/**
* Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2016
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.glite.security.voms.admin.persistence.dao.hibernate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Path;
import javax.persistence.criteria.Root;
import org.glite.security.voms.admin.error.VOMSException;
import org.glite.security.voms.admin.persistence.dao.generic.RequestDAO;
import org.glite.security.voms.admin.persistence.error.AlreadyExistsException;
import org.glite.security.voms.admin.persistence.error.AlreadyMemberException;
import org.glite.security.voms.admin.persistence.model.Certificate;
import org.glite.security.voms.admin.persistence.model.VOMSGroup;
import org.glite.security.voms.admin.persistence.model.VOMSRole;
import org.glite.security.voms.admin.persistence.model.VOMSUser;
import org.glite.security.voms.admin.persistence.model.request.CertificateRequest;
import org.glite.security.voms.admin.persistence.model.request.GroupMembershipRequest;
import org.glite.security.voms.admin.persistence.model.request.MembershipRemovalRequest;
import org.glite.security.voms.admin.persistence.model.request.NewVOMembershipRequest;
import org.glite.security.voms.admin.persistence.model.request.Request;
import org.glite.security.voms.admin.persistence.model.request.Request.STATUS;
import org.glite.security.voms.admin.persistence.model.request.RequesterInfo;
import org.glite.security.voms.admin.persistence.model.request.RoleMembershipRequest;
import org.hibernate.Criteria;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Restrictions;
public class RequestDAOHibernate extends GenericHibernateDAO<Request, Long>
implements RequestDAO {
public CertificateRequest createCertificateRequest(VOMSUser u,
String certificateSubject, String certificateIssuer, Date expirationDate) {
if (userHasPendingCertificateRequest(u, certificateSubject,
certificateIssuer))
throw new AlreadyExistsException("User '" + u
+ "' has a pending certificate request for '" + certificateSubject
+ "," + certificateIssuer + "',");
CertificateRequest req = new CertificateRequest();
req.setStatus(STATUS.SUBMITTED);
req.setRequesterInfo(RequesterInfo.fromVOUser(u));
req.setCreationDate(new Date());
req.setExpirationDate(expirationDate);
req.setCertificateSubject(certificateSubject);
req.setCertificateIssuer(certificateIssuer);
makePersistent(req);
return req;
}
public GroupMembershipRequest createGroupMembershipRequest(VOMSUser usr,
String reason, VOMSGroup group, Date expirationDate) {
if (usr.isMember(group))
throw new VOMSException("User '" + usr + "' is already member of group '"
+ group + "'!");
if (userHasPendingGroupMembershipRequest(usr, group))
throw new AlreadyMemberException("User '" + usr
+ "' has a pending group membership request for group '" + group + "'!");
GroupMembershipRequest req = new GroupMembershipRequest();
req.setStatus(STATUS.SUBMITTED);
req.setRequesterInfo(RequesterInfo.fromVOUser(usr));
req.setCreationDate(new Date());
req.setExpirationDate(expirationDate);
req.setUserMessage(reason);
req.setGroupName(group.getName());
makePersistent(req);
return req;
}
public MembershipRemovalRequest createMembershipRemovalRequest(VOMSUser usr,
String reason, Date expirationDate) {
MembershipRemovalRequest req = new MembershipRemovalRequest();
req.setStatus(STATUS.SUBMITTED);
req.setRequesterInfo(RequesterInfo.fromVOUser(usr));
req.setCreationDate(new Date());
req.setExpirationDate(expirationDate);
req.setReason(reason);
makePersistent(req);
return req;
}
public RoleMembershipRequest createRoleMembershipRequest(VOMSUser usr,
String reason, VOMSGroup group, VOMSRole r, Date expirationDate) {
if (usr.hasRole(group, r))
throw new AlreadyMemberException("User '" + usr + "' already has role '"
+ r.getName() + "' in group '" + group + "'!");
RoleMembershipRequest req = new RoleMembershipRequest();
req.setStatus(STATUS.SUBMITTED);
req.setRequesterInfo(RequesterInfo.fromVOUser(usr));
req.setCreationDate(new Date());
