Package org.ejbca.core.model.ra

Examples of org.ejbca.core.model.ra.UserDataVO

147
148
149
150
151
152
153
154
155
156
157
    // Create KeyStore     
      final KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
    keystore.load(null, null);                             
    final KeyPair cmskeys = KeyTools.genKeys(info.getKeySpec(), info.getKeyAlgorithm());
    final Certificate certificate =
      ca.generateCertificate(new UserDataVO("NOUSERNAME", info.getSubjectDN(), 0, info.getSubjectAltName(), "NOEMAIL", 0,0,0,0, null,null,0,0,null),
          cmskeys.getPublic(),
          -1, // KeyUsage
          ca.getValidity(),
          new XKMSCertificateProfile(), // We can use the (simple) XKMS profile, since it uses the same values as we want for CMS
          null // sequence
View Full Code Here
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
                // create selfsigned certificate
                Certificate cacertificate = null;

                log.debug("CAAdminSessionBean : " + cainfo.getSubjectDN());

                UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), caAltName, null, 0, 0, 0, cainfo
                        .getCertificateProfileId(), null, null, 0, 0, null);

                cacertificate = ca.generateCertificate(cadata, catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, cainfo.getValidity(), certprofile,
                        sequence);

                log.debug("CAAdminSessionBean : " + CertTools.getSubjectDN(cacertificate));

                // Build Certificate Chain
                certificatechain = new ArrayList<Certificate>();
                certificatechain.add(cacertificate);

                // set status to active
                castatus = SecConst.CA_ACTIVE;
            } catch (CATokenOfflineException e) {
                String msg = intres.getLocalizedMessage("error.catokenoffline", cainfo.getName());
                logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, e);
                throw e;
            } catch (Exception fe) {
                String msg = intres.getLocalizedMessage("caadmin.errorcreateca", cainfo.getName());
                logSession.log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CACREATED, msg, fe);
                throw new EJBException(fe);
            }
        }
        if (cainfo.getSignedBy() == CAInfo.SIGNEDBYEXTERNALCA) {
            certificatechain = new ArrayList<Certificate>();
            // set status to waiting certificate response.
            castatus = SecConst.CA_WAITING_CERTIFICATE_RESPONSE;
        }

        if (cainfo.getSignedBy() > CAInfo.SPECIALCAIDBORDER || cainfo.getSignedBy() < 0) {
            // Create CA signed by other internal CA.
            try {
              CAData signcadata = CAData.findByIdOrThrow(entityManager, Integer.valueOf(cainfo.getSignedBy()));
                CA signca = signcadata.getCA();
                // Check that the signer is valid
                checkSignerValidity(admin, signcadata);
                // Create CA certificate
                Certificate cacertificate = null;

                UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), caAltName, null, 0, 0, 0, cainfo
                        .getCertificateProfileId(), null, null, 0, 0, null);

                cacertificate = signca.generateCertificate(cadata, catoken.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, cainfo.getValidity(), certprofile,
                        sequence);
View Full Code Here
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
                    Certificate cacertificate = null;
                    String subjectAltName = null;
                    if (cainfo instanceof X509CAInfo) {
                        subjectAltName = ((X509CAInfo) cainfo).getSubjectAltName();
                    }
                    UserDataVO cadata = new UserDataVO("nobody", cainfo.getSubjectDN(), cainfo.getSubjectDN().hashCode(), subjectAltName, null, 0, 0, 0, cainfo
                            .getCertificateProfileId(), null, null, 0, 0, null);
                    // We can pass the PKCS10 request message as extra
                    // parameters
                    if (requestmessage instanceof PKCS10RequestMessage) {
                        ExtendedInformation extInfo = new ExtendedInformation();
                        PKCS10CertificationRequest pkcs10 = ((PKCS10RequestMessage) requestmessage).getCertificationRequest();
                        extInfo.setCustomData(ExtendedInformation.CUSTOM_PKCS10, new String(Base64.encode(pkcs10.getEncoded())));
                        cadata.setExtendedinformation(extInfo);
                    }
                    CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, cainfo.getCertificateProfileId());
                    String sequence = null;
                    byte[] ki = requestmessage.getRequestKeyInfo();
                    if ((ki != null) && (ki.length > 0)) {
View Full Code Here
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
                    String subjectAltName = null;
                    if (ca instanceof X509CA) {
                        X509CA x509ca = (X509CA) ca;
                        subjectAltName = x509ca.getSubjectAltName();
                    }
                    UserDataVO cainfodata = new UserDataVO("nobody", ca.getSubjectDN(), ca.getSubjectDN().hashCode(), subjectAltName, null, 0, 0, 0, ca
                            .getCertificateProfileId(), null, null, 0, 0, null);

