From 3983a6e74d69ed38853c3e89616de3266dcca40d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 23 Nov 2012 10:17:51 -0500
Subject: [PATCH] X509 certificate authentication based on Kevin Anderson's implementation

---
 src/com/gitblit/GitBlit.java |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index b35bf50..612870b 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -100,6 +100,7 @@
 import com.gitblit.utils.ContainerUtils;
 import com.gitblit.utils.DeepCopier;
 import com.gitblit.utils.FederationUtils;
+import com.gitblit.utils.HttpUtils;
 import com.gitblit.utils.JGitUtils;
 import com.gitblit.utils.JsonUtils;
 import com.gitblit.utils.MetricUtils;
@@ -561,6 +562,14 @@
 	 * @return a user object or null
 	 */
 	public UserModel authenticate(HttpServletRequest httpRequest) {
+		boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
+		String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
+		UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
+		if (model != null) {
+			UserModel user = GitBlit.self().getUserModel(model.username);
+			logger.info("{0} authenticated by client certificate from {1}", user.username, httpRequest.getRemoteAddr());
+			return user;
+		}
 		return null;
 	}
 

--
Gitblit v1.9.1