Examples of org.ejbca.core.model.ra.raadmin.EndEntityProfile

• org.ejbca.core.model.ra.raadmin.EndEntityProfile
  The model representation of an end entity profile. The algorithm for constants in the EndEntityProfile is: Values are stored as 100*parameternumber+parameter, so the first COMMONNAME value is 105, the second 205 etc. Use flags are stored as 10000+100*parameternumber+parameter, so the first USE_COMMONNAME value is 10105, the second 10205 etc. Required flags are stored as 20000+100*parameternumber+parameter, so the first REQUIRED_COMMONNAME value is 20105, the second 20205 etc. Modifyable flags are stored as 30000+100*parameternumber+parameter, so the first MODIFYABLE_COMMONNAME value is 30105, the second 30205 etc. @author Philip Vendil @version $Id: EndEntityProfile.java 11951 2011-05-11 11:22:00Z jeklund $

            assertEquals(e.getMessage(), "Entity sdfjhdiuwerw43768754### does not exist.");
        }
        assertTrue(trows);

        // Add a new End entity profile, KEYRECOVERY
        EndEntityProfile profile = new EndEntityProfile();
        profile.addField(DnComponents.COMMONNAME);
        profile.setUse(EndEntityProfile.KEYRECOVERABLE, 0, true);
        profile.setValue(EndEntityProfile.KEYRECOVERABLE, 0, EndEntityProfile.TRUE);
        profile.setUse(EndEntityProfile.KEYRECOVERABLE, 0, true);
        profile.setUse(EndEntityProfile.CLEARTEXTPASSWORD, 0, true);
        profile.setReUseKeyRecoveredCertificate(true);
        profile.setValue(EndEntityProfile.AVAILCAS, 0, Integer.toString(SecConst.ALLCAS));
        endEntityProfileSession.addEndEntityProfile(intAdmin, "KEYRECOVERY", profile);
        assertTrue("Unable to kreate KEYRECOVERY end entity profile.", endEntityProfileSession.getEndEntityProfileId(intAdmin, "KEYRECOVERY") != 0);

        // Add a new user, set token to P12, status to new and end entity
        // profile to key recovery

      }
        }
        int cpId = certificateProfileSession.getCertificateProfileId(admin, CPNAME);
        if (endEntityProfileSession.getEndEntityProfile(admin, EEPNAME) == null) {
            // Configure an EndEntity profile (CmpRA) with allow CN, O, C in DN and rfc822Name (uncheck 'Use entity e-mail field' and check 'Modifyable'), MS UPN in altNames in the end entity profile.
            EndEntityProfile eep = new EndEntityProfile(true);
            eep.setValue(EndEntityProfile.DEFAULTCERTPROFILE,0, "" + cpId);
            eep.setValue(EndEntityProfile.AVAILCERTPROFILES,0, "" + cpId);
            eep.setModifyable(DnComponents.RFC822NAME, 0, true);
            eep.setUse(DnComponents.RFC822NAME, 0, false);  // Don't use field from "email" data
            try {
          endEntityProfileSession.addEndEntityProfile(admin, EEPNAME, eep);
        } catch (EndEntityProfileExistsException e) {
          log.error("Could not create end entity profile.", e);
        }

      boolean savekeys = data.getKeyRecoverable() && usekeyrecovery &&  (data.getStatus() != UserDataConstants.STATUS_KEYRECOVERY);
      boolean loadkeys = (data.getStatus() == UserDataConstants.STATUS_KEYRECOVERY) && usekeyrecovery;

      int endEntityProfileId = data.getEndEntityProfileId();
      int certificateProfileId = data.getCertificateProfileId();
      EndEntityProfile endEntityProfile = endEntityProfileSession.getEndEntityProfile(administrator, endEntityProfileId);
      boolean reusecertificate = endEntityProfile.getReUseKeyRecoveredCertificate();
      // Set a new certificate profile, if we have requested one specific
      if (StringUtils.isNotEmpty(certprofile)) {
        boolean clearpwd = StringUtils.isNotEmpty(data.getPassword());
        int id = certificateProfileSession.getCertificateProfileId(administrator, certprofile);
        // Change the value if there exists a certprofile with the requested name, and it is not the same as
        // the one already registered to be used by default
        if ( (id > 0) ) {
          if (id != certificateProfileId) {
            // Check if it is in allowed profiles in the entity profile
            Collection c = endEntityProfile.getAvailableCertificateProfileIds();
            if (c.contains(String.valueOf(id))) {
              data.setCertificateProfileId(id);
              // This admin can be the public web user, which may not be allowed to change status,
              // this is a bit ugly, but what can a man do...
              Admin tempadmin = Admin.getInternalAdmin();

