Examples of org.ejbca.config.GlobalConfiguration

• org.ejbca.config.GlobalConfiguration
  This is a class containing global configuration parameters. @version $Id: GlobalConfiguration.java 10397 2010-11-08 14:18:57Z anatom $

  /**
   * Method that returns the global configuration and updates it if necessary.
   */
  @Transient
  public GlobalConfiguration getGlobalConfiguration(){
    GlobalConfiguration returnval = new GlobalConfiguration();
    returnval.loadData(getData());
    return returnval;
  }

        for (AdminGroup adminGroup : adminGroups) {
          availableGroups += (availableGroups.length()==0?"":", ") + "\"" + adminGroup.getAdminGroupName() + "\"";
        }
        getLogger().info("Available Admin groups: " + availableGroups);
        getLogger().info("Available access rules:");
        GlobalConfiguration globalConfiguration = ejb.getGlobalConfigurationSession().getCachedGlobalConfiguration(getAdmin());
        for (String current : (Collection<String>) ejb.getAuthorizationSession().getAuthorizedAvailableAccessRules(getAdmin(), ejb.getCaSession().getAvailableCAs(getAdmin()),
            globalConfiguration.getEnableEndEntityProfileLimitations(), globalConfiguration.getIssueHardwareTokens(), globalConfiguration.getEnableKeyRecovery(),
            ejb.getEndEntityProfileSession().getAuthorizedEndEntityProfileIds(getAdmin()), ejb.getUserDataSourceSession().getAuthorizedUserDataSourceIds(getAdmin(), true))) {
          getLogger().info(" " + getParsedAccessRule(current));
        }
        String availableRules = "";
        for (String current : AccessRule.RULE_TEXTS) {
          availableRules += (availableRules.length()==0?"":", ") + current;
        }
        getLogger().info("Available rules: " + availableRules);
        getLogger().info("Recursive is one of: TRUE, FALSE");
        return;
      }
      String groupName = args[1];
            if (ejb.getAdminGroupSession().getAdminGroup(getAdmin(), groupName) == null) {
              getLogger().error("No such group \"" + groupName + "\" .");
                return;
            }
      String accessRule = getOriginalAccessRule(args[2]);
      GlobalConfiguration globalConfiguration = ejb.getGlobalConfigurationSession().getCachedGlobalConfiguration(getAdmin());
      if (!((Collection<String>) ejb.getAuthorizationSession().getAuthorizedAvailableAccessRules(getAdmin(), ejb.getCaSession().getAvailableCAs(getAdmin()),
          globalConfiguration.getEnableEndEntityProfileLimitations(), globalConfiguration.getIssueHardwareTokens(), globalConfiguration.getEnableKeyRecovery(),
          ejb.getEndEntityProfileSession().getAuthorizedEndEntityProfileIds(getAdmin()), ejb.getUserDataSourceSession().getAuthorizedUserDataSourceIds(getAdmin(), true))).contains(accessRule)) {
        getLogger().error("Accessrule \"" + accessRule + "\" is not available.");
        return;
      }
      int rule = Arrays.asList(AccessRule.RULE_TEXTS).indexOf(args[3]);

        return "Adds a user";
    }

    public void execute(String[] args) throws ErrorAdminCommandException {
        try {
            GlobalConfiguration globalconfiguration = ejb.getGlobalConfigurationSession().getCachedGlobalConfiguration(getAdmin());
            boolean usehardtokens = globalconfiguration.getIssueHardwareTokens();
            boolean usekeyrecovery = globalconfiguration.getEnableKeyRecovery();
            String[] hardtokenissueraliases = null;
            Collection<Integer> authorizedhardtokenprofiles = null;
            HashMap<Integer, String> hardtokenprofileidtonamemap = null;

            if (usehardtokens) {

   * Recievies the request.
   */
  public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    log.trace(">doPost");
    Admin internalAdmin = Admin.getInternalAdmin();
    GlobalConfiguration globalConfiguration = globalConfigurationSession.getCachedGlobalConfiguration(internalAdmin);
    // Make sure we allow use of this Servlet
    if ( !globalConfiguration.getAutoEnrollUse() ) {
      log.info("Unauthorized access attempt from " + request.getRemoteAddr());
      response.getOutputStream().println("Not allowed.");
      return;
    }
    int caid = globalConfiguration.getAutoEnrollCA();
    if (caid == GlobalConfiguration.AUTOENROLL_DEFAULT_CA) {
      log.info("Configure a proper CA to use with enroll.");
      response.getOutputStream().println("Configure a proper CA to use with enroll.");
      return;
    }

    basicAccessRuleSetEncoderCache = null;  // We want this to be re-read
    getEjbcaWebBean().getInformationMemory().administrativePriviledgesEdited();
  }

  private BasicAccessRuleSetEncoder getBasicRuleSetInternal(AdminGroup adminGroup) {
    GlobalConfiguration globalConfiguration = getEjbcaWebBean().getGlobalConfiguration();
    return new BasicAccessRuleSetEncoder(adminGroup.getAccessRules(), getAuthorizationDataHandler().getAvailableAccessRules(),
        globalConfiguration.getIssueHardwareTokens(), globalConfiguration.getEnableKeyRecovery());
  }

