xorpaul/ejbca-add-different-ra-admin-email-adresses.md

## ejbca-add-different-ra-admin-email-adresses.md

      
    Raw
  

              ejbca-add-different-ra-admin-email-adresses.md
            
          
    we want to send certificate approval requests with different EEPs to different RA admin email addresses.
Currently EJBCA only supports one email address for this under system configuration.
To configure the different RA admins mailing addresses we are using system properties in the JBoss configuration XML:

  
As you can see we use the unique ID of the end entity which should send the approval request to the specific email address.
You can lookup the unique ID of your end entity by querying your ejbca database:
select id, profilename from endentityprofiledata;

If there is no specific end entity email address configured if falls back to the original email address form the system configuration.
Index: modules/ejbca-ejb/src/org/ejbca/core/ejb/approval/ApprovalSessionBean.java
===================================================================
--- modules/ejbca-ejb/src/org/ejbca/core/ejb/approval/ApprovalSessionBean.java  (revision 23222)
+++ modules/ejbca-ejb/src/org/ejbca/core/ejb/approval/ApprovalSessionBean.java  (working copy)
@@ -129,7 +129,10 @@
                 entityManager.persist(approvalData);
                 final GlobalConfiguration gc = (GlobalConfiguration) globalConfigurationSession.getCachedConfiguration(GlobalConfiguration.GLOBAL_CONFIGURATION_ID);
                 if (gc.getUseApprovalNotifications()) {
-                    sendApprovalNotification(admin, gc.getApprovalAdminEmailAddress(), gc.getApprovalNotificationFromAddress(), gc.getBaseUrl()
+                    // Patch to send emails only to responsible RAs
+                    String adminEmailAddress = getEmailAddressForEndEntityProfile(approvalRequest, approvalData, gc.getApprovalAdminEmailAddress());
+                    
+                    sendApprovalNotification(admin, adminEmailAddress, gc.getApprovalNotificationFromAddress(), gc.getBaseUrl()
                             + "adminweb/approval/approveaction.jsf?uniqueId=" + freeId,
                             intres.getLocalizedMessage("notification.newrequest.subject"), intres.getLocalizedMessage("notification.newrequest.msg"),
                             freeId, approvalRequest.getNumOfRequiredApprovals(), new Date(), approvalRequest, null);
@@ -154,6 +157,23 @@
         }
     }

+    String getEmailAddressForEndEntityProfile(final ApprovalRequest approvalRequest, final ApprovalData approvalData, final String approvalAdminEmailAddress) {
+      String emailAddressForEndEntity = approvalAdminEmailAddress;
+      if (ApprovalDataVO.APPROVALTYPE_ADDENDENTITY == approvalRequest.getApprovalType()) {
+        int endEntityProfileId = approvalData.getEndentityprofileid();
+        String currentEndEntityProfileIdEmailProperty = "end.entity.profile." + endEntityProfileId + ".email";
+        if(log.isDebugEnabled()){
+          log.debug(String.format("Lookup email adress for end entity profile using system property '%s'", currentEndEntityProfileIdEmailProperty));              
+        }
+        String emailAddress = System.getProperty(currentEndEntityProfileIdEmailProperty);            
+        if(emailAddress != null && !emailAddress.trim().isEmpty()){
+          emailAddressForEndEntity = emailAddress;
+          log.info(String.format("Use email address '%s' for end entity profile with id '%s'", approvalAdminEmailAddress, endEntityProfileId));
+        }
+      }
+      return emailAddressForEndEntity;
+    }
+
     @Override
     public void removeApprovalRequest(AuthenticationToken admin, int id) throws ApprovalException {
         log.trace(">removeApprovalRequest");