                    CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, ca.getCertificateProfileId());
                    // get from CAtoken to make sure it is fresh
                    String sequence = caToken.getCATokenInfo().getKeySequence();
                    cacertificate = ca.generateCertificate(cainfodata, ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, ca.getValidity(),
                            certprofile, sequence);
                    // Build Certificate Chain
                    cachain = new ArrayList<Certificate>();
                    cachain.add(cacertificate);

                } else {
                    // Resign with CA above.
                    if (ca.getSignedBy() > CAInfo.SPECIALCAIDBORDER || ca.getSignedBy() < 0) {
                        // Create CA signed by other internal CA.
                      CAData signcadata = CAData.findByIdOrThrow(entityManager, Integer.valueOf(ca.getSignedBy()));
                        CA signca = signcadata.getCA();
                        // Check that the signer is valid
                        checkSignerValidity(admin, signcadata);
                        // Create cacertificate
                        String subjectAltName = null;
                        if (ca instanceof X509CA) {
                            X509CA x509ca = (X509CA) ca;
                            subjectAltName = x509ca.getSubjectAltName();
                        }
                        UserDataVO cainfodata = new UserDataVO("nobody", ca.getSubjectDN(), ca.getSubjectDN().hashCode(), subjectAltName, null, 0, 0, 0, ca
                                .getCertificateProfileId(), null, null, 0, 0, null);

                        CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(admin, ca.getCertificateProfileId());
                        String sequence = caToken.getCATokenInfo().getKeySequence(); // get from CAtoken to make sure it is fresh
                        cacertificate = signca.generateCertificate(cainfodata, ca.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN), -1, ca
View Full Code Here
400
401
402
403
404
405
406
407
408
409
410
411
412
            // If status is still NEW, FAILED or KEYRECOVER though, it means we
            // should set it back to what it was before, probably it had a
            // request counter
            // meaning that we should not reset the clear text password yet.

            UserDataVO vo = ejb.getUserAdminSession().findUser(getAdmin(), data.getUsername());
            if ((vo.getStatus() == UserDataConstants.STATUS_NEW) || (vo.getStatus() == UserDataConstants.STATUS_FAILED)
                    || (vo.getStatus() == UserDataConstants.STATUS_KEYRECOVERY)) {
                ejb.getUserAdminSession().setClearTextPassword(getAdmin(), data.getUsername(), data.getPassword());
            } else {
                // Delete clear text password, if we are not letting status be
                // the same as originally
                ejb.getUserAdminSession().setClearTextPassword(getAdmin(), data.getUsername(), null);
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
            }
            if(ejb.getKeyRecoverySession().isUserMarked(getAdmin(),username)){
              getLogger().error("User is already marked for recovery.");
              return;                    
            }
            UserDataVO userdata = ejb.getUserAdminSession().findUser(getAdmin(), username);
            if(userdata == null){
              getLogger().error("The user doesn't exist.");
              return;
            }
            if (ejb.getUserAdminSession().prepareForKeyRecovery(getAdmin(), userdata.getUsername(), userdata.getEndEntityProfileId(), cert)) {
                getLogger().info("Keys corresponding to given certificate has been marked for recovery.");                          
            } else {
                getLogger().info("Failed to mark keys corresponding to given certificate for recovery.");                          
            }
        } catch (Exception e) {
View Full Code Here
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
     */
    public void createUser(String username) throws Exception {
        if (getLogger().isTraceEnabled()) {
            getLogger().trace(">createUser(" + username + ")");
        }
        UserDataVO data = ejb.getUserAdminSession().findUser(getAdmin(), username);
        if (data == null) {
            getLogger().error(intres.getLocalizedMessage("batch.errorunknown", username));
            return;
        }
        int status = data.getStatus();

