githubFork/gitblit.git - Solinfo Gitblit

			@@ -15,7 +15,18 @@
			*/
			package com.gitblit.utils;

			import java.security.cert.CertificateExpiredException;
			import java.security.cert.CertificateNotYetValidException;
			import java.security.cert.X509Certificate;
			import java.text.MessageFormat;
			import java.util.Date;

			import javax.servlet.http.HttpServletRequest;

			import org.slf4j.LoggerFactory;

			import com.gitblit.models.UserModel;
			import com.gitblit.utils.X509Utils.X509Metadata;

			/**
			* Collection of utility methods for http requests.
			@@ -92,4 +103,102 @@
			sb.append(context);
			return sb.toString();
			}

			/**
			* Returns a user model object built from attributes in the SSL certificate.
			* This model is not retrieved from the user service.
			*
			* @param httpRequest
			* @param checkValidity ensure certificate can be used now
			* @param usernameOIDs if unspecified, CN is used as the username
			* @return a UserModel, if a valid certificate is in the request, null otherwise
			*/
			public static UserModel getUserModelFromCertificate(HttpServletRequest httpRequest, boolean checkValidity, String... usernameOIDs) {
			if (httpRequest.getAttribute("javax.servlet.request.X509Certificate") != null) {
			X509Certificate[] certChain = (X509Certificate[]) httpRequest
			.getAttribute("javax.servlet.request.X509Certificate");
			if (certChain != null) {
			X509Certificate cert = certChain[0];
			// ensure certificate is valid
			if (checkValidity) {
			try {
			cert.checkValidity(new Date());
			} catch (CertificateNotYetValidException e) {
			LoggerFactory.getLogger(HttpUtils.class).info(MessageFormat.format("X509 certificate {0} is not yet valid", cert.getSubjectDN().getName()));
			return null;
			} catch (CertificateExpiredException e) {
			LoggerFactory.getLogger(HttpUtils.class).info(MessageFormat.format("X509 certificate {0} has expired", cert.getSubjectDN().getName()));
			return null;
			}
			}
			return getUserModelFromCertificate(cert, usernameOIDs);
			}
			}
			return null;
			}

			/**
			* Creates a UserModel from a certificate
			* @param cert
			* @param usernameOids if unspecified CN is used as the username
			* @return
			*/
			public static UserModel getUserModelFromCertificate(X509Certificate cert, String... usernameOIDs) {
			X509Metadata metadata = X509Utils.getMetadata(cert);

			UserModel user = new UserModel(metadata.commonName);
			user.emailAddress = metadata.emailAddress;
			user.isAuthenticated = false;

			if (usernameOIDs == null \|\| usernameOIDs.length == 0) {
			// use default usename<->CN mapping
			usernameOIDs = new String [] { "CN" };
			}

			// determine username from OID fingerprint
			StringBuilder an = new StringBuilder();
			for (String oid : usernameOIDs) {
			String val = metadata.getOID(oid.toUpperCase(), null);
			if (val != null) {
			an.append(val).append(' ');
			}
			}
			user.username = an.toString().trim();
			return user;
			}

			public static X509Metadata getCertificateMetadata(HttpServletRequest httpRequest) {
			if (httpRequest.getAttribute("javax.servlet.request.X509Certificate") != null) {
			X509Certificate[] certChain = (X509Certificate[]) httpRequest
			.getAttribute("javax.servlet.request.X509Certificate");
			if (certChain != null) {
			X509Certificate cert = certChain[0];
			return X509Utils.getMetadata(cert);
			}
			}
			return null;
			}

			public static boolean isIpAddress(String address) {
			if (StringUtils.isEmpty(address)) {
			return false;
			}
			String [] fields = address.split("\\.");
			if (fields.length == 4) {
			// IPV4
			for (String field : fields) {
			try {
			int value = Integer.parseInt(field);
			if (value < 0 \|\| value > 255) {
			return false;
			}
			} catch (Exception e) {
			return false;
			}
			}
			return true;
			}
			// TODO IPV6?
			return false;
			}
			}