From fd3cf9cdbd563e2fdcd5210b97e1cc612ce8d02e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Sun, 24 Jul 2016 22:19:38 +0200 Subject: [PATCH] add: make "time conditions" configurable fixes #75 Change-Id: I95c832b6f3a336500f4425d0aa3a68091ae64332 --- config/gigi.properties.template | 5 ++ src/org/cacert/gigi/Gigi.java | 2 + src/org/cacert/gigi/dbObjects/CATS.java | 3 +- src/org/cacert/gigi/dbObjects/User.java | 3 +- src/org/cacert/gigi/util/Notary.java | 4 +- src/org/cacert/gigi/util/TimeConditions.java | 79 +++++++++++++++++++ .../cacert/gigi/testUtils/ConfiguredTest.java | 2 + 7 files changed, 94 insertions(+), 4 deletions(-) create mode 100644 src/org/cacert/gigi/util/TimeConditions.java diff --git a/config/gigi.properties.template b/config/gigi.properties.template index c34fff17..4d7d8fda 100644 --- a/config/gigi.properties.template +++ b/config/gigi.properties.template @@ -16,3 +16,8 @@ sql.user= sql.password= highFinancialValue=/path/to/alexa/list + +time.testValidMonths=12 +time.reverificationDays=90 +time.verificationFreshMonths=39 +time.verificationMaxAgeMonths=24 diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java index 19b2f79d..6db61694 100644 --- a/src/org/cacert/gigi/Gigi.java +++ b/src/org/cacert/gigi/Gigi.java @@ -74,6 +74,7 @@ import org.cacert.gigi.ping.PingerDaemon; import org.cacert.gigi.util.AuthorizationContext; import org.cacert.gigi.util.DomainAssessment; import org.cacert.gigi.util.ServerConstants; +import org.cacert.gigi.util.TimeConditions; public final class Gigi extends HttpServlet { @@ -250,6 +251,7 @@ public final class Gigi extends HttpServlet { instance = this; DomainAssessment.init(conf); DatabaseConnection.init(conf); + TimeConditions.init(conf); this.truststore = truststore; pinger = new PingerDaemon(truststore); pinger.start(); diff --git a/src/org/cacert/gigi/dbObjects/CATS.java b/src/org/cacert/gigi/dbObjects/CATS.java index a353e168..df851728 100644 --- a/src/org/cacert/gigi/dbObjects/CATS.java +++ b/src/org/cacert/gigi/dbObjects/CATS.java @@ -6,6 +6,7 @@ import java.util.HashMap; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.util.TimeConditions; public class CATS { @@ -45,7 +46,7 @@ public class CATS { /** * The maximal number of months a passed test is considered "recent". */ - public static final int TEST_MONTHS = 12; + public static final int TEST_MONTHS = TimeConditions.getInstance().getTestMonths(); private static HashMap names = new HashMap<>(); diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java index 9f5d8e17..18b50f5d 100644 --- a/src/org/cacert/gigi/dbObjects/User.java +++ b/src/org/cacert/gigi/dbObjects/User.java @@ -21,6 +21,7 @@ import org.cacert.gigi.util.DayDate; import org.cacert.gigi.util.Notary; import org.cacert.gigi.util.PasswordHash; import org.cacert.gigi.util.PasswordStrengthChecker; +import org.cacert.gigi.util.TimeConditions; /** * Represents an acting, assurable, user. Synchronizing on user means: no @@ -53,7 +54,7 @@ public class User extends CertificateOwner { /** * Time in months a verification is considered "recent". */ - public static final int VERIFICATION_MONTHS = 39; + public static final int VERIFICATION_MONTHS = TimeConditions.getInstance().getVerificationMonths(); private Name preferredName; diff --git a/src/org/cacert/gigi/util/Notary.java b/src/org/cacert/gigi/util/Notary.java index 952f7c4e..620eb89c 100644 --- a/src/org/cacert/gigi/util/Notary.java +++ b/src/org/cacert/gigi/util/Notary.java @@ -19,11 +19,11 @@ public class Notary { // minimum date range between 2 verifications of the RA-Agent to the same // Applicant - public final static int LIMIT_DAYS_VERIFICATION = 90; // conf.getProperty("limit_days_verification"); + public final static int LIMIT_DAYS_VERIFICATION = TimeConditions.getInstance().getVerificationLimitDays(); // maximum date range from date when the verification took place and the // entering to the system - public final static int LIMIT_MAX_MONTHS_VERIFICATION = 24; // conf.getProperty("limit_max_months_verification"); + public final static int LIMIT_MAX_MONTHS_VERIFICATION = TimeConditions.getInstance().getVerificationMaxAgeMonths(); public static void writeUserAgreement(User member, String document, String method, String comment, boolean active, int secmemid) { try (GigiPreparedStatement q = new GigiPreparedStatement("INSERT INTO `user_agreements` SET `memid`=?, `secmemid`=?," + " `document`=?,`date`=NOW(), `active`=?,`method`=?,`comment`=?")) { diff --git a/src/org/cacert/gigi/util/TimeConditions.java b/src/org/cacert/gigi/util/TimeConditions.java new file mode 100644 index 00000000..dce98001 --- /dev/null +++ b/src/org/cacert/gigi/util/TimeConditions.java @@ -0,0 +1,79 @@ +package org.cacert.gigi.util; + +import java.util.Properties; + +import org.cacert.gigi.dbObjects.CATS; + +public class TimeConditions { + + private static TimeConditions instance; + + private final int testValidMonths; + + private final int reverificationDays; + + private final int verificationFreshMonths; + + private final int verificationMaxAgeMonths; + + private TimeConditions(Properties ppts) { + testValidMonths = Integer.parseInt(ppts.getProperty("time.testValidMonths", "12")); + reverificationDays = Integer.parseInt(ppts.getProperty("time.reverificationDays", "90")); + verificationFreshMonths = Integer.parseInt(ppts.getProperty("time.verificationFreshMonths", "39")); + verificationMaxAgeMonths = Integer.parseInt(ppts.getProperty("time.verificationMaxAgeMonths", "24")); + } + + public static synchronized TimeConditions getInstance() { + if (instance == null) { + throw new IllegalStateException("TimeConditions class not yet initialised."); + } + return instance; + } + + public static synchronized final void init(Properties ppts) { + if (instance != null) { + throw new IllegalStateException("TimeConditions class already initialised."); + } + instance = new TimeConditions(ppts); + } + + /** + * Maximum time in months that a passed {@link CATS} test is considered + * recent. + * + * @return the configured number of months + */ + public int getTestMonths() { + return testValidMonths; + } + + /** + * Minimum time in days that needs to have passed in order to verify a name + * again. + * + * @return the configured number of days + */ + public int getVerificationLimitDays() { + return reverificationDays; + } + + /** + * Maximum time in months that a verification is considered recent. + * + * @return the configured number of months + */ + public int getVerificationMonths() { + return verificationFreshMonths; + } + + /** + * Maximum time in months that a verification can be entered after it + * occurred. Assuming that the RA-Agent enters the correct date. + * + * @return the configured number of months + */ + public int getVerificationMaxAgeMonths() { + return verificationMaxAgeMonths; + } + +} diff --git a/tests/org/cacert/gigi/testUtils/ConfiguredTest.java b/tests/org/cacert/gigi/testUtils/ConfiguredTest.java index dcd39906..ec589b4b 100644 --- a/tests/org/cacert/gigi/testUtils/ConfiguredTest.java +++ b/tests/org/cacert/gigi/testUtils/ConfiguredTest.java @@ -36,6 +36,7 @@ import org.cacert.gigi.util.DomainAssessment; import org.cacert.gigi.util.Notary; import org.cacert.gigi.util.PEM; import org.cacert.gigi.util.ServerConstants; +import org.cacert.gigi.util.TimeConditions; import org.junit.BeforeClass; import sun.security.pkcs10.PKCS10; @@ -79,6 +80,7 @@ public abstract class ConfiguredTest { } Properties props = generateProps(); ServerConstants.init(props); + TimeConditions.init(props); DomainAssessment.init(props); if ( !DatabaseConnection.isInited()) { -- 2.39.2