From d63157b22bb8a7294080be29ca0fca8ecda96db9 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 05 Dec 2012 17:36:16 -0500
Subject: [PATCH] Checkbox to automatically set the new ssl certificate alias

---
 src/com/gitblit/AuthenticationFilter.java |   42 ++++++++++++------------------------------
 1 files changed, 12 insertions(+), 30 deletions(-)

diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index 4762c42..eb6e95b 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -16,9 +16,7 @@
 package com.gitblit;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
 import java.security.Principal;
-import java.text.MessageFormat;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Map;
@@ -37,7 +35,6 @@
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.models.UserModel;
-import com.gitblit.utils.Base64;
 import com.gitblit.utils.StringUtils;
 
 /**
@@ -51,9 +48,7 @@
  */
 public abstract class AuthenticationFilter implements Filter {
 
-	protected static final String BASIC = "Basic";
-
-	protected static final String CHALLENGE = BASIC + " realm=\"" + Constants.NAME + "\"";
+	protected static final String CHALLENGE = "Basic realm=\"" + Constants.NAME + "\"";
 
 	protected static final String SESSION_SECURED = "com.gitblit.secured";
 
@@ -69,6 +64,15 @@
 	@Override
 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException;
+	
+	/**
+	 * Allow the filter to require a client certificate to continue processing.
+	 * 
+	 * @return true, if a client certificate is required
+	 */
+	protected boolean requiresClientCertificate() {
+		return false;
+	}
 
 	/**
 	 * Returns the full relative url of the request.
@@ -94,30 +98,8 @@
 	 * @return user
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
-		UserModel user = null;
-		// look for client authorization credentials in header
-		final String authorization = httpRequest.getHeader("Authorization");
-		if (authorization != null && authorization.startsWith(BASIC)) {
-			// Authorization: Basic base64credentials
-			String base64Credentials = authorization.substring(BASIC.length()).trim();
-			String credentials = new String(Base64.decode(base64Credentials),
-					Charset.forName("UTF-8"));
-			// credentials = username:password
-			final String[] values = credentials.split(":",2);
-
-			if (values.length == 2) {
-				String username = values[0];
-				char[] password = values[1].toCharArray();
-				user = GitBlit.self().authenticate(username, password);
-				if (user != null) {
-					return user;
-				}
-			}
-			if (GitBlit.isDebugMode()) {
-				logger.info(MessageFormat.format("AUTH: invalid credentials ({0})", credentials));
-			}
-		}
-		return null;
+		UserModel user = GitBlit.self().authenticate(httpRequest, requiresClientCertificate());
+		return user;
 	}
 
 	/**

--
Gitblit v1.9.1