Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.hardtokenmgmt.ws.server
Class HTMFAdminWS

java.lang.Object
  extended by org.hardtokenmgmt.ws.server.HTMFAdminWS
All Implemented Interfaces:
IHTMFAdminWS
public class HTMFAdminWS
extends java.lang.Object
implements IHTMFAdminWS

Version:
$Id$
Author:
Philip Vendil 28 mar 2009

Field Summary
 
Fields inherited from interface org.hardtokenmgmt.ws.IHTMFAdminWS
CUSTOMLOG_LEVEL_ERROR, CUSTOMLOG_LEVEL_INFO
 
Constructor Summary
HTMFAdminWS()
           
 
Method Summary
 CAInfoVO activateCA(int cAId, java.lang.String authCode)
          Method used to activate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas
 org.ejbca.core.protocol.ws.objects.RevokeStatus checkRevokationStatus(java.lang.String issuerDN, java.lang.String certificateSN)
          Method returning the revokestatus for given user Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ca/
 void customLog(int level, java.lang.String type, java.lang.String cAName, java.lang.String username, org.ejbca.core.protocol.ws.objects.Certificate certificate, java.lang.String msg)
          Generates a Custom Log event in the database.
 CAInfoVO deactivateCA(int cAId)
          Method used to deactivate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas
 boolean deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString, boolean removeMultipleMatch)
          Special method used to remove existing used data from a user data source.
 void editAdmin(AdminDataVO adminData)
          Adds/edits the data of a given administrator.
 void editUser(org.ejbca.core.protocol.ws.objects.UserDataVOWS userdata)
          Method that should be used to edit/add a user to the EJBCA database, if the user doesn't already exists it will be added otherwise it will be overwritten.
 boolean existsAdministrator(AdminDataVO adminData)
          Checks if an administrator already exists.
 boolean existsHardToken(java.lang.String hardTokenSN)
          Looks up if a serial number already have been generated Authorization requirements: A valid certificate
 java.util.List<org.ejbca.core.protocol.ws.objects.UserDataSourceVOWS> fetchUserData(java.util.List<java.lang.String> userDataSourceNames, java.lang.String searchString)
          Method used to fetch userdata from an existing UserDataSource.
 java.util.List<org.ejbca.core.protocol.ws.objects.Certificate> findCerts(java.lang.String username, boolean onlyValid)
          Retreives a collection of certificates generated for a user.
 java.util.List<org.ejbca.core.protocol.ws.objects.UserDataVOWS> findUser(org.ejbca.core.protocol.ws.objects.UserMatch usermatch)
          Retreives information about a user in the database.
 java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateResponseWS> genTokenCertificates(org.ejbca.core.protocol.ws.objects.UserDataVOWS userData, java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateRequestWS> tokenRequests, org.ejbca.core.protocol.ws.objects.HardTokenDataWS hardTokenData, boolean overwriteExistingSN, boolean revocePreviousCards)
          Method used to add information about a generated hardtoken Authorization requirements: If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules//create_end_entity and/or edit_end_entity - /ra_functionality/revoke_end_entity (if overwrite flag is set) - /endentityprofilesrules//revoke_end_entity (if overwrite flag is set) - /ca_functionality/create_certificate - /ca/ - /hardtoken_functionality/issue_hardtokens If the user isn't an administrator will it be added to the queue for approval.
 java.util.List<AdminDataVO> getAdministrators(java.lang.String orgId)
          Returns a list of administrators belonging to the given organization Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Only authorized to the admin groups is returned.
 java.util.List<AdminGroupVO> getAvailableAdminGroups(java.lang.String orgId)
          Method used to fetch all administrator groups authorized to the administrator and belonging to the given organization Id Required Admin rules: /administrator
 org.ejbca.core.protocol.ws.objects.HardTokenDataWS getHardTokenData(java.lang.String hardTokenSN, boolean viewPUKData, boolean onlyValidCertificates)
          Method fetching information about a hard token given it's hard token serial number.
 java.util.List<org.ejbca.core.protocol.ws.objects.HardTokenDataWS> getHardTokenDatas(java.lang.String username, boolean onlyValidCertificates)
          Method fetching all hard token informations for a given user.
 HostInfoVO getHostStatuses()
          Method used to fetch the current status of the host.
 java.lang.String getLastCRL(int caId)
          Method used to fetch the latest CRL in DER format.
 java.util.List<OrganizationVO> getOrganisations()
          Method used to fetch a list of the name of available organization for the current administrator.
 int isApproved(int approvalId)
          Looks up if a requested action have been approved by an authorized administrator or not Authorization requirements: A valid certificate
 boolean isAuthorized(java.lang.String resource)
          Method checking if a user is authorixed to a given resource Authorization requirements: a valid client certificate
 org.ejbca.core.protocol.ws.objects.CertificateResponse pkcs10Request(java.lang.String username, java.lang.String password, java.lang.String pkcs10, java.lang.String hardTokenSN, java.lang.String responseType)
          Method to use to generate a certificate for a user.
 org.ejbca.core.protocol.ws.objects.KeyStore pkcs12Req(java.lang.String username, java.lang.String password, java.lang.String hardTokenSN, java.lang.String keyspec, java.lang.String keyalg)
          Method to use to generate a server generated keystore.
 void removeAdministrator(AdminDataVO adminData)
          Removes the administrator privileges from a user.
 void republishCertificate(java.lang.String serialNumberInHex, java.lang.String issuerDN)
          Method performing a republication of a selected certificate Authorization requirements: - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/
 void revokeCert(java.lang.String issuerDN, java.lang.String certificateSN, int reason)
          Method used to revoke a certificate
 void revokeToken(java.lang.String hardTokenSN, int reason)
          Method used to revoke all certificates mapped to one hardtoken.
 void revokeUser(java.lang.String username, int reason, boolean deleteUser)
          Method used to revoke all a users certificates.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HTMFAdminWS

