Package com.gitblit.utils.X509Utils

Examples of com.gitblit.utils.X509Utils.X509Metadata

229
230
231
232
233
234
235
236
237
238
239
    String [] oids = settings.getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
    UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
    if (model != null) {
      // grab real user model and preserve certificate serial number
      UserModel user = userManager.getUserModel(model.username);
      X509Metadata metadata = HttpUtils.getCertificateMetadata(httpRequest);
      if (user != null) {
        flagWicketSession(AuthenticationType.CERTIFICATE);
        logger.debug(MessageFormat.format("{0} authenticated by client certificate {1} from {2}",
            user.username, metadata.serialNumber, httpRequest.getRemoteAddr()));
        return validateAuthentication(user, AuthenticationType.CERTIFICATE);
View Full Code Here
246
247
248
249
250
251
252
253
254
255
256
      File serverKeyStore = new File(baseFolder, X509Utils.SERVER_KEY_STORE);
      File serverTrustStore = new File(baseFolder, X509Utils.SERVER_TRUST_STORE);
      File caRevocationList = new File(baseFolder, X509Utils.CA_REVOCATION_LIST);

      // generate CA & web certificates, create certificate stores
      X509Metadata metadata = new X509Metadata("localhost", params.storePassword);
      // set default certificate values from config file
      if (certificatesConf.exists()) {
        FileBasedConfig config = new FileBasedConfig(certificatesConf, FS.detect());
        try {
          config.load();
View Full Code Here
353
354
355
356
357
358
359
360
361
362
363
      } else {
        return false;
      }
    }

    X509Metadata metadata = new X509Metadata("localhost", caKeystorePassword);
    setMetadataDefaults(metadata);
    metadata.notAfter = new Date(System.currentTimeMillis() + 10*TimeUtils.ONEYEAR);
    X509Utils.prepareX509Infrastructure(metadata, folder, this);
    return true;
  }
View Full Code Here
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
    certificateDefaultsButton.setFocusable(false);
    certificateDefaultsButton.setToolTipText(Translation.get("gb.newCertificateDefaults"));
    certificateDefaultsButton.addActionListener(new ActionListener() {
      @Override
      public void actionPerformed(ActionEvent e) {
        X509Metadata metadata = new X509Metadata("whocares", "whocares");
        File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
        FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
        NewCertificateConfig certificateConfig = null;
        if (certificatesConfigFile.exists()) {
          try {
            config.load();
          } catch (Exception x) {
            Utils.showException(GitblitAuthority.this, x);
          }
          certificateConfig = NewCertificateConfig.KEY.parse(config);
          certificateConfig.update(metadata);
        }
        InputVerifier verifier = new InputVerifier() {
          @Override
          public boolean verify(JComponent comp) {
            boolean returnValue;
            JTextField textField = (JTextField) comp;
            try {
              Integer.parseInt(textField.getText());
              returnValue = true;
            } catch (NumberFormatException e) {
              returnValue = false;
            }
            return returnValue;
          }
        };

        JTextField siteNameTF = new JTextField(20);
        siteNameTF.setText(gitblitSettings.getString(Keys.web.siteName, "Gitblit"));
        JPanel siteNamePanel = Utils.newFieldPanel(Translation.get("gb.siteName"),
            siteNameTF, Translation.get("gb.siteNameDescription"));

        JTextField validityTF = new JTextField(4);
        validityTF.setInputVerifier(verifier);
        validityTF.setVerifyInputWhenFocusTarget(true);
        validityTF.setText("" + certificateConfig.duration);
        JPanel validityPanel = Utils.newFieldPanel(Translation.get("gb.validity"),
            validityTF, Translation.get("gb.duration.days").replace("{0}""").trim());

        JPanel p1 = new JPanel(new GridLayout(0, 1, 5, 2));
        p1.add(siteNamePanel);
        p1.add(validityPanel);

        DefaultOidsPanel oids = new DefaultOidsPanel(metadata);

        JPanel panel = new JPanel(new BorderLayout());
        panel.add(p1, BorderLayout.NORTH);
        panel.add(oids, BorderLayout.CENTER);

        int result = JOptionPane.showConfirmDialog(GitblitAuthority.this,
            panel, Translation.get("gb.newCertificateDefaults"), JOptionPane.OK_CANCEL_OPTION,
            JOptionPane.QUESTION_MESSAGE, new ImageIcon(getClass().getResource("/settings_32x32.png")));
        if (result == JOptionPane.OK_OPTION) {
          try {
            oids.update(metadata);
            certificateConfig.duration = Integer.parseInt(validityTF.getText());
            certificateConfig.store(config, metadata);
            config.save();

            Map<String, String> updates = new HashMap<String, String>();
            updates.put(Keys.web.siteName, siteNameTF.getText());
            gitblitSettings.saveSettings(updates);
          } catch (Exception e1) {
            Utils.showException(GitblitAuthority.this, e1);
          }
        }
      }
    });

    newSSLCertificate = new JButton(new ImageIcon(getClass().getResource("/rosette_16x16.png")));
    newSSLCertificate.setFocusable(false);
    newSSLCertificate.setToolTipText(Translation.get("gb.newSSLCertificate"));
    newSSLCertificate.addActionListener(new ActionListener() {
      @Override
      public void actionPerformed(ActionEvent e) {
        Date defaultExpiration = new Date(System.currentTimeMillis() + 10*TimeUtils.ONEYEAR);
        NewSSLCertificateDialog dialog = new NewSSLCertificateDialog(GitblitAuthority.this, defaultExpiration);
        dialog.setModal(true);
        dialog.setVisible(true);
        if (dialog.isCanceled()) {
          return;
        }
        final Date expires = dialog.getExpiration();
        final String hostname = dialog.getHostname();
        final boolean serveCertificate = dialog.isServeCertificate();

        AuthorityWorker worker = new AuthorityWorker(GitblitAuthority.this) {

          @Override
          protected Boolean doRequest() throws IOException {
            if (!prepareX509Infrastructure()) {
              return false;
            }

            // read CA private key and certificate
            File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
            PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, caKeystoreFile, caKeystorePassword);
            X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, caKeystoreFile, caKeystorePassword);

            // generate new SSL certificate
            X509Metadata metadata = new X509Metadata(hostname, caKeystorePassword);
            setMetadataDefaults(metadata);
            metadata.notAfter = expires;
            File serverKeystoreFile = new File(folder, X509Utils.SERVER_KEY_STORE);
            X509Certificate cert = X509Utils.newSSLCertificate(metadata, caPrivateKey, caCert, serverKeystoreFile, GitblitAuthority.this);
            boolean hasCert = cert != null;
            if (hasCert && serveCertificate) {
              // update Gitblit https connector alias
              Map<String, String> updates = new HashMap<String, String>();
              updates.put(Keys.server.certificateAlias, metadata.commonName);
              gitblitSettings.saveSettings(updates);
            }
            return hasCert;
          }

          @Override
          protected void onSuccess() {
            if (serveCertificate) {
              JOptionPane.showMessageDialog(GitblitAuthority.this,
                  MessageFormat.format(Translation.get("gb.sslCertificateGeneratedRestart"), hostname),
                  Translation.get("gb.newSSLCertificate"), JOptionPane.INFORMATION_MESSAGE);
            } else {
              JOptionPane.showMessageDialog(GitblitAuthority.this,
                MessageFormat.format(Translation.get("gb.sslCertificateGenerated"), hostname),
                Translation.get("gb.newSSLCertificate"), JOptionPane.INFORMATION_MESSAGE);
            }
          }
        };

        worker.execute();
      }
    });

    JButton emailBundle = new JButton(new ImageIcon(getClass().getResource("/mail_16x16.png")));
    emailBundle.setFocusable(false);
    emailBundle.setToolTipText(Translation.get("gb.emailCertificateBundle"));
    emailBundle.addActionListener(new ActionListener() {
      @Override
      public void actionPerformed(ActionEvent e) {
        int row = table.getSelectedRow();
        if (row < 0) {
          return;
        }
        int modelIndex = table.convertRowIndexToModel(row);
        final UserCertificateModel ucm = tableModel.get(modelIndex);
        if (ArrayUtils.isEmpty(ucm.certs)) {
          JOptionPane.showMessageDialog(GitblitAuthority.this, MessageFormat.format(Translation.get("gb.pleaseGenerateClientCertificate"), ucm.user.getDisplayName()));
        }
        final File zip = new File(folder, X509Utils.CERTS + File.separator + ucm.user.username + File.separator + ucm.user.username + ".zip");
        if (!zip.exists()) {
          return;
        }

        AuthorityWorker worker = new AuthorityWorker(GitblitAuthority.this) {
          @Override
          protected Boolean doRequest() throws IOException {
            X509Metadata metadata = new X509Metadata(ucm.user.username, "whocares");
            metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
            if (StringUtils.isEmpty(metadata.serverHostname)) {
              metadata.serverHostname = Constants.NAME;
            }
            metadata.userDisplayname = ucm.user.getDisplayName();
View Full Code Here
162
163
164
165
166
167
168
169
170
171
172
            return;
          }

          final boolean sendEmail = dialog.sendEmail();
          final UserModel user = ucm.user;
          final X509Metadata metadata = new X509Metadata(user.username, dialog.getPassword());
          metadata.userDisplayname = user.getDisplayName();
          metadata.emailAddress = user.emailAddress;
          metadata.passwordHint = dialog.getPasswordHint();
          metadata.notAfter = dialog.getExpiration();
View Full Code Here
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
   * @param cert
   * @param usernameOids if unspecified CN is used as the username
   * @return
   */
  public static UserModel getUserModelFromCertificate(X509Certificate cert, String... usernameOIDs) {
    X509Metadata metadata = X509Utils.getMetadata(cert);

    UserModel user = new UserModel(metadata.commonName);
    user.emailAddress = metadata.emailAddress;
    user.isAuthenticated = false;

    if (usernameOIDs == null || usernameOIDs.length == 0) {
      // use default usename<->CN mapping
      usernameOIDs = new String [] { "CN" };
    }

    // determine username from OID fingerprint
    StringBuilder an = new StringBuilder();
    for (String oid : usernameOIDs) {
      String val = metadata.getOID(oid.toUpperCase(), null);
      if (val != null) {
        an.append(val).append(' ');
      }
    }
    user.username = an.toString().trim();
View Full Code Here
255
256
257
258
259
260
261
262
263
264
265
      File serverKeyStore = new File(baseFolder, X509Utils.SERVER_KEY_STORE);
      File serverTrustStore = new File(baseFolder, X509Utils.SERVER_TRUST_STORE);
      File caRevocationList = new File(baseFolder, X509Utils.CA_REVOCATION_LIST);

      // generate CA & web certificates, create certificate stores
      X509Metadata metadata = new X509Metadata("localhost", params.storePassword);
      // set default certificate values from config file
      if (certificatesConf.exists()) {
        FileBasedConfig config = new FileBasedConfig(certificatesConf, FS.detect());
        try {
          config.load();
View Full Code Here
57
58
59
60
61
62
63
64
  };

  @Before
  public void prepare() throws Exception {
    cleanUp();
    X509Metadata goMetadata = new X509Metadata("localhost", caPassword);
    X509Utils.prepareX509Infrastructure(goMetadata, folder, log);
  }
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
  public void testCertificateUserMapping() throws Exception {
    File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
    PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
    X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);

    X509Metadata userMetadata = new X509Metadata("james", "james");
    userMetadata.serverHostname = "www.myserver.com";
    userMetadata.userDisplayname = "James Moger";
    userMetadata.passwordHint = "your name";
    userMetadata.oids.put("C""US");
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
  @Test
  public void testUserBundle() throws Exception {
    File storeFile = new File(folder, X509Utils.CA_KEY_STORE);

    X509Metadata userMetadata = new X509Metadata("james", "james");
    userMetadata.serverHostname = "www.myserver.com";
    userMetadata.userDisplayname = "James Moger";
    userMetadata.passwordHint = "your name";

    File zip = X509Utils.newClientBundle(userMetadata, storeFile, caPassword, log);
View Full Code Here
TOP

Related Classes of com.gitblit.utils.X509Utils.X509Metadata

  • com.gitblit.authority.GitblitAuthority
  • com.gitblit.authority.UserCertificatePanel
  • com.gitblit.GitBlitServer
  • com.gitblit.manager.AuthenticationManager
  • com.gitblit.tests.X509UtilsTest
  • com.gitblit.utils.HttpUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.