Class managing Administrator specific settings of the
hardtoken mangagement system
If the property isn't found in the current administrator
setting the corresponding global values will be used instead.
Class that tries to automatically determine which
IGenCATokenInfo implementation that should be used
depending on the configuration files found in
the file system.
A Base class implementing the common methods of a Controller
It also contains a lot of help methods of how to access
the different interfaces and logging.
One main controller prompting for card insertion and then
analysing what could be the problem with the card before
swithing controll to the most likely controller.
Property defining the controller (string) that should be switched to when the back button
is pressed, if property isn't set is the callingController used.
Method returning the revokestatus for given user
Authorization requirements: the client certificate must have the following priviledges set
- Administrator flag set
- /administrator
- /ca/
Controller doing the actual personalization of the card, initializing the token
generates PKCS10 requests sends them to EJBCA for certification and finally places
them on the card.
Comma Separated File Batch Admin Importer that reads a rows of
text and converts them into AdminDataVO
It's configured in global.properties with the following settings
csvbatchadminimport.columnseparator (default ",")
Each row should have the following order:
"unique user id","full name","department (optional)"
Default cert selector that selects logo and name according to the following
Default is : cert.gif
If cert have non-rep key usage set : sign_cert.gif
If cert contains a UPN in altname set : mscert.gif
Default logon certificate selector selecting
the first found certificate with 'digital signature'
in the key usage and DN equal to the global setting:
'token.defaultlogoncertselector', protected by the basic pin.
Default implementation of the username generator
where a defined prefix "creatingcardusernameprefix" set in global.properties along
with the personal number is returned as username.
Method that should be used to edit/add a user to the EJBCA database,
if the user doesn't already exists it will be added otherwise it will be
overwritten.
Controller used to diplay and error and the possibility to
mail the error the designated administrator
Controller Memory Settings:
See separate CC constants.
Method used to add information about a generated hardtoken
Authorization requirements:
If the caller is an administrator
- Administrator flag set
- /administrator
- /ra_functionality/create_end_entity and/or edit_end_entity
- /endentityprofilesrules//create_end_entity and/or edit_end_entity
- /ra_functionality/revoke_end_entity (if overwrite flag is set)
- /endentityprofilesrules//revoke_end_entity (if overwrite flag is set)
- /ca_functionality/create_certificate
- /ca/
- /hardtoken_functionality/issue_hardtokens
If the user isn't an administrator will it be added to the queue for approval.
Returns a list of administrators belonging to the given
organization
Required Admin rules:
/administrator
/system_functionality/edit_administrator_privileges
Only authorized to the admin groups is returned.
Returns a list of AdminDataVO of all administrators belonging to
an organization (a given set of caIds)
The administration groups and CertSN aren't populated with this call, that have to
be done separately.
Method used to fetch all administrator groups authorized to the administrator and
belonging to the given organization Id
Required Admin rules:
/administrator
Selecting the logo depending on the hardTokenDataVOWS
If the hardTokenDataVOWs is null is an empty card displayed
Othervise is the image for smartcard, spare card and project card
shown respectively
Method that should return the name of the logo display, associated
with a particular token data
* @param tokenData the actual class have to be supported by the implementation
usually an IToken or TokenDataBean, or HardTokenDataWS for EJBCA
getLogo() -
Static method in class org.hardtokenmgmt.core.ui.UIHelper
Method fetching the first certificate with 'digital signature'
and the given issuer in the setting token.defaultlogoncertselector
protected by the basic pin.
Method that returns the parameter in the global settings
htmfws.numberofrequiredapprovals which indicates
how many approvals is required for the WS related approvals
Interface that should be implemented by all the controller objects
Contains the essetial methods used by the framework to pass
control to and from the implementing controller.
Controller for the Manage Certificates on Card page displaying the cerificates
and allowing them to be renewed or viewed in detaul
Controller Memory Settings:
VIEWCERT : The X509Certificate that should be viewed by the ViewCert Controller.
Controller of the menu displayed after an analysis have shown that
the card is normal and a subset of action is showed with buttons
that redirects to the other controllers.
Controller for the first page when a card should be inserted and an apporval
request is generated to EJBCA
Controller Memory Settings:
NOADMINPUKDATA : the PUK data fetched from EJBCA after the action have been approved.
Controller displayed when an administrator is trying to access
a controller it doesn't have priviledges to
Controller Memory Settings:
NOTAUTH_SHOWBACKBUTTON : True if not set
NOTAUTH_MESSAGE : Message displayed for the user.
Controller for the renew certificates page, it displays the certificates
on the card and if they are about to expire according to the settings
in the global configuration are the expiring certificate displayed in red.
Method performing a republication of a selected certificate
Authorization requirements:
- Administrator flag set
- /administrator
- /ra_functionality/view_end_entity
- /endentityprofilesrules//view_end_entity
- /ca/
Special wrapper class used to make the calls to syncronized
and making sure only one thread at the time calls the PKCS11 module
This class is returned by the TokenManager.
complete test query string used for making sure the
database is up and running example value is
"select 1" but the actual query depends on database type.
This is an executable class in charge of initializing an
empty EJBCA deployment with CAs and configuration to
start using a standard deployment of ToLiMa.
A common controller for both the request temporary card and unblock actions
It shows the waiting for approval page and checks EJBCA periodically if the
given request have been approved.