 import java.util.Iterator ; 26 import java.util.TreeMap ; 27 28 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 29 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal; 30 import org.ejbca.core.ejb.ca.publisher.IPublisherSessionLocal; 31 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 32 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal; 33 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 34 import org.ejbca.core.model.SecConst; 35 import org.ejbca.core.model.authorization.AdminGroup; 36 import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile; 37 import org.ejbca.core.model.log.Admin; 38 import org.ejbca.core.model.ra.RAAuthorization; 39 import org.ejbca.core.model.ra.raadmin.EndEntityProfile; 40 import org.ejbca.core.model.ra.raadmin.GlobalConfiguration; 41 import org.ejbca.ui.web.admin.cainterface.CAAuthorization; 42 import org.ejbca.ui.web.admin.cainterface.CertificateProfileNameProxy; 43 import org.ejbca.ui.web.admin.hardtokeninterface.HardTokenAuthorization; 44 import org.ejbca.ui.web.admin.loginterface.LogAuthorization; 45 import org.ejbca.ui.web.admin.rainterface.EndEntityProfileNameProxy; 46 47 48 54 public class InformationMemory implements java.io.Serializable { 55 56 57 public InformationMemory(Admin administrator, 58 ICAAdminSessionLocal caadminsession, 59 IRaAdminSessionLocal raadminsession, 60 IAuthorizationSessionLocal authorizationsession, 61 ICertificateStoreSessionLocal certificatestoresession, 62 IHardTokenSessionLocal hardtokensession, 63 IPublisherSessionLocal publishersession, 64 GlobalConfiguration globalconfiguration){ 65 this.caadminsession = caadminsession; 66 this.administrator = administrator; 67 this.raadminsession = raadminsession; 68 this.authorizationsession = authorizationsession; 69 this.certificatestoresession = certificatestoresession; 70 this.publishersession = publishersession; 71 this.globalconfiguration = globalconfiguration; 72 73 this.raauthorization = new RAAuthorization(administrator, raadminsession, authorizationsession); 74 this.caauthorization = new CAAuthorization(administrator, caadminsession, certificatestoresession, authorizationsession); 75 this.logauthorization = new LogAuthorization(administrator, authorizationsession); 76 this.hardtokenauthorization = new HardTokenAuthorization(administrator, hardtokensession, authorizationsession); 77 } 78 79 80 83 public HashMap getEndEntityProfileIdToNameMap(){ 84 if(endentityprofileidtonamemap == null){ 85 endentityprofileidtonamemap = raadminsession.getEndEntityProfileIdToNameMap(administrator); 86 } 87 88 return endentityprofileidtonamemap; 89 } 90 91 92 95 public HashMap getCertificateProfileIdToNameMap(){ 96 if(certificateprofileidtonamemap == null){ 97 certificateprofileidtonamemap = this.certificatestoresession.getCertificateProfileIdToNameMap(administrator); 98 } 99 100 return certificateprofileidtonamemap; 101 } 102 103 106 public HashMap getCAIdToNameMap(){ 107 if(caidtonamemap == null){ 108 caidtonamemap = caadminsession.getCAIdToNameMap(administrator); 109 } 110 111 return caidtonamemap; 112 } 113 114 117 public HashMap getHardTokenProfileIdToNameMap(){ 118 return this.hardtokenauthorization.getHardTokenProfileIdToNameMap(); 119 } 120 121 124 public TreeMap getAuthorizedEndEntityProfileNames(){ 125 return this.raauthorization.getAuthorizedEndEntityProfileNames(); 126 } 127 128 131 public TreeMap getCreateAuthorizedEndEntityProfileNames(){ 132 if(globalconfiguration.getEnableEndEntityProfileLimitations()) 133 return this.raauthorization.getCreateAuthorizedEndEntityProfileNames(); 134 135 return this.raauthorization.getAuthorizedEndEntityProfileNames(); 136 } 137 138 141 public TreeMap getViewAuthorizedEndEntityProfileNames(){ 142 if(globalconfiguration.getEnableEndEntityProfileLimitations()) 143 return this.raauthorization.getViewAuthorizedEndEntityProfileNames(); 144 145 return this.raauthorization.getAuthorizedEndEntityProfileNames(); 146 } 147 148 149 152 public TreeMap getAuthorizedEndEntityCertificateProfileNames(){ 153 return this.caauthorization.getAuthorizedEndEntityCertificateProfileNames(getGlobalConfiguration().getIssueHardwareTokens()); 154 } 155 156 159 public TreeMap getAuthorizedSubCACertificateProfileNames(){ 160 return this.caauthorization.getAuthorizedSubCACertificateProfileNames(); 161 } 162 163 166 public TreeMap getAuthorizedRootCACertificateProfileNames(){ 167 return this.caauthorization.getAuthorizedRootCACertificateProfileNames(); 168 } 169 170 173 public TreeMap getEditCertificateProfileNames(){ 174 return this.caauthorization.getEditCertificateProfileNames(getGlobalConfiguration().getIssueHardwareTokens()); 175 } 176 177 181 public TreeMap getCANames(){ 182 return this.caauthorization.getCANames(); 183 } 184 185 189 public TreeMap getAllCANames(){ 190 return this.caauthorization.getAllCANames(); 191 } 192 193 194 197 public String getViewLogQueryString(){ 198 return this.logauthorization.getViewLogRights(); 199 } 200 201 204 public String getViewLogCAIdString(){ 205 return this.logauthorization.getCARights(); 206 } 207 208 211 public Collection getAuthorizedModules(){ 212 return this.logauthorization.getAuthorizedModules(); 213 } 214 215 218 public String getUserDataQueryCAAuthoorizationString(){ 219 return this.raauthorization.getCAAuthorizationString(); 220 } 221 222 225 public String getUserDataQueryEndEntityProfileAuthorizationString(){ 226 return this.raauthorization.getEndEntityProfileAuthorizationString(true); 227 } 228 229 230 233 public Collection getAuthorizedCAIds(){ 234 return caauthorization.getAuthorizedCAIds(); 235 } 236 237 240 public GlobalConfiguration getGlobalConfiguration(){ 241 return globalconfiguration; 242 } 243 244 247 public EndEntityProfileNameProxy getEndEntityProfileNameProxy(){ 248 if(endentityprofilenameproxy == null) 249 endentityprofilenameproxy = new EndEntityProfileNameProxy(administrator, raadminsession); 250 251 return endentityprofilenameproxy; 252 } 253 254 257 public CertificateProfileNameProxy getCertificateProfileNameProxy(){ 258 if(certificateprofilenameproxy == null) 259 certificateprofilenameproxy = new CertificateProfileNameProxy(administrator, certificatestoresession); 260 261 return certificateprofilenameproxy; 262 } 263 264 269 public HashMap getPublisherIdToNameMap(){ 270 if(publisheridtonamemap == null) 271 publisheridtonamemap = publishersession.getPublisherIdToNameMap(administrator); 272 273 return publisheridtonamemap; 274 } 275 276 279 public TreeMap getAuthorizedPublisherNames(){ 280 if(publishernames==null){ 281 publishernames = new TreeMap (); 282 Iterator iter = publishersession.getAuthorizedPublisherIds(administrator).iterator(); 283 HashMap idtonamemap = getPublisherIdToNameMap(); 284 while(iter.hasNext()){ 285 Integer id = (Integer ) iter.next(); 286 publishernames.put(idtonamemap.get(id),id); 287 } 288 } 289 return publishernames; 290 } 291 292 302 303 public HashMap getEndEntityAvailableCAs(int endentityprofileid){ 