        int cpId = certificateProfileSession.getCertificateProfileId(admin, CPNAME);
        if (endEntityProfileSession.getEndEntityProfile(admin, EEPNAME) == null) {
            // Configure an EndEntity profile (CmpRA) with allow CN, O, C in DN
            // and rfc822Name (uncheck 'Use entity e-mail field' and check
            // 'Modifyable'), MS UPN in altNames in the end entity profile.
            EndEntityProfile eep = new EndEntityProfile(true);
            eep.setValue(EndEntityProfile.DEFAULTCERTPROFILE, 0, "" + cpId);
            eep.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, "" + cpId);
            eep.setModifyable(DnComponents.RFC822NAME, 0, true);
            eep.setUse(DnComponents.RFC822NAME, 0, false); // Don't use field
            // from "email" data
            try {
                endEntityProfileSession.addEndEntityProfile(admin, EEPNAME, eep);
            } catch (EndEntityProfileExistsException e) {
                log.error("Could not create end entity profile.", e);

        certProfileSession.addCertificateProfile(admin, "CMPTESTPROFILE", profile);
    } catch (CertificateProfileExistsException e) {
      log.error("Could not create certificate profile.", e);
    }
        int cpId = certProfileSession.getCertificateProfileId(admin, "CMPTESTPROFILE");
        EndEntityProfile eep = new EndEntityProfile(true);
        eep.setValue(EndEntityProfile.DEFAULTCERTPROFILE,0, "" + cpId);
        eep.setValue(EndEntityProfile.AVAILCERTPROFILES,0, "" + cpId);
        eep.addField(DnComponents.COMMONNAME);
        eep.addField(DnComponents.ORGANIZATION);
        eep.addField(DnComponents.COUNTRY);
        eep.addField(DnComponents.RFC822NAME);
        eep.addField(DnComponents.UPN);
        eep.setModifyable(DnComponents.RFC822NAME, 0, true);
        eep.setUse(DnComponents.RFC822NAME, 0, false);  // Don't use field from "email" data
        try {
          eeProfileSession.addEndEntityProfile(admin, "CMPTESTPROFILE", eep);
    } catch (EndEntityProfileExistsException e) {
      log.error("Could not create end entity profile.", e);
    }

    // Create end endity profile if neccesary
    String endEntityProfileName = "Autoenroll-" + SUPPORTEDCERTIFICATETEMPLATES[templateIndex];

    boolean newEndEntityProfile = false;
    endEntityProfileSession.removeEndEntityProfile(admin, endEntityProfileName);  // TODO: This for debug and really inefficient..
    EndEntityProfile endEntityProfile = endEntityProfileSession.getEndEntityProfile(admin, endEntityProfileName);

    if (endEntityProfile == null) {
      endEntityProfile = new EndEntityProfile(false);
      try {
        endEntityProfile.setValue(EndEntityProfile.DEFAULTCERTPROFILE, 0, "" + certProfileId);
        endEntityProfile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, "" + certProfileId);
        endEntityProfile.setValue(EndEntityProfile.DEFAULTCA, 0, "" + caid);
        endEntityProfile.setValue(EndEntityProfile.AVAILCAS, 0, "" + caid);
        endEntityProfile.setUse(EndEntityProfile.CLEARTEXTPASSWORD, 0,true);
        endEntityProfile.setValue(EndEntityProfile.CLEARTEXTPASSWORD,0,EndEntityProfile.TRUE);
        endEntityProfile.removeField(DnComponents.COMMONNAME, 0);  // We will add the right number of CNs later
        endEntityProfileSession.addEndEntityProfile(admin, endEntityProfileName, endEntityProfile);
        newEndEntityProfile = true;
      } catch (EndEntityProfileExistsException e) {
        throw new EJBException(e);  // We just checked for this so this cannot happen
      }
    }
    String[] requiredFields = DNFIELDS[templateIndex];
    for (int i=0; i<requiredFields.length; i++) {
      if (GET_SUBJECTDN_FROM_AD.equals(requiredFields[i])) {
        log.info("Got DN "+ fetchedSubjectDN + " for user " + usernameShort);
        if (fetchedSubjectDN == null) {
          return -1;
        }
      }
    }
    if (newEndEntityProfile) {
      for (int i=0; i<requiredFields.length; i++) {
        if (GET_SUBJECTDN_FROM_AD.equals(requiredFields[i])) {
          DNFieldExtractor dnfe = new DNFieldExtractor(fetchedSubjectDN, DNFieldExtractor.TYPE_SUBJECTDN);
          // Loop through all fields in DN
          HashMap hmFields = dnfe.getNumberOfFields();
          for (int j=0; j<100; j++) {  // TODO: 100 is really an internal constant..
            Integer fieldsOfType = (Integer) hmFields.get(Integer.valueOf(j));
            if (fieldsOfType != null) {
              log.info("fieldsOfType="+fieldsOfType);
              for (int k = 0; k<fieldsOfType; k++) {
                endEntityProfile.addField(DnComponents.dnIdToProfileId(j));
                endEntityProfile.setRequired(DnComponents.dnIdToProfileId(j), k, true);
                log.info("Added a " + DnComponents.dnIdToProfileId(j) + " field and set it required.");
              }
            }
          }
        } else {
          int count = 0;
          for (int j=0; j<i; j++) {
            if (requiredFields[i].equals(requiredFields[j])) {
              count++;
            }
          }
          endEntityProfile.addField(requiredFields[i]);
          endEntityProfile.setRequired(requiredFields[i], count, true);
        }
      }
    }
    endEntityProfileSession.changeEndEntityProfile(admin, endEntityProfileName, endEntityProfile);
    return endEntityProfileSession.getEndEntityProfileId(admin, endEntityProfileName);