public HTMFAdminWS()
Method Detail

getOrganisations

public java.util.List<OrganizationVO> getOrganisations()
                                                throws org.ejbca.core.EjbcaException,
                                                       org.ejbca.core.model.authorization.AuthorizationDeniedException
Description copied from interface: IHTMFAdminWS
Method used to fetch a list of the name of available organization for the current administrator. Required Admin rules: /administrator

Specified by:
getOrganisations in interface IHTMFAdminWS
Returns:
a list of the name of available organization for the current administrator.
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the caller isn't an administrator.

getHostStatuses

public HostInfoVO getHostStatuses()
                           throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                  org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method used to fetch the current status of the host. Information fetched is: disk usage mem usage processor usage (if supported by OS) CA status DB status SysCheck Status (if used) Required Admin rules: /administrator

Specified by:
getHostStatuses in interface IHTMFAdminWS
Returns:
current hostInfo status
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException
org.ejbca.core.EjbcaException

activateCA

public CAInfoVO activateCA(int cAId,
                           java.lang.String authCode)
                    throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                           org.ejbca.core.EjbcaException,
                           org.ejbca.core.model.approval.ApprovalException,
                           org.ejbca.core.model.approval.WaitingForApprovalException
Description copied from interface: IHTMFAdminWS
Method used to activate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas

Specified by:
activateCA in interface IHTMFAdminWS
Parameters:
cAId - the id of CA to activate
authCode - authentication code to use
Returns:
a CAInfoVO containing information about the current status if this CA
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator haven't got privileges for activation of this CA.
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.approval.ApprovalException
org.ejbca.core.model.approval.WaitingForApprovalException
See Also:
IHTMFAdminWS

deactivateCA

public CAInfoVO deactivateCA(int cAId)
                      throws org.ejbca.core.EjbcaException,
                             org.ejbca.core.model.authorization.AuthorizationDeniedException,
                             org.ejbca.core.model.approval.WaitingForApprovalException,
                             org.ejbca.core.model.approval.ApprovalException
Description copied from interface: IHTMFAdminWS
Method used to deactivate a CA if the caller is authorized Required Admin rules: /administrator /ca/ /ca_functions/basic_functionality/activate_cas

