Source code taken from cacert-20141124.tar.bz2
[cacert.git] / includes / lib / account.php
index e311668..dd8afd3 100644 (file)
 
 /**
  * Function to recalculate the cached Assurer status
- * 
+ *
  * @param int $userID
  *     if the user ID is not given the flag will be recalculated for all users
- * 
+ *
  * @return bool
  *     false if there was an error on fixing the flag. This does NOT return the
  *     new value of the flag
@@ -30,7 +30,7 @@
 function fix_assurer_flag($userID = NULL)
 {
        // Update Assurer-Flag on users table if 100 points and CATS passed.
-       // 
+       //
        // We may have some performance issues here if no userID is given
        // there are ~150k assurances and ~220k users currently
        // but the exists-clause on cats_passed should be a good filter
@@ -46,20 +46,21 @@ function fix_assurer_flag($userID = NULL)
                                WHERE `cp`.`variant_id` = `cv`.`id`
                                        AND `cv`.`type_id` = 1
                                        AND `cp`.`user_id` = `u`.`id`
-                       ) 
+                       )
                        AND (
                                SELECT SUM(`points`) FROM `notary` AS `n`
                                WHERE `n`.`to` = `u`.`id`
                                        AND (`n`.`expire` > now()
-                                       OR `n`.`expire` IS NULL)
+                                            OR `n`.`expire` IS NULL)
+                                       AND `n`.`deleted` = 0
                        ) >= 100';
-       
+
        $query = mysql_query($sql);
        if (!$query) {
                return false;
        }
        // Challenge has been passed and non-expired points >= 100
-       
+
        // Reset flag if requirements are not met
        //
        // Also a bit performance critical but assurer flag is only set on
@@ -86,13 +87,64 @@ function fix_assurer_flag($userID = NULL)
                                                        `n`.`expire` > now()
                                                        OR `n`.`expire` IS NULL
                                                )
+                                               AND `n`.`deleted` = 0
                                ) < 100
                        )';
-       
+
        $query = mysql_query($sql);
        if (!$query) {
                return false;
        }
-       
+
        return true;
-}
\ No newline at end of file
+}
+
+/**
+ * Supported hash algorithms for signing certificates
+ */
+class HashAlgorithms {
+       /**
+        * Default hash algorithm identifier for signing
+        * @var string
+        */
+       public static $default = 'sha256';
+
+       /**
+        * Get display strings for the supported hash algorithms
+        * @return array(string=>array('name'=>string, 'info'=>string))
+        *     - [$hash_identifier]['name'] = Name that should be displayed in UI
+        *     - [$hash_identifier]['info'] = Additional information that can help
+        *       with the selection of a suitable algorithm
+        */
+       public static function getInfo() {
+               return array(
+                               'sha256' => array(
+                                               'name' => 'SHA-256',
+                                               'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
+                                       ),
+                               'sha384' => array(
+                                               'name' => 'SHA-384',
+                                               'info' => '',
+                                       ),
+                               'sha512' => array(
+                                               'name' => 'SHA-512',
+                                               'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
+                                       ),
+                       );
+       }
+
+       /**
+        * Check if the input is a supported hash algorithm identifier otherwise
+        * return the identifier of the default hash algorithm
+        *
+        * @param string $hash_identifier
+        * @return string The cleaned identifier
+        */
+       public static function clean($hash_identifier) {
+               if (array_key_exists($hash_identifier, self::getInfo() )) {
+                       return $hash_identifier;
+               } else {
+                       return self::$default;
+               }
+       }
+}