final String msg = intres.getLocalizedMessage("ra.erroreditentity", username);
logSession.log(admin, caid, LogConstants.MODULE_RA, new Date(), username, null, LogConstants.EVENT_ERROR_CHANGEDENDENTITY, msg);
log.error(msg);
throw new EJBException(msg);
}
final EndEntityProfile profile = endEntityProfileSession.getEndEntityProfile(admin, endEntityProfileId);
// if required, we merge the existing user dn into the dn provided by the web service.
if (fromWebService && profile.getAllowMergeDnWebServices()) {
if (userData != null) {
if (userData.getSubjectDN() != null) {
final Map<String, String> dnMap = new HashMap<String, String>();
if (profile.getUse(DnComponents.DNEMAIL, 0)) {
dnMap.put(DnComponents.DNEMAIL, userDataVO.getEmail());
}
try {
dn = (new DistinguishedName(userData.getSubjectDN())).mergeDN(new DistinguishedName(dn), true, dnMap).toString();
} catch (InvalidNameException e) {
log.debug("Invalid dn. We make it empty");
dn = "";
}
}
if (userData.getSubjectAltName() != null) {
final Map<String, String> dnMap = new HashMap<String, String>();
if (profile.getUse(DnComponents.RFC822NAME, 0)) {
dnMap.put(DnComponents.RFC822NAME, userDataVO.getEmail());
}
try {
// SubjectAltName is not mandatory so
if (altName == null) {
altName = "";
}
altName = (new DistinguishedName(userData.getSubjectAltName())).mergeDN(new DistinguishedName(altName), true, dnMap).toString();
} catch (InvalidNameException e) {
log.debug("Invalid altName. We make it empty");
altName = "";
}
}
}
}
String newpassword = userDataVO.getPassword();
if (profile.useAutoGeneratedPasswd() && newpassword != null) {
// special case used to signal regeneraton of password
newpassword = profile.getAutoGeneratedPasswd();
}
final int type = userDataVO.getType();
final ExtendedInformation ei = userDataVO.getExtendedinformation();
// Check if user fulfills it's profile.
if (globalConfiguration.getEnableEndEntityProfileLimitations()) {
try {
String dirattrs = null;
if (ei != null) {
dirattrs = ei.getSubjectDirectoryAttributes();
}
// It is only meaningful to verify the password if we change it in some way, and if we are not autogenerating it
if (!profile.useAutoGeneratedPasswd() && StringUtils.isNotEmpty(newpassword)) {
profile.doesUserFullfillEndEntityProfile(username, userDataVO.getPassword(), dn, altName, dirattrs, userDataVO.getEmail(),
userDataVO.getCertificateProfileId(), clearpwd, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0,
userDataVO.getTokenType(), userDataVO.getHardTokenIssuerId(), caid, ei);
} else {
profile.doesUserFullfillEndEntityProfileWithoutPassword(username, dn, altName, dirattrs, userDataVO.getEmail(),
userDataVO.getCertificateProfileId(), (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0,
userDataVO.getTokenType(), userDataVO.getHardTokenIssuerId(), caid, ei);
}
} catch (UserDoesntFullfillEndEntityProfile e) {
final String msg = intres.getLocalizedMessage("ra.errorfullfillprofile", Integer.valueOf(endEntityProfileId), dn, e.getMessage());