Specified by:
deactivateCA in interface IHTMFAdminWS
Parameters:
cAId - the id of CA to deactivate
Returns:
a CAInfoVO containing information about the current status if this CA
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator haven't got privileges for deactivation of this CA.
org.ejbca.core.model.approval.WaitingForApprovalException
org.ejbca.core.model.approval.ApprovalException
See Also:
IHTMFAdminWS

getAvailableAdminGroups

public java.util.List<AdminGroupVO> getAvailableAdminGroups(java.lang.String orgId)
                                                     throws org.ejbca.core.EjbcaException,
                                                            org.ejbca.core.model.authorization.AuthorizationDeniedException
Description copied from interface: IHTMFAdminWS
Method used to fetch all administrator groups authorized to the administrator and belonging to the given organization Id Required Admin rules: /administrator

Specified by:
getAvailableAdminGroups in interface IHTMFAdminWS
Parameters:
orgId - the id of the organization
Returns:
a list of AdminGroupVO of authorized administration groups belonging to the organization.
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator haven't got privileges for deactivation of this CA.
See Also:
IHTMFAdminWS

editAdmin

public void editAdmin(AdminDataVO adminData)
               throws org.ejbca.core.EjbcaException,
                      org.ejbca.core.model.authorization.AuthorizationDeniedException,
                      AdminDataException
Description copied from interface: IHTMFAdminWS
Adds/edits the data of a given administrator. Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Edit end entity rights Then authorized to the admin groups that is specified.

Specified by:
editAdmin in interface IHTMFAdminWS
Parameters:
adminData - information about the administrator and the administration groups he should belong to.
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.
AdminDataException - if the adminData parameter contained erroneous data.

getAdministrators

public java.util.List<AdminDataVO> getAdministrators(java.lang.String orgId)
                                              throws org.ejbca.core.EjbcaException,
                                                     org.ejbca.core.model.authorization.AuthorizationDeniedException
Description copied from interface: IHTMFAdminWS
Returns a list of administrators belonging to the given organization Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Only authorized to the admin groups is returned.

Specified by:
getAdministrators in interface IHTMFAdminWS
Parameters:
orgId - the unique id of the organization
Returns:
all administrators belonging to the organization.
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.
See Also:
IHTMFAdminWS

removeAdministrator

public void removeAdministrator(AdminDataVO adminData)
                         throws org.ejbca.core.EjbcaException,
                                org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                AdminDataException
Description copied from interface: IHTMFAdminWS
Removes the administrator privileges from a user. (does not remove the end entity) Required Admin rules: /administrator /system_functionality/edit_administrator_privileges Edit end entity rights Then authorized to the admin groups that is specified.

Specified by:
removeAdministrator in interface IHTMFAdminWS
Parameters:
adminData - information about the administrator.
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.
AdminDataException - if the adminData parameter contained erroneous data.
See Also:
IHTMFAdminWS

existsAdministrator

public boolean existsAdministrator(AdminDataVO adminData)
                            throws org.ejbca.core.EjbcaException,
                                   org.ejbca.core.model.authorization.AuthorizationDeniedException
Description copied from interface: IHTMFAdminWS
Checks if an administrator already exists.

Specified by:
existsAdministrator in interface IHTMFAdminWS
Parameters:
adminData - information about the administrator.
Returns:
true if the given administrator already exists
Throws:
org.ejbca.core.EjbcaException - if internal error occurred.
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator wasn't authorized to perform the given operation.
See Also:
IHTMFAdminWS

editUser

public void editUser(org.ejbca.core.protocol.ws.objects.UserDataVOWS userdata)
              throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                     org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile,
                     org.ejbca.core.EjbcaException,
                     org.ejbca.core.model.approval.ApprovalException,
                     org.ejbca.core.model.approval.WaitingForApprovalException
Description copied from interface: IHTMFAdminWS
Method that should be used to edit/add a user to the EJBCA database, if the user doesn't already exists it will be added otherwise it will be overwritten. The difference between this call and EJBCAWS is that the administration flag is not set to false automatically. Observe: if the user doesn't already exists, it's status will always be set to 'New' if status doesn't exist. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules//create_end_entity and/or edit_end_entity - /ca/

