/*
|
* Copyright 2012 gitblit.com.
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
package com.gitblit.authority;
|
|
import java.math.BigInteger;
|
import java.security.cert.X509Certificate;
|
import java.text.SimpleDateFormat;
|
import java.util.ArrayList;
|
import java.util.Date;
|
import java.util.List;
|
|
import org.eclipse.jgit.lib.Config;
|
|
import com.gitblit.Constants;
|
import com.gitblit.models.UserModel;
|
import com.gitblit.utils.ArrayUtils;
|
import com.gitblit.utils.TimeUtils;
|
import com.gitblit.utils.X509Utils.RevocationReason;
|
|
public class UserCertificateModel implements Comparable<UserCertificateModel> {
|
public UserModel user;
|
public Date expires;
|
public List<X509Certificate> certs;
|
public List<String> revoked;
|
public String notes;
|
|
public UserCertificateModel(UserModel user) {
|
this.user = user;
|
}
|
|
public void update(Config config) {
|
if (expires != null) {
|
SimpleDateFormat df = new SimpleDateFormat(Constants.ISO8601);
|
config.setString("user", user.username, "expires", df.format(expires));
|
}
|
if (notes != null) {
|
config.setString("user", user.username, "notes", notes);
|
}
|
if (!ArrayUtils.isEmpty(revoked)) {
|
config.setStringList("user", user.username, "revoked", revoked);
|
}
|
}
|
|
@Override
|
public int compareTo(UserCertificateModel o) {
|
return user.compareTo(o.user);
|
}
|
|
public void revoke(BigInteger serial, RevocationReason reason) {
|
if (revoked == null) {
|
revoked = new ArrayList<String>();
|
}
|
revoked.add(serial.toString() + ":" + reason.ordinal());
|
}
|
|
public boolean isRevoked(BigInteger serial) {
|
return isRevoked(serial.toString());
|
}
|
|
public boolean isRevoked(String serial) {
|
if (ArrayUtils.isEmpty(revoked)) {
|
return false;
|
}
|
String sn = serial + ":";
|
for (String s : revoked) {
|
if (s.startsWith(sn)) {
|
return true;
|
}
|
}
|
return false;
|
}
|
|
public RevocationReason getRevocationReason(BigInteger serial) {
|
try {
|
String sn = serial + ":";
|
for (String s : revoked) {
|
if (s.startsWith(sn)) {
|
String r = s.substring(sn.length());
|
int i = Integer.parseInt(r);
|
return RevocationReason.values()[i];
|
}
|
}
|
} catch (Exception e) {
|
}
|
return RevocationReason.unspecified;
|
}
|
|
public CertificateStatus getStatus() {
|
if (expires == null) {
|
return CertificateStatus.unknown;
|
} else if (isExpired(expires)) {
|
return CertificateStatus.expired;
|
} else if (isExpiring(expires)) {
|
return CertificateStatus.expiring;
|
}
|
return CertificateStatus.ok;
|
}
|
|
public boolean hasExpired() {
|
return expires != null && isExpiring(expires);
|
}
|
|
public CertificateStatus getStatus(X509Certificate cert) {
|
if (isRevoked(cert.getSerialNumber())) {
|
return CertificateStatus.revoked;
|
} else if (isExpired(cert.getNotAfter())) {
|
return CertificateStatus.expired;
|
} else if (isExpiring(cert.getNotAfter())) {
|
return CertificateStatus.expiring;
|
}
|
return CertificateStatus.ok;
|
}
|
|
private boolean isExpiring(Date date) {
|
return (date.getTime() - System.currentTimeMillis()) <= TimeUtils.ONEDAY * 30;
|
}
|
|
private boolean isExpired(Date date) {
|
return date.getTime() < System.currentTimeMillis();
|
}
|
}
|
