From d40a44c8c8df8f6bd81c93e72314224f85656f18 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sat, 07 Mar 2015 09:27:05 -0500
Subject: [PATCH] Merge branch 'ticket/245' into develop

---
 src/main/java/com/gitblit/utils/X509Utils.java |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/utils/X509Utils.java b/src/main/java/com/gitblit/utils/X509Utils.java
index d3d5b46..fc0b797 100644
--- a/src/main/java/com/gitblit/utils/X509Utils.java
+++ b/src/main/java/com/gitblit/utils/X509Utils.java
@@ -36,6 +36,7 @@
 import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertStore;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.PKIXBuilderParameters;
@@ -79,8 +80,12 @@
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
 import org.bouncycastle.jce.PrincipalUtil;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.openssl.PEMEncryptor;
 import org.bouncycastle.openssl.PEMWriter;
+import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
 import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -881,8 +886,11 @@
 	        if (pemFile.exists()) {
 	        	pemFile.delete();
 	        }
-	        PEMWriter pemWriter = new PEMWriter(new FileWriter(pemFile));
-	        pemWriter.writeObject(pair.getPrivate(), "DES-EDE3-CBC", clientMetadata.password.toCharArray(), new SecureRandom());
+	        JcePEMEncryptorBuilder builder = new JcePEMEncryptorBuilder("DES-EDE3-CBC");
+	        builder.setSecureRandom(new SecureRandom());
+	        PEMEncryptor pemEncryptor = builder.build(clientMetadata.password.toCharArray());
+	        JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(pemFile));
+	        pemWriter.writeObject(pair.getPrivate(), pemEncryptor);
 	        pemWriter.writeObject(userCert);
 	        pemWriter.writeObject(caCert);
 	        pemWriter.flush();
@@ -1070,7 +1078,7 @@
 			x509log.log(MessageFormat.format("Revoked certificate {0,number,0} reason: {1} [{2}]",
 					cert.getSerialNumber(), reason.toString(), cert.getSubjectDN().getName()));
 			return true;
-		} catch (Exception e) {
+		} catch (IOException | OperatorCreationException | CertificateEncodingException e) {
 			logger.error(MessageFormat.format("Failed to revoke certificate {0,number,0} [{1}] in {2}",
 					cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));
 		}

--
Gitblit v1.9.1