001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.ui.web.admin.cainterface;
013:
014: import java.io.InputStream;
015: import java.io.Serializable;
016: import java.security.cert.CertPathValidatorException;
017: import java.security.cert.Certificate;
018: import java.security.cert.X509Certificate;
019: import java.util.Collection;
020: import java.util.HashMap;
021: import java.util.Iterator;
022: import java.util.List;
023:
024: import org.apache.log4j.Logger;
025: import org.bouncycastle.jce.PKCS10CertificationRequest;
026: import org.ejbca.core.EjbcaException;
027: import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
028: import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionLocal;
029: import org.ejbca.core.ejb.ca.sign.ISignSessionLocal;
030: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionLocal;
031: import org.ejbca.core.ejb.ra.IUserAdminSessionLocal;
032: import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal;
033: import org.ejbca.core.model.approval.ApprovalException;
034: import org.ejbca.core.model.approval.WaitingForApprovalException;
035: import org.ejbca.core.model.authorization.AuthorizationDeniedException;
036: import org.ejbca.core.model.ca.caadmin.CADoesntExistsException;
037: import org.ejbca.core.model.ca.caadmin.CAExistsException;
038: import org.ejbca.core.model.ca.caadmin.CAInfo;
039: import org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAServiceInfo;
040: import org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceInfo;
041: import org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceInfo;
042: import org.ejbca.core.model.ca.caadmin.extendedcaservices.XKMSCAServiceInfo;
043: import org.ejbca.core.model.ca.catoken.CATokenAuthenticationFailedException;
044: import org.ejbca.core.model.ca.catoken.CATokenOfflineException;
045: import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
046: import org.ejbca.core.model.ca.crl.RevokedCertInfo;
047: import org.ejbca.core.model.log.Admin;
048: import org.ejbca.core.protocol.IRequestMessage;
049: import org.ejbca.core.protocol.IResponseMessage;
050: import org.ejbca.core.protocol.PKCS10RequestMessage;
051: import org.ejbca.core.protocol.X509ResponseMessage;
052: import org.ejbca.ui.web.admin.configuration.EjbcaWebBean;
053: import org.ejbca.ui.web.admin.configuration.InformationMemory;
054: import org.ejbca.util.CertTools;
055:
056: /**
057: * A class help administrating CAs.
058: *
059: * @author TomSelleck
060: * @version $Id: CADataHandler.java,v 1.12 2008/02/26 15:37:13 herrvendil Exp $
061: */
062: public class CADataHandler implements Serializable {
063: private static final Logger log = Logger
064: .getLogger(CADataHandler.class);
065:
066: /** Creates a new instance of CertificateProfileDataHandler */
067: public CADataHandler(Admin administrator,
068: ICAAdminSessionLocal caadminsession,
069: IUserAdminSessionLocal adminsession,
070: IRaAdminSessionLocal raadminsession,
071: ICertificateStoreSessionLocal certificatesession,
072: IAuthorizationSessionLocal authorizationsession,
073: ISignSessionLocal signsession, EjbcaWebBean ejbcawebbean) {
074:
075: this .caadminsession = caadminsession;
076: this .authorizationsession = authorizationsession;
077: this .adminsession = adminsession;
078: this .certificatesession = certificatesession;
079: this .raadminsession = raadminsession;
080: this .administrator = administrator;
081: this .signsession = signsession;
082: this .info = ejbcawebbean.getInformationMemory();
083: this .ejbcawebbean = ejbcawebbean;
084: }
085:
086: /**
087: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
088: */
089: public void createCA(CAInfo cainfo) throws CAExistsException,
090: CATokenOfflineException,
091: CATokenAuthenticationFailedException,
092: AuthorizationDeniedException {
093: caadminsession.createCA(administrator, cainfo);
094: info.cAsEdited();
095: }
096:
097: /**
098: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
099: */
100: public void importCAFromKeyStore(String caname, byte[] p12file,
101: String keystorepass, String privkeypass,
102: String privateSignatureKeyAlias,
103: String privateEncryptionKeyAlias) throws Exception {
104: caadminsession.importCAFromKeyStore(administrator, caname,
105: p12file, keystorepass, privkeypass,
106: privateSignatureKeyAlias, privateEncryptionKeyAlias);
107: info.cAsEdited();
108: }
109:
110: /**
111: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
112: */
113: public void editCA(CAInfo cainfo)
114: throws AuthorizationDeniedException {
115: caadminsession.editCA(administrator, cainfo);
