Package org.ejbca.core.model.ra

Examples of org.ejbca.core.model.ra.UserDataVO

1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
      boolean genNewRequest = false;
      if(WebServiceConfiguration.getApprovalForHardTokenData()){
        // Check Approvals
        // Exists an GenTokenCertificates
          Admin intAdmin = Admin.getInternalAdmin();
          UserDataVO userData = userAdminSession.findUser(intAdmin, hardTokenData.getUsername());
          if (userData == null) {
            String msg = intres.getLocalizedMessage("ra.errorentitynotexist", hardTokenData.getUsername());             
            throw new NotFoundException(msg);
          }
          int caid = userData.getCAId();
          caAdminSession.verifyExistenceOfCA(caid);
          ar = new GenerateTokenApprovalRequest(userData.getUsername(), userData.getDN(), hardTokenData.getHardToken().getLabel(),admin,null,WebServiceConfiguration.getNumberOfRequiredApprovals(),caid,userData.getEndEntityProfileId());
          int status = ApprovalDataVO.STATUS_REJECTED;          
          try{
            if(!WebServiceConfiguration.getApprovalForGenTokenCertificates()){
              throw new ApprovalException("");
            }
            status = approvalSession.isApproved(admin, ar.generateApprovalId(), 0);
            isApprovedStep0 =  status == ApprovalDataVO.STATUS_APPROVED;
           