Specified by:
editUser in interface IHTMFAdminWS
Parameters:
userdata - contains all the information about the user about to be added.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException
org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile
org.ejbca.core.EjbcaException
org.ejbca.core.model.approval.ApprovalException
org.ejbca.core.model.approval.WaitingForApprovalException
See Also:
IHTMFAdminWS

getLastCRL

public java.lang.String getLastCRL(int caId)
                            throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                   org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method used to fetch the latest CRL in DER format. Authorization requirements: the client certificate must have the following priviledges set - /ca/

Specified by:
getLastCRL in interface IHTMFAdminWS
Parameters:
caId - the caId of the CRL
Returns:
the CRL in Base64 format, null if caId doesn't exist.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

genTokenCertificates

public java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateResponseWS> genTokenCertificates(org.ejbca.core.protocol.ws.objects.UserDataVOWS userData,
                                                                                                          java.util.List<org.ejbca.core.protocol.ws.objects.TokenCertificateRequestWS> tokenRequests,
                                                                                                          org.ejbca.core.protocol.ws.objects.HardTokenDataWS hardTokenData,
                                                                                                          boolean overwriteExistingSN,
                                                                                                          boolean revocePreviousCards)
                                                                                                   throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                                          org.ejbca.core.model.approval.WaitingForApprovalException,
                                                                                                          org.ejbca.core.model.hardtoken.HardTokenExistsException,
                                                                                                          org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile,
                                                                                                          org.ejbca.core.model.approval.ApprovalException,
                                                                                                          org.ejbca.core.EjbcaException,
                                                                                                          org.ejbca.core.model.approval.ApprovalRequestExpiredException,
                                                                                                          org.ejbca.core.model.approval.ApprovalRequestExecutionException
Description copied from interface: IHTMFAdminWS
Method used to add information about a generated hardtoken Authorization requirements: If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/create_end_entity and/or edit_end_entity - /endentityprofilesrules//create_end_entity and/or edit_end_entity - /ra_functionality/revoke_end_entity (if overwrite flag is set) - /endentityprofilesrules//revoke_end_entity (if overwrite flag is set) - /ca_functionality/create_certificate - /ca/ - /hardtoken_functionality/issue_hardtokens If the user isn't an administrator will it be added to the queue for approval.

Specified by:
genTokenCertificates in interface IHTMFAdminWS
Parameters:
userData - of the user that should be generated
tokenRequests - a list of certificate requests
hardTokenData - data containing PIN/PUK info
overwriteExistingSN - if the the current hard token should be overwritten instead of throwing HardTokenExists exception. If a card is overwritten, all previous certificates on the card is revoked.
revocePreviousCards - tells the service to revoke old cards issued to this user. If the present card have the label TEMPORARY_CARD old cards is set to CERTIFICATE_ONHOLD otherwise UNSPECIFIED.
Returns:
a List of the generated certificates.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrator isn't authorized.
org.ejbca.core.model.approval.WaitingForApprovalException - if the caller is a non-admin a must be approved before it is executed.
org.ejbca.core.model.hardtoken.HardTokenExistsException - if the given hard token sn already exists.
org.ejbca.core.model.approval.ApprovalException - if error happened with the approval mechanisms
org.ejbca.core.model.approval.ApprovalRequestExpiredException - if the request for approval have expired.
org.ejbca.core.model.approval.ApprovalRequestExecutionException - if the approval request was rejected
org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

getHardTokenData

public org.ejbca.core.protocol.ws.objects.HardTokenDataWS getHardTokenData(java.lang.String hardTokenSN,
                                                                           boolean viewPUKData,
                                                                           boolean onlyValidCertificates)
                                                                    throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                           org.ejbca.core.model.hardtoken.HardTokenDoesntExistsException,
                                                                           org.ejbca.core.EjbcaException,
                                                                           org.ejbca.core.model.approval.ApprovalException,
                                                                           org.ejbca.core.model.approval.ApprovalRequestExpiredException,
                                                                           org.ejbca.core.model.approval.WaitingForApprovalException,
                                                                           org.ejbca.core.model.approval.ApprovalRequestExecutionException
Description copied from interface: IHTMFAdminWS
Method fetching information about a hard token given it's hard token serial number. If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/view_hardtoken - /endentityprofilesrules//view_hardtoken - /endentityprofilesrules//view_hardtoken/puk_data (if viewPUKData = true) - /ca/ If the user isn't an administrator will it be added to the queue for approval.

