src/main/java/com/gitblit/authority/UserCertificateModel.java - gitblit - Git at Google

 /*
  * Copyright 2012 gitblit.com.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.gitblit.authority;

 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;

 import org.eclipse.jgit.lib.Config;

 import com.gitblit.Constants;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.utils.TimeUtils;
 import com.gitblit.utils.X509Utils.RevocationReason;

 public class UserCertificateModel implements Comparable<UserCertificateModel> {
 		public UserModel user;
 		public Date expires;
 		public List<X509Certificate> certs;
 		public List<String> revoked;
 		public String notes;

 		public UserCertificateModel(UserModel user) {
 			this.user = user;
 		}

 		public void update(Config config) {
 			if (expires == null) {
 				config.unset("user",  user.username, "expires");
 			} else {
 				SimpleDateFormat df = new SimpleDateFormat(Constants.ISO8601);
 				config.setString("user", user.username, "expires", df.format(expires));
 			}
 			if (StringUtils.isEmpty(notes)) {
 				config.unset("user",  user.username, "notes");
 			} else {
 				config.setString("user", user.username, "notes", notes);
 			}
 			if (ArrayUtils.isEmpty(revoked)) {
 				config.unset("user",  user.username, "revoked");
 			} else {
 				config.setStringList("user", user.username, "revoked", revoked);
 			}
 		}

 		@Override
 		public int compareTo(UserCertificateModel o) {
 			return user.compareTo(o.user);
 		}

 		public void revoke(BigInteger serial, RevocationReason reason) {
 			if (revoked == null) {
 				revoked = new ArrayList<String>();
 			}
 			revoked.add(serial.toString() + ":" + reason.ordinal());
 			expires = null;
 			for (X509Certificate cert : certs) {
 				if (!isRevoked(cert.getSerialNumber())) {
 					if (!isExpired(cert.getNotAfter())) {
 						if (expires == null || cert.getNotAfter().after(expires)) {
 							expires = cert.getNotAfter();
 						}
 					}
 				}
 			}
 		}

 		public boolean isRevoked(BigInteger serial) {
 			return isRevoked(serial.toString());
 		}

 		public boolean isRevoked(String serial) {
 			if (ArrayUtils.isEmpty(revoked)) {
 				return false;
 			}
 			String sn = serial + ":";
 			for (String s : revoked) {
 				if (s.startsWith(sn)) {
 					return true;
 				}
 			}
 			return false;
 		}

 		public RevocationReason getRevocationReason(BigInteger serial) {
 			try {
 				String sn = serial + ":";
 				for (String s : revoked) {
 					if (s.startsWith(sn)) {
 						String r = s.substring(sn.length());
 						int i = Integer.parseInt(r);
 						return RevocationReason.values()[i];
 					}
 				}
 			} catch (Exception e) {
 			}
 			return RevocationReason.unspecified;
 		}

 		public CertificateStatus getStatus() {
 			if (expires == null) {
 				return CertificateStatus.unknown;
 			} else if (isExpired(expires)) {
 				return CertificateStatus.expired;
 			} else if (isExpiring(expires)) {
 				return CertificateStatus.expiring;
 			}
 			return CertificateStatus.ok;
 		}

 		public boolean hasExpired() {
 			return expires != null && isExpiring(expires);
 		}

 		public CertificateStatus getStatus(X509Certificate cert) {
 			if (isRevoked(cert.getSerialNumber())) {
 				return CertificateStatus.revoked;
 			} else if (isExpired(cert.getNotAfter())) {
 				return CertificateStatus.expired;
 			} else if (isExpiring(cert.getNotAfter())) {
 				return CertificateStatus.expiring;
 			}
 			return CertificateStatus.ok;
 		}

 		private boolean isExpiring(Date date) {
 			return (date.getTime() - System.currentTimeMillis()) <= TimeUtils.ONEDAY * 30;
 		}

 		private boolean isExpired(Date date) {
 			return date.getTime() < System.currentTimeMillis();
 		}
 	}
	/*
	* Copyright 2012 gitblit.com.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.gitblit.authority;

