Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6299

EndEntityManagementSessionBean.addUser contains too much code

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Cosmetic
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None

      Description

      EndEntityManagementSessionBean.addUser contains too much code (leading to readability problems) and lacks javadoc.

      Proposed changes:

      Move each "check" into its own method and restructure the code like this:

      private void addUser(Object someInput) {
          try {
              final Object var1 = something;
              final Object var2 = somethingElse;
              checkA(var1, var2);
              checkB(var2);
              checkC(var1, var3);
          } catch (final SomeException e) {
              // Handle exception
          } catch (final SomeOtherException e) {
              // Handle exception
          }
      }
      
      private void checkNameConstraints(final String dn, final String altName, final CAInfo caInfo, final UserData userData) throws IllegalNameException {
              final boolean dnChanged = !userData.getSubjectDnNeverNull().equals(CertTools.stringToBCDNString(dn));
              final boolean altNameChanged = userData.getSubjectAltName() != null && !userData.getSubjectAltName().equals(altName);
              final boolean nameChanged = dnChanged || altNameChanged;
              if (!nameChanged) {
                  // Only check name constraints when the name has changed so existing 
                  // end-entities can be modified even if they violate name constraints
                  return;
              }
              if (caInfo.getCAType() != CAInfo.CATYPE_X509) {
                  // Name constraints are only applicable for X509 CAs
                  return;
              }
              if (caInfo.getCertificateChain().isEmpty()) {
                  // No name constraints can be violated if there are no certificates
                  return;
              }
              final X509Certificate x509CaCertificate = (X509Certificate) caInfo.getCertificateChain().iterator().next();
              final CertificateProfile userCertificateProfile = certificateProfileSession.getCertificateProfile(userData.getCertificateProfileId());
              final X509CAInfo x509CaInfo = (X509CAInfo) caInfo;
              final X500NameStyle x500NameStyle = x509CaInfo.getUsePrintableStringSubjectDN() ? PrintableStringNameStyle.INSTANCE : CeSecoreNameStyle.INSTANCE;    
              final boolean ldapOrder = x509CaInfo.getUseLdapDnOrder() && userCertificateProfile != null && userCertificateProfile.getUseLdapDnOrder();
              final X500Name subjectDnName = CertTools.stringToBcX500Name(dn, x500NameStyle, ldapOrder); 
              final GeneralNames subjectAltName = CertTools.getGeneralNamesFromAltName(altName);
              try {
                  CertTools.checkNameConstraints(x509CaCertificate, subjectDnName, subjectAltName);
              } catch (final IllegalNameException e) {
                  e.setErrorCode(ErrorCode.NAMECONSTRAINT_VIOLATION);
                  throw e;
              }
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bastianf Bastian Fredriksson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 30 minutes
                  30m
                  Remaining:
                  Remaining Estimate - 30 minutes
                  30m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified