From 9effe1630d97039b3e01cd9b58ed07e75be1d63c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 25 Feb 2013 08:40:30 -0500
Subject: [PATCH] Merge pull request #75 from thefake/master
---
src/com/gitblit/authority/GitblitAuthority.java | 214 +++++++++++++++++++++++++++++++++++++++--------------
1 files changed, 157 insertions(+), 57 deletions(-)
diff --git a/src/com/gitblit/authority/GitblitAuthority.java b/src/com/gitblit/authority/GitblitAuthority.java
index 6d219b7..c3d8184 100644
--- a/src/com/gitblit/authority/GitblitAuthority.java
+++ b/src/com/gitblit/authority/GitblitAuthority.java
@@ -17,9 +17,11 @@
import java.awt.BorderLayout;
import java.awt.Container;
+import java.awt.Desktop;
import java.awt.Dimension;
import java.awt.EventQueue;
import java.awt.FlowLayout;
+import java.awt.GridLayout;
import java.awt.Insets;
import java.awt.Point;
import java.awt.event.ActionEvent;
@@ -35,6 +37,7 @@
import java.io.FileWriter;
import java.io.FilenameFilter;
import java.io.IOException;
+import java.net.URI;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -65,7 +68,9 @@
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTable;
+import javax.swing.JTextArea;
import javax.swing.JTextField;
+import javax.swing.JToolBar;
import javax.swing.RowFilter;
import javax.swing.SwingConstants;
import javax.swing.UIManager;
@@ -90,6 +95,7 @@
import com.gitblit.client.Translation;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
+import com.gitblit.utils.FileUtils;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.TimeUtils;
import com.gitblit.utils.X509Utils;
@@ -132,6 +138,21 @@
private JButton newSSLCertificate;
public static void main(String... args) {
+ // filter out the baseFolder parameter
+ String folder = "data";
+ for (int i = 0; i< args.length; i++) {
+ String arg = args[i];
+ if (arg.equals("--baseFolder")) {
+ if (i + 1 == args.length) {
+ System.out.println("Invalid --baseFolder parameter!");
+ System.exit(-1);
+ } else if (args[i + 1] != ".") {
+ folder = args[i+1];
+ }
+ break;
+ }
+ }
+ final String baseFolder = folder;
EventQueue.invokeLater(new Runnable() {
public void run() {
try {
@@ -139,7 +160,7 @@
} catch (Exception e) {
}
GitblitAuthority authority = new GitblitAuthority();
- authority.initialize();
+ authority.initialize(baseFolder);
authority.setLocationRelativeTo(null);
authority.setVisible(true);
}
@@ -152,7 +173,7 @@
defaultSorter = new TableRowSorter<UserCertificateTableModel>(tableModel);
}
- public void initialize() {
+ public void initialize(String baseFolder) {
setIconImage(new ImageIcon(getClass().getResource("/gitblt-favicon.png")).getImage());
setTitle("Gitblit Certificate Authority v" + Constants.VERSION + " (" + Constants.VERSION_DATE + ")");
setContentPane(getUI());
@@ -168,10 +189,10 @@
}
});
- setSizeAndPosition();
-
- File folder = new File(System.getProperty("user.dir"));
+ File folder = new File(baseFolder).getAbsoluteFile();
load(folder);
+
+ setSizeAndPosition();
}
private void setSizeAndPosition() {
@@ -224,7 +245,7 @@
}
private StoredConfig getConfig() throws IOException, ConfigInvalidException {
- File configFile = new File(System.getProperty("user.dir"), X509Utils.CA_CONFIG);
+ File configFile = new File(folder, X509Utils.CA_CONFIG);
FileBasedConfig config = new FileBasedConfig(configFile, FS.detect());
config.load();
return config;
@@ -237,30 +258,31 @@
}
gitblitSettings = new FileSettings(file.getAbsolutePath());
mail = new MailExecutor(gitblitSettings);
- String us = gitblitSettings.getString(Keys.realm.userService, "users.conf");