Specified by:
getHardTokenData in interface IHTMFAdminWS
Parameters:
hardTokenSN - of the token to look for.
viewPUKData - if PUK data of the hard token should be returned.
onlyValidCertificates - of all revoked and expired certificates should be filtered.
Returns:
the HardTokenData
Throws:
org.ejbca.core.model.hardtoken.HardTokenDoesntExistsException - if the hardtokensn don't exist in database.
org.ejbca.core.EjbcaException - if an exception occured on server side.
org.ejbca.core.model.approval.ApprovalException - if error happended with the approval mechanisms
org.ejbca.core.model.approval.ApprovalRequestExpiredException - if the request for approval have expired.
org.ejbca.core.model.approval.WaitingForApprovalException - if the request haven't been processed yet.
org.ejbca.core.model.approval.ApprovalRequestExecutionException - if the approval request was rejected
org.ejbca.core.model.authorization.AuthorizationDeniedException
See Also:
IHTMFAdminWS

getHardTokenDatas

public java.util.List<org.ejbca.core.protocol.ws.objects.HardTokenDataWS> getHardTokenDatas(java.lang.String username,
                                                                                            boolean onlyValidCertificates)
                                                                                     throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                            org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method fetching all hard token informations for a given user. If the caller is an administrator - Administrator flag set - /administrator - /ra_functionality/view_hardtoken - /endentityprofilesrules//view_hardtoken - /endentityprofilesrules//view_hardtoken/puk_data (if viewPUKData = true)

Specified by:
getHardTokenDatas in interface IHTMFAdminWS
Parameters:
username - to look for.
onlyValidCertificates - of all revoked and expired certificates should be filtered.
Returns:
a list of the HardTokenData generated for the user never null.
Throws:
org.ejbca.core.EjbcaException - if an exception occured on server side.
org.ejbca.core.model.authorization.AuthorizationDeniedException
See Also:
IHTMFAdminWS

revokeCert

public void revokeCert(java.lang.String issuerDN,
                       java.lang.String certificateSN,
                       int reason)
                throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                       org.ejbca.core.model.ra.NotFoundException,
                       org.ejbca.core.EjbcaException,
                       org.ejbca.core.model.approval.ApprovalException,
                       org.ejbca.core.model.approval.WaitingForApprovalException,
                       org.ejbca.core.model.ra.AlreadyRevokedException
Description copied from interface: IHTMFAdminWS
Method used to revoke a certificate. * Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/

Specified by:
revokeCert in interface IHTMFAdminWS
Parameters:
issuerDN - of the certificate to revoke
certificateSN - of the certificate to revoke
reason - for revokation, one of RevokedCertInfo.REVOKATION_REASON_ constants, or use RevokedCertInfo.NOT_REVOKED to unrevoke a certificate on hold.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.
org.ejbca.core.model.ra.NotFoundException - if certificate doesn't exist
org.ejbca.core.model.ra.AlreadyRevokedException - The certificate was already revoked
org.ejbca.core.model.approval.ApprovalException - There already exists an approval request for this task
org.ejbca.core.model.approval.WaitingForApprovalException - If request has bean added to list of tasks to be approved
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

revokeToken

public void revokeToken(java.lang.String hardTokenSN,
                        int reason)
                 throws java.rmi.RemoteException,
                        org.ejbca.core.model.authorization.AuthorizationDeniedException,
                        org.ejbca.core.model.ra.NotFoundException,
                        org.ejbca.core.EjbcaException,
                        org.ejbca.core.model.approval.ApprovalException,
                        org.ejbca.core.model.approval.WaitingForApprovalException,
                        org.ejbca.core.model.ra.AlreadyRevokedException
Description copied from interface: IHTMFAdminWS
Method used to revoke all certificates mapped to one hardtoken. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/

