/*
* Copyright 2012 gitblit.com.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.gitblit.authority;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.eclipse.jgit.lib.Config;
import com.gitblit.Constants;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.TimeUtils;
import com.gitblit.utils.X509Utils.RevocationReason;
public class UserCertificateModel implements Comparable<UserCertificateModel> {
public UserModel user;
public Date expires;
public List<X509Certificate> certs;
public List<String> revoked;
public String notes;
public UserCertificateModel(UserModel user) {
this.user = user;
}
public void update(Config config) {
if (expires == null) {
config.unset("user", user.username, "expires");
} else {
SimpleDateFormat df = new SimpleDateFormat(Constants.ISO8601);
config.setString("user", user.username, "expires", df.format(expires));
}
if (StringUtils.isEmpty(notes)) {
config.unset("user", user.username, "notes");
} else {
config.setString("user", user.username, "notes", notes);
}
if (ArrayUtils.isEmpty(revoked)) {
config.unset("user", user.username, "revoked");
} else {
config.setStringList("user", user.username, "revoked", revoked);
}
}
@Override
public int compareTo(UserCertificateModel o) {
return user.compareTo(o.user);
}
public void revoke(BigInteger serial, RevocationReason reason) {
if (revoked == null) {
revoked = new ArrayList<String>();
}
revoked.add(serial.toString() + ":" + reason.ordinal());
expires = null;
for (X509Certificate cert : certs) {
if (!isRevoked(cert.getSerialNumber())) {
if (!isExpired(cert.getNotAfter())) {
if (expires == null || cert.getNotAfter().after(expires)) {
expires = cert.getNotAfter();
}
}
}
}
}
public boolean isRevoked(BigInteger serial) {
return isRevoked(serial.toString());
}
public boolean isRevoked(String serial) {
if (ArrayUtils.isEmpty(revoked)) {
return false;
}
String sn = serial + ":";
for (String s : revoked) {
if (s.startsWith(sn)) {
return true;
}
}
return false;
}
public RevocationReason getRevocationReason(BigInteger serial) {
try {
String sn = serial + ":";
for (String s : revoked) {
if (s.startsWith(sn)) {
String r = s.substring(sn.length());
int i = Integer.parseInt(r);
return RevocationReason.values()[i];
}
}
} catch (Exception e) {
}
return RevocationReason.unspecified;
}
public CertificateStatus getStatus() {
if (expires == null) {
return CertificateStatus.unknown;
} else if (isExpired(expires)) {
return CertificateStatus.expired;
} else if (isExpiring(expires)) {
return CertificateStatus.expiring;
}
return CertificateStatus.ok;
}
public boolean hasExpired() {
return expires != null && isExpiring(expires);
}
public CertificateStatus getStatus(X509Certificate cert) {
if (isRevoked(cert.getSerialNumber())) {
return CertificateStatus.revoked;
} else if (isExpired(cert.getNotAfter())) {
return CertificateStatus.expired;
} else if (isExpiring(cert.getNotAfter())) {
return CertificateStatus.expiring;
}
return CertificateStatus.ok;
}
private boolean isExpiring(Date date) {
return (date.getTime() - System.currentTimeMillis()) <= TimeUtils.ONEDAY * 30;
}
private boolean isExpired(Date date) {
return date.getTime() < System.currentTimeMillis();
}
}