1 package org.cacert.gigi.util;
3 import java.text.ParseException;
4 import java.util.Calendar;
6 import java.util.GregorianCalendar;
8 import org.cacert.gigi.GigiApiException;
9 import org.cacert.gigi.database.GigiPreparedStatement;
10 import org.cacert.gigi.database.GigiResultSet;
11 import org.cacert.gigi.dbObjects.Assurance.AssuranceType;
12 import org.cacert.gigi.dbObjects.Group;
13 import org.cacert.gigi.dbObjects.Name;
14 import org.cacert.gigi.dbObjects.User;
15 import org.cacert.gigi.output.DateSelector;
16 import org.cacert.gigi.output.template.SprintfCommand;
20 public final static int LIMIT_DAYS_VERIFICATION = 90; // conf.getProperty("limit_days_verification");
22 public static void writeUserAgreement(User member, String document, String method, String comment, boolean active, int secmemid) {
23 try (GigiPreparedStatement q = new GigiPreparedStatement("INSERT INTO `user_agreements` SET `memid`=?, `secmemid`=?," + " `document`=?,`date`=NOW(), `active`=?,`method`=?,`comment`=?")) {
24 q.setInt(1, member.getId());
25 q.setInt(2, secmemid);
26 q.setString(3, document);
27 q.setBoolean(4, active);
28 q.setString(5, method);
29 q.setString(6, comment);
34 public static boolean checkAssuranceIsPossible(User assurer, Name target) {
35 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT 1 FROM `notary` where `to`=? and `from`=? and `method` = ? ::`notaryType` AND `deleted` IS NULL AND `when` > (now() - interval '1 days' * ?)")) {
36 ps.setInt(1, target.getId());
37 ps.setInt(2, assurer.getId());
38 ps.setString(3, AssuranceType.FACE_TO_FACE.getDescription());
39 ps.setInt(4, LIMIT_DAYS_VERIFICATION);
40 GigiResultSet rs = ps.executeQuery();
45 public static final Group ASSURER_BLOCKED = Group.getByString("blockedassurer");
47 public static final Group ASSUREE_BLOCKED = Group.getByString("blockedassuree");
50 * This method assures another user.
52 * @see User#canAssure() (for assurer)
53 * @see #checkAssuranceIsPossible(User, User) (for assurer or assuree)
55 * the person that wants to assure
57 * the person that should be assured
59 * the Name that was personally verified
61 * the Date of birth that the assurer verified
63 * the points that should be awarded in total
65 * the location where the assurance took place
67 * the date when the assurance took place
68 * @throws GigiApiException
69 * if the assurance fails (for various reasons)
71 public synchronized static void assure(User assurer, User assuree, Name assureeName, DayDate dob, int awarded, String location, String date, AssuranceType type) throws GigiApiException {
72 may(assurer, assuree, AssuranceType.FACE_TO_FACE);
73 GigiApiException gae = new GigiApiException();
74 if ( !gae.isEmpty()) {
77 if (date == null || date.equals("")) {
78 gae.mergeInto(new GigiApiException("You must enter the date when you met the assuree."));
81 Date d = DateSelector.getDateFormat().parse(date);
82 Calendar gc = GregorianCalendar.getInstance();
83 gc.setTimeInMillis(System.currentTimeMillis());
84 gc.add(Calendar.HOUR_OF_DAY, 12);
85 if (d.getTime() > gc.getTimeInMillis()) {
86 gae.mergeInto(new GigiApiException("You must not enter a date in the future."));
88 } catch (ParseException e) {
89 gae.mergeInto(new GigiApiException("You must enter the date in this format: YYYY-MM-DD."));
92 // check location, min 3 characters
93 if (location == null || location.equals("")) {
94 gae.mergeInto(new GigiApiException("You failed to enter a location of your meeting."));
95 } else if (location.length() <= 2) {
96 gae.mergeInto(new GigiApiException("You must enter a location with at least 3 characters eg town and country."));
98 synchronized (assuree) {
99 if (assurer.getId() == assuree.getId()) {
100 throw new GigiApiException("You cannot verify yourself.");
102 if (assureeName.getOwner() != assuree) {
103 throw new GigiApiException("Internal error, name does not belong to applicant.");
