Ticket Reference handling #1048

Paul Martin

2016-04-27 c2188a840bc4153ae92112b04b2e06a90d3944aa

 src/main/java/com/gitblit/utils/X509Utils.java

@@ -36,6 +36,7 @@
import java.security.cert.CertPathBuilderException;

import java.security.cert.CertStore;

import java.security.cert.Certificate;

import java.security.cert.CertificateEncodingException;

import java.security.cert.CertificateFactory;

import java.security.cert.CollectionCertStoreParameters;

import java.security.cert.PKIXBuilderParameters;

@@ -60,6 +61,7 @@
import java.util.zip.ZipOutputStream;



import javax.crypto.Cipher;

import javax.naming.ldap.LdapName;



import org.bouncycastle.asn1.ASN1ObjectIdentifier;

import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;

@@ -79,8 +81,12 @@
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;

import org.bouncycastle.jce.PrincipalUtil;

import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;

import org.bouncycastle.openssl.PEMEncryptor;

import org.bouncycastle.openssl.PEMWriter;

import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;

import org.bouncycastle.operator.ContentSigner;

import org.bouncycastle.operator.OperatorCreationException;

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

@@ -881,8 +887,11 @@
           if (pemFile.exists()) {

              pemFile.delete();

           }

           PEMWriter pemWriter = new PEMWriter(new FileWriter(pemFile));

           pemWriter.writeObject(pair.getPrivate(), "DES-EDE3-CBC", clientMetadata.password.toCharArray(), new SecureRandom());

           JcePEMEncryptorBuilder builder = new JcePEMEncryptorBuilder("DES-EDE3-CBC");

           builder.setSecureRandom(new SecureRandom());

           PEMEncryptor pemEncryptor = builder.build(clientMetadata.password.toCharArray());

           JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(pemFile));

           pemWriter.writeObject(pair.getPrivate(), pemEncryptor);

           pemWriter.writeObject(userCert);

           pemWriter.writeObject(caCert);

           pemWriter.flush();

@@ -1070,7 +1079,7 @@
         x509log.log(MessageFormat.format("Revoked certificate {0,number,0} reason: {1} [{2}]",

               cert.getSerialNumber(), reason.toString(), cert.getSubjectDN().getName()));

         return true;

      } catch (Exception e) {

      } catch (IOException | OperatorCreationException | CertificateEncodingException e) {

         logger.error(MessageFormat.format("Failed to revoke certificate {0,number,0} [{1}] in {2}",

               cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));

      }

@@ -1109,17 +1118,18 @@
   }



   public static X509Metadata getMetadata(X509Certificate cert) {

      // manually split DN into OID components

      // this is instead of parsing with LdapName which:

      // (1) I don't trust the order of values

      // (2) it filters out values like EMAILADDRESS

      String dn = cert.getSubjectDN().getName();

      Map<String, String> oids = new HashMap<String, String>();

      for (String kvp : dn.split(",")) {

         String [] val = kvp.trim().split("=");

         String oid = val[0].toUpperCase().trim();

         String data = val[1].trim();

         oids.put(oid, data);

      try {

         String dn = cert.getSubjectDN().getName();

         LdapName ldapName = new LdapName(dn);

         for (int i = 0; i < ldapName.size(); i++) {

            String [] val = ldapName.get(i).trim().split("=", 2);

            String oid = val[0].toUpperCase().trim();

            String data = val[1].trim();

            oids.put(oid, data);

         }

      } catch (Exception e) {

         throw new RuntimeException(e);

      }



      X509Metadata metadata = new X509Metadata(oids.get("CN"), "whocares");