From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.
---
src/com/gitblit/authority/GitblitAuthority.java | 154 +++++++++++++++++++++++++++++++++++++--------------
1 files changed, 112 insertions(+), 42 deletions(-)
diff --git a/src/com/gitblit/authority/GitblitAuthority.java b/src/com/gitblit/authority/GitblitAuthority.java
index 846e942..5ee6af5 100644
--- a/src/com/gitblit/authority/GitblitAuthority.java
+++ b/src/com/gitblit/authority/GitblitAuthority.java
@@ -17,6 +17,7 @@
import java.awt.BorderLayout;
import java.awt.Container;
+import java.awt.Desktop;
import java.awt.Dimension;
import java.awt.EventQueue;
import java.awt.FlowLayout;
@@ -35,6 +36,7 @@
import java.io.FileWriter;
import java.io.FilenameFilter;
import java.io.IOException;
+import java.net.URI;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -61,6 +63,7 @@
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
+import javax.swing.JPasswordField;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTable;
@@ -116,7 +119,7 @@
private IUserService userService;
- private String caKeystorePassword = null;
+ private String caKeystorePassword;
private JTable table;
@@ -127,6 +130,8 @@
private MailExecutor mail;
private JButton certificateDefaultsButton;
+
+ private JButton newSSLCertificate;
public static void main(String... args) {
EventQueue.invokeLater(new Runnable() {
@@ -234,7 +239,6 @@
}
gitblitSettings = new FileSettings(file.getAbsolutePath());
mail = new MailExecutor(gitblitSettings);
- caKeystorePassword = gitblitSettings.getString(Keys.server.storePassword, null);
String us = gitblitSettings.getString(Keys.realm.userService, "users.conf");
String ext = us.substring(us.lastIndexOf(".") + 1).toLowerCase();
IUserService service = null;
@@ -294,15 +298,53 @@
File caKeystore = new File(folder, X509Utils.CA_KEY_STORE);
if (!caKeystore.exists()) {
+
+ if (!X509Utils.unlimitedStrength) {
+ // prompt to confirm user understands JCE Standard Strength encryption
+ int res = JOptionPane.showConfirmDialog(GitblitAuthority.this, Translation.get("gb.jceWarning"),
+ Translation.get("gb.warning"), JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE);
+ if (res != JOptionPane.YES_OPTION) {
+ if (Desktop.isDesktopSupported()) {
+ if (Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
+ try {
+ Desktop.getDesktop().browse(URI.create("http://www.oracle.com/technetwork/java/javase/downloads/index.html"));
+ } catch (IOException e) {
+ }
+ }
+ }
+ System.exit(1);
+ }
+ }
+
// show certificate defaults dialog
certificateDefaultsButton.doClick();
+
+ // create "localhost" ssl certificate
+ prepareX509Infrastructure();
}
}
}
- private void prepareX509Infrastructure() {
+ private boolean prepareX509Infrastructure() {
+ if (caKeystorePassword == null) {
+ JPasswordField pass = new JPasswordField(10);
+ pass.setText(caKeystorePassword);
+ pass.addAncestorListener(new RequestFocusListener());
+ JPanel panel = new JPanel(new BorderLayout());
+ panel.add(new JLabel(Translation.get("gb.enterKeystorePassword")), BorderLayout.NORTH);
+ panel.add(pass, BorderLayout.CENTER);
+ int result = JOptionPane.showConfirmDialog(GitblitAuthority.this, panel, Translation.get("gb.password"), JOptionPane.OK_CANCEL_OPTION);
+ if (result == JOptionPane.OK_OPTION) {
+ caKeystorePassword = new String(pass.getPassword());
+ } else {
+ return false;
+ }
+ }
+
X509Metadata metadata = new X509Metadata("localhost", caKeystorePassword);
+ setMetadataDefaults(metadata);
X509Utils.prepareX509Infrastructure(metadata, folder, this);
+ return true;
}
private List<X509Certificate> findCerts(File folder, String username) {
@@ -357,37 +399,22 @@
}
@Override
- public void saveUser(String username, UserCertificateModel ucm) {
- userService.updateUserModel(username, ucm.user);
+ public boolean saveUser(String username, UserCertificateModel ucm) {
+ return userService.updateUserModel(username, ucm.user);
}
@Override
- public void newCertificate(UserCertificateModel ucm, X509Metadata metadata, boolean sendEmail) {
- prepareX509Infrastructure();
+ public boolean newCertificate(UserCertificateModel ucm, X509Metadata metadata, boolean sendEmail) {
+ if (!prepareX509Infrastructure()) {
+ return false;
+ }
+
Date notAfter = metadata.notAfter;
- metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
- if (StringUtils.isEmpty(metadata.serverHostname)) {
- metadata.serverHostname = Constants.NAME;
- }
- UserModel user = ucm.user;
-
- // set default values from config file
- File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
- FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
- if (certificatesConfigFile.exists()) {
- try {
- config.load();
- } catch (Exception e) {
- Utils.showException(GitblitAuthority.this, e);
- }
- NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
- certificateConfig.update(metadata);
- }
-
- // restore expiration date
+ setMetadataDefaults(metadata);
metadata.notAfter = notAfter;
// set user's specified OID values
+ UserModel user = ucm.user;
if (!StringUtils.isEmpty(user.organizationalUnit)) {
metadata.oids.put("OU", user.organizationalUnit);
}
@@ -408,15 +435,11 @@
File zip = X509Utils.newClientBundle(metadata, caKeystoreFile, caKeystorePassword, GitblitAuthority.this);
// save latest expiration date
- if (ucm.expires == null || metadata.notAfter.after(ucm.expires)) {
+ if (ucm.expires == null || metadata.notAfter.before(ucm.expires)) {
ucm.expires = metadata.notAfter;
}
- ucm.update(config);
- try {
- config.save();
- } catch (Exception e) {
- Utils.showException(GitblitAuthority.this, e);
- }
+
+ updateAuthorityConfig(ucm);
// refresh user
ucm.certs = null;
@@ -427,10 +450,15 @@
if (sendEmail) {
sendEmail(user, metadata, zip);
}
+ return true;
}
@Override
- public void revoke(UserCertificateModel ucm, X509Certificate cert, RevocationReason reason) {
+ public boolean revoke(UserCertificateModel ucm, X509Certificate cert, RevocationReason reason) {
+ if (!prepareX509Infrastructure()) {
+ return false;
+ }
+
File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);
File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
if (X509Utils.revoke(cert, reason, caRevocationList, caKeystoreFile, caKeystorePassword, GitblitAuthority.this)) {
@@ -458,7 +486,10 @@
tableModel.fireTableDataChanged();
table.getSelectionModel().setSelectionInterval(modelIndex, modelIndex);
+ return true;
}
+
+ return false;
}
};
@@ -551,8 +582,6 @@
certificateConfig.duration = Integer.parseInt(durationTF.getText());
certificateConfig.store(config, metadata);
config.save();
-
- prepareX509Infrastructure();
} catch (Exception e1) {
Utils.showException(GitblitAuthority.this, e1);
}
@@ -560,7 +589,7 @@
}
});
- JButton newSSLCertificate = new JButton(new ImageIcon(getClass().getResource("/rosette_16x16.png")));
+ newSSLCertificate = new JButton(new ImageIcon(getClass().getResource("/rosette_16x16.png")));
newSSLCertificate.setFocusable(false);
newSSLCertificate.setToolTipText(Translation.get("gb.newSSLCertificate"));
newSSLCertificate.addActionListener(new ActionListener() {
@@ -580,7 +609,9 @@
@Override
protected Boolean doRequest() throws IOException {
- prepareX509Infrastructure();
+ if (!prepareX509Infrastructure()) {
+ return false;
+ }
// read CA private key and certificate
File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
@@ -636,8 +667,7 @@
metadata.serverHostname = Constants.NAME;
}
metadata.userDisplayname = ucm.user.getDisplayName();
- sendEmail(ucm.user, metadata, zip);
- return true;
+ return sendEmail(ucm.user, metadata, zip);
}
@Override
@@ -744,7 +774,7 @@
}
}
- private void sendEmail(UserModel user, X509Metadata metadata, File zip) {
+ private boolean sendEmail(UserModel user, X509Metadata metadata, File zip) {
// send email
try {
if (mail.isReady()) {
@@ -771,11 +801,51 @@
message.setContent(mp);
mail.sendNow(message);
+ return true;
} else {
JOptionPane.showMessageDialog(GitblitAuthority.this, "Sorry, the mail server settings are not configured properly.\nCan not send email.", Translation.get("gb.error"), JOptionPane.ERROR_MESSAGE);
}
} catch (Exception e) {
Utils.showException(GitblitAuthority.this, e);
}
+ return false;
+ }
+
+ private void setMetadataDefaults(X509Metadata metadata) {
+ metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
+ if (StringUtils.isEmpty(metadata.serverHostname)) {
+ metadata.serverHostname = Constants.NAME;
+ }
+
+ // set default values from config file
+ File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
+ FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
+ if (certificatesConfigFile.exists()) {
+ try {
+ config.load();
+ } catch (Exception e) {
+ Utils.showException(GitblitAuthority.this, e);
+ }
+ NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
+ certificateConfig.update(metadata);
+ }
+ }
+
+ private void updateAuthorityConfig(UserCertificateModel ucm) {
+ File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
+ FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
+ if (certificatesConfigFile.exists()) {
+ try {
+ config.load();
+ } catch (Exception e) {
+ Utils.showException(GitblitAuthority.this, e);
+ }
+ }
+ ucm.update(config);
+ try {
+ config.save();
+ } catch (Exception e) {
+ Utils.showException(GitblitAuthority.this, e);
+ }
}
}
--
Gitblit v1.9.1