105 if ( !assurer.canAssure()) {
106 throw new GigiApiException("You are not an RA-Agent.");
109 if ( !checkAssuranceIsPossible(assurer, assureeName)) {
110 gae.mergeInto(new GigiApiException(SprintfCommand.createSimple("You have already verified this applicant within the last {0} days.", LIMIT_DAYS_VERIFICATION)));
113 if ( !assuree.getDoB().equals(dob)) {
114 gae.mergeInto(new GigiApiException("The person you are assuring changed his personal details."));
118 gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
120 if (type == AssuranceType.NUCLEUS) {
122 gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
125 if (awarded > assurer.getMaxAssurePoints()) {
126 gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
131 if ( !gae.isEmpty()) {
135 if (type == AssuranceType.FACE_TO_FACE) {
136 assureF2F(assurer, assuree, assureeName, awarded, location, date);
137 } else if (type == AssuranceType.NUCLEUS) {
138 assureNucleus(assurer, assuree, assureeName, awarded, location, date);
139 } else if (type == AssuranceType.TTP_ASSISTED) {
140 assureTTP(assurer, assuree, assureeName, awarded, location, date);
142 throw new GigiApiException(SprintfCommand.createSimple("Unknown Assurance type: {0}", type.toString()));
144 assurer.invalidateMadeAssurances();
145 assuree.invalidateReceivedAssurances();
149 private static void assureF2F(User assurer, User assuree, Name name, int awarded, String location, String date) throws GigiApiException {
150 may(assurer, assuree, AssuranceType.FACE_TO_FACE);
151 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?")) {
152 ps.setInt(1, assurer.getId());
153 ps.setInt(2, name.getId());
154 ps.setInt(3, awarded);
155 ps.setString(4, location);
156 ps.setString(5, date);
161 private static void assureTTP(User assurer, User assuree, Name name, int awarded, String location, String date) throws GigiApiException {
162 may(assurer, assuree, AssuranceType.TTP_ASSISTED);
163 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `method`='TTP-Assisted'")) {
164 ps.setInt(1, assurer.getId());
165 ps.setInt(2, name.getId());
166 ps.setInt(3, awarded);
167 ps.setString(4, location);
168 ps.setString(5, date);
170 assuree.revokeGroup(assurer, Group.TTP_APPLICANT);
174 public static void may(User assurer, User assuree, AssuranceType t) throws GigiApiException {
175 if (assuree.isInGroup(ASSUREE_BLOCKED)) {
176 throw new GigiApiException("The applicant is blocked.");
178 if (assurer.isInGroup(ASSURER_BLOCKED)) {
179 throw new GigiApiException("The RA Agent is blocked.");
182 if (t == AssuranceType.NUCLEUS) {
183 if ( !assurer.isInGroup(Group.NUCLEUS_ASSURER)) {
184 throw new GigiApiException("RA Agent needs to be Nucleus RA Agent.");
187 } else if (t == AssuranceType.TTP_ASSISTED) {
188 if ( !assurer.isInGroup(Group.TTP_ASSURER)) {
189 throw new GigiApiException("RA Agent needs to be TTP RA Agent.");
191 if ( !assuree.isInGroup(Group.TTP_APPLICANT)) {
192 throw new GigiApiException("Applicant needs to be TTP Applicant.");
195 } else if (t == AssuranceType.FACE_TO_FACE) {
198 throw new GigiApiException("Verification type not possible.");
201 private static void assureNucleus(User assurer, User assuree, Name name, int awarded, String location, String date) throws GigiApiException {
202 may(assurer, assuree, AssuranceType.NUCLEUS);
203 // Do up to 35 points as f2f
204 int f2fPoints = Math.min(assurer.getMaxAssurePoints(), awarded);
205 assureF2F(assurer, assuree, name, f2fPoints, location, date);
207 awarded -= f2fPoints;
212 // Assure remaining points as "Nucleus Bonus"
213 // Valid for 4 Weeks = 28 days
214 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `method`='Nucleus Bonus', `expire` = CURRENT_TIMESTAMP + interval '28 days'")) {
215 ps.setInt(1, assurer.getId());
216 ps.setInt(2, name.getId());
217 ps.setInt(3, awarded);
218 ps.setString(4, location);
219 ps.setString(5, date);