Specified by:
revokeToken in interface IHTMFAdminWS
Parameters:
hardTokenSN - of the hardTokenSN
reason - for revokation, one of RevokedCertInfo.REVOKATION_REASON_ constants
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.
org.ejbca.core.model.ra.NotFoundException - if token doesn't exist
org.ejbca.core.model.ra.AlreadyRevokedException - The token was already revoked.
org.ejbca.core.model.approval.ApprovalException - There already exists an approval request for this task
org.ejbca.core.model.approval.WaitingForApprovalException - If request has bean added to list of tasks to be approved
java.rmi.RemoteException
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

revokeUser

public void revokeUser(java.lang.String username,
                       int reason,
                       boolean deleteUser)
                throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                       org.ejbca.core.model.ra.NotFoundException,
                       org.ejbca.core.EjbcaException,
                       org.ejbca.core.model.approval.ApprovalException,
                       org.ejbca.core.model.approval.WaitingForApprovalException,
                       org.ejbca.core.model.ra.AlreadyRevokedException
Description copied from interface: IHTMFAdminWS
Method used to revoke all a users certificates. It is also possible to delete a user after all certificates have been revoked. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/revoke_end_entity - /endentityprofilesrules//revoke_end_entity - /ca/

Specified by:
revokeUser in interface IHTMFAdminWS
Parameters:
username - unique username i EJBCA
reason - for revokation, one of RevokedCertInfo.REVOKATION_REASON_ constants or use RevokedCertInfo.NOT_REVOKED to unrevoke a certificate on hold.
deleteUser - deletes the users after all the certificates have been revoked.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.
org.ejbca.core.model.ra.NotFoundException - if user doesn't exist
org.ejbca.core.model.ra.AlreadyRevokedException - if the user already was revoked
org.ejbca.core.model.approval.ApprovalException - if there already exists an approval request for this task
org.ejbca.core.model.approval.WaitingForApprovalException - if request has bean added to list of tasks to be approved
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

customLog

public void customLog(int level,
                      java.lang.String type,
                      java.lang.String cAName,
                      java.lang.String username,
                      org.ejbca.core.protocol.ws.objects.Certificate certificate,
                      java.lang.String msg)
               throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                      org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Generates a Custom Log event in the database. Authorization requirements: - Administrator flag set - /administrator - /log_functionality/log_custom_events

Specified by:
customLog in interface IHTMFAdminWS
Parameters:
level - of the event, one of IEjbcaWS.CUSTOMLOG_LEVEL_ constants
type - userdefined string used as a prefix in the log comment
cAName - of the ca related to the event, use null if no specific CA is related. Then will the ca of the administrator be used.
username - of the related user, use null if no related user exists.
certificate - that relates to the log event, use null if no certificate is related
msg - message data used in the log comment. The log comment will have a syntax of ' : Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administrators isn't authorized to log.
org.ejbca.core.EjbcaException - if error occured server side
See Also:
IHTMFAdminWS

deleteUserDataFromSource

public boolean deleteUserDataFromSource(java.util.List<java.lang.String> userDataSourceNames,
                                        java.lang.String searchString,
                                        boolean removeMultipleMatch)
                                 throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                        org.ejbca.core.model.ra.userdatasource.MultipleMatchException,
                                        org.ejbca.core.model.ra.userdatasource.UserDataSourceException,
                                        org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Special method used to remove existing used data from a user data source. Important removal functionality of a user data source is optional to implement so it isn't certain that this method works with the given user data source. Authorization requirements - Administrator flag set - /administrator - /userdatasourcesrules//remove_userdata (for all the given user data sources) - /ca/

Specified by:
deleteUserDataFromSource in interface IHTMFAdminWS
Parameters:
userDataSourceNames - the names of the userdata source to remove from
searchString - the search string to search for
removeMultipleMatch - if multiple matches of a search string should be removed othervise is none removed.
Returns:
true if the user was remove successfully from at least one of the user data sources.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the user isn't authorized to remove userdata from any of the specified user data sources
org.ejbca.core.model.ra.userdatasource.MultipleMatchException - if the searchstring resulted in a multiple match and the removeMultipleMatch was set to false.
org.ejbca.core.model.ra.userdatasource.UserDataSourceException - if an error occured during the communication with the user data source.
org.ejbca.core.EjbcaException - if error occured server side
See Also:
IHTMFAdminWS

existsHardToken

public boolean existsHardToken(java.lang.String hardTokenSN)
                        throws org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Looks up if a serial number already have been generated Authorization requirements: A valid certificate

Specified by:
existsHardToken in interface IHTMFAdminWS
Parameters:
hardTokenSN - the serial number of the token to look for.
Returns:
true if hard token exists
Throws:
org.ejbca.core.EjbcaException - if error occured server side
See Also:
IHTMFAdminWS

fetchUserData

public java.util.List<org.ejbca.core.protocol.ws.objects.UserDataSourceVOWS> fetchUserData(java.util.List<java.lang.String> userDataSourceNames,
                                                                                           java.lang.String searchString)
                                                                                    throws org.ejbca.core.model.ra.userdatasource.UserDataSourceException,
                                                                                           org.ejbca.core.EjbcaException,
                                                                                           org.ejbca.core.model.authorization.AuthorizationDeniedException
Description copied from interface: IHTMFAdminWS
Method used to fetch userdata from an existing UserDataSource. Authorization requirements: - Administrator flag set - /administrator - /userdatasourcesrules//fetch_userdata (for all the given user data sources) - /ca/ If not turned of in jaxws.properties then only a valid certificate required

Specified by:
fetchUserData in interface IHTMFAdminWS
Parameters:
userDataSourceNames - a List of User Data Source Names
searchString - to identify the userdata.
Returns:
a List of UserDataSourceVOWS of the data in the specified UserDataSources, if no user data is found will an empty list be returned.
Throws:
org.ejbca.core.model.ra.userdatasource.UserDataSourceException - if an error occured connecting to one of UserDataSources.
org.ejbca.core.EjbcaException
org.ejbca.core.model.authorization.AuthorizationDeniedException
See Also:
IHTMFAdminWS

findCerts

public java.util.List<org.ejbca.core.protocol.ws.objects.Certificate> findCerts(java.lang.String username,
                                                                                boolean onlyValid)
                                                                         throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                org.ejbca.core.model.ra.NotFoundException,
                                                                                org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Retreives a collection of certificates generated for a user. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/

Specified by:
findCerts in interface IHTMFAdminWS
Parameters:
username - a unique username
onlyValid - only return valid certs not revoked or expired ones.
Returns:
a collection of X509Certificates or null if no certificates could be found
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request
org.ejbca.core.model.ra.NotFoundException - if user cannot be found
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

findUser

public java.util.List<org.ejbca.core.protocol.ws.objects.UserDataVOWS> findUser(org.ejbca.core.protocol.ws.objects.UserMatch usermatch)
                                                                         throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                                org.ejbca.util.query.IllegalQueryException,
                                                                                org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Retreives information about a user in the database. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/

Specified by:
findUser in interface IHTMFAdminWS
Parameters:
usermatch - the specification about which users to find.
Returns:
a array of UserDataVOWS objects (Max 100) containing the information about the user or null if user doesn't exists.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request
org.ejbca.util.query.IllegalQueryException - if query isn't valid
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

isApproved

public int isApproved(int approvalId)
               throws org.ejbca.core.model.approval.ApprovalException,
                      org.ejbca.core.EjbcaException,
                      org.ejbca.core.model.approval.ApprovalRequestExpiredException
Description copied from interface: IHTMFAdminWS
Looks up if a requested action have been approved by an authorized administrator or not Authorization requirements: A valid certificate

Specified by:
isApproved in interface IHTMFAdminWS
Parameters:
approvalId - unique id for the action
Returns:
the number of approvals left, 0 if approved othervis is the ApprovalDataVO.STATUS constants returned indicating the statys.
Throws:
org.ejbca.core.model.approval.ApprovalException - if approvalId doesn't exists
org.ejbca.core.EjbcaException - if error occured server side
org.ejbca.core.model.approval.ApprovalRequestExpiredException - Throws this exception one time if one of the approvals have expired, once notified it wount throw it anymore.
See Also:
IHTMFAdminWS

pkcs10Request

public org.ejbca.core.protocol.ws.objects.CertificateResponse pkcs10Request(java.lang.String username,
                                                                            java.lang.String password,
                                                                            java.lang.String pkcs10,
                                                                            java.lang.String hardTokenSN,
                                                                            java.lang.String responseType)
                                                                     throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                            org.ejbca.core.model.ra.NotFoundException,
                                                                            org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method to use to generate a certificate for a user. The method must be preceded by a editUser call, either to set the userstatus to 'new' or to add nonexisting users. Observe, the user must first have added/set the status to new with edituser command Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca_functionality/create_certificate - /ca/

