*/
public List<TokenCertificateResponseWS> genTokenCertificates(UserDataVOWS userDataWS, List<TokenCertificateRequestWS> tokenRequests, HardTokenDataWS hardTokenDataWS, boolean overwriteExistingSN, boolean revokePreviousCards)
throws CADoesntExistsException, AuthorizationDeniedException, WaitingForApprovalException, HardTokenExistsException,UserDoesntFullfillEndEntityProfile, ApprovalException, EjbcaException, ApprovalRequestExpiredException, ApprovalRequestExecutionException {
final ArrayList<TokenCertificateResponseWS> retval = new ArrayList<TokenCertificateResponseWS>();
final Admin intAdmin = Admin.getInternalAdmin();
final EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
Admin admin = ejbhelper.getAdmin(true);
int endEntityProfileId = 0;
boolean hardTokenExists = false;
boolean userExists = false;
ApprovalRequest ar = null;
boolean approvalSuccessfullStep1 = false;
boolean isRejectedStep1 = false;
// Get Significant user Id
final CAInfo significantcAInfo;
final ArrayList<java.security.cert.Certificate> genCertificates = new ArrayList<java.security.cert.Certificate>();
final IPatternLogger logger = TransactionLogger.getPatternLogger();
logAdminName(admin,logger);
try {
significantcAInfo = caAdminSession.getCAInfoOrThrowException(intAdmin, userDataWS.getCaName());
if(significantcAInfo == null){
throw EjbcaWSHelper.getEjbcaException("Error the given CA : " + userDataWS.getCaName() + " couldn't be found.",
logger, ErrorCode.CA_NOT_EXISTS, null);
}
UserDataVO userDataVO = userAdminSession.findUser(intAdmin, userDataWS.getUsername());
if(userDataVO != null){
endEntityProfileId = userDataVO.getEndEntityProfileId();
userExists = true;
}else{
endEntityProfileId = endEntityProfileSession.getEndEntityProfileId(intAdmin, userDataWS.getEndEntityProfileName());
if(endEntityProfileId == 0){
throw EjbcaWSHelper.getEjbcaException("Error given end entity profile : " + userDataWS.getEndEntityProfileName() +" couldn't be found",
logger, ErrorCode.EE_PROFILE_NOT_EXISTS, null);
}
}
if(ejbhelper.isAdmin()){
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_CREATECERTIFICATE)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_CREATECERTIFICATE, null);
}
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.HARDTOKEN_ISSUEHARDTOKENS)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.HARDTOKEN_ISSUEHARDTOKENS, null);
}
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.CAPREFIX + significantcAInfo.getCAId())) {
throw new AuthorizationDeniedException("Admin " + admin + " was not authorized to resource " + AccessRulesConstants.CAPREFIX
+ significantcAInfo.getCAId());
}
if (userExists) {
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_EDITENDENTITY)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_EDITENDENTITY, null);
}
endEntityProfileId = userDataVO.getEndEntityProfileId();
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.EDIT_RIGHTS)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.EDIT_RIGHTS, null);
}
if (overwriteExistingSN) {
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY, null);
}
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.REVOKE_RIGHTS)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.REVOKE_RIGHTS, null);
}
}
} else {
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_CREATEENDENTITY)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_CREATEENDENTITY, null);
}
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.CREATE_RIGHTS)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.CREATE_RIGHTS, null);
}
if (overwriteExistingSN) {
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY, null);
}
if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.REVOKE_RIGHTS)) {
Authorizer.throwAuthorizationException(admin, AccessRulesConstants.ENDENTITYPROFILEPREFIX + endEntityProfileId
+ AccessRulesConstants.REVOKE_RIGHTS, null);
}
}
}
}else{
if(WebServiceConfiguration.getApprovalForGenTokenCertificates()){
ar = new GenerateTokenApprovalRequest(userDataWS.getUsername(), userDataWS.getSubjectDN(), hardTokenDataWS.getLabel(),admin,null,WebServiceConfiguration.getNumberOfRequiredApprovals(),significantcAInfo.getCAId(),endEntityProfileId);
int status = ApprovalDataVO.STATUS_REJECTED;
try{
status = approvalSession.isApproved(admin, ar.generateApprovalId(), 1);
approvalSuccessfullStep1 = status == ApprovalDataVO.STATUS_APPROVED;
if(approvalSuccessfullStep1){
ApprovalDataVO approvalDataVO = approvalSession.findNonExpiredApprovalRequest(intAdmin, ar.generateApprovalId());
String originalDN = ((GenerateTokenApprovalRequest) approvalDataVO.getApprovalRequest()).getDN();
userDataWS.setSubjectDN(originalDN); // replace requested DN with original DN to make sure nothing have changed.
}
isRejectedStep1 = status == ApprovalDataVO.STATUS_REJECTED;
if( status == ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED
|| status == ApprovalDataVO.STATUS_EXPIRED){
throw new ApprovalException("");
}
}catch(ApprovalException e){
approvalSession.addApprovalRequest(admin, ar, globalConfigurationSession.getCachedGlobalConfiguration(admin));
throw new WaitingForApprovalException("Approval request with id " + ar.generateApprovalId() + " have been added for approval.",ar.generateApprovalId());
}
}else{
throw new AuthorizationDeniedException();
}
}
if(ar != null && isRejectedStep1){
throw new ApprovalRequestExecutionException("The approval for id " + ar.generateApprovalId() + " have been rejected.");
}
if(ar != null && !approvalSuccessfullStep1){
throw new WaitingForApprovalException("The approval for id " + ar.generateApprovalId() + " have not yet been approved", ar.generateApprovalId());
}
if(ar != null){
admin = new ApprovedActionAdmin(admin.getAdminInformation().getX509Certificate(), admin.getUsername(), admin.getEmail());
}
hardTokenExists = hardTokenSession.existsHardToken(admin, hardTokenDataWS.getHardTokenSN());
if(hardTokenExists){
if(overwriteExistingSN){