    /** Test reset of key recovery mark. */
    public void test05UnmarkKeyRecoveryOnFinish() throws Exception {
        log.trace(">test05UnmarkKeyRecoveryOnFinish()");

        GlobalConfiguration config = globalConfigurationSession.getCachedGlobalConfiguration(admin);
        boolean orgkeyrecconfig = config.getEnableKeyRecovery();
        config.setEnableKeyRecovery(true);
        globalConfigurationSession.saveGlobalConfigurationRemote(admin, config);

        // create certificate for user
        // Set status to NEW
        userAdminSession.setPassword(admin, username1, "foo123");
        userAdminSession.setUserStatus(admin, username1, UserDataConstants.STATUS_NEW);

        // Create a dummy certificate and keypair.
        KeyPair keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
        X509Certificate cert = (X509Certificate) signSession.createCertificate(admin, username1, "foo123", keys.getPublic());

        // First mark the user for recovery
        keyRecoverySession.addKeyRecoveryData(admin, cert, username1, keys);
        userAdminSession.prepareForKeyRecovery(admin, username1, SecConst.EMPTY_ENDENTITYPROFILE, null);

        assertTrue("Failure the users keyrecovery session should have been marked", keyRecoverySession.isUserMarked(admin, username1));

        // Now finish the user (The actual test)
        UserDataVO userdata = userAdminSession.findUser(admin, username1);
        authenticationSessionRemote.finishUser(userdata);
        // And se if the user is still marked

        assertTrue("Failure the users keyrecovery session should have been unmarked", !keyRecoverySession.isUserMarked(admin, username1));

        // Clean up
        keyRecoverySession.removeAllKeyRecoveryData(admin, username1);

        config.setEnableKeyRecovery(orgkeyrecconfig);
        globalConfigurationSession.saveGlobalConfigurationRemote(admin, config);
        log.trace("<test05UnmarkKeyRecoveryOnFinish()");
    }

    }

    protected void genTokenCertificates(boolean onlyOnce) throws Exception {

        GlobalConfiguration gc = globalConfigurationSession.getCachedGlobalConfiguration(intAdmin);
        boolean originalProfileSetting = gc.getEnableEndEntityProfileLimitations();
        gc.setEnableEndEntityProfileLimitations(false);
        globalConfigurationSession.saveGlobalConfigurationRemote(intAdmin, gc);
        if (certificateProfileSession.getCertificateProfileId(intAdmin, "WSTESTPROFILE") != 0) {
            certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
        }

        CertificateProfile profile = new EndUserCertificateProfile();
        profile.setAllowValidityOverride(true);
        certificateProfileSession.addCertificateProfile(intAdmin, "WSTESTPROFILE", profile);

        // first a simple test
        UserDataVOWS tokenUser1 = new UserDataVOWS();
        tokenUser1.setUsername("WSTESTTOKENUSER1");
        tokenUser1.setPassword("foo123");
        tokenUser1.setClearPwd(true);
        tokenUser1.setSubjectDN("CN=WSTESTTOKENUSER1");
        tokenUser1.setCaName(getAdminCAName());
        tokenUser1.setEmail(null);
        tokenUser1.setSubjectAltName(null);
        tokenUser1.setStatus(UserDataVOWS.STATUS_NEW);
        tokenUser1.setTokenType(UserDataVOWS.TOKEN_TYPE_USERGENERATED);
        tokenUser1.setEndEntityProfileName("EMPTY");
        tokenUser1.setCertificateProfileName("ENDUSER");

        KeyPair basickeys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
        PKCS10CertificationRequest basicpkcs10 = new PKCS10CertificationRequest("SHA1WithRSA", CertTools.stringToBcX509Name("CN=NOUSED"),
                basickeys.getPublic(), new DERSet(), basickeys.getPrivate());

        ArrayList<TokenCertificateRequestWS> requests = new ArrayList<TokenCertificateRequestWS>();
        TokenCertificateRequestWS tokenCertReqWS = new TokenCertificateRequestWS();
        tokenCertReqWS.setCAName(getAdminCAName());
        tokenCertReqWS.setCertificateProfileName("WSTESTPROFILE");
        tokenCertReqWS.setValidityIdDays("1");
        tokenCertReqWS.setPkcs10Data(basicpkcs10.getDEREncoded());
        tokenCertReqWS.setType(HardTokenConstants.REQUESTTYPE_PKCS10_REQUEST);
        requests.add(tokenCertReqWS);
        tokenCertReqWS = new TokenCertificateRequestWS();
        tokenCertReqWS.setCAName(getAdminCAName());
        tokenCertReqWS.setCertificateProfileName("ENDUSER");
        tokenCertReqWS.setKeyalg("RSA");
        tokenCertReqWS.setKeyspec("1024");
        tokenCertReqWS.setType(HardTokenConstants.REQUESTTYPE_KEYSTORE_REQUEST);
        requests.add(tokenCertReqWS);

        HardTokenDataWS hardTokenDataWS = setupHardTokenDataWS("12345678");

        List<TokenCertificateResponseWS> responses = ejbcaraws.genTokenCertificates(tokenUser1, requests, hardTokenDataWS, true, false);
        assertTrue(responses.size() == 2);

        Iterator<TokenCertificateResponseWS> iter = responses.iterator();
        TokenCertificateResponseWS next = iter.next();
        assertTrue(next.getType() == HardTokenConstants.RESPONSETYPE_CERTIFICATE_RESPONSE);
        Certificate cert = next.getCertificate();
        X509Certificate realcert = (X509Certificate) CertificateHelper.getCertificate(cert.getCertificateData());
        assertNotNull(realcert);
        assertTrue(realcert.getNotAfter().toString(), realcert.getNotAfter().before(new Date(System.currentTimeMillis() + 2 * 24 * 3600 * 1000)));
        next = iter.next();
        assertTrue(next.getType() == HardTokenConstants.RESPONSETYPE_KEYSTORE_RESPONSE);
        KeyStore keyStore = next.getKeyStore();
        java.security.KeyStore realKeyStore = KeyStoreHelper.getKeyStore(keyStore.getKeystoreData(), HardTokenConstants.TOKENTYPE_PKCS12, "foo123");
        assertTrue(realKeyStore.containsAlias("WSTESTTOKENUSER1"));
        assertTrue(((X509Certificate) realKeyStore.getCertificate("WSTESTTOKENUSER1")).getNotAfter().after(
                new Date(System.currentTimeMillis() + 48 * 24 * 3600 * 1000)));

        if (!onlyOnce) {
            try {
                responses = ejbcaraws.genTokenCertificates(tokenUser1, requests, hardTokenDataWS, false, false);
                assertTrue(false);
            } catch (HardTokenExistsException_Exception e) {

            }
        }

        certificateProfileSession.removeCertificateProfile(intAdmin, "WSTESTPROFILE");
        gc.setEnableEndEntityProfileLimitations(originalProfileSetting);
        globalConfigurationSession.saveGlobalConfigurationRemote(intAdmin, gc);

    }

    }

    protected void keyRecover() throws Exception {
      log.trace(">keyRecover");
        GlobalConfiguration gc = globalConfigurationSession.getCachedGlobalConfiguration(intAdmin);
        boolean krenabled = gc.getEnableKeyRecovery();
        if (krenabled == true) {
            gc.setEnableKeyRecovery(false);
            globalConfigurationSession.saveGlobalConfigurationRemote(intAdmin, gc);
        }

        boolean trows = false;
        try {
            // This should throw an exception that key recovery is not enabled
            ejbcaraws.keyRecoverNewest(CA1_WSTESTUSER1);
        } catch (EjbcaException_Exception e) {
            trows = true;
            // e.printStackTrace();
            assertEquals(e.getMessage(), "Keyrecovery have to be enabled in the system configuration in order to use this command.");
        }
        assertTrue(trows);

        // Set key recovery enabled
        gc.setEnableKeyRecovery(true);
        globalConfigurationSession.saveGlobalConfigurationRemote(intAdmin, gc);

        trows = false;
        try {
            // This should throw an exception that the user does not exist

     */

    public void test01AddHardToken() throws Exception {
        log.trace(">test01AddHardToken()");

        GlobalConfiguration gc = globalConfigurationSession.getCachedGlobalConfiguration(admin);
        orgEncryptCAId = gc.getHardTokenEncryptCA();
        gc.setHardTokenEncryptCA(0);
        globalConfigurationSession.saveGlobalConfigurationRemote(admin, gc);

        SwedishEIDHardToken token = new SwedishEIDHardToken("1234", "1234", "123456", "123456", 1);

        ArrayList<Certificate> certs = new ArrayList<Certificate>();

     */

    public void test04EncryptHardToken() throws Exception {
        log.trace(">test04EncryptHardToken()");

        GlobalConfiguration gc = globalConfigurationSession.getCachedGlobalConfiguration(admin);
        gc.setHardTokenEncryptCA(getTestCAId());
        globalConfigurationSession.saveGlobalConfigurationRemote(admin, gc);
        boolean ret = false;

        // Make sure the old data can be read
        HardTokenData token = hardTokenSessionRemote.getHardToken(admin, "1234", true);