            if(   status == ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED
                || status == ApprovalDataVO.STATUS_EXPIRED
                || status == ApprovalDataVO.STATUS_REJECTED){
              throw new ApprovalException("");
            }
          }catch(ApprovalException e2){
            // GenTokenCertificates approval doesn't exists, try a getHardTokenData request
            if(!WebServiceConfiguration.getApprovalForHardTokenData()){
                throw new AuthorizationDeniedException("JaxWS isn't configured for getHardTokenData approvals.");
            }
            ar = new ViewHardTokenDataApprovalRequest(userData.getUsername(), userData.getDN(), hardTokenSN, true,admin,null,WebServiceConfiguration.getNumberOfRequiredApprovals(),userData.getCAId(),userData.getEndEntityProfileId());
            try{
              status = approvalSession.isApproved(admin, ar.generateApprovalId());
              isApprovedStep0 = status == ApprovalDataVO.STATUS_APPROVED;
              isRejectedStep0 =  status == ApprovalDataVO.STATUS_REJECTED;
              if(   status == ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED
View Full Code Here
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
        }
          setUserDataVOWS (userdata);
        final EjbcaWSHelper ejbcawshelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
        final Admin admin = ejbcawshelper.getAdmin(false);
        logAdminName(admin,logger);
          final UserDataVO userdatavo = ejbcawshelper.convertUserDataVOWS(admin, userdata);
          int responseTypeInt = SecConst.CERT_RES_TYPE_CERTIFICATE;
          if (!responseType.equalsIgnoreCase(CertificateHelper.RESPONSETYPE_CERTIFICATE)) {
            if (responseType.equalsIgnoreCase(CertificateHelper.RESPONSETYPE_PKCS7)) {
              responseTypeInt = SecConst.CERT_RES_TYPE_PKCS7;
            }
View Full Code Here
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
          userdata.setStatus(UserDataVOWS.STATUS_NEW);
          userdata.setClearPwd(true);
        final EjbcaWSHelper ejbcawshelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
        final Admin admin = ejbcawshelper.getAdmin(false);
        logAdminName(admin,logger);
          final UserDataVO userdatavo = ejbcawshelper.convertUserDataVOWS(admin, userdata);
          final boolean createJKS = userdata.getTokenType().equals(UserDataVOWS.TOKEN_TYPE_JKS);
          final byte[] encodedKeyStore = certificateRequestSession.processSoftTokenReq(admin, userdatavo, hardTokenSN, keyspec, keyalg, createJKS);
          // Convert encoded KeyStore to the proper return type
          final java.security.KeyStore ks;
          if (createJKS) {
View Full Code Here
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
      getLogger().info("REJECTED, CA signature mismatch,file: " + filename);
      return STATUS_REJECTED;
    }
    getLogger().debug("Loading/updating user " + username);
    // Check if username already exists.
    UserDataVO userdata = ejb.getUserAdminSession().findUser(getAdmin(), username);
    if (userdata==null) {
      // Add a "user" to map this certificate to
      final String subjectAltName = CertTools.getSubjectAlternativeName(certificate);
      final String email = CertTools.getEMailAddress(certificate);       
      userdata = new UserDataVO(username, CertTools.getSubjectDN(certificate), caInfo.getCAId(), subjectAltName, email,
          UserDataConstants.STATUS_GENERATED, SecConst.USER_ENDUSER, endEntityProfileId,
          certificateProfileId, null, null, SecConst.TOKEN_SOFT_BROWSERGEN, SecConst.NO_HARDTOKENISSUER, null);
      userdata.setPassword("foo123");
      ejb.getUserAdminSession().addUser(getAdmin(), userdata, false);
      getLogger().info("User '" + username + "' has been added.");
    }
    // addUser always adds the user with STATUS_NEW (even if we specified otherwise)
    // We always override the userdata with the info from the certificate even if the user existed.
    userdata.setStatus(UserDataConstants.STATUS_GENERATED);
    ejb.getUserAdminSession().changeUser(getAdmin(), userdata, false);
    getLogger().info("User '" + username + "' has been updated.");
    // Finally import the certificate and revoke it if necessary
    ejb.getCertStoreSession().storeCertificate(getAdmin(), certificate, username, fingerprint, SecConst.CERT_ACTIVE, SecConst.USER_ENDUSER, certificateProfileId, null, now.getTime());
    if (status == SecConst.CERT_REVOKED) {
View Full Code Here
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
      baXML = sXML.getBytes("UTF-8");
    } catch (UnsupportedEncodingException e) {
      throw new RuntimeException(e);
    }
    final XMLDecoder decoder = new XMLDecoder(new ByteArrayInputStream(baXML));
    final UserDataVO useradmindata;
    try {
      useradmindata  = (UserDataVO) decoder.readObject();
    } catch( Throwable t ) {
      // try to repair the end of the XML string.
      // this will only succeed if a limited number of chars is lost in the end of the string
      // note that this code will not make anything worse and that it will not be run if the XML can be encoded.
      //
      try {
        if ( lastTry ) {
          return null;
        }
        final String sFixedXML = FixEndOfBrokenXML.fixXML(sXML, "string", "</void></object></java>");
        if ( sFixedXML==null ) {
          throw new NotPossibleToFixXML();         
        }
        final UserDataVO userDataVO = decodeXML(sFixedXML, true);
        if ( userDataVO==null ) {
          throw new NotPossibleToFixXML();
        }
        storeUserDataVO(userDataVO); // store it right so it does not have to be repaired again.
        log.warn(printUserDataVOXML("XML has been repaired. Trailing tags fixed. DB updated with correct XML.", sXML));
View Full Code Here
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
    KeyPair keys = KeyTools.genKeys("1024", "RSA");
   
      X509Certificate cacert = CertTools.genSelfCertForPurpose("CN=dummy2", 100, null, keys.getPrivate(), keys.getPublic(),
          AlgorithmConstants.SIGALG_SHA1_WITH_RSA, true, X509KeyUsage.cRLSign|X509KeyUsage.keyCertSign);

      UserDataVO subject = new UserDataVO();

      final CertificateProfile cp = new EndUserCertificateProfile();
      cp.setValidity(encodedValidity);
      cp.setAllowValidityOverride(false);
   
      // First see that when we don't have a specified time requested and validity override is not allowed, the end time shouldbe ruled by the certificate profile.
     