Specified by:
pkcs10Request in interface IHTMFAdminWS
Parameters:
username - the unique username
password - the password sent with editUser call
pkcs10 - the PKCS10 (only the public key is used.)
hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplyfy revokation of a tokens certificates. Use null if no hardtokenSN should be assiciated with the certificate.
responseType - indicating which type of answer that should be returned, on of the CertificateHelper.RESPONSETYPE_ parameters.
Returns:
the generated certificate, in either just X509Certificate or PKCS7
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request
org.ejbca.core.model.ra.NotFoundException - if user cannot be found
org.ejbca.core.EjbcaException
See Also:
IHTMFAdminWS

republishCertificate

public void republishCertificate(java.lang.String serialNumberInHex,
                                 java.lang.String issuerDN)
                          throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                 org.ejbca.core.model.ca.publisher.PublisherException,
                                 org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method performing a republication of a selected certificate Authorization requirements: - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca/

Specified by:
republishCertificate in interface IHTMFAdminWS
Parameters:
serialNumberInHex - of the certificate to republish
issuerDN - of the certificate to republish
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if the administratior isn't authorized to republish
org.ejbca.core.model.ca.publisher.PublisherException - if something went wrong during publication
org.ejbca.core.EjbcaException - if other error occured on the server side.
See Also:
IHTMFAdminWS

checkRevokationStatus

public org.ejbca.core.protocol.ws.objects.RevokeStatus checkRevokationStatus(java.lang.String issuerDN,
                                                                             java.lang.String certificateSN)
                                                                      throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                                             org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method returning the revokestatus for given user Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ca/

Specified by:
checkRevokationStatus in interface IHTMFAdminWS
certificateSN - a hexadecimal string
Returns:
the revokestatus of null i certificate doesn't exists.
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized.
org.ejbca.core.EjbcaException

isAuthorized

public boolean isAuthorized(java.lang.String resource)
                     throws org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method checking if a user is authorixed to a given resource Authorization requirements: a valid client certificate

Specified by:
isAuthorized in interface IHTMFAdminWS
Parameters:
resource - the access rule to test
Returns:
true if the user is authorized to the resource othervise false.
Throws:
org.ejbca.core.EjbcaException

pkcs12Req

public org.ejbca.core.protocol.ws.objects.KeyStore pkcs12Req(java.lang.String username,
                                                             java.lang.String password,
                                                             java.lang.String hardTokenSN,
                                                             java.lang.String keyspec,
                                                             java.lang.String keyalg)
                                                      throws org.ejbca.core.model.authorization.AuthorizationDeniedException,
                                                             org.ejbca.core.model.ra.NotFoundException,
                                                             org.ejbca.core.EjbcaException
Description copied from interface: IHTMFAdminWS
Method to use to generate a server generated keystore. The method must be preceded by a editUser call, either to set the userstatus to 'new' or to add nonexisting users and the users token should be set to SecConst.TOKEN_SOFT_P12. Authorization requirements: the client certificate must have the following priviledges set - Administrator flag set - /administrator - /ra_functionality/view_end_entity - /endentityprofilesrules//view_end_entity - /ca_functionality/create_certificate - /ca/

Specified by:
pkcs12Req in interface IHTMFAdminWS
Parameters:
username - the unique username
password - the password sent with editUser call
hardTokenSN - If the certificate should be connected with a hardtoken, it is possible to map it by give the hardTokenSN here, this will simplyfy revokation of a tokens certificates. Use null if no hardtokenSN should be assiciated with the certificate.
keyspec - that the generated key should have, examples are 1024 for RSA or prime192v1 for ECDSA.
keyalg - that the generated key should have, RSA, ECDSA. Use one of the constants in CATokenConstants.org.ejbca.core.model.ca.catoken.KEYALGORITHM_XX.
Returns:
the generated keystore
Throws:
org.ejbca.core.model.authorization.AuthorizationDeniedException - if client isn't authorized to request
org.ejbca.core.model.ra.NotFoundException - if user cannot be found
org.ejbca.core.EjbcaException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD