001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.ui.web.admin.hardtokeninterface;
013:
014: import java.io.Serializable;
015: import java.util.ArrayList;
016: import java.util.Collection;
017: import java.util.HashMap;
018: import java.util.HashSet;
019: import java.util.Iterator;
020: import java.util.TreeMap;
021:
022: import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
023: import org.ejbca.core.ejb.hardtoken.IHardTokenSessionLocal;
024: import org.ejbca.core.model.authorization.AdminGroup;
025: import org.ejbca.core.model.authorization.AuthorizationDeniedException;
026: import org.ejbca.core.model.hardtoken.HardTokenIssuerData;
027: import org.ejbca.core.model.log.Admin;
028:
029: /**
030: * A class that looks up the which Hard Token Issuers the administrator is authorized to view and edit
031: *
032: * @version $Id: HardTokenAuthorization.java,v 1.1 2006/01/17 20:26:30 anatom Exp $
033: */
034: public class HardTokenAuthorization implements Serializable {
035:
036: /** Creates a new instance of CAAuthorization. */
037: public HardTokenAuthorization(Admin admin,
038: IHardTokenSessionLocal hardtokensession,
039: IAuthorizationSessionLocal authorizationsession) {
040: this .admin = admin;
041: this .hardtokensession = hardtokensession;
042: this .authorizationsession = authorizationsession;
043: }
044:
045: /**
046: * Method returning a TreeMap containing Hard Token Alias -> Hard Token Issuer Data
047: * the administrator is authorized to view and edit
048: * @return A TreeMap Hard Token Alias (String) -> HardTokenIssuerData
049: */
050: public TreeMap getHardTokenIssuers() {
051: if (hardtokenissuers == null) {
052: hardtokenissuers = new TreeMap();
053: Iterator iter = authorizationsession
054: .getAuthorizedAdminGroupNames(admin).iterator();
055: HashSet authadmingroupids = new HashSet();
056: while (iter.hasNext()) {
057: AdminGroup next = (AdminGroup) iter.next();
058: authadmingroupids.add(new Integer(next
059: .getAdminGroupId()));
060: }
061: TreeMap allhardtokenissuers = this .hardtokensession
062: .getHardTokenIssuers(admin);
063: iter = allhardtokenissuers.keySet().iterator();
064: while (iter.hasNext()) {
065: String alias = (String) iter.next();
066: if (authadmingroupids.contains(new Integer(
067: ((HardTokenIssuerData) allhardtokenissuers
068: .get(alias)).getAdminGroupId()))) {
069: hardtokenissuers.put(alias, allhardtokenissuers
070: .get(alias));
071: }
072: }
073: }
074:
075: return hardtokenissuers;
076: }
077:
078: /**
079: * Method returning a TreeMap containing Hard Token Profile Name -> Hard Token Profile Id
080: * the administrator is authorized to view and edit
081: * @return A TreeMap Hard Token Profile Name (String) -> Hard Token Profile Id
082: */
083: public TreeMap getHardTokenProfiles() {
084: if (hardtokenprofiles == null) {
085: hardtokenprofiles = new TreeMap();
086: Collection authorizedhardtokenprofiles = hardtokensession
087: .getAuthorizedHardTokenProfileIds(admin);
088:
089: Iterator iter = authorizedhardtokenprofiles.iterator();
090: while (iter.hasNext()) {
091: Integer id = ((Integer) iter.next());
092: String name = hardtokensession.getHardTokenProfileName(
093: admin, id.intValue());
094: hardtokenprofiles.put(name, id);
095: }
096: }
097: return hardtokenprofiles;
098: }
099:
100: /**
101: * Checks if administrator is authorized to edit the specified hard token issuer.
102: *
103: * @param alias of hard token issuer
104: * @return true if administrator is authorized to edit ahrd token issuer.
105: */
106:
107: public boolean authorizedToHardTokenIssuer(String alias) {
108: boolean returnval = false;
109: try {
110: returnval = this .authorizationsession.isAuthorizedNoLog(
111: admin,
112: "/hardtoken_functionality/edit_hardtoken_issuers");
113: } catch (AuthorizationDeniedException ade) {
114: }
115:
116: return returnval
117: && this .getHardTokenIssuers().keySet().contains(alias);
118: }
119:
120: /**
121: * Checks if administrator is authorized to edit the specified hard token profile.
122: *
123: * @param alias of hard token profile
124: * @return true if administrator is authorized to edit hard token profile.
125: */
126:
127: public boolean authorizedToHardTokenProfile(String name) {
128: boolean returnval = false;
129: try {
130: returnval = this .authorizationsession.isAuthorizedNoLog(
131: admin,
132: "/hardtoken_functionality/edit_hardtoken_profiles");
133: } catch (AuthorizationDeniedException ade) {
134: }
135:
136: return returnval
137: && this .getHardTokenProfiles().keySet().contains(name);
138: }
139:
140: /**
141: * Returns a Map of hard token profile id (Integer) -> hard token profile name (String).
142: */
143: public HashMap getHardTokenProfileIdToNameMap() {
144: if (hardtokenprofilesnamemap == null) {
145: hardtokenprofilesnamemap = this .hardtokensession
146: .getHardTokenProfileIdToNameMap(admin);
147: }
148:
149: return hardtokenprofilesnamemap;
150: }
151:
152: /**
153: * Returns a Collection of AdminGroup names authorized to issue hard tokens,
154: * it also only returns the admin groups the administrator is authorized to edit.
155: */
156: public Collection getHardTokenIssuingAdminGroups() {
157: if (authis sueingadmgrps == null) {
158: authis sueingadmgrps = new ArrayList();
159: Iterator iter = authorizationsession
160: .getAuthorizedAdminGroupNames(admin).iterator();
161: while (iter.hasNext()) {
162: AdminGroup next = (AdminGroup) iter.next();
163: try {
164: if (authorizationsession
165: .isGroupAuthorizedNoLog(admin, next
166: .getAdminGroupId(),
167: "/hardtoken_functionality/issue_hardtokens"))
168: authis sueingadmgrps.add(next);
169: } catch (AuthorizationDeniedException e) {
170: }
171: }
172: }
173:
174: return authis sueingadmgrps;
175: }
176:
177: public void clear() {
178: hardtokenissuers = null;
179: hardtokenprofiles = null;
180: hardtokenprofilesnamemap = null;
181: authis sueingadmgrps = null;
182: }
183:
184: // Private fields.
185: private TreeMap hardtokenissuers = null;
186: private TreeMap hardtokenprofiles = null;
187: private HashMap hardtokenprofilesnamemap = null;
188: private ArrayList authis sueingadmgrps = null;
189:
190: private Admin admin;
191: private IHardTokenSessionLocal hardtokensession;
192: private IAuthorizationSessionLocal authorizationsession;
193:
194: }
|