+ String us = gitblitSettings.getString(Keys.realm.userService, "${baseFolder}/users.conf");
String ext = us.substring(us.lastIndexOf(".") + 1).toLowerCase();
IUserService service = null;
if (!ext.equals("conf") && !ext.equals("properties")) {
if (us.equals("com.gitblit.LdapUserService")) {
- us = gitblitSettings.getString(Keys.realm.ldap.backingUserService, "users.conf");
+ us = gitblitSettings.getString(Keys.realm.ldap.backingUserService, "${baseFolder}/users.conf");
} else if (us.equals("com.gitblit.LdapUserService")) {
- us = gitblitSettings.getString(Keys.realm.redmine.backingUserService, "users.conf");
+ us = gitblitSettings.getString(Keys.realm.redmine.backingUserService, "${baseFolder}/users.conf");
}
}
if (us.endsWith(".conf")) {
- service = new ConfigUserService(new File(us));
+ service = new ConfigUserService(FileUtils.resolveParameter(Constants.baseFolder$, folder, us));
} else {
throw new RuntimeException("Unsupported user service: " + us);
}
- service = new ConfigUserService(new File(us));
+ service = new ConfigUserService(FileUtils.resolveParameter(Constants.baseFolder$, folder, us));
return service;
}
private void load(File folder) {
this.folder = folder;
this.userService = loadUsers(folder);
+ System.out.println(Constants.baseFolder$ + " set to " + folder);
if (userService == null) {
JOptionPane.showMessageDialog(this, MessageFormat.format("Sorry, {0} doesn't look like a Gitblit GO installation.", folder));
} else {
@@ -296,6 +318,24 @@
File caKeystore = new File(folder, X509Utils.CA_KEY_STORE);
if (!caKeystore.exists()) {
+
+ if (!X509Utils.unlimitedStrength) {
+ // prompt to confirm user understands JCE Standard Strength encryption
+ int res = JOptionPane.showConfirmDialog(GitblitAuthority.this, Translation.get("gb.jceWarning"),
+ Translation.get("gb.warning"), JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE);
+ if (res != JOptionPane.YES_OPTION) {
+ if (Desktop.isDesktopSupported()) {
+ if (Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
+ try {
+ Desktop.getDesktop().browse(URI.create("http://www.oracle.com/technetwork/java/javase/downloads/index.html"));
+ } catch (IOException e) {
+ }
+ }
+ }
+ System.exit(1);
+ }
+ }
+
// show certificate defaults dialog
certificateDefaultsButton.doClick();
@@ -307,16 +347,9 @@
private boolean prepareX509Infrastructure() {
if (caKeystorePassword == null) {
- JPasswordField pass = new JPasswordField(10){
- private static final long serialVersionUID = 1L;
-
- public void addNotify()
- {
- super.addNotify();
- requestFocusInWindow();
- }
- };
+ JPasswordField pass = new JPasswordField(10);
pass.setText(caKeystorePassword);
+ pass.addAncestorListener(new RequestFocusListener());
JPanel panel = new JPanel(new BorderLayout());
panel.add(new JLabel(Translation.get("gb.enterKeystorePassword")), BorderLayout.NORTH);
panel.add(pass, BorderLayout.CENTER);
@@ -329,6 +362,8 @@
}
X509Metadata metadata = new X509Metadata("localhost", caKeystorePassword);
+ setMetadataDefaults(metadata);
+ metadata.notAfter = new Date(System.currentTimeMillis() + 10*TimeUtils.ONEYEAR);
X509Utils.prepareX509Infrastructure(metadata, folder, this);
return true;
}
@@ -396,29 +431,11 @@
}
Date notAfter = metadata.notAfter;
- metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
- if (StringUtils.isEmpty(metadata.serverHostname)) {
- metadata.serverHostname = Constants.NAME;
- }
- UserModel user = ucm.user;
-
- // set default values from config file