116: info.cAsEdited();
117: }
118:
119: /**
120: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
121: */
122: public boolean removeCA(int caid)
123: throws AuthorizationDeniedException {
124:
125: boolean caidexits = this .adminsession.checkForCAId(
126: administrator, caid)
127: || this .certificatesession
128: .existsCAInCertificateProfiles(administrator,
129: caid)
130: || this .raadminsession.existsCAInEndEntityProfiles(
131: administrator, caid)
132: || this .authorizationsession.existsCAInRules(
133: administrator, caid);
134:
135: if (!caidexits) {
136: caadminsession.removeCA(administrator, caid);
137: info.cAsEdited();
138: }
139:
140: return !caidexits;
141: }
142:
143: /**
144: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
145: */
146: public void renameCA(String oldname, String newname)
147: throws CAExistsException, AuthorizationDeniedException {
148: caadminsession.renameCA(administrator, oldname, newname);
149: info.cAsEdited();
150: }
151:
152: /**
153: * @see org.ejbca.core.model.ca.caadmin.ICAAdminSessionLocal
154: */
155: public CAInfoView getCAInfo(String name) throws Exception {
156: CAInfoView cainfoview = null;
157: CAInfo cainfo = caadminsession.getCAInfo(administrator, name);
158: if (cainfo != null)
159: cainfoview = new CAInfoView(cainfo, ejbcawebbean, info
160: .getPublisherIdToNameMap());
161:
162: return cainfoview;
163: }
164:
165: /**
166: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
167: */
168: public CAInfoView getCAInfo(int caid) throws Exception {
169: // temporate
170: CAInfoView cainfoview = null;
171: CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
172: if (cainfo != null)
173: cainfoview = new CAInfoView(cainfo, ejbcawebbean, info
174: .getPublisherIdToNameMap());
175:
176: return cainfoview;
177: }
178:
179: /**
180: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
181: */
182: public HashMap getCAIdToNameMap() {
183: return info.getCAIdToNameMap();
184: }
185:
186: /**
187: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
188: */
189: public PKCS10CertificationRequest makeRequest(int caid,
190: Collection cachain, boolean setstatustowaiting)
191: throws CADoesntExistsException,
192: AuthorizationDeniedException, CertPathValidatorException,
193: CATokenOfflineException {
194:
195: PKCS10RequestMessage result = (PKCS10RequestMessage) caadminsession
196: .makeRequest(administrator, caid, cachain,
197: setstatustowaiting);
198: return result.getCertificationRequest();
199: }
200:
201: /**
202: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
203: */
204: public void receiveResponse(int caid, InputStream is)
205: throws Exception {
206: try {
207: Collection certs = CertTools.getCertsFromPEM(is);
208: Iterator iter = certs.iterator();
209: Certificate cert = (Certificate) iter.next();
210: X509ResponseMessage resmes = new X509ResponseMessage();
211: resmes.setCertificate(cert);
212: caadminsession.receiveResponse(administrator, caid, resmes);
213: info.cAsEdited();
214: } catch (Exception e) {
215: // log the error here, since otherwise it may be hidden by web pages...
216: log.error("Error receiving response: ", e);
217: throw e;
218: }
219: }
220:
221: /**
222: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
223: */
224: public Certificate processRequest(CAInfo cainfo,
225: IRequestMessage requestmessage) throws Exception {
226: Certificate returnval = null;
227: IResponseMessage result = caadminsession.processRequest(
228: administrator, cainfo, requestmessage);
229: if (result instanceof X509ResponseMessage) {
230: returnval = ((X509ResponseMessage) result).getCertificate();
231: }
232: info.cAsEdited();
233:
234: return returnval;
235: }
236:
237: /**
238: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
239: */
240: public void renewCA(int caid, IResponseMessage responsemessage,
241: String keystorepass, boolean regenerateKeys)
242: throws CADoesntExistsException,
243: AuthorizationDeniedException, CertPathValidatorException,
244: CATokenOfflineException {
245: caadminsession.renewCA(administrator, caid, responsemessage,
246: keystorepass, regenerateKeys);
247: info.cAsEdited();
248: }
249:
250: /**
251: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
252: */
253: public void revokeCA(int caid, int reason)
254: throws CADoesntExistsException,
255: AuthorizationDeniedException {
256: caadminsession.revokeCA(administrator, caid, reason);
257: info.cAsEdited();
258: }
259:
260: /**
261: * @see org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean
262: */
263: public void publishCA(int caid) {
