/**
* Title: blogAdmin<p>
* Description: Used to create and manage new threads, entries, groups and users in/for the journal.<p>
* @author Nathan Binford
* @version 1.2
*/
package org.nb.blog;
import java.sql.*;
import java.util.Date;
import org.nb.Preferences;
import org.xml.sax.SAXException;
import javax.xml.parsers.ParserConfigurationException;
import java.io.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class blogAdmin
{
blogUser user; /** Authenticated User */
private Preferences pref; /** Application settings */
/**
*Constructor
*/
public blogAdmin(blogUser user, String prefPath) throws blogException
{
if (user != null)
this.user = user; //set active user
else
throw new blogException("Authentication Failure. Invalid user name and password.");
try
{
pref = new Preferences(prefPath);
}
catch (ParserConfigurationException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
catch (SAXException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
catch (IOException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
}
/**
*Create new thread and make it a child of the thread whose threadID matches parent (for top-level threads - those w/o parents - set parent = 0).
*/
public void createThread(blogThread thread) throws blogException
{
Connection conn;
Statement stmt;
try
{
//open database and write to it
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
//check rights on parent thread if adding as a child
if (thread.getParent() != 0)
{
if (user.checkRights(thread.getParent()).indexOf("write") == -1)
throw new blogException("Authentication Error. User does not have sufficent access rights.");
}
//if user does have rights or doesn't need them, then add the thread
stmt.executeUpdate("INSERT INTO threads (parent, title, description, owner) VALUES (" + thread.getParent() + ", '" + thread.getTitle() + "', '" + thread.getDescription() + "', '" + user.getUser() + "')");
stmt.close();
conn.close();
}
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
/**
*Creates a new entry.
*/
public void createEntry(blogEntry entry) throws blogException
{
Connection conn;
Statement stmt;
int threadID;
//check user's access rights
if ((user.checkRights(entry.getThreadID()).indexOf("write")) != -1)
{
try
{
//open the database and search for the given thread
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
stmt.executeUpdate("INSERT INTO entries (threadID, name, author, date, content) VALUES (" + entry.getThreadID() + ", '" + entry.getName() + "', '" + entry.getAuthor() + "', '" + entry.getDate() + "', '" + entry.getContent() + "')");
stmt.close();
conn.close();
}
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
else
throw new blogException("Authentication Error. User does not have sufficent access rights.");
}
/*
*Delete a thread and all of its children.
**/
public void deleteThread(int threadID) throws blogException
{
Connection conn;
Statement stmt;
ResultSet rs;
if ((user.checkRights(threadID).indexOf("write")) != -1)
{
try
{
//open db
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
//check the rights on all children
rs = stmt.executeQuery("SELECT threadID FROM threads WHERE parent = " + threadID);
while (rs.next())
deleteThread(rs.getInt("threadID"));
rs.close();
//user has access (blogException is thrown otherwise), continue
stmt.execute("DELETE FROM threads WHERE threadID = " + threadID); //delete thread
stmt.execute("DELETE FROM entries WHERE threadID = " + threadID); //delete thread's entries
stmt.execute("DELETE FROM threadPrivs WHERE threadID = " + threadID); //delete privilege records
stmt.close();
conn.close();
}
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
else
throw new blogException("Authentication Error. User does not have sufficent access rights to this thread, or a child of this thread.");
}
/*
*Delete an entry
**/
public void deleteEntry(int entryID, int threadID) throws blogException
{
Connection conn;
Statement stmt;
if ((user.checkRights(threadID).indexOf("write")) != -1)
{
try
{
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
stmt.execute("DELETE FROM entries WHERE entryID = " + entryID); //delete entry
stmt.close();
conn.close();
}
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
else
throw new blogException("Authentication Error. User does not have sufficent access rights.");
}
/**
*Create a user
*/
public void createUser(String usr, String password, String group) throws blogException
{
Connection conn;
Statement stmt;
ResultSet rs;
SecretKey key;
Cipher cip;
String keyStr;
try
{
BufferedReader r = new BufferedReader(new FileReader(pref.getPreference("KEY", "KeyFile")));
//user must be administrator to perform this action, is the user?
if (user.getUser().equals(pref.getPreference("USERS", "AdministrativeUser")))
{
//register JCE provider
Provider sunJce = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunJce);
//read in private key record from file
if ((keyStr = r.readLine()) != null)
{
//create SecretKey from key record
key = new SecretKeySpec(keyStr.getBytes(), "DES");
//encrypt supplied password using key
cip = Cipher.getInstance("DES");
cip.init(Cipher.ENCRYPT_MODE, key);
password = new String(cip.doFinal(password.getBytes()));
}
r.close();
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
//check to see if group exists
rs = stmt.executeQuery("SELECT groupID FROM groups WHERE groupID = '" + group + "'");
if (!(rs.next()))
{
rs.close();
throw new blogException("Invalid data. Group " + group + " does not exist.");
}
//create user
stmt.execute("INSERT INTO users (user, password, groupID) VALUES ('" + usr + "', '" + password + "', '" + group + "')");
rs.close();
stmt.close();
conn.close();
}
else
throw new blogException("Authentication Error. User does not have sufficent access rights.");
}
catch (IllegalBlockSizeException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
catch (BadPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
catch (NoSuchPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
catch (InvalidKeyException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
catch (NoSuchAlgorithmException e) { throw new blogException("Encryption Failure. DES Algorithm Not Available."); }
catch (FileNotFoundException e) { throw new blogException("File Access Failure. Cannot locate key file specified."); }
catch (IOException e) { throw new blogException("File Access Failure: " + e.getMessage()); }
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
/**
*Create a group
*/
public void createGroup(String group) throws blogException
{
Connection conn;
Statement stmt;
//user must be administrator to perform this action, is the user?
if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
{
try
{
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
//create group
stmt.execute("INSERT INTO groups (groupID) VALUES ('" + group + "')");
stmt.close();
conn.close();
}
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
else
throw new blogException("Authentication Error. User must be administrator to perform this action.");
}
public static final int RIGHT_READ = 1; /** Used in context with setGroupRights, sets rights to read-only **/
public static final int RIGHT_READ_WRITE = 2; /** Used in context with setGroupRights, sets rights to read and write **/
/**
*Sets the access rights on a thread for a group.
*/
public void setGroupRights(String group, int threadID, int rightsFlg) throws blogException
{
Connection conn;
Statement stmt;
ResultSet rs;
String rights;
//user must be administrator to perform this action, is user?
if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
{
//get rights to set
switch (rightsFlg)
{
case 1:
rights = "read";
break;
case 2:
rights = "read,write";
break;
default:
throw new blogException("Invalid data. Access rights setting not a valid option.");
}
try
{
Class.forName(pref.getPreference("DB", "ClassString"));
conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
stmt = conn.createStatement();
//set group access rights to thread
//has rights entry already been made?
rs = stmt.executeQuery("SELECT groupID FROM threadPrivs WHERE groupID = '" + group + "' AND threadID = " + threadID);
if (!rs.next())
//if so
stmt.execute("INSERT INTO threadPrivs (rights, groupID, threadID) VALUES ('" + rights + "', '" + group + "', " + threadID + ")");
else
//if not
stmt.executeUpdate("UPDATE threadPrivs SET rights = '" + rights + "' WHERE threadID = " + threadID + " AND groupID = '" + group + "'");
rs.close();
stmt.close();
conn.close();
}
catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
}
else
throw new blogException("Authentication Error. User must be administrator to perform this action.");
}
}