- File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
- FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
- if (certificatesConfigFile.exists()) {
- try {
- config.load();
- } catch (Exception e) {
- Utils.showException(GitblitAuthority.this, e);
- }
- NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
- certificateConfig.update(metadata);
- }
-
- // restore expiration date
+ setMetadataDefaults(metadata);
metadata.notAfter = notAfter;
// set user's specified OID values
+ UserModel user = ucm.user;
if (!StringUtils.isEmpty(user.organizationalUnit)) {
metadata.oids.put("OU", user.organizationalUnit);
}
@@ -442,12 +459,8 @@
if (ucm.expires == null || metadata.notAfter.before(ucm.expires)) {
ucm.expires = metadata.notAfter;
}
- ucm.update(config);
- try {
- config.save();
- } catch (Exception e) {
- Utils.showException(GitblitAuthority.this, e);
- }
+
+ updateAuthorityConfig(ucm);
// refresh user
ucm.certs = null;
@@ -570,15 +583,26 @@
}
};
- JTextField durationTF = new JTextField(4);
- durationTF.setInputVerifier(verifier);
- durationTF.setVerifyInputWhenFocusTarget(true);
- durationTF.setText("" + certificateConfig.duration);
- JPanel durationPanel = Utils.newFieldPanel(Translation.get("gb.duration"), durationTF, Translation.get("gb.duration.days").replace("{0}", "").trim());
+ JTextField siteNameTF = new JTextField(20);
+ siteNameTF.setText(gitblitSettings.getString(Keys.web.siteName, "Gitblit"));
+ JPanel siteNamePanel = Utils.newFieldPanel(Translation.get("gb.siteName"),
+ siteNameTF, Translation.get("gb.siteNameDescription"));
+
+ JTextField validityTF = new JTextField(4);
+ validityTF.setInputVerifier(verifier);
+ validityTF.setVerifyInputWhenFocusTarget(true);
+ validityTF.setText("" + certificateConfig.duration);
+ JPanel validityPanel = Utils.newFieldPanel(Translation.get("gb.validity"),
+ validityTF, Translation.get("gb.duration.days").replace("{0}", "").trim());
+
+ JPanel p1 = new JPanel(new GridLayout(0, 1, 5, 2));
+ p1.add(siteNamePanel);
+ p1.add(validityPanel);
+
DefaultOidsPanel oids = new DefaultOidsPanel(metadata);
JPanel panel = new JPanel(new BorderLayout());
- panel.add(durationPanel, BorderLayout.NORTH);
+ panel.add(p1, BorderLayout.NORTH);
panel.add(oids, BorderLayout.CENTER);
int result = JOptionPane.showConfirmDialog(GitblitAuthority.this,
@@ -587,9 +611,13 @@
if (result == JOptionPane.OK_OPTION) {
try {
oids.update(metadata);
- certificateConfig.duration = Integer.parseInt(durationTF.getText());
+ certificateConfig.duration = Integer.parseInt(validityTF.getText());
certificateConfig.store(config, metadata);
config.save();
+
+ Map<String, String> updates = new HashMap<String, String>();
+ updates.put(Keys.web.siteName, siteNameTF.getText());
+ gitblitSettings.saveSettings(updates);
} catch (Exception e1) {
Utils.showException(GitblitAuthority.this, e1);
}
@@ -612,7 +640,8 @@
}
final Date expires = dialog.getExpiration();
final String hostname = dialog.getHostname();
-
+ final boolean serveCertificate = dialog.isServeCertificate();
+
AuthorityWorker worker = new AuthorityWorker(GitblitAuthority.this) {
@Override
@@ -628,17 +657,31 @@
// generate new SSL certificate
X509Metadata metadata = new X509Metadata(hostname, caKeystorePassword);
+ setMetadataDefaults(metadata);
metadata.notAfter = expires;
File serverKeystoreFile = new File(folder, X509Utils.SERVER_KEY_STORE);
X509Certificate cert = X509Utils.newSSLCertificate(metadata, caPrivateKey, caCert, serverKeystoreFile, GitblitAuthority.this);
- return cert != null;
+ boolean hasCert = cert != null;
