| | |
|---|
| | |
|
|---|
| | | import java.awt.BorderLayout;
|
|---|
| | | import java.awt.Container;
|
|---|
| | | import java.awt.Desktop;
|
|---|
| | | import java.awt.Dimension;
|
|---|
| | | import java.awt.EventQueue;
|
|---|
| | | import java.awt.FlowLayout;
|
|---|
| | | import java.awt.GridLayout;
|
|---|
| | | import java.awt.Insets;
|
|---|
| | | import java.awt.Point;
|
|---|
| | | import java.awt.event.ActionEvent;
|
|---|
| | |
|---|
| | | import java.io.FileWriter;
|
|---|
| | | import java.io.FilenameFilter;
|
|---|
| | | import java.io.IOException;
|
|---|
| | | import java.net.URI;
|
|---|
| | | import java.security.PrivateKey;
|
|---|
| | | import java.security.cert.CertificateFactory;
|
|---|
| | | import java.security.cert.X509Certificate;
|
|---|
| | |
|---|
| | | import javax.swing.JLabel;
|
|---|
| | | import javax.swing.JOptionPane;
|
|---|
| | | import javax.swing.JPanel;
|
|---|
| | | import javax.swing.JPasswordField;
|
|---|
| | | import javax.swing.JScrollPane;
|
|---|
| | | import javax.swing.JSplitPane;
|
|---|
| | | import javax.swing.JTable;
|
|---|
| | | import javax.swing.JTextArea;
|
|---|
| | | import javax.swing.JTextField;
|
|---|
| | | import javax.swing.JToolBar;
|
|---|
| | | import javax.swing.RowFilter;
|
|---|
| | | import javax.swing.SwingConstants;
|
|---|
| | | import javax.swing.UIManager;
|
|---|
| | |
|---|
| | | import com.gitblit.client.Translation;
|
|---|
| | | import com.gitblit.models.UserModel;
|
|---|
| | | import com.gitblit.utils.ArrayUtils;
|
|---|
| | | import com.gitblit.utils.FileUtils;
|
|---|
| | | import com.gitblit.utils.StringUtils;
|
|---|
| | | import com.gitblit.utils.TimeUtils;
|
|---|
| | | import com.gitblit.utils.X509Utils;
|
|---|
| | |
|---|
| | |
|
|---|
| | | private IUserService userService;
|
|---|
| | |
|
|---|
| | | private String caKeystorePassword = null;
|
|---|
| | | private String caKeystorePassword;
|
|---|
| | |
|
|---|
| | | private JTable table;
|
|---|
| | |
|
|---|
| | |
|---|
| | | private MailExecutor mail;
|
|---|
| | |
|
|---|
| | | private JButton certificateDefaultsButton;
|
|---|
| | |
|
|---|
| | | private JButton newSSLCertificate;
|
|---|
| | |
|
|---|
| | | public static void main(String... args) {
|
|---|
| | | EventQueue.invokeLater(new Runnable() {
|
|---|
| | |
|---|
| | | }
|
|---|
| | | gitblitSettings = new FileSettings(file.getAbsolutePath());
|
|---|
| | | mail = new MailExecutor(gitblitSettings);
|
|---|
| | | caKeystorePassword = gitblitSettings.getString(Keys.server.storePassword, null);
|
|---|
| | | String us = gitblitSettings.getString(Keys.realm.userService, "users.conf");
|
|---|
| | | String ext = us.substring(us.lastIndexOf(".") + 1).toLowerCase();
|
|---|
| | | IUserService service = null;
|
|---|
| | |
|---|
| | |
|
|---|
| | | File caKeystore = new File(folder, X509Utils.CA_KEY_STORE);
|
|---|
| | | if (!caKeystore.exists()) {
|
|---|
| | | |
|---|
| | | if (!X509Utils.unlimitedStrength) {
|
|---|
| | | // prompt to confirm user understands JCE Standard Strength encryption
|
|---|
| | | int res = JOptionPane.showConfirmDialog(GitblitAuthority.this, Translation.get("gb.jceWarning"),
|
|---|
| | | Translation.get("gb.warning"), JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE);
|
|---|
| | | if (res != JOptionPane.YES_OPTION) {
|
|---|
| | | if (Desktop.isDesktopSupported()) {
|
|---|
| | | if (Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
|
|---|
| | | try {
|
|---|
| | | Desktop.getDesktop().browse(URI.create("http://www.oracle.com/technetwork/java/javase/downloads/index.html"));
|
|---|
| | | } catch (IOException e) {
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | System.exit(1);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | // show certificate defaults dialog