req.setExpirationDate(expirationDate);
req.setUserMessage(reason);
req.setGroupName(group.getName());
req.setRoleName(r.getName());
makePersistent(req);
return req;
}
public NewVOMembershipRequest createVOMembershipRequest(
RequesterInfo requester, Date expirationDate) {
NewVOMembershipRequest req = new NewVOMembershipRequest();
req.setStatus(STATUS.SUBMITTED);
req.setRequesterInfo(requester);
req.setCreationDate(new Date());
req.setExpirationDate(expirationDate);
req.setConfirmId(UUID.randomUUID().toString());
makePersistent(req);
return req;
}
public void deleteRequestFromUser(VOMSUser u) {
List<Request> userReqs = findRequestsFromUser(u);
for (Request r : userReqs)
makeTransient(r);
}
public NewVOMembershipRequest findActiveVOMembershipRequest(
RequesterInfo requester) {
Criteria crit = getSession().createCriteria(NewVOMembershipRequest.class);
crit
.add(Restrictions.ne("status", STATUS.APPROVED))
.add(Restrictions.ne("status", STATUS.REJECTED))
.createCriteria("requesterInfo")
.add(
Restrictions.eq("certificateSubject", requester.getCertificateSubject()))
.add(
Restrictions.eq("certificateIssuer", requester.getCertificateIssuer()));
return (NewVOMembershipRequest) crit.uniqueResult();
}
public List<NewVOMembershipRequest> findConfirmedVOMembershipRequests() {
Criteria crit = getSession().createCriteria(NewVOMembershipRequest.class);
crit.add(Restrictions.eq("status", STATUS.CONFIRMED));
return crit.list();
}
public List<NewVOMembershipRequest> findPendingVOMembershipRequests() {
Criteria crit = getSession().createCriteria(NewVOMembershipRequest.class);
crit.add(Restrictions.eq("status", STATUS.SUBMITTED));
return crit.list();
}
public List<NewVOMembershipRequest> findExpiredVOMembershipRequests() {
Criteria crit = getSession().createCriteria(NewVOMembershipRequest.class);
Date now = new Date();
crit.add(Restrictions.lt("expirationDate", now));
crit.add(Restrictions.eq("status", STATUS.SUBMITTED));
return crit.list();
}
public List<CertificateRequest> findPendingCertificateRequests() {
Criteria crit = getSession().createCriteria(CertificateRequest.class);
crit.add(Restrictions.eq("status", STATUS.SUBMITTED));
return crit.list();
}
public List<GroupMembershipRequest> findPendingGroupMembershipRequests() {
Criteria crit = getSession().createCriteria(GroupMembershipRequest.class);
crit.add(Restrictions.eq("status", STATUS.SUBMITTED));
return crit.list();
}
public List<MembershipRemovalRequest> findPendingMembershipRemovalRequests() {
Criteria crit = getSession().createCriteria(MembershipRemovalRequest.class);
crit.add(Restrictions.eq("status", STATUS.SUBMITTED));
return crit.list();
}
public List<Request> findPendingRequestPoly(){
CriteriaBuilder builder = getSession().getCriteriaBuilder();
CriteriaQuery<Request> criteria = builder.createQuery(Request.class);
Root<Request> requestRoot = criteria.from(Request.class);
criteria.select(requestRoot);
Path<Request.STATUS> statusPath = requestRoot.get("status");
// criteria.where(builder.equal(requestRoot.get("status"), Request.STATUS.CONFIRMED));
criteria.where(builder.in(statusPath).value(STATUS.CONFIRMED).value(STATUS.SUBMITTED));
List<Request> results = getSession().createQuery(criteria).getResultList();
return results;
}
public List<Request> findPendingRequests() {
return findPendingRequestPoly();
// List<Request> result = new ArrayList<Request>();
//
// result.addAll(findPendingVOMembershipRequests());
// result.addAll(findConfirmedVOMembershipRequests());
// result.addAll(findPendingGroupMembershipRequests());
// result.addAll(findPendingRoleMembershipRequests());
// result.addAll(findPendingCertificateRequests());
// result.addAll(findPendingMembershipRemovalRequests());
//
// return result;
}
public List<RoleMembershipRequest> findPendingRoleMembershipRequests() {
Criteria crit = getSession().createCriteria(RoleMembershipRequest.class);
crit.add(Restrictions.eq("status", STATUS.SUBMITTED));
return crit.list();
}
public List<CertificateRequest> findPendingUserCertificateRequests(VOMSUser u) {