      CertificateValidity cv = new CertificateValidity(subject, cp, null, null, cacert, false);
      Date notBefore = cv.getNotBefore();
      Date notAfter = cv.getNotAfter();
      Date now = new Date();
        Calendar cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 49);
        Calendar cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 51);
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // See that a requested validity does not affect it
        Calendar requestNotBefore = Calendar.getInstance();
        requestNotBefore.add(Calendar.DAY_OF_MONTH, 2);
        Calendar requestNotAfter = Calendar.getInstance();
        requestNotAfter.add(Calendar.DAY_OF_MONTH, 25);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Add extended information for the user and see that it does not affect it either
      ExtendedInformation ei = new ExtendedInformation();
      ei.setCustomData(EndEntityProfile.STARTTIME, "10:0:0");
      ei.setCustomData(EndEntityProfile.ENDTIME, "30:0:0");
      subject.setExtendedinformation(ei);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
      assertTrue(notBefore.before(now));
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Now allow validity override
      cp.setAllowValidityOverride(true);
     
      // Now we should get what's in the UserDataVO extended information
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 9);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 11);
      assertTrue(notBefore.after(cal1.getTime()));
      assertTrue(notBefore.before(cal2.getTime()));
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 29);
        cal2 = Calendar.getInstance();
        cal2.add(Calendar.DAY_OF_MONTH, 31);
      assertTrue(notAfter.after(cal1.getTime()));
      assertTrue(notAfter.before(cal2.getTime()));
     
      // Remove extended information from UserDataVO and we should get what we pass as parameters to CertificateValidity
      subject.setExtendedinformation(null);
        cv = new CertificateValidity(subject, cp, requestNotBefore.getTime(), requestNotAfter.getTime(), cacert, false);
      notBefore = cv.getNotBefore();
      notAfter = cv.getNotAfter();
        cal1 = Calendar.getInstance();
        cal1.add(Calendar.DAY_OF_MONTH, 1);
View Full Code Here
44
45
46
47
48
49
50
51
52
53
54
         * order to get around the fact that we're not running any of the logic
         * in its usual constructor, instead using the empty default one.
         */
        SimpleMock.inject(crmfMessageHandler, "admin", new Admin(Admin.TYPE_RA_USER));
        final UserAdminSessionRemote userAdminSessionMock = new SimpleMock(UserAdminSessionRemote.class) {{
          map("findUserBySubjectDN", new UserDataVO() {
        private static final long serialVersionUID = 1L;
        public String getUsername() { return USER_NAME; };
      });
        }}.mock();
        SimpleMock.inject(crmfMessageHandler, "userAdminSession", userAdminSessionMock);
View Full Code Here
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
    private LogSessionLocal logSession;

    @Override
    public UserDataVO getNextHardTokenToGenerate(Admin admin, String alias) throws UnavailableTokenException{
      log.trace(">getNextHardTokenToGenerate()");
      UserDataVO returnval = null;
      if (log.isDebugEnabled()) {
        log.debug("alias=" + alias);
      }
      int hardTokenIssuerId = hardTokenSession.getHardTokenIssuerId(admin, alias);
      if (log.isDebugEnabled()) {
        log.debug("hardTokenIssuerId=" + hardTokenIssuerId);
      }
      if (hardTokenIssuerId != HardTokenSessionBean.NO_ISSUER) {
        try {
          List<UserData> userDataList = UserData.findNewOrKeyrecByHardTokenIssuerId(entityManager, hardTokenIssuerId, 0);
          if (!userDataList.isEmpty()) {
            returnval = userDataList.get(0).toUserDataVO();
            log.debug("found user" + returnval.getUsername());
            hardTokenSession.getIsHardTokenProfileAvailableToIssuer(admin, hardTokenIssuerId, returnval);
            String msg = intres.getLocalizedMessage("hardtoken.userdatasent", alias);             
            logSession.log(admin, returnval.getCAId(), LogConstants.MODULE_HARDTOKEN, new java.util.Date(),returnval.getUsername(), null, LogConstants.EVENT_INFO_HARDTOKEN_USERDATASENT, msg);
          }
        } catch(Exception e) {
          String msg = intres.getLocalizedMessage("hardtoken.errorsenduserdata", alias);             
          logSession.log(admin, admin.getCaId(), LogConstants.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogConstants.EVENT_ERROR_HARDTOKEN_USERDATASENT, msg);
          throw new EJBException(e);
View Full Code Here
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
      int hardTokenIssuerId = hardTokenSession.getHardTokenIssuerId(admin, alias);
      if (hardTokenIssuerId != HardTokenSessionBean.NO_ISSUER) {
        try {
          List<UserData> userDataList = UserData.findNewOrKeyrecByHardTokenIssuerId(entityManager, hardTokenIssuerId, MAX_RETURNED_QUEUE_SIZE);
          for (UserData userData : userDataList) {
            UserDataVO userDataVO = userData.toUserDataVO();
            hardTokenSession.getIsHardTokenProfileAvailableToIssuer(admin, hardTokenIssuerId, userDataVO);
            returnval.add(userDataVO);
            String msg = intres.getLocalizedMessage("hardtoken.userdatasent", alias);             
            logSession.log(admin, userDataVO.getCAId(), LogConstants.MODULE_HARDTOKEN, new Date(), userDataVO.getUsername(), null, LogConstants.EVENT_INFO_HARDTOKEN_USERDATASENT, msg);
          }
        } catch(Exception e) {
          String msg = intres.getLocalizedMessage("hardtoken.errorsenduserdata", alias);             
          logSession.log(admin, admin.getCaId(), LogConstants.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogConstants.EVENT_ERROR_HARDTOKEN_USERDATASENT, msg);
          throw new EJBException(e);
View Full Code Here
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
    // TODO: Since there is no guarantee that the database query always will return entries in the same order, this functionality might be broken!
    @Override
    public UserDataVO getNextHardTokenToGenerateInQueue(Admin admin, String alias, int index) throws UnavailableTokenException {
      log.trace(">getNextHardTokenToGenerateInQueue()");
      UserDataVO returnval=null;
      int hardTokenIssuerId = hardTokenSession.getHardTokenIssuerId(admin, alias);
      if (hardTokenIssuerId != HardTokenSessionBean.NO_ISSUER) {
        try {
          List<UserData> userDataList = UserData.findNewOrKeyrecByHardTokenIssuerId(entityManager, hardTokenIssuerId, 0);
          if (userDataList.size()>(index-1)) {
            returnval = userDataList.get(index-1).toUserDataVO();
            hardTokenSession.getIsHardTokenProfileAvailableToIssuer(admin, hardTokenIssuerId, returnval);
            String msg = intres.getLocalizedMessage("hardtoken.userdatasent", alias);             
            logSession.log(admin, returnval.getCAId(), LogConstants.MODULE_HARDTOKEN, new java.util.Date(),returnval.getUsername(), null, LogConstants.EVENT_INFO_HARDTOKEN_USERDATASENT, msg);
          }
        } catch(Exception e) {
          String msg = intres.getLocalizedMessage("hardtoken.errorsenduserdata", alias);             
          logSession.log(admin, admin.getCaId(), LogConstants.MODULE_HARDTOKEN, new java.util.Date(),null, null, LogConstants.EVENT_ERROR_HARDTOKEN_USERDATASENT, msg);
          throw new EJBException(e);
View Full Code Here
TOP

Related Classes of org.ejbca.core.model.ra.UserDataVO

  • org.ejbca.core.ejb.approval.ApprovalSessionTest
  • org.ejbca.core.ejb.authorization.AuthorizationSessionTest
  • org.ejbca.core.ejb.ca.auth.AuthenticationSessionTest
  • org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
  • org.ejbca.core.ejb.ca.crl.CreateCRLSessionTest
  • org.ejbca.core.ejb.ca.crl.DeltaCRLTest
  • org.ejbca.core.ejb.ca.sign.CustomCertSerialnumberTest
  • org.ejbca.core.ejb.ca.sign.ExtendedKeyUsageTest
  • org.ejbca.core.ejb.ca.sign.RSASignSessionBean
  • org.ejbca.core.ejb.ca.sign.SignSessionTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.