304 if(endentityavailablecas == null){ 305 Collection authorizedcas = getAuthorizedCAIds(); 307 308 HashMap certproftemp = new HashMap (); 309 310 endentityavailablecas = new HashMap (); 311 Iterator endentityprofileiter = raadminsession.getAuthorizedEndEntityProfileIds(administrator).iterator(); 312 while(endentityprofileiter.hasNext()){ 313 Integer nextendentityprofileid = (Integer ) endentityprofileiter.next(); 314 EndEntityProfile endentityprofile = raadminsession.getEndEntityProfile(administrator,nextendentityprofileid.intValue()); 315 String [] values = endentityprofile.getValue(EndEntityProfile.AVAILCAS,0).split(EndEntityProfile.SPLITCHAR); 316 ArrayList endentityprofileavailcas = new ArrayList (); 317 for(int i=0;i < values.length;i++){ 318 endentityprofileavailcas.add(new Integer (values[i])); 319 } 320 321 boolean endentityprofileallcas = false; 322 if(endentityprofileavailcas.contains(new Integer (SecConst.ALLCAS))){ 323 endentityprofileallcas = true; 324 } 325 326 values = endentityprofile.getValue(EndEntityProfile.AVAILCERTPROFILES,0).split(EndEntityProfile.SPLITCHAR); 327 HashMap certificateprofilemap = new HashMap (); 328 for(int i=0;i < values.length;i++){ 329 Integer nextcertprofileid = new Integer (values[i]); 330 CertificateProfile certprofile = (CertificateProfile) certproftemp.get(nextcertprofileid); 331 if(certprofile == null){ 332 certprofile = certificatestoresession.getCertificateProfile(administrator,nextcertprofileid.intValue()); 333 certproftemp.put(nextcertprofileid,certprofile); 334 } 335 336 Collection certprofilesavailablecas = certprofile.getAvailableCAs(); 337 if(certprofilesavailablecas.contains(new Integer (CertificateProfile.ANYCA))){ 338 ArrayList authorizedcastemp = new ArrayList (authorizedcas); 339 if(!endentityprofileallcas) 340 authorizedcastemp.retainAll(endentityprofileavailcas); 341 certificateprofilemap.put(nextcertprofileid,authorizedcastemp); 342 }else{ 343 ArrayList authorizedcastemp = new ArrayList (authorizedcas); 344 if(!endentityprofileallcas) 345 authorizedcastemp.retainAll(endentityprofileavailcas); 346 authorizedcastemp.retainAll(certprofilesavailablecas); 347 certificateprofilemap.put(nextcertprofileid,authorizedcastemp); 348 } 349 } 350 endentityavailablecas.put(nextendentityprofileid, certificateprofilemap); 351 } 352 } 353 354 return (HashMap ) endentityavailablecas.get(new Integer (endentityprofileid)); 355 } 356 357 362 363 public HashSet getAuthorizedAccessRules(){ 364 if(authorizedaccessrules == null) 365 authorizedaccessrules = new HashSet (authorizationsession.getAuthorizedAvailableAccessRules(administrator)); 366 367 return authorizedaccessrules; 368 } 369 370 373 public TreeMap getHardTokenProfiles(){ 374 return hardtokenauthorization.getHardTokenProfiles(); 375 } 376 377 380 public boolean authorizedToHardTokenProfiles(String name){ 381 return hardtokenauthorization.authorizedToHardTokenProfile(name); 382 } 383 384 387 public TreeMap getHardTokenIssuers(){ 388 return hardtokenauthorization.getHardTokenIssuers(); 389 } 390 391 394 public boolean authorizedToHardTokenIssuer(String alias){ 395 return hardtokenauthorization.authorizedToHardTokenIssuer(alias); 396 } 397 398 399 402 public Collection getHardTokenIssuingAdminGroups(){ 403 return hardtokenauthorization.getHardTokenIssuingAdminGroups(); 404 } 405 406 409 410 public TreeMap getAuthorizedAdminGroups(){ 411 if(authgroups == null){ 412 authgroups = new TreeMap (); 413 HashMap caidtoname = getCAIdToNameMap(); 414 Iterator iter = this.authorizationsession.getAuthorizedAdminGroupNames(administrator).iterator(); 415 while(iter.hasNext()){ 416 AdminGroup admingroup = (AdminGroup) iter.next(); 417 authgroups.put(admingroup.getAdminGroupName() + ", CA: " + caidtoname.get(new Integer (admingroup.getCAId())),new Integer (admingroup.getAdminGroupId())); 418 } 419 } 420 421 return authgroups; 422 } 423 424 425 428 429 public HashMap getAdminGroupIdToNameMap(){ 430 if(admingrpidmap == null){ 431 TreeMap admingrpnames = getAuthorizedAdminGroups(); 432 admingrpidmap = new HashMap (); 433 Iterator iter = admingrpnames.keySet().iterator(); 434 while(iter.hasNext()){ 435 Object next = iter.next(); 436 admingrpidmap.put(admingrpnames.get(next) ,next); 437 } 438 439 } 440 441 return admingrpidmap; 442 } 443 444 445 448 public void cAsEdited(){ 449 authgroups = null; 450 admingrpidmap = null; 451 caidtonamemap = null; 452 endentityavailablecas = null; 453 authorizedaccessrules = null; 454 logauthorization.clear(); 455 raauthorization.clear(); 456 caauthorization.clear(); 457 hardtokenauthorization.clear(); 458 } 459 460 461 464 public void endEntityProfilesEdited(){ 465 endentityprofileidtonamemap = null; 466 endentityprofilenameproxy = null; 467 endentityavailablecas = null; 468 authorizedaccessrules = null; 469 raauthorization.clear(); 470 } 471 472 475 public void certificateProfilesEdited(){ 476 certificateprofileidtonamemap = null; 477 certificateprofilenameproxy = null; 478 endentityavailablecas = null; 479 raauthorization.clear(); 480 caauthorization.clear(); 481 hardtokenauthorization.clear(); 482 } 483 484 487 public void publishersEdited(){ 488 publisheridtonamemap = null; 489 publishernames = null; 490 } 491 492 495 public void administrativePriviledgesEdited(){ 496 endentityavailablecas = null; 497 authgroups = null; 498 admingrpidmap = null; 499 logauthorization.clear(); 500 raauthorization.clear(); 501 caauthorization.clear(); 502 hardtokenauthorization.clear(); 503 } 504 505 508 public void hardTokenDataEdited(){ 509 hardtokenauthorization.clear(); 510 } 511 512 513 516 public void systemConfigurationEdited(GlobalConfiguration globalconfiguration){ 517 this.globalconfiguration = globalconfiguration; 518 logauthorization.clear(); 519 raauthorization.clear(); 520 caauthorization.clear(); 521 hardtokenauthorization.clear(); 522 } 523 524 525 private Admin administrator; 527 private ICAAdminSessionLocal caadminsession; 529 private IRaAdminSessionLocal raadminsession; 530 private IAuthorizationSessionLocal authorizationsession; 531 private IPublisherSessionLocal publishersession; 532 private ICertificateStoreSessionLocal certificatestoresession; 533 534 LogAuthorization logauthorization = null; 536 RAAuthorization raauthorization = null; 537 CAAuthorization caauthorization = null; 538 HardTokenAuthorization hardtokenauthorization = null; 539 540 HashMap endentityprofileidtonamemap = null; 541 HashMap caidtonamemap = null; 542 HashMap certificateprofileidtonamemap = null; 543 HashMap endentityavailablecas = null; 544 HashMap publisheridtonamemap = null; 545 546 TreeMap authgroups = null; 547 TreeMap publishernames = null; 548 HashMap admingrpidmap = null; 549 550 HashSet authorizedaccessrules = null; 551 552 GlobalConfiguration globalconfiguration = null; 553 EndEntityProfileNameProxy endentityprofilenameproxy = null; 554 CertificateProfileNameProxy certificateprofilenameproxy = null; 555 } 556 | Popular Tags |