1 13 14 package org.ejbca.ui.web.admin.rainterface; 15 16 import java.util.HashSet ; 17 18 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 19 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 20 import org.ejbca.core.ejb.ra.raadmin.LocalRaAdminSessionBean; 21 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 22 import org.ejbca.core.model.log.Admin; 23 import org.ejbca.core.model.ra.raadmin.EndEntityProfile; 24 import org.ejbca.core.model.ra.raadmin.EndEntityProfileExistsException; 25 import org.ejbca.ui.web.admin.configuration.InformationMemory; 26 27 32 public class EndEntityProfileDataHandler implements java.io.Serializable { 33 34 public static final String EMPTY_PROFILE = LocalRaAdminSessionBean.EMPTY_ENDENTITYPROFILE; 35 36 public EndEntityProfileDataHandler(Admin administrator, IRaAdminSessionLocal raadminsession, IAuthorizationSessionLocal authorizationsession, InformationMemory info) { 37 this.raadminsession = raadminsession; 38 this.authorizationsession = authorizationsession; 39 this.administrator = administrator; 40 this.info = info; 41 } 42 43 44 public void addEndEntityProfile(String name, EndEntityProfile profile) throws EndEntityProfileExistsException, AuthorizationDeniedException { 45 if(authorizedToProfile(profile, true)){ 46 raadminsession.addEndEntityProfile(administrator, name, profile); 47 this.info.endEntityProfilesEdited(); 48 }else 49 throw new AuthorizationDeniedException("Not authorized to add end entity profile"); 50 } 51 52 53 public void changeEndEntityProfile(String name, EndEntityProfile profile) throws AuthorizationDeniedException{ 54 if(authorizedToProfile(profile, true)){ 55 raadminsession.changeEndEntityProfile(administrator, name,profile); 56 this.info.endEntityProfilesEdited(); 57 }else 58 throw new AuthorizationDeniedException("Not authorized to edit end entity profile"); 59 } 60 61 62 public void removeEndEntityProfile(String name) throws AuthorizationDeniedException{ 63 if(authorizedToProfileName(name, true)){ 64 raadminsession.removeEndEntityProfile(administrator, name); 65 this.info.endEntityProfilesEdited(); 66 }else 67 throw new AuthorizationDeniedException("Not authorized to remove end entity profile"); 68 } 69 70 71 public void renameEndEntityProfile(String oldname, String newname) throws EndEntityProfileExistsException, AuthorizationDeniedException{ 72 if(authorizedToProfileName(oldname, true)){ 73 raadminsession.renameEndEntityProfile(administrator, oldname,newname); 74 this.info.endEntityProfilesEdited(); 75 }else 76 throw new AuthorizationDeniedException("Not authorized to rename end entity profile"); 77 } 78 79 80 public void cloneEndEntityProfile(String originalname, String newname) throws EndEntityProfileExistsException, AuthorizationDeniedException{ 81 if(authorizedToProfileName(originalname, true)){ 82 raadminsession.cloneEndEntityProfile(administrator, originalname,newname); 83 this.info.endEntityProfilesEdited(); 84 }else 85 throw new AuthorizationDeniedException("Not authorized to clone end entity profile"); 86 } 87 88 89 public EndEntityProfile getEndEntityProfile(int id) throws AuthorizationDeniedException{ 90 if(!authorizedToProfileId(id, false)) 91 throw new AuthorizationDeniedException("Not authorized to end entity profile"); 92 93 return raadminsession.getEndEntityProfile(administrator, id); 94 } 95 96 public EndEntityProfile getEndEntityProfile(String profilename) throws AuthorizationDeniedException{ 97 if(!authorizedToProfileName(profilename, false)) 98 throw new AuthorizationDeniedException("Not authorized to end entity profile"); 99 100 return raadminsession.getEndEntityProfile(administrator, profilename); 101 } 102 103 104 public int getEndEntityProfileId(String profilename){ 105 return raadminsession.getEndEntityProfileId(administrator, profilename); 106 } 107 108 109 110 113 private boolean authorizedToProfileName(String profilename, boolean editcheck){ 114 EndEntityProfile profile = null; 115 if(profilename.equals(LocalRaAdminSessionBean.EMPTY_ENDENTITYPROFILE)) 116 profile = null; 117 else 118 profile = raadminsession.getEndEntityProfile(administrator, profilename); 119 120 return authorizedToProfile(profile, editcheck); 121 } 122 123 124 127 private boolean authorizedToProfileId(int profileid, boolean editcheck){ 128 EndEntityProfile profile = null; 129 if(profileid == LocalRaAdminSessionBean.EMPTY_ENDENTITYPROFILEID) 130 profile = null; 131 else 132 profile = raadminsession.getEndEntityProfile(administrator, profileid); 133 134 return authorizedToProfile(profile, editcheck); 135 } 136 137 140 private boolean authorizedToProfile(EndEntityProfile profile, boolean editcheck){ 141 boolean returnval = false; 142 boolean allexists = false; 143 try{ 144 if(editcheck) 145 authorizationsession.isAuthorizedNoLog(administrator, "/ra_functionality/edit_end_entity_profiles"); 146 147 HashSet authorizedcaids = new HashSet (authorizationsession.getAuthorizedCAIds(administrator)); 148 149 if(profile == null && editcheck){ 150 authorizationsession.isAuthorizedNoLog(administrator, "/super_administrator"); 151 } 152 if(profile == null){ 153 returnval = true; 154 }else{ 155 String availablecasstring = profile.getValue(EndEntityProfile.AVAILCAS, 0); 156 if(availablecasstring == null || availablecasstring.equals("")){ 157 allexists = true; 158 }else{ 159 String [] availablecas = profile.getValue(EndEntityProfile.AVAILCAS, 0).split(EndEntityProfile.SPLITCHAR); 160 allexists = true; 161 for(int j=0; j < availablecas.length; j++){ 162 if(!authorizedcaids.contains( new Integer (availablecas[j]))){ 163 allexists = false; 164 } 165 } 166 } 167 returnval = allexists; 168 } 169 }catch(AuthorizationDeniedException e){} 170 171 return returnval; 172 } 173 174 private IRaAdminSessionLocal raadminsession; 175 private Admin administrator; 176 private IAuthorizationSessionLocal authorizationsession; 177 private InformationMemory info; 178 } 179 | Popular Tags |