From 2ea85bfe371215ef21fcd528bc40fa57c48ee698 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 31 Oct 2012 16:38:03 -0400
Subject: [PATCH] Personal repositories must always be owned by the account the repo is stored in

---
 src/com/gitblit/utils/JsonUtils.java |  157 +++++++++++++++++++++++-----------------------------
 1 files changed, 70 insertions(+), 87 deletions(-)

diff --git a/src/com/gitblit/utils/JsonUtils.java b/src/com/gitblit/utils/JsonUtils.java
index fee7990..24f4ecb 100644
--- a/src/com/gitblit/utils/JsonUtils.java
+++ b/src/com/gitblit/utils/JsonUtils.java
@@ -22,11 +22,7 @@
 import java.io.OutputStream;
 import java.lang.reflect.Type;
 import java.net.HttpURLConnection;
-import java.net.URL;
 import java.net.URLConnection;
-import java.security.SecureRandom;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -36,19 +32,15 @@
 import java.util.Map;
 import java.util.TimeZone;
 
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-import org.eclipse.jgit.util.Base64;
-
+import com.gitblit.Constants.AccessPermission;
 import com.gitblit.GitBlitException.ForbiddenException;
+import com.gitblit.GitBlitException.NotAllowedException;
 import com.gitblit.GitBlitException.UnauthorizedException;
+import com.gitblit.GitBlitException.UnknownRequestException;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
+import com.google.gson.ExclusionStrategy;
+import com.google.gson.FieldAttributes;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonDeserializationContext;
@@ -68,30 +60,11 @@
  */
 public class JsonUtils {
 
-	public static final String CHARSET;
-
 	public static final Type REPOSITORIES_TYPE = new TypeToken<Map<String, RepositoryModel>>() {
 	}.getType();
 
 	public static final Type USERS_TYPE = new TypeToken<Collection<UserModel>>() {
 	}.getType();
-
-	private static final SSLContext SSL_CONTEXT;
-
-	private static final DummyHostnameVerifier HOSTNAME_VERIFIER;
-
-	static {
-		SSLContext context = null;
-		try {
-			context = SSLContext.getInstance("SSL");
-			context.init(null, new TrustManager[] { new DummyTrustManager() }, new SecureRandom());
-		} catch (Throwable t) {
-			t.printStackTrace();
-		}
-		SSL_CONTEXT = context;
-		HOSTNAME_VERIFIER = new DummyHostnameVerifier();
-		CHARSET = "UTF-8";
-	}
 
 	/**
 	 * Creates JSON from the specified object.
@@ -144,6 +117,19 @@
 	 * 
 	 * @param url
 	 * @param type
+	 * @return the deserialized object
+	 * @throws {@link IOException}
+	 */
+	public static <X> X retrieveJson(String url, Class<? extends X> clazz) throws IOException,
+			UnauthorizedException {
+		return retrieveJson(url, clazz, null, null);
+	}
+
+	/**
+	 * Reads a gson object from the specified url.
+	 * 
+	 * @param url
+	 * @param type
 	 * @param username
 	 * @param password
 	 * @return the deserialized object
@@ -157,7 +143,7 @@
 		}
 		return gson().fromJson(json, type);
 	}
-	
+
 	/**
 	 * Reads a gson object from the specified url.
 	 * 
@@ -187,19 +173,10 @@
 	public static String retrieveJsonString(String url, String username, char[] password)
 			throws IOException {
 		try {
-			URL urlObject = new URL(url);
-			URLConnection conn = urlObject.openConnection();
-			conn.setRequestProperty("Accept-Charset", CHARSET);
-			setAuthorization(conn, username, password);
-			conn.setUseCaches(false);
-			conn.setDoInput(true);
-			if (conn instanceof HttpsURLConnection) {
-				HttpsURLConnection secureConn = (HttpsURLConnection) conn;
-				secureConn.setSSLSocketFactory(SSL_CONTEXT.getSocketFactory());
-				secureConn.setHostnameVerifier(HOSTNAME_VERIFIER);
-			}
+			URLConnection conn = ConnectionUtils.openReadConnection(url, username, password);
 			InputStream is = conn.getInputStream();
-			BufferedReader reader = new BufferedReader(new InputStreamReader(is, CHARSET));
+			BufferedReader reader = new BufferedReader(new InputStreamReader(is,
+					ConnectionUtils.CHARSET));
 			StringBuilder json = new StringBuilder();
 			char[] buffer = new char[4096];
 			int len = 0;
@@ -215,6 +192,12 @@
 			} else if (e.getMessage().indexOf("403") > -1) {
 				// requested url is forbidden by the requesting user
 				throw new ForbiddenException(url);
+			} else if (e.getMessage().indexOf("405") > -1) {
+				// requested url is not allowed by the server
+				throw new NotAllowedException(url);
+			} else if (e.getMessage().indexOf("501") > -1) {
+				// requested url is not recognized by the server
+				throw new UnknownRequestException(url);
 			}
 			throw e;
 		}
@@ -249,19 +232,10 @@
 	public static int sendJsonString(String url, String json, String username, char[] password)
 			throws IOException {
 		try {
-			byte[] jsonBytes = json.getBytes(CHARSET);
-			URL urlObject = new URL(url);
-			URLConnection conn = urlObject.openConnection();
-			conn.setRequestProperty("Content-Type", "text/plain;charset=" + CHARSET);
+			byte[] jsonBytes = json.getBytes(ConnectionUtils.CHARSET);
+			URLConnection conn = ConnectionUtils.openConnection(url, username, password);
+			conn.setRequestProperty("Content-Type", "text/plain;charset=" + ConnectionUtils.CHARSET);
 			conn.setRequestProperty("Content-Length", "" + jsonBytes.length);
-			setAuthorization(conn, username, password);
-			conn.setUseCaches(false);
-			conn.setDoOutput(true);
-			if (conn instanceof HttpsURLConnection) {
-				HttpsURLConnection secureConn = (HttpsURLConnection) conn;
-				secureConn.setSSLSocketFactory(SSL_CONTEXT.getSocketFactory());
-				secureConn.setHostnameVerifier(HOSTNAME_VERIFIER);
-			}
 
 			// write json body
 			OutputStream os = conn.getOutputStream();
@@ -277,26 +251,27 @@
 			} else if (e.getMessage().indexOf("403") > -1) {
 				// requested url is forbidden by the requesting user
 				throw new ForbiddenException(url);
+			} else if (e.getMessage().indexOf("405") > -1) {
+				// requested url is not allowed by the server
+				throw new NotAllowedException(url);
+			} else if (e.getMessage().indexOf("501") > -1) {
+				// requested url is not recognized by the server
+				throw new UnknownRequestException(url);
 			}
 			throw e;
 		}
 	}
 
-	private static void setAuthorization(URLConnection conn, String username, char[] password) {
-		if (!StringUtils.isEmpty(username) && (password != null && password.length > 0)) {
-			conn.setRequestProperty(
-					"Authorization",
-					"Basic "
-							+ Base64.encodeBytes((username + ":" + new String(password)).getBytes()));
-		}
-	}
-
 	// build custom gson instance with GMT date serializer/deserializer
 	// http://code.google.com/p/google-gson/issues/detail?id=281
-	private static Gson gson() {
+	public static Gson gson(ExclusionStrategy... strategies) {
 		GsonBuilder builder = new GsonBuilder();
 		builder.registerTypeAdapter(Date.class, new GmtDateTypeAdapter());
+		builder.registerTypeAdapter(AccessPermission.class, new AccessPermissionTypeAdapter());
 		builder.setPrettyPrinting();
+		if (!ArrayUtils.isEmpty(strategies)) {
+			builder.setExclusionStrategies(strategies);
+		}
 		return builder.create();
 	}
 
@@ -322,42 +297,50 @@
 				JsonDeserializationContext jsonDeserializationContext) {
 			try {
 				synchronized (dateFormat) {
-					return dateFormat.parse(jsonElement.getAsString());
+					Date date = dateFormat.parse(jsonElement.getAsString());					
+					return new Date((date.getTime() / 1000) * 1000);
 				}
 			} catch (ParseException e) {
 				throw new JsonSyntaxException(jsonElement.getAsString(), e);
 			}
 		}
 	}
+	
+	private static class AccessPermissionTypeAdapter implements JsonSerializer<AccessPermission>, JsonDeserializer<AccessPermission> {
 
-	/**
-	 * DummyTrustManager trusts all certificates.
-	 */
-	private static class DummyTrustManager implements X509TrustManager {
-
-		@Override
-		public void checkClientTrusted(X509Certificate[] certs, String authType)
-				throws CertificateException {
+		private AccessPermissionTypeAdapter() {
 		}
 
 		@Override
-		public void checkServerTrusted(X509Certificate[] certs, String authType)
-				throws CertificateException {
+		public synchronized JsonElement serialize(AccessPermission permission, Type type,
+				JsonSerializationContext jsonSerializationContext) {
+			return new JsonPrimitive(permission.code);
 		}
 
 		@Override
-		public X509Certificate[] getAcceptedIssuers() {
-			return null;
+		public synchronized AccessPermission deserialize(JsonElement jsonElement, Type type,
+				JsonDeserializationContext jsonDeserializationContext) {
+			return AccessPermission.fromCode(jsonElement.getAsString());					
 		}
 	}
 
-	/**
-	 * Trusts all hostnames from a certificate, including self-signed certs.
-	 */
-	private static class DummyHostnameVerifier implements HostnameVerifier {
-		@Override
-		public boolean verify(String hostname, SSLSession session) {
-			return true;
+	public static class ExcludeField implements ExclusionStrategy {
+
+		private Class<?> c;
+		private String fieldName;
+
+		public ExcludeField(String fqfn) throws SecurityException, NoSuchFieldException,
+				ClassNotFoundException {
+			this.c = Class.forName(fqfn.substring(0, fqfn.lastIndexOf(".")));
+			this.fieldName = fqfn.substring(fqfn.lastIndexOf(".") + 1);
+		}
+
+		public boolean shouldSkipClass(Class<?> arg0) {
+			return false;
+		}
+
+		public boolean shouldSkipField(FieldAttributes f) {
+			return (f.getDeclaringClass() == c && f.getName().equals(fieldName));
 		}
 	}
 }

--
Gitblit v1.9.1