+ if (hasCert && serveCertificate) {
+ // update Gitblit https connector alias
+ Map<String, String> updates = new HashMap<String, String>();
+ updates.put(Keys.server.certificateAlias, metadata.commonName);
+ gitblitSettings.saveSettings(updates);
+ }
+ return hasCert;
}
@Override
protected void onSuccess() {
- JOptionPane.showMessageDialog(GitblitAuthority.this,
+ if (serveCertificate) {
+ JOptionPane.showMessageDialog(GitblitAuthority.this,
+ MessageFormat.format(Translation.get("gb.sslCertificateGeneratedRestart"), hostname),
+ Translation.get("gb.newSSLCertificate"), JOptionPane.INFORMATION_MESSAGE);
+ } else {
+ JOptionPane.showMessageDialog(GitblitAuthority.this,
MessageFormat.format(Translation.get("gb.sslCertificateGenerated"), hostname),
Translation.get("gb.newSSLCertificate"), JOptionPane.INFORMATION_MESSAGE);
+ }
}
};
@@ -689,6 +732,23 @@
}
});
+ JButton logButton = new JButton(new ImageIcon(getClass().getResource("/script_16x16.png")));
+ logButton.setFocusable(false);
+ logButton.setToolTipText(Translation.get("gb.log"));
+ logButton.addActionListener(new ActionListener() {
+ @Override
+ public void actionPerformed(ActionEvent e) {
+ File log = new File(folder, X509Utils.CERTS + File.separator + "log.txt");
+ if (log.exists()) {
+ String content = FileUtils.readContent(log, "\n");
+ JTextArea textarea = new JTextArea(content);
+ JScrollPane scrollPane = new JScrollPane(textarea);
+ scrollPane.setPreferredSize(new Dimension(700, 400));
+ JOptionPane.showMessageDialog(GitblitAuthority.this, scrollPane, log.getAbsolutePath(), JOptionPane.INFORMATION_MESSAGE);
+ }
+ }
+ });
+
final JTextField filterTextfield = new JTextField(15);
filterTextfield.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
@@ -701,10 +761,12 @@
}
});
- JPanel buttonControls = new JPanel(new FlowLayout(FlowLayout.LEFT, Utils.MARGIN, Utils.MARGIN));
+ JToolBar buttonControls = new JToolBar(JToolBar.HORIZONTAL);
+ buttonControls.setFloatable(false);
buttonControls.add(certificateDefaultsButton);
buttonControls.add(newSSLCertificate);
buttonControls.add(emailBundle);
+ buttonControls.add(logButton);
JPanel userControls = new JPanel(new FlowLayout(FlowLayout.RIGHT, Utils.MARGIN, Utils.MARGIN));
userControls.add(new JLabel(Translation.get("gb.filter")));
@@ -818,4 +880,42 @@
}
return false;
}
+
+ private void setMetadataDefaults(X509Metadata metadata) {
+ metadata.serverHostname = gitblitSettings.getString(Keys.web.siteName, Constants.NAME);
+ if (StringUtils.isEmpty(metadata.serverHostname)) {
+ metadata.serverHostname = Constants.NAME;
+ }
+
+ // set default values from config file
+ File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
+ FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
+ if (certificatesConfigFile.exists()) {
+ try {
+ config.load();
+ } catch (Exception e) {
+ Utils.showException(GitblitAuthority.this, e);
+ }
+ NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
+ certificateConfig.update(metadata);
+ }
+ }
+
+ private void updateAuthorityConfig(UserCertificateModel ucm) {
+ File certificatesConfigFile = new File(folder, X509Utils.CA_CONFIG);
+ FileBasedConfig config = new FileBasedConfig(certificatesConfigFile, FS.detect());
+ if (certificatesConfigFile.exists()) {
+ try {
+ config.load();
+ } catch (Exception e) {
+ Utils.showException(GitblitAuthority.this, e);
+ }
+ }
+ ucm.update(config);
+ try {
+ config.save();
+ } catch (Exception e) {
+ Utils.showException(GitblitAuthority.this, e);
+ }
+ }
}
--
Gitblit v1.9.1