RevokeUserFlow.java

  1. /*
  2.  * Copyright (C) 2020-2024 by Savoir-faire Linux
  3.  *
  4.  * This program is free software; you can redistribute it and/or modify
  5.  * it under the terms of the GNU General Public License as published by
  6.  * the Free Software Foundation; either version 3 of the License, or
  7.  * (at your option) any later version.
  8.  *
  9.  * This program is distributed in the hope that it will be useful,
  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12.  * GNU General Public License for more details.
  13.  *
  14.  * You should have received a copy of the GNU General Public License
  15.  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16.  */
  17. package net.jami.jams.server.core.workflows;

  19. import static net.jami.jams.server.Server.certificateAuthority;
  20. import static net.jami.jams.server.Server.dataStore;

  22. import lombok.extern.slf4j.Slf4j;

  24. import net.jami.jams.common.objects.requests.RevocationRequest;
  25. import net.jami.jams.common.objects.requests.RevocationType;
  26. import net.jami.jams.common.objects.responses.DeviceRevocationResponse;
  27. import net.jami.jams.common.objects.user.User;

  29. import java.math.BigInteger;

  31. @Slf4j
  32. public class RevokeUserFlow {

  34.     public static DeviceRevocationResponse revokeUser(String username) {
  35.         DeviceRevocationResponse response = new DeviceRevocationResponse();
  36.         try {
  37.             User user = dataStore.getUserDao().getByUsername(username).get();
  38.             if (user == null) {
  39.                 log.error("Unable to find user!");
  40.                 return null;
  41.             }
  42.             BigInteger serialNumber = user.getCertificate().getSerialNumber();
  43.             RevocationRequest request = new RevocationRequest();
  44.             request.setRevocationType(RevocationType.USER);
  45.             request.setIdentifier(serialNumber);
  46.             certificateAuthority.revokeCertificate(request);

  48.             // Wait for the CRL worker to complete certificate revocation
  49.             certificateAuthority.waitForRevokeCompletion();

  51.             // Check if the certificate has been revoked
  52.             if (certificateAuthority.getLatestCRL().get().getRevokedCertificate(serialNumber)
  53.                     != null) {
  54.                 // Certificate revoked successfully
  55.                 response.setSuccess(true);
  56.                 return response;
  57.             } else {
  58.                 // Certificate not yet revoked
  59.                 log.error(
  60.                         "The certificate has not appeared in the CRL. Operation may have failed.");
  61.                 response.setSuccess(false);
  62.                 return response;
  63.             }
  64.         } catch (Exception e) {
  65.             log.error("An error occurred while revoking device: {}", e.getMessage());
  66.             response.setSuccess(false);
  67.             response.setErrorDetails(e.getMessage());
  68.             return response;
  69.         }
  70.     }
  71. }
Created with JaCoCo 0.8.11.202310140853