Criteria crit = getSession().createCriteria(CertificateRequest.class);
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
return crit.list();
}
public List<GroupMembershipRequest> findPendingUserGroupMembershipRequests(
VOMSUser u) {
Criteria crit = getSession().createCriteria(GroupMembershipRequest.class);
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
return crit.list();
}
public List<MembershipRemovalRequest> findPendingUserMembershipRemovalRequests(
VOMSUser u) {
Criteria crit = getSession().createCriteria(MembershipRemovalRequest.class);
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
return crit.list();
}
public List<RoleMembershipRequest> findPendingUserRoleMembershipRequests(
VOMSUser u) {
Criteria crit = getSession().createCriteria(RoleMembershipRequest.class);
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
return crit.list();
}
public List<NewVOMembershipRequest> findRejectedVOMembershipRequests() {
Criteria crit = getSession().createCriteria(NewVOMembershipRequest.class);
crit.add(Restrictions.eq("status", STATUS.REJECTED));
return crit.list();
}
public List<Request> findRequestsFromUser(VOMSUser u) {
Criteria crit = getSession().createCriteria(Request.class);
crit.addOrder(Order.desc("creationDate"));
crit.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
return crit.list();
}
protected Disjunction getDnEqualityCheckConstraints(VOMSUser u) {
Disjunction dnEqualityChecks = Restrictions.disjunction();
for (Certificate c : u.getCertificates())
dnEqualityChecks.add(Restrictions.eq("certificateSubject",
c.getSubjectString()));
return dnEqualityChecks;
}
public boolean userHasPendingCertificateRequest(VOMSUser u,
String certificateSubject, String certificateIssuer) {
Criteria crit = getSession().createCriteria(CertificateRequest.class);
crit.add(Restrictions.eq("certificateSubject", certificateSubject));
crit.add(Restrictions.eq("certificateIssuer", certificateIssuer));
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
List<CertificateRequest> reqs = crit.list();
if (reqs == null || reqs.isEmpty())
return false;
return true;
}
public boolean userHasPendingGroupMembershipRequest(VOMSUser u, VOMSGroup g) {
Criteria crit = getSession().createCriteria(GroupMembershipRequest.class);
crit.add(Restrictions.eq("groupName", g.getName()));
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
List<GroupMembershipRequest> reqs = crit.list();
if (reqs == null || reqs.isEmpty())
return false;
return true;
}
public boolean userHasPendingMembershipRemovalRequest(VOMSUser u) {
Criteria crit = getSession().createCriteria(MembershipRemovalRequest.class);
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
List<MembershipRemovalRequest> reqs = crit.list();
if (reqs == null || reqs.isEmpty())
return false;
return true;
}
public boolean userHasPendingRoleMembershipRequest(VOMSUser u, VOMSGroup g,
VOMSRole r) {
Criteria crit = getSession().createCriteria(RoleMembershipRequest.class);
crit.add(Restrictions.eq("groupName", g.getName()));
crit.add(Restrictions.eq("roleName", r.getName()));
crit
.add(
Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.SUBMITTED))
.add(Restrictions.eq("status", STATUS.PENDING)))
.createCriteria("requesterInfo").add(getDnEqualityCheckConstraints(u));
List<RoleMembershipRequest> reqs = crit.list();
if (reqs == null || reqs.isEmpty())
return false;
return true;
}
@Override
public List<Request> findClosedRequests() {
List<Request> closedRequests = new ArrayList<Request>();
Class<?>[] classes = new Class[] { NewVOMembershipRequest.class,
GroupMembershipRequest.class, RoleMembershipRequest.class,
CertificateRequest.class, MembershipRemovalRequest.class };
for (Class<?> c : classes) {
Criteria crit = getSession().createCriteria(c);
crit.add(Restrictions.disjunction()
.add(Restrictions.eq("status", STATUS.APPROVED))
.add(Restrictions.eq("status", STATUS.REJECTED)));
closedRequests.addAll(crit.list());
}
return closedRequests;
}
}