List of usage examples for javax.ejb TransactionAttributeType SUPPORTS
TransactionAttributeType SUPPORTS
To view the source code for javax.ejb TransactionAttributeType SUPPORTS.
Click Source Link
REQUIRED case. From source file:org.cesecore.keys.token.CryptoTokenManagementSessionBean.java
@TransactionAttribute(TransactionAttributeType.SUPPORTS) @Override// w ww. ja va 2s . c o m public void deactivate(final AuthenticationToken authenticationToken, final int cryptoTokenId) throws AuthorizationDeniedException { assertAuthorization(authenticationToken, cryptoTokenId, CryptoTokenRules.DEACTIVATE.resource() + "/" + cryptoTokenId); final CryptoToken cryptoToken = getCryptoTokenAndAssertExistence(cryptoTokenId); cryptoToken.deactivate(); securityEventsLoggerSession.log(EventTypes.CRYPTOTOKEN_DEACTIVATION, EventStatus.SUCCESS, ModuleTypes.CRYPTOTOKEN, ServiceTypes.CORE, authenticationToken.toString(), String.valueOf(cryptoTokenId), null, null, "Deactivated CryptoToken '" + cryptoToken.getTokenName() + "' with id " + cryptoTokenId); }
From source file:org.ejbca.core.ejb.approval.ApprovalSessionBean.java
@TransactionAttribute(TransactionAttributeType.SUPPORTS) @Override//w w w . ja v a2 s . c o m public ApprovalDataVO findNonExpiredApprovalRequest(AuthenticationToken admin, int approvalId) { ApprovalDataVO retval = null; ApprovalData data = findNonExpiredApprovalDataLocal(approvalId); if (data != null) { retval = getApprovalDataVO(data); } return retval; }
From source file:org.ejbca.core.ejb.approval.ApprovalSessionBean.java
@TransactionAttribute(TransactionAttributeType.SUPPORTS) @Override//from w ww. j av a 2 s.co m public Collection<ApprovalDataVO> findApprovalDataVO(AuthenticationToken admin, int approvalId) { log.trace(">findApprovalDataVO"); ArrayList<ApprovalDataVO> retval = new ArrayList<ApprovalDataVO>(); Collection<ApprovalData> result = ApprovalData.findByApprovalId(entityManager, approvalId); Iterator<ApprovalData> iter = result.iterator(); while (iter.hasNext()) { ApprovalData adl = iter.next(); retval.add(getApprovalDataVO(adl)); } log.trace("<findApprovalDataVO"); return retval; }
From source file:org.ejbca.core.ejb.approval.ApprovalSessionBean.java
@TransactionAttribute(TransactionAttributeType.SUPPORTS) @Override/*from w w w . j av a 2 s. co m*/ public List<ApprovalDataVO> query(AuthenticationToken admin, Query query, int index, int numberofrows, String caAuthorizationString, String endEntityProfileAuthorizationString) throws AuthorizationDeniedException, IllegalQueryException { log.trace(">query()"); String customQuery = ""; // Check if query is legal. if (query != null && !query.isLegalQuery()) { throw new IllegalQueryException(); } if (query != null) { customQuery += query.getQueryString(); } if (!caAuthorizationString.equals("") && query != null) { customQuery += " AND " + caAuthorizationString; } else { customQuery += caAuthorizationString; } if (StringUtils.isNotEmpty(endEntityProfileAuthorizationString)) { if (caAuthorizationString.equals("") && query == null) { customQuery += endEntityProfileAuthorizationString; } else { customQuery += " AND " + endEntityProfileAuthorizationString; } } final List<ApprovalData> approvalDataList = ApprovalData.findByCustomQuery(entityManager, index, numberofrows, customQuery); final List<ApprovalDataVO> returnData = new ArrayList<ApprovalDataVO>(approvalDataList.size()); for (ApprovalData approvalData : approvalDataList) { returnData.add(getApprovalDataVO(approvalData)); } log.trace("<query()"); return returnData; }
From source file:org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.java
@Override @TransactionAttribute(TransactionAttributeType.SUPPORTS) public byte[] exportCAKeyStore(AuthenticationToken admin, String caname, String keystorepass, String privkeypass, String privateSignatureKeyAlias, String privateEncryptionKeyAlias) { log.trace(">exportCAKeyStore"); try {// w w w. ja v a 2 s . c o m final CA thisCa = caSession.getCAForEdit(admin, caname); // Make sure we are not trying to export a hard or invalid token CAToken thisCAToken = thisCa.getCAToken(); final CryptoToken cryptoToken = cryptoTokenSession.getCryptoToken(thisCAToken.getCryptoTokenId()); if (!(cryptoToken instanceof SoftCryptoToken)) { throw new IllegalCryptoTokenException("Cannot export anything but a soft token."); } // Do not allow export without password protection if (StringUtils.isEmpty(keystorepass) || StringUtils.isEmpty(privkeypass)) { throw new IllegalArgumentException("Cannot export a token without password protection."); } // Check authorization if (!accessSession.isAuthorizedNoLogging(admin, StandardRules.ROLE_ROOT.resource())) { String msg = intres.getLocalizedMessage("caadmin.notauthorizedtoexportcatoken", caname); Map<String, Object> details = new LinkedHashMap<String, Object>(); details.put("msg", msg); auditSession.log(EventTypes.ACCESS_CONTROL, EventStatus.FAILURE, ModuleTypes.CA, ServiceTypes.CORE, admin.toString(), String.valueOf(thisCa.getCAId()), null, null, details); throw new AuthorizationDeniedException(msg); } // Fetch keys final char[] password = keystorepass.toCharArray(); ((SoftCryptoToken) cryptoToken).checkPasswordBeforeExport(password); cryptoToken.activate(password); PrivateKey p12PrivateEncryptionKey = cryptoToken .getPrivateKey(thisCAToken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_KEYENCRYPT)); PublicKey p12PublicEncryptionKey = cryptoToken .getPublicKey(thisCAToken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_KEYENCRYPT)); PrivateKey p12PrivateCertSignKey = cryptoToken .getPrivateKey(thisCAToken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_CERTSIGN)); PrivateKey p12PrivateCRLSignKey = cryptoToken .getPrivateKey(thisCAToken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_CRLSIGN)); if (!p12PrivateCertSignKey.equals(p12PrivateCRLSignKey)) { throw new Exception("Assertion of equal signature keys failed."); } // Proceed with the export byte[] ret = null; String format = null; if (thisCa.getCAType() == CAInfo.CATYPE_CVC) { log.debug("Exporting private key with algorithm: " + p12PrivateCertSignKey.getAlgorithm() + " of format: " + p12PrivateCertSignKey.getFormat()); format = p12PrivateCertSignKey.getFormat(); ret = p12PrivateCertSignKey.getEncoded(); } else { log.debug("Exporting PKCS12 keystore"); format = "PKCS12"; KeyStore keystore = KeyStore.getInstance("PKCS12", "BC"); keystore.load(null, keystorepass.toCharArray()); // Load keys into keystore Certificate[] certificateChainSignature = (Certificate[]) thisCa.getCertificateChain() .toArray(new Certificate[0]); Certificate[] certificateChainEncryption = new Certificate[1]; // certificateChainSignature[0].getSigAlgName(), // generate dummy certificate for encryption key. certificateChainEncryption[0] = CertTools.genSelfCertForPurpose("CN=dummy2", 36500, null, p12PrivateEncryptionKey, p12PublicEncryptionKey, thisCAToken.getEncryptionAlgorithm(), true, X509KeyUsage.keyEncipherment, true); log.debug("Exporting with sigAlgorithm " + AlgorithmTools.getSignatureAlgorithm(certificateChainSignature[0]) + "encAlgorithm=" + thisCAToken.getEncryptionAlgorithm()); if (keystore.isKeyEntry(privateSignatureKeyAlias)) { throw new Exception("Key \"" + privateSignatureKeyAlias + "\"already exists in keystore."); } if (keystore.isKeyEntry(privateEncryptionKeyAlias)) { throw new Exception("Key \"" + privateEncryptionKeyAlias + "\"already exists in keystore."); } keystore.setKeyEntry(privateSignatureKeyAlias, p12PrivateCertSignKey, privkeypass.toCharArray(), certificateChainSignature); keystore.setKeyEntry(privateEncryptionKeyAlias, p12PrivateEncryptionKey, privkeypass.toCharArray(), certificateChainEncryption); // Return KeyStore as byte array and clean up ByteArrayOutputStream baos = new ByteArrayOutputStream(); keystore.store(baos, keystorepass.toCharArray()); if (keystore.isKeyEntry(privateSignatureKeyAlias)) { keystore.deleteEntry(privateSignatureKeyAlias); } if (keystore.isKeyEntry(privateEncryptionKeyAlias)) { keystore.deleteEntry(privateEncryptionKeyAlias); } ret = baos.toByteArray(); } String msg = intres.getLocalizedMessage("caadmin.exportedca", caname, format); Map<String, Object> details = new LinkedHashMap<String, Object>(); details.put("msg", msg); auditSession.log(EjbcaEventTypes.CA_EXPORTTOKEN, EventStatus.SUCCESS, ModuleTypes.CA, ServiceTypes.CORE, admin.toString(), String.valueOf(thisCa.getCAId()), null, null, details); log.trace("<exportCAKeyStore"); return ret; } catch (Exception e) { String msg = intres.getLocalizedMessage("caadmin.errorexportca", caname, "PKCS12", e.getMessage()); Map<String, Object> details = new LinkedHashMap<String, Object>(); details.put("msg", msg); auditSession.log(EjbcaEventTypes.CA_EXPORTTOKEN, EventStatus.FAILURE, ModuleTypes.CA, ServiceTypes.CORE, admin.toString(), null, null, null, details); throw new EJBException(e); } }
From source file:org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.java