        if ((data != null) && (data.getPassword() != null) && (data.getPassword().length() > 0)) {
            if ((status == UserDataConstants.STATUS_NEW) || ((status == UserDataConstants.STATUS_KEYRECOVERY) && getUseKeyRecovery())) {
                try {
                    doCreate(data, status);
                } catch (Exception e) {
                    // If things went wrong set status to FAILED
                    String errMsg = intres.getLocalizedMessage("batch.errorsetstatus", "FAILED");
                    getLogger().error(errMsg, e);
                    if (status == UserDataConstants.STATUS_KEYRECOVERY) {
                        ejb.getUserAdminSession().setUserStatus(getAdmin(), data.getUsername(), UserDataConstants.STATUS_KEYRECOVERY);
                    } else {
                        ejb.getUserAdminSession().setUserStatus(getAdmin(), data.getUsername(), UserDataConstants.STATUS_FAILED);
                    }
                    errMsg = intres.getLocalizedMessage("batch.errorbatchfaileduser", username);
                    throw new Exception(errMsg);
                }
            } else {
View Full Code Here
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
                getLogger().info("Usage: " + getCommand() + " <username>");
                return;
            }
            String username = args[1];
            try {
                UserDataVO data = ejb.getUserAdminSession().findUser(getAdmin(), username);
                if (data != null) {
                  getLogger().info("Found user:");
                  getLogger().info("username=" + data.getUsername());
                    getLogger().info("password=" + data.getPassword());
                    getLogger().info("dn: \"" + data.getDN() + "\"");
                    getLogger().info("altName: \"" + data.getSubjectAltName() + "\"");
                    ExtendedInformation ei = data.getExtendedinformation();
                    getLogger().info("directoryAttributes: \"" + (ei != null ? ei.getSubjectDirectoryAttributes() : "") + "\"");
                    getLogger().info("email=" + data.getEmail());
                    getLogger().info("status=" + data.getStatus());
                    getLogger().info("type=" + data.getType());
                    getLogger().info("token type=" + data.getTokenType());
                    getLogger().info("end entity profile id=" + data.getEndEntityProfileId());
                    getLogger().info("certificate entity profile id=" + data.getCertificateProfileId());
                    getLogger().info("hard token issuer id=" + data.getHardTokenIssuerId());
                    getLogger().info("created=" + data.getTimeCreated());
                    getLogger().info("modified=" + data.getTimeModified());
                } else {
                    getLogger().error("User '" + username + "' does not exist.");
                }
            } catch (AuthorizationDeniedException e) {
                getLogger().error("Error : Not authorized to view user.");
View Full Code Here
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
            // Get all users for this CA
            Collection<UserDataVO> coll = ejb.getUserAdminSession().findAllUsersByCaId(getAdmin(), cainfo.getCAId());
            Iterator<UserDataVO> iter = coll.iterator();
            while (iter.hasNext()) {
                UserDataVO data = iter.next();
                getLogger().info(
                        "User: " + data.getUsername() + ", \"" + data.getDN() + "\", \"" + data.getSubjectAltName() + "\", " + data.getEmail() + ", "
                                + data.getStatus() + ", " + data.getType() + ", " + data.getTokenType() + ", " + data.getHardTokenIssuerId() + ", "
                                + data.getCertificateProfileId());