264: CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
265: CertificateProfile certprofile = certificatesession
266: .getCertificateProfile(administrator, cainfo
267: .getCertificateProfileId());
268: // A CA certificate is published where the CRL is published and if there is a publisher noted in the certificate profile
269: // (which there is probably not)
270: Collection publishers = cainfo.getCRLPublishers();
271: publishers.addAll(certprofile.getPublisherList());
272: signsession.publishCACertificate(administrator, cainfo
273: .getCertificateChain(), publishers);
274:
275: // Publish ExtendedCAServices certificates as well
276: Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
277: while (iter.hasNext()) {
278: ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter
279: .next();
280: if (next instanceof OCSPCAServiceInfo) {
281: List ocspcert = ((OCSPCAServiceInfo) next)
282: .getOCSPSignerCertificatePath();
283: if (ocspcert != null) {
284: signsession.publishCACertificate(administrator,
285: ocspcert, publishers);
286: }
287: }
288: if (next instanceof XKMSCAServiceInfo) {
289: List xkmscert = ((XKMSCAServiceInfo) next)
290: .getXKMSSignerCertificatePath();
291: if (xkmscert != null) {
292: signsession.publishCACertificate(administrator,
293: xkmscert, publishers);
294: }
295: }
296: if (next instanceof CmsCAServiceInfo) {
297: List cmscert = ((CmsCAServiceInfo) next)
298: .getCertificatePath();
299: if (cmscert != null) {
300: signsession.publishCACertificate(administrator,
301: cmscert, publishers);
302: }
303: }
304: }
305: }
306:
307: public void revokeOCSPCertificate(int caid) {
308: CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
309: Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
310: while (iter.hasNext()) {
311: ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter
312: .next();
313: if (next instanceof OCSPCAServiceInfo) {
314: X509Certificate ocspcert = (X509Certificate) ((OCSPCAServiceInfo) next)
315: .getOCSPSignerCertificatePath().get(0);
316: certificatesession.revokeCertificate(administrator,
317: ocspcert, cainfo.getCRLPublishers(),
318: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
319: }
320: }
321: }
322:
323: public void revokeXKMSCertificate(int caid) {
324: CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
325: Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
326: while (iter.hasNext()) {
327: ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter
328: .next();
329: if (next instanceof XKMSCAServiceInfo) {
330: X509Certificate xkmscert = (X509Certificate) ((XKMSCAServiceInfo) next)
331: .getXKMSSignerCertificatePath().get(0);
332: certificatesession.revokeCertificate(administrator,
333: xkmscert, cainfo.getCRLPublishers(),
334: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
335: }
336: }
337: }
338:
339: public void revokeCmsCertificate(int caid) {
340: CAInfo cainfo = caadminsession.getCAInfo(administrator, caid);
341: Iterator iter = cainfo.getExtendedCAServiceInfos().iterator();
342: while (iter.hasNext()) {
343: ExtendedCAServiceInfo next = (ExtendedCAServiceInfo) iter
344: .next();
345: if (next instanceof CmsCAServiceInfo) {
346: X509Certificate cmscert = (X509Certificate) ((CmsCAServiceInfo) next)
347: .getCertificatePath().get(0);
348: certificatesession.revokeCertificate(administrator,
349: cmscert, cainfo.getCRLPublishers(),
350: RevokedCertInfo.REVOKATION_REASON_UNSPECIFIED);
351: }
352: }
353: }
354:
355: public void activateCAToken(int caid, String authorizationcode)
356: throws AuthorizationDeniedException,
357: CATokenAuthenticationFailedException,
358: CATokenOfflineException, ApprovalException,
359: WaitingForApprovalException {
360: caadminsession.activateCAToken(administrator, caid,
361: authorizationcode);
362: }
363:
364: public void deactivateCAToken(int caid)
365: throws AuthorizationDeniedException, EjbcaException {
366: caadminsession.deactivateCAToken(administrator, caid);
367: }
368:
369: public boolean isCARevoked(CAInfo cainfo) {
370: boolean retval = false;
371:
372: if (cainfo != null) {
373: retval = cainfo.getRevokationReason() != RevokedCertInfo.NOT_REVOKED;
374: }
375: return retval;
376: }
377:
378: private ICAAdminSessionLocal caadminsession;
379: private Admin administrator;
380: private IAuthorizationSessionLocal authorizationsession;
381: private InformationMemory info;
382: private IUserAdminSessionLocal adminsession;
383: private IRaAdminSessionLocal raadminsession;
384: private ICertificateStoreSessionLocal certificatesession;
385: private EjbcaWebBean ejbcawebbean;
386: private ISignSessionLocal signsession;
387: }
|