1 13 14 package org.ejbca.ui.web.admin.hardtokeninterface; 15 16 import java.io.Serializable ; 17 import java.util.HashMap ; 18 import java.util.HashSet ; 19 20 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 21 import org.ejbca.core.ejb.ca.store.CertificateDataBean; 22 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal; 23 import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal; 24 import org.ejbca.core.ejb.ra.IUserAdminSessionLocal; 25 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 26 import org.ejbca.core.model.hardtoken.HardTokenProfileExistsException; 27 import org.ejbca.core.model.hardtoken.profiles.EIDProfile; 28 import org.ejbca.core.model.hardtoken.profiles.HardTokenProfile; 29 import org.ejbca.core.model.log.Admin; 30 import org.ejbca.ui.web.admin.configuration.InformationMemory; 31 import org.ejbca.util.Base64PutHashMap; 32 33 39 public class HardTokenProfileDataHandler implements Serializable { 40 41 42 43 44 public HardTokenProfileDataHandler(Admin administrator, IHardTokenSessionLocal hardtokensession, ICertificateStoreSessionLocal certificatesession, IAuthorizationSessionLocal authorizationsession, 45 IUserAdminSessionLocal useradminsession, InformationMemory info) { 46 this.hardtokensession = hardtokensession; 47 this.authorizationsession = authorizationsession; 48 this.certificatesession = certificatesession; 49 this.useradminsession = useradminsession; 50 this.administrator = administrator; 51 this.info = info; 52 } 53 54 58 public boolean addHardTokenProfile(String name, HardTokenProfile profile) throws HardTokenProfileExistsException, AuthorizationDeniedException { 59 boolean success = false; 60 if(authorizedToProfile(profile, true)){ 61 if(checkXMLEncoding(profile)){ 62 hardtokensession.addHardTokenProfile(administrator, name, profile); 63 this.info.hardTokenDataEdited(); 64 success=true; 65 } 66 67 }else 68 throw new AuthorizationDeniedException("Not authorized to add hard token profile"); 69 70 return success; 71 } 72 73 74 75 79 public boolean changeHardTokenProfile(String name, HardTokenProfile profile) throws AuthorizationDeniedException{ 80 boolean success = false; 81 if(authorizedToProfile(profile, true)){ 82 if(checkXMLEncoding(profile)){ 83 hardtokensession.changeHardTokenProfile(administrator, name,profile); 84 this.info.hardTokenDataEdited(); 85 success=true; 86 } 87 }else 88 throw new AuthorizationDeniedException("Not authorized to edit hard token profile"); 89 90 return success; 91 } 92 93 94 public boolean removeHardTokenProfile(String name) throws AuthorizationDeniedException{ 95 boolean returnval = true; 96 97 int profileid = getHardTokenProfileId(name); 98 99 if(useradminsession.checkForHardTokenProfileId(administrator, profileid)) 100 return true; 101 102 if(hardtokensession.existsHardTokenProfileInHardTokenIssuer(administrator, profileid)) 103 return true; 104 105 if(authorizedToProfileName(name, true)){ 106 hardtokensession.removeHardTokenProfile(administrator, name); 107 this.info.hardTokenDataEdited(); 108 returnval = false; 109 }else 110 throw new AuthorizationDeniedException("Not authorized to remove hard token profile"); 111 112 return returnval; 113 } 114 115 116 public void renameHardTokenProfile(String oldname, String newname) throws HardTokenProfileExistsException, AuthorizationDeniedException{ 117 if(authorizedToProfileName(oldname, true)){ 118 hardtokensession.renameHardTokenProfile(administrator, oldname,newname); 119 this.info.hardTokenDataEdited(); 120 }else 121 throw new AuthorizationDeniedException("Not authorized to rename hard token profile"); 122 } 123 124 125 public void cloneHardTokenProfile(String originalname, String newname) throws HardTokenProfileExistsException, AuthorizationDeniedException{ 126 if(authorizedToProfileName(originalname, false)){ 127 hardtokensession.cloneHardTokenProfile(administrator, originalname,newname); 128 this.info.hardTokenDataEdited(); 129 }else 130 throw new AuthorizationDeniedException("Not authorized to clone hard token profile"); 131 } 132 133 134 135 136 public HardTokenProfile getHardTokenProfile(int id) throws AuthorizationDeniedException{ 137 if(!authorizedToProfileId(id, false)) 138 throw new AuthorizationDeniedException("Not authorized to hard token profile"); 139 140 return hardtokensession.getHardTokenProfile(administrator, id); 141 } 142 143 public HardTokenProfile getHardTokenProfile(String profilename) throws AuthorizationDeniedException{ 144 if(!authorizedToProfileName(profilename, false)) 145 throw new AuthorizationDeniedException("Not authorized to hard token profile"); 146 147 return hardtokensession.getHardTokenProfile(administrator, profilename); 148 } 149 150 151 public int getHardTokenProfileId(String profilename){ 152 return hardtokensession.getHardTokenProfileId(administrator, profilename); 153 } 154 155 156 159 private boolean authorizedToProfileName(String profilename, boolean editcheck){ 160 HardTokenProfile profile = hardtokensession.getHardTokenProfile(administrator, profilename); 161 return authorizedToProfile(profile, editcheck); 162 } 163 164 165 168 private boolean authorizedToProfileId(int profileid, boolean editcheck){ 169 HardTokenProfile profile = hardtokensession.getHardTokenProfile(administrator, profileid); 170 return authorizedToProfile(profile, editcheck); 171 } 172 173 176 private boolean authorizedToProfile(HardTokenProfile profile, boolean editcheck){ 177 boolean returnval = false; 178 try{ 179 try{ 180 authorizationsession.isAuthorizedNoLog(administrator, "/super_administrator"); 181 return true; 182 }catch(AuthorizationDeniedException ade){} 183 184 if(editcheck) 185 authorizationsession.isAuthorizedNoLog(administrator, "/hardtoken_functionality/edit_hardtoken_profiles"); 186 HashSet authorizedcertprofiles = new HashSet (certificatesession.getAuthorizedCertificateProfileIds(administrator, CertificateDataBean.CERTTYPE_HARDTOKEN)); 187 HashSet authorizedcaids = new HashSet (authorizationsession.getAuthorizedCAIds(administrator)); 188 if(profile instanceof EIDProfile){ 189 if(authorizedcertprofiles.containsAll(((EIDProfile) profile).getAllCertificateProfileIds()) && 190 authorizedcaids.containsAll(((EIDProfile) profile).getAllCAIds())){ 191 returnval = true; 192 } 193 }else{ 194 } 196 197 }catch(AuthorizationDeniedException e){} 198 199 return returnval; 200 } 201 202 207 private boolean checkXMLEncoding(HardTokenProfile profile) { 208 boolean success = false; 209 try{ 210 211 java.io.ByteArrayOutputStream baos = new java.io.ByteArrayOutputStream (); 212 213 HashMap a = new Base64PutHashMap(); 215 a.putAll((HashMap )profile.saveData()); 216 java.beans.XMLEncoder encoder = new java.beans.XMLEncoder (baos); 217 encoder.writeObject(a); 218 encoder.close(); 219 String data = baos.toString("UTF8"); 220 java.beans.XMLDecoder decoder = new java.beans.XMLDecoder ( 221 new java.io.ByteArrayInputStream (data.getBytes("UTF8"))); 222 decoder.readObject(); 223 decoder.close(); 224 225 success = true; 226 } catch (Exception e) { 227 success = false; 228 } 229 230 return success; 231 } 232 233 private IHardTokenSessionLocal hardtokensession; 234 private Admin administrator; 235 private IAuthorizationSessionLocal authorizationsession; 236 private ICertificateStoreSessionLocal certificatesession; 237 private IUserAdminSessionLocal useradminsession; 238 private InformationMemory info; 239 } 240 | Popular Tags |