                if (data.getCertificateProfileId() > 0) { // only if we find a
                    // certificate profile
                    CertificateProfile certProfile = ejb.getCertificateProfileSession().getCertificateProfile(getAdmin(), data.getCertificateProfileId());
                    if (certProfile == null) {
                        getLogger().error("Can not get certificate profile with id: " + data.getCertificateProfileId());
                        continue;
                    }
                    Collection<Certificate> certCol = ejb.getCertStoreSession().findCertificatesByUsername(getAdmin(), data.getUsername());
                    Iterator<Certificate> certIter = certCol.iterator();
                    X509Certificate cert = null;
                    if (certIter.hasNext()) {
                        cert = (X509Certificate) certIter.next();
                    }
                    X509Certificate tmpCert = null;
                    while (certIter.hasNext()) {
                        // Make sure we get the latest certificate of them all
                        // (if there are more than one for this user).
                        tmpCert = (X509Certificate) certIter.next();
                        if (tmpCert.getNotBefore().compareTo(cert.getNotBefore()) > 0) {
                            cert = tmpCert;
                        }
                    }
                    if (cert != null) {
                        if (certProfile.getPublisherList() != null) {
                            getLogger().info("Re-publishing user " + data.getUsername());
                            if (addAll) {
                                getLogger().info("Re-publishing all certificates (" + certCol.size() + ").");
                                Iterator<Certificate> i = certCol.iterator();
                                while (i.hasNext()) {
                                    X509Certificate c = (X509Certificate) i.next();
                                    publishCert(data, certProfile, c);
                                }
                            }
                            // Publish the latest again, last to make sure that
                            // is the one stuck in LDAP for example
                            publishCert(data, certProfile, cert);
                        } else {
                            getLogger().info("Not publishing user " + data.getUsername() + ", no publisher in certificate profile.");
                        }
                    } else {
                        getLogger().info("No certificate to publish for user " + data.getUsername());
                    }
                } else {
                    getLogger().info("No certificate profile id exists for user " + data.getUsername());
                }
            }
        } catch (Exception e) {
            throw new ErrorAdminCommandException(e);
        }
View Full Code Here
36
37
38
39
40
41
42
43
44
45
46
47
48
49
    public void execute(String[] args) throws ErrorAdminCommandException {
        try {
            Collection<UserDataVO> coll = ejb.getUserAdminSession().findAllUsersByStatus(getAdmin(), UserDataConstants.STATUS_NEW);
            Iterator<UserDataVO> iter = coll.iterator();
            while (iter.hasNext()) {
                UserDataVO data = iter.next();
                getLogger().info("New User: " + data.getUsername() + ", \"" + data.getDN() +
                    "\", \"" + data.getSubjectAltName() + "\", " + data.getEmail() + ", " +
                    data.getStatus() + ", " + data.getType() + ", " + data.getTokenType());
            }
        } catch (Exception e) {
            throw new ErrorAdminCommandException(e);
        }
    }
View Full Code Here
TOP

Related Classes of org.ejbca.core.model.ra.UserDataVO

  • org.ejbca.core.ejb.approval.ApprovalSessionTest
  • org.ejbca.core.ejb.authorization.AuthorizationSessionTest
  • org.ejbca.core.ejb.ca.auth.AuthenticationSessionTest
  • org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
  • org.ejbca.core.ejb.ca.crl.CreateCRLSessionTest
  • org.ejbca.core.ejb.ca.crl.DeltaCRLTest
  • org.ejbca.core.ejb.ca.sign.CustomCertSerialnumberTest
  • org.ejbca.core.ejb.ca.sign.ExtendedKeyUsageTest
  • org.ejbca.core.ejb.ca.sign.RSASignSessionBean
  • org.ejbca.core.ejb.ca.sign.SignSessionTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.