Skip to content

Instantly share code, notes, and snippets.

@xorpaul
Last active April 15, 2016 11:35
Show Gist options
  • Save xorpaul/822ecb5113137ac1c889e87c1ebc10ca to your computer and use it in GitHub Desktop.
Save xorpaul/822ecb5113137ac1c889e87c1ebc10ca to your computer and use it in GitHub Desktop.
EJBCA patch to send approval requests to different email addresses

we want to send certificate approval requests with different EEPs to different RA admin email addresses. Currently EJBCA only supports one email address for this under system configuration.

To configure the different RA admins mailing addresses we are using system properties in the JBoss configuration XML:

As you can see we use the unique ID of the end entity which should send the approval request to the specific email address.

You can lookup the unique ID of your end entity by querying your ejbca database:

select id, profilename from endentityprofiledata;

If there is no specific end entity email address configured if falls back to the original email address form the system configuration.

Index: modules/ejbca-ejb/src/org/ejbca/core/ejb/approval/ApprovalSessionBean.java
===================================================================
--- modules/ejbca-ejb/src/org/ejbca/core/ejb/approval/ApprovalSessionBean.java  (revision 23222)
+++ modules/ejbca-ejb/src/org/ejbca/core/ejb/approval/ApprovalSessionBean.java  (working copy)
@@ -129,7 +129,10 @@
                 entityManager.persist(approvalData);
                 final GlobalConfiguration gc = (GlobalConfiguration) globalConfigurationSession.getCachedConfiguration(GlobalConfiguration.GLOBAL_CONFIGURATION_ID);
                 if (gc.getUseApprovalNotifications()) {
-                    sendApprovalNotification(admin, gc.getApprovalAdminEmailAddress(), gc.getApprovalNotificationFromAddress(), gc.getBaseUrl()
+                    // Patch to send emails only to responsible RAs
+                    String adminEmailAddress = getEmailAddressForEndEntityProfile(approvalRequest, approvalData, gc.getApprovalAdminEmailAddress());
+                    
+                    sendApprovalNotification(admin, adminEmailAddress, gc.getApprovalNotificationFromAddress(), gc.getBaseUrl()
                             + "adminweb/approval/approveaction.jsf?uniqueId=" + freeId,
                             intres.getLocalizedMessage("notification.newrequest.subject"), intres.getLocalizedMessage("notification.newrequest.msg"),
                             freeId, approvalRequest.getNumOfRequiredApprovals(), new Date(), approvalRequest, null);
@@ -154,6 +157,23 @@
         }
     }

+    String getEmailAddressForEndEntityProfile(final ApprovalRequest approvalRequest, final ApprovalData approvalData, final String approvalAdminEmailAddress) {
+      String emailAddressForEndEntity = approvalAdminEmailAddress;
+      if (ApprovalDataVO.APPROVALTYPE_ADDENDENTITY == approvalRequest.getApprovalType()) {
+        int endEntityProfileId = approvalData.getEndentityprofileid();
+        String currentEndEntityProfileIdEmailProperty = "end.entity.profile." + endEntityProfileId + ".email";
+        if(log.isDebugEnabled()){
+          log.debug(String.format("Lookup email adress for end entity profile using system property '%s'", currentEndEntityProfileIdEmailProperty));              
+        }
+        String emailAddress = System.getProperty(currentEndEntityProfileIdEmailProperty);            
+        if(emailAddress != null && !emailAddress.trim().isEmpty()){
+          emailAddressForEndEntity = emailAddress;
+          log.info(String.format("Use email address '%s' for end entity profile with id '%s'", approvalAdminEmailAddress, endEntityProfileId));
+        }
+      }
+      return emailAddressForEndEntity;
+    }
+
     @Override
     public void removeApprovalRequest(AuthenticationToken admin, int id) throws ApprovalException {
         log.trace(">removeApprovalRequest");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment