Gitblit devel
blame | history | patch | commit | commitdiff | ignore whitespace
James Moger
2012-12-05 d63157b22bb8a7294080be29ca0fca8ecda96db9 
 src/com/gitblit/utils/X509Utils.java


@@ -46,11 +46,13 @@


import java.security.cert.X509Certificate;



import java.text.MessageFormat;



import java.text.SimpleDateFormat;



import java.util.ArrayList;



import java.util.Arrays;



import java.util.Calendar;



import java.util.Date;



import java.util.HashMap;



import java.util.HashSet;



import java.util.List;



import java.util.Map;



import java.util.Set;



import java.util.TimeZone;



@@ -110,6 +112,12 @@


   public static final String CA_ALIAS = CA_CN;







   private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;



	


   private static final int KEY_LENGTH = 2048;



	


   private static final String KEY_ALGORITHM = "RSA";



	


   private static final String SIGNING_ALGORITHM = "SHA512withRSA";



   



   public static final boolean unlimitedStrength;



   



@@ -475,8 +483,8 @@


    * @throws Exception



    */



   private static KeyPair newKeyPair() throws Exception {



      KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);



      kpGen.initialize(2048, new SecureRandom());



      KeyPairGenerator kpGen = KeyPairGenerator.getInstance(KEY_ALGORITHM, BC);



      kpGen.initialize(KEY_LENGTH, new SecureRandom());



      return kpGen.generateKeyPair();



   }



   



@@ -550,7 +558,17 @@


         certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));



         certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));







         ContentSigner caSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption")



         // support alternateSubjectNames for SSL certificates



         List<GeneralName> altNames = new ArrayList<GeneralName>();



         if (HttpUtils.isIpAddress(sslMetadata.commonName)) {



            altNames.add(new GeneralName(GeneralName.iPAddress, sslMetadata.commonName));				


         }



         if (altNames.size() > 0) {



            GeneralNames subjectAltName = new GeneralNames(altNames.toArray(new GeneralName [altNames.size()]));



            certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);



         }







         ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM)



               .setProvider(BC).build(caPrivateKey);



         X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)



               .getCertificate(certBuilder.build(caSigner));



@@ -589,7 +607,7 @@


      try {



         KeyPair caPair = newKeyPair();



         



         ContentSigner caSigner = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPair.getPrivate());



         ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPair.getPrivate());



         



         // clone metadata



         X509Metadata caMetadata = metadata.clone(CA_CN, metadata.password);



@@ -659,7 +677,7 @@


         X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());



         



         // build and sign CRL with CA private key



         ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPrivateKey);



         ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);



         X509CRLHolder crl = crlBuilder.build(signer);







         File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");



@@ -753,6 +771,17 @@


                 zos.write(FileUtils.readContent(pemFile));



                 zos.closeEntry();



              }



	        	


              // include user's public certificate



              zos.putNextEntry(new ZipEntry(clientMetadata.commonName + ".cer"));



              zos.write(cert.getEncoded());



              zos.closeEntry();



        		


              // include CA public certificate



              zos.putNextEntry(new ZipEntry("ca.cer"));



              zos.write(caCert.getEncoded());



              zos.closeEntry();



        		


              if (readme != null) {



                 zos.putNextEntry(new ZipEntry("README.TXT"));



                 zos.write(readme.getBytes("UTF-8"));



@@ -809,7 +838,7 @@


            certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);



         }







         ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPrivateKey);



         ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);







         X509Certificate userCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certBuilder.build(signer));



         PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)pair.getPrivate();