	import java.math.BigInteger;
	import java.security.cert.X509Certificate;
	import java.text.SimpleDateFormat;
	import java.util.ArrayList;
	import java.util.Date;
	import java.util.List;

	import org.eclipse.jgit.lib.Config;

	import com.gitblit.Constants;
	import com.gitblit.models.UserModel;
	import com.gitblit.utils.ArrayUtils;
	import com.gitblit.utils.StringUtils;
	import com.gitblit.utils.TimeUtils;
	import com.gitblit.utils.X509Utils.RevocationReason;

	public class UserCertificateModel implements Comparable<UserCertificateModel> {
	public UserModel user;
	public Date expires;
	public List<X509Certificate> certs;
	public List<String> revoked;
	public String notes;

	public UserCertificateModel(UserModel user) {
	this.user = user;
	}

	public void update(Config config) {
	if (expires == null) {
	config.unset("user", user.username, "expires");
	} else {
	SimpleDateFormat df = new SimpleDateFormat(Constants.ISO8601);
	config.setString("user", user.username, "expires", df.format(expires));
	}
	if (StringUtils.isEmpty(notes)) {
	config.unset("user", user.username, "notes");
	} else {
	config.setString("user", user.username, "notes", notes);
	}
	if (ArrayUtils.isEmpty(revoked)) {
	config.unset("user", user.username, "revoked");
	} else {
	config.setStringList("user", user.username, "revoked", revoked);
	}
	}

	@Override
	public int compareTo(UserCertificateModel o) {
	return user.compareTo(o.user);
	}

	public void revoke(BigInteger serial, RevocationReason reason) {
	if (revoked == null) {
	revoked = new ArrayList<String>();
	}
	revoked.add(serial.toString() + ":" + reason.ordinal());
	expires = null;
	for (X509Certificate cert : certs) {
	if (!isRevoked(cert.getSerialNumber())) {
	if (!isExpired(cert.getNotAfter())) {
	if (expires == null \|\| cert.getNotAfter().after(expires)) {
	expires = cert.getNotAfter();
	}
	}
	}
	}
	}

	public boolean isRevoked(BigInteger serial) {
	return isRevoked(serial.toString());
	}

	public boolean isRevoked(String serial) {
	if (ArrayUtils.isEmpty(revoked)) {
	return false;
	}
	String sn = serial + ":";
	for (String s : revoked) {
	if (s.startsWith(sn)) {
	return true;
	}
	}
	return false;
	}

	public RevocationReason getRevocationReason(BigInteger serial) {
	try {
	String sn = serial + ":";
	for (String s : revoked) {
	if (s.startsWith(sn)) {
	String r = s.substring(sn.length());
	int i = Integer.parseInt(r);
	return RevocationReason.values()[i];
	}
	}
	} catch (Exception e) {
	}
	return RevocationReason.unspecified;
	}

	public CertificateStatus getStatus() {
	if (expires == null) {
	return CertificateStatus.unknown;
	} else if (isExpired(expires)) {
	return CertificateStatus.expired;
	} else if (isExpiring(expires)) {
	return CertificateStatus.expiring;
	}
	return CertificateStatus.ok;
	}

	public boolean hasExpired() {
	return expires != null && isExpiring(expires);
	}

	public CertificateStatus getStatus(X509Certificate cert) {
	if (isRevoked(cert.getSerialNumber())) {
	return CertificateStatus.revoked;
	} else if (isExpired(cert.getNotAfter())) {
	return CertificateStatus.expired;
	} else if (isExpiring(cert.getNotAfter())) {
	return CertificateStatus.expiring;
	}
	return CertificateStatus.ok;
	}

	private boolean isExpiring(Date date) {
	return (date.getTime() - System.currentTimeMillis()) <= TimeUtils.ONEDAY * 30;
	}

	private boolean isExpired(Date date) {
	return date.getTime() < System.currentTimeMillis();
	}
	}