            log.debug("Got renewal request for " + username + ".");
          }
          String statusMessage;
          try {
            UserDataVO userdata = useradminhome.findUser(admin, username);
            EndEntityProfile profile = endEntityProfileSession.getEndEntityProfile(admin, userdata.getEndEntityProfileId());
            userdata.setPassword(profile.getAutoGeneratedPasswd());
            userdata.setStatus(UserDataConstants.STATUS_NEW);
            useradminhome.changeUser(admin, userdata, false);
            statusMessage = "Your request for certificate renewal has been submitted.";
          } catch(WaitingForApprovalException ex) {
            statusMessage = "Your request for certificate renewal has been submitted and is now waiting for approval.";

        HashMap<Integer, CertificateProfile> certproftemp = new HashMap<Integer, CertificateProfile>();

        endentityavailablecas = new HashMap<Integer, HashMap<Integer, List>>();

        for(Integer nextendentityprofileid : endEntityProfileSession.getAuthorizedEndEntityProfileIds(administrator)){
           EndEntityProfile endentityprofile = endEntityProfileSession.getEndEntityProfile(administrator,nextendentityprofileid.intValue());
           String[] values   = endentityprofile.getValue(EndEntityProfile.AVAILCAS,0).split(EndEntityProfile.SPLITCHAR);
           ArrayList<Integer> endentityprofileavailcas = new ArrayList<Integer>();
           for(int i=0;i < values.length;i++){
             endentityprofileavailcas.add(Integer.valueOf(values[i]));
           }

           boolean endentityprofileallcas = false;
           if(endentityprofileavailcas.contains(Integer.valueOf(SecConst.ALLCAS))){
             endentityprofileallcas = true;
           }

           values = endentityprofile.getValue(EndEntityProfile.AVAILCERTPROFILES,0).split(EndEntityProfile.SPLITCHAR);
           HashMap<Integer, List> certificateprofilemap = new HashMap<Integer, List>();
           for(int i=0;i < values.length;i++){
             Integer nextcertprofileid = Integer.valueOf(values[i]);
             CertificateProfile certprofile = (CertificateProfile) certproftemp.get(nextcertprofileid);
             if(certprofile == null){

    public EndEntityProfile getEndEntityProfile(int id) throws AuthorizationDeniedException {
      return profiles.getEndEntityProfile(id);
    }

    public void addEndEntityProfile(String name) throws EndEntityProfileExistsException, AuthorizationDeniedException {
      EndEntityProfile profile = new EndEntityProfile();
      Iterator<Integer> iter = this.informationmemory.getAuthorizedCAIds().iterator();
      String availablecas = "";
      if (iter.hasNext()) {
        availablecas = iter.next().toString();
      }
      while (iter.hasNext()) {
        availablecas = availablecas + EndEntityProfile.SPLITCHAR + iter.next().toString();
      }
      profile.setValue(EndEntityProfile.AVAILCAS, 0,availablecas);
      profile.setRequired(EndEntityProfile.AVAILCAS, 0,true);
      profiles.addEndEntityProfile(name, profile);
    }

    /**
     * Help function that checks if administrator is authorized to edit profile with given name.
     * @throws AuthorizationDeniedException
     */
    private boolean authorizedToProfileName(String profilename, boolean editcheck) throws AuthorizationDeniedException{
       EndEntityProfile profile = null;
    if(profilename.equals(EndEntityProfileSession.EMPTY_ENDENTITYPROFILENAME)) {
      profile = null;
    } else {
          profile = endEntityProfileSession.getEndEntityProfile(administrator, profilename);
    }