|
|---|
| | | certificateDefaultsButton.doClick();
|
|---|
| | | |
|---|
| | | // create "localhost" ssl certificate
|
|---|
| | | prepareX509Infrastructure();
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | private void prepareX509Infrastructure() {
|
|---|
| | | private boolean prepareX509Infrastructure() {
|
|---|
| | | if (caKeystorePassword == null) {
|
|---|
| | | JPasswordField pass = new JPasswordField(10);
|
|---|
| | | pass.setText(caKeystorePassword);
|
|---|
| | | pass.addAncestorListener(new RequestFocusListener());
|
|---|
| | | JPanel panel = new JPanel(new BorderLayout());
|
|---|
| | | panel.add(new JLabel(Translation.get("gb.enterKeystorePassword")), BorderLayout.NORTH);
|
|---|
| | | panel.add(pass, BorderLayout.CENTER);
|
|---|
| | | int result = JOptionPane.showConfirmDialog(GitblitAuthority.this, panel, Translation.get("gb.password"), JOptionPane.OK_CANCEL_OPTION);
|
|---|
| | | if (result == JOptionPane.OK_OPTION) {
|
|---|
| | | caKeystorePassword = new String(pass.getPassword());
|
|---|
| | | } else {
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | X509Metadata metadata = new X509Metadata("localhost", caKeystorePassword);
|
|---|
| | | setMetadataDefaults(metadata);
|
|---|
| | | metadata.notAfter = new Date(System.currentTimeMillis() + 10*TimeUtils.ONEYEAR);
|
|---|
| | | X509Utils.prepareX509Infrastructure(metadata, folder, this);
|
|---|
| | | return true;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | private List<X509Certificate> findCerts(File folder, String username) {
|
|---|
| | |
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | public void saveUser(String username, UserCertificateModel ucm) {
|
|---|
| | | userService.updateUserModel(username, ucm.user);
|
|---|
| | | public boolean saveUser(String username, UserCertificateModel ucm) {
|
|---|
| | | return userService.updateUserModel(username, ucm.user);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | public void newCertificate(UserCertificateModel ucm, X509Metadata metadata, boolean sendEmail) {
|
|---|
| | | prepareX509Infrastructure();
|
|---|
| | | public boolean newCertificate(UserCertificateModel ucm, X509Metadata metadata, boolean sendEmail) {
|
|---|
| | | if (!prepareX509Infrastructure()) {
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | Date notAfter = metadata.notAfter;
|
|---|
| | | metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
|
|---|
| | | if (StringUtils.isEmpty(metadata.serverHostname)) {
|
|---|
| | | metadata.serverHostname = Constants.NAME;
|
|---|
| | | }
|
|---|
| | | UserModel user = ucm.user; |
|---|
| | | |
|---|
| | | // set default values from config file
|
|---|
| | | File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
|
|---|
| | | FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
|
|---|
| | | if (certificatesConfigFile.exists()) {
|
|---|
| | | try {
|
|---|
| | | config.load();
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e);
|
|---|
| | | }
|
|---|
| | | NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
|
|---|
| | | certificateConfig.update(metadata);
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | // restore expiration date
|
|---|
| | | setMetadataDefaults(metadata);
|
|---|
| | | metadata.notAfter = notAfter;
|
|---|
| | |
|
|---|
| | | // set user's specified OID values
|
|---|
| | | UserModel user = ucm.user; |
|---|
| | | if (!StringUtils.isEmpty(user.organizationalUnit)) {
|
|---|
| | | metadata.oids.put("OU", user.organizationalUnit);
|
|---|
| | | }
|
|---|
| | |
|---|
| | | File zip = X509Utils.newClientBundle(metadata, caKeystoreFile, caKeystorePassword, GitblitAuthority.this);
|
|---|
| | |
|
|---|
| | | // save latest expiration date