@TransactionAttribute(TransactionAttributeType.SUPPORTS) @Override/*from w w w .jav a2 s . c o m*/ public Collection<Certificate> getAllCACertificates() { final ArrayList<Certificate> returnval = new ArrayList<Certificate>(); for (final Integer caid : caSession.getAllCaIds()) { try { final CAInfo caInfo = caSession.getCAInfoInternal(caid.intValue(), null, true); if (log.isDebugEnabled()) { log.debug("Getting certificate chain for CA: " + caInfo.getName() + ", " + caInfo.getCAId()); } final Certificate caCertificate = caInfo.getCertificateChain().iterator().next(); returnval.add(caCertificate); } catch (CADoesntExistsException e) { log.error("\"Available\" CA does not exist! caid=" + caid); } } return returnval; }
From source file:org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.java
/** Method used to check if certificate profile id exists in any CA. */ @Override/* w w w . j a v a 2s.c o m*/ @TransactionAttribute(TransactionAttributeType.SUPPORTS) public List<String> getCAsUsingCertificateProfile(final int certificateprofileid) { List<String> result = new ArrayList<String>(); for (final Integer caid : caSession.getAllCaIds()) { try { final CAInfo caInfo = caSession.getCAInfoInternal(caid.intValue(), null, true); if (caInfo.getCertificateProfileId() == certificateprofileid) { result.add(caInfo.getName()); } } catch (CADoesntExistsException e) { log.error("\"Available\" CA is no longer available. caid=" + caid.toString()); } } return result; }
From source file:org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.java
@Override @TransactionAttribute(TransactionAttributeType.SUPPORTS) public boolean exitsPublisherInCAs(AuthenticationToken admin, int publisherid) { try {// ww w . j a v a 2 s. c o m for (final Integer caid : caSession.getAuthorizedCaIds(admin)) { for (final Integer pubInt : caSession.getCA(admin, caid).getCRLPublishers()) { if (pubInt.intValue() == publisherid) { // We have found a match. No point in looking for more.. return true; } } } } catch (CADoesntExistsException e) { throw new RuntimeException("Available CA is no longer available!"); } catch (AuthorizationDeniedException e) { throw new RuntimeException("No longer authorized to authorized CA!"); } return false; }
From source file:org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.java
@Override @TransactionAttribute(TransactionAttributeType.SUPPORTS) public int getNumOfApprovalRequired(final int action, final int caid, final int certProfileId) { int retval = 0; try {/*from w w w . j a va 2 s. c o m*/ // No need to do access control here on the CA, we are just internally retrieving a value // to be used to see if approvals are needed. final CAInfo cainfo = caSession.getCAInfoInternal(caid, null, true); if (cainfo.isApprovalRequired(action)) { retval = cainfo.getNumOfReqApprovals(); } final CertificateProfile certprofile = certificateProfileSession.getCertificateProfile(certProfileId); if (certprofile != null && certprofile.isApprovalRequired(action)) { retval = Math.max(retval, certprofile.getNumOfReqApprovals()); } } catch (CADoesntExistsException e) { // NOPMD ignore cainfo is null } return retval; }
From source file:org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.java
@Override @TransactionAttribute(TransactionAttributeType.SUPPORTS) public Set<Integer> getAuthorizedPublisherIds(final AuthenticationToken admin) { // Set to use to track all authorized publisher IDs final Set<Integer> result = new HashSet<Integer>(); // Find all publishers, use this set to track unowned publishers final Map<Integer, BasePublisher> allPublishers = publisherSession.getAllPublishers(); //Firstly, weed out all publishers which we lack authorization to for (Integer key : new HashSet<Integer>(allPublishers.keySet())) { BasePublisher publisher = allPublishers.get(key); if (publisher instanceof CustomPublisherContainer) { final CustomPublisherContainer custompublisherdata = ((CustomPublisherContainer) publisher); if (custompublisherdata.isCustomAccessRulesSupported()) { if (!custompublisherdata.isAuthorizedToPublisher(admin)) { allPublishers.remove(key); }/*from ww w. ja va2 s .c o m*/ } } } //Secondly, find all CAs for (final int caId : caSession.getAllCaIds()) { boolean authorizedToCa = caSession.authorizedToCA(admin, caId); try { Collection<Integer> crlPublishers = caSession.getCAInfoInternal(caId).getCRLPublishers(); if (crlPublishers != null) { // TODO: Logically getCRLPublishers() should return an empty list if empty, but that's a change for another day for (Integer caPublisherId : crlPublishers) { //This publisher is owned by a CA allPublishers.remove(caPublisherId); if (authorizedToCa) { //Admin has access to the CA, so return it as a result. result.add(caPublisherId); } } } } catch (CADoesntExistsException e) { // NOPMD: This can't happen } } //Any remaining publishers must be unowned, so add them in as well. result.addAll(allPublishers.keySet()); return result; }