|
|---|
| | | if (ucm.expires == null || metadata.notAfter.after(ucm.expires)) {
|
|---|
| | | if (ucm.expires == null || metadata.notAfter.before(ucm.expires)) {
|
|---|
| | | ucm.expires = metadata.notAfter;
|
|---|
| | | }
|
|---|
| | | ucm.update(config);
|
|---|
| | | try {
|
|---|
| | | config.save();
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e);
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | updateAuthorityConfig(ucm);
|
|---|
| | |
|
|---|
| | | // refresh user
|
|---|
| | | ucm.certs = null;
|
|---|
| | |
|---|
| | | if (sendEmail) {
|
|---|
| | | sendEmail(user, metadata, zip);
|
|---|
| | | }
|
|---|
| | | return true;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | public void revoke(UserCertificateModel ucm, X509Certificate cert, RevocationReason reason) {
|
|---|
| | | public boolean revoke(UserCertificateModel ucm, X509Certificate cert, RevocationReason reason) {
|
|---|
| | | if (!prepareX509Infrastructure()) {
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);
|
|---|
| | | File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
|
|---|
| | | if (X509Utils.revoke(cert, reason, caRevocationList, caKeystoreFile, caKeystorePassword, GitblitAuthority.this)) {
|
|---|
| | |
|---|
| | | tableModel.fireTableDataChanged();
|
|---|
| | | table.getSelectionModel().setSelectionInterval(modelIndex, modelIndex);
|
|---|
| | |
|
|---|
| | | return true;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | | };
|
|---|
| | |
|
|---|
| | |
|---|
| | | }
|
|---|
| | | };
|
|---|
| | |
|
|---|
| | | JTextField durationTF = new JTextField(4);
|
|---|
| | | durationTF.setInputVerifier(verifier);
|
|---|
| | | durationTF.setVerifyInputWhenFocusTarget(true);
|
|---|
| | | durationTF.setText("" + certificateConfig.duration);
|
|---|
| | | JPanel durationPanel = Utils.newFieldPanel(Translation.get("gb.duration"), durationTF, Translation.get("gb.duration.days").replace("{0}", "").trim());
|
|---|
| | | JTextField siteNameTF = new JTextField(20);
|
|---|
| | | siteNameTF.setText(gitblitSettings.getString(Keys.web.siteName, "Gitblit"));
|
|---|
| | | JPanel siteNamePanel = Utils.newFieldPanel(Translation.get("gb.siteName"),
|
|---|
| | | siteNameTF, Translation.get("gb.siteNameDescription"));
|
|---|
| | |
|
|---|
| | | JTextField validityTF = new JTextField(4);
|
|---|
| | | validityTF.setInputVerifier(verifier);
|
|---|
| | | validityTF.setVerifyInputWhenFocusTarget(true);
|
|---|
| | | validityTF.setText("" + certificateConfig.duration);
|
|---|
| | | JPanel validityPanel = Utils.newFieldPanel(Translation.get("gb.validity"),
|
|---|
| | | validityTF, Translation.get("gb.duration.days").replace("{0}", "").trim());
|
|---|
| | | |
|---|
| | | JPanel p1 = new JPanel(new GridLayout(0, 1, 5, 2));
|
|---|
| | | p1.add(siteNamePanel);
|
|---|
| | | p1.add(validityPanel);
|
|---|
| | | |
|---|
| | | DefaultOidsPanel oids = new DefaultOidsPanel(metadata);
|
|---|
| | |
|
|---|
| | | JPanel panel = new JPanel(new BorderLayout());
|
|---|
| | | panel.add(durationPanel, BorderLayout.NORTH);
|
|---|
| | | panel.add(p1, BorderLayout.NORTH);
|
|---|
| | | panel.add(oids, BorderLayout.CENTER);
|
|---|
| | |
|
|---|
| | | int result = JOptionPane.showConfirmDialog(GitblitAuthority.this,
|
|---|
| | |
|---|
| | | if (result == JOptionPane.OK_OPTION) {
|
|---|
| | | try {
|
|---|
| | | oids.update(metadata);
|
|---|
| | | certificateConfig.duration = Integer.parseInt(durationTF.getText());
|
|---|
| | | certificateConfig.duration = Integer.parseInt(validityTF.getText());
|
|---|
| | | certificateConfig.store(config, metadata);
|
|---|
| | | config.save();
|
|---|
| | |
|
|---|
| | | prepareX509Infrastructure();
|
|---|
| | | Map<String, String> updates = new HashMap<String, String>();
|
|---|
| | | updates.put(Keys.web.siteName, siteNameTF.getText());
|
|---|
| | | gitblitSettings.saveSettings(updates);
|
|---|
| | | } catch (Exception e1) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e1);
|
|---|
| | | }
|
|---|
| | |
|---|
| | | }
|
|---|
| | | });
|
|---|
| | |
|
|---|
| | | JButton newSSLCertificate = new JButton(new ImageIcon(getClass().getResource("/rosette_16x16.png")));
|
|---|
| | | newSSLCertificate = new JButton(new ImageIcon(getClass().getResource("/rosette_16x16.png")));
|
|---|
| | | newSSLCertificate.setFocusable(false);
|
|---|
| | | newSSLCertificate.setToolTipText(Translation.get("gb.newSSLCertificate"));
|
|---|
| | | newSSLCertificate.addActionListener(new ActionListener() {
|
|---|
| | |
|---|
| | | }
|
|---|
| | | final Date expires = dialog.getExpiration();
|
|---|
| | | final String hostname = dialog.getHostname();
|
|---|
| | |
|
|---|
| | | final boolean serveCertificate = dialog.isServeCertificate();
|
|---|
| | | |
|---|
| | | AuthorityWorker worker = new AuthorityWorker(GitblitAuthority.this) {
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | protected Boolean doRequest() throws IOException {
|
|---|
| | | prepareX509Infrastructure();
|
|---|
| | | if (!prepareX509Infrastructure()) {
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | // read CA private key and certificate
|
|---|
| | | File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
|
|---|
| | |
|---|
| | |
|
|---|
| | | // generate new SSL certificate
|
|---|
| | | X509Metadata metadata = new X509Metadata(hostname, caKeystorePassword);
|
|---|
| | | setMetadataDefaults(metadata);
|
|---|
| | | metadata.notAfter = expires;
|
|---|
| | | File serverKeystoreFile = new File(folder, X509Utils.SERVER_KEY_STORE);
|
|---|
| | | X509Certificate cert = X509Utils.newSSLCertificate(metadata, caPrivateKey, caCert, serverKeystoreFile, GitblitAuthority.this);
|
|---|
| | | return cert != null;
|
|---|
| | | boolean hasCert = cert != null;
|
|---|
| | | if (hasCert && serveCertificate) {
|
|---|
| | | // update Gitblit https connector alias
|
|---|
| | | Map<String, String> updates = new HashMap<String, String>();
|
|---|
| | | updates.put(Keys.server.certificateAlias, metadata.commonName);
|
|---|
| | | gitblitSettings.saveSettings(updates);
|
|---|
| | | }
|
|---|
| | | return hasCert;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | protected void onSuccess() {
|
|---|
| | | JOptionPane.showMessageDialog(GitblitAuthority.this, |
|---|
| | | if (serveCertificate) {
|
|---|
| | | JOptionPane.showMessageDialog(GitblitAuthority.this, |
|---|
| | | MessageFormat.format(Translation.get("gb.sslCertificateGeneratedRestart"), hostname),
|
|---|
| | | Translation.get("gb.newSSLCertificate"), JOptionPane.INFORMATION_MESSAGE);
|
|---|
| | | } else {
|
|---|
| | | JOptionPane.showMessageDialog(GitblitAuthority.this, |
|---|
| | | MessageFormat.format(Translation.get("gb.sslCertificateGenerated"), hostname),
|
|---|
| | | Translation.get("gb.newSSLCertificate"), JOptionPane.INFORMATION_MESSAGE);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | };
|
|---|
| | |
|
|---|
| | |
|---|
| | | metadata.serverHostname = Constants.NAME;
|
|---|
| | | }
|
|---|
| | | metadata.userDisplayname = ucm.user.getDisplayName();
|
|---|
| | | sendEmail(ucm.user, metadata, zip);
|
|---|
| | | return true;
|
|---|
| | | return sendEmail(ucm.user, metadata, zip);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | |
|---|
| | |
|
|---|
| | | };
|
|---|
| | | worker.execute();
|
|---|
| | | }
|
|---|
| | | });
|
|---|
| | | |
|---|
| | | JButton logButton = new JButton(new ImageIcon(getClass().getResource("/script_16x16.png")));
|
|---|
| | | logButton.setFocusable(false);
|
|---|
| | | logButton.setToolTipText(Translation.get("gb.log")); |
|---|
| | | logButton.addActionListener(new ActionListener() {
|
|---|
| | | @Override
|
|---|
| | | public void actionPerformed(ActionEvent e) {
|
|---|
| | | File log = new File(folder, X509Utils.CERTS + File.separator + "log.txt");
|
|---|
| | | if (log.exists()) {
|
|---|
| | | String content = FileUtils.readContent(log, "\n");
|
|---|
| | | JTextArea textarea = new JTextArea(content);
|
|---|
| | | JScrollPane scrollPane = new JScrollPane(textarea);
|
|---|
| | | scrollPane.setPreferredSize(new Dimension(700, 400));
|
|---|
| | | JOptionPane.showMessageDialog(GitblitAuthority.this, scrollPane, log.getAbsolutePath(), JOptionPane.INFORMATION_MESSAGE);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | });
|
|---|
| | |
|
|---|
| | |
|---|
| | | }
|
|---|
| | | });
|
|---|
| | |
|
|---|
| | | JPanel buttonControls = new JPanel(new FlowLayout(FlowLayout.LEFT, Utils.MARGIN, Utils.MARGIN));
|
|---|
| | | JToolBar buttonControls = new JToolBar(JToolBar.HORIZONTAL);
|
|---|
| | | buttonControls.setFloatable(false);
|
|---|
| | | buttonControls.add(certificateDefaultsButton);
|
|---|
| | | buttonControls.add(newSSLCertificate);
|
|---|
| | | buttonControls.add(emailBundle);
|
|---|
| | | buttonControls.add(logButton);
|
|---|
| | |
|
|---|
| | | JPanel userControls = new JPanel(new FlowLayout(FlowLayout.RIGHT, Utils.MARGIN, Utils.MARGIN));
|
|---|
| | | userControls.add(new JLabel(Translation.get("gb.filter")));
|
|---|
| | |
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | private void sendEmail(UserModel user, X509Metadata metadata, File zip) {
|
|---|
| | | private boolean sendEmail(UserModel user, X509Metadata metadata, File zip) {
|
|---|
| | | // send email
|
|---|
| | | try {
|
|---|
| | | if (mail.isReady()) {
|
|---|
| | |
|---|
| | | message.setContent(mp);
|
|---|
| | |
|
|---|
| | | mail.sendNow(message);
|
|---|
| | | return true;
|
|---|
| | | } else {
|
|---|
| | | JOptionPane.showMessageDialog(GitblitAuthority.this, "Sorry, the mail server settings are not configured properly.\nCan not send email.", Translation.get("gb.error"), JOptionPane.ERROR_MESSAGE);
|
|---|
| | | }
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e);
|
|---|
| | | }
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | private void setMetadataDefaults(X509Metadata metadata) {
|
|---|
| | | metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
|
|---|
| | | if (StringUtils.isEmpty(metadata.serverHostname)) {
|
|---|
| | | metadata.serverHostname = Constants.NAME;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | // set default values from config file
|
|---|
| | | File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
|
|---|
| | | FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
|
|---|
| | | if (certificatesConfigFile.exists()) {
|
|---|
| | | try {
|
|---|
| | | config.load();
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e);
|
|---|
| | | }
|
|---|
| | | NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
|
|---|
| | | certificateConfig.update(metadata);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | private void updateAuthorityConfig(UserCertificateModel ucm) {
|
|---|
| | | File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
|
|---|
| | | FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
|
|---|
| | | if (certificatesConfigFile.exists()) {
|
|---|
| | | try {
|
|---|
| | | config.load();
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | ucm.update(config);
|
|---|
| | | try {
|
|---|
| | | config.save();
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | Utils.showException(GitblitAuthority.this, e);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | }
|
|---|
