From f1c3a882d12aede461e3c8ca3ebd298bdb28bc5d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 02 Dec 2012 13:16:39 -0500
Subject: [PATCH] Corrected certificatge bundle unit test
---
src/com/gitblit/GitBlit.java | 52 ++++++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 48 insertions(+), 4 deletions(-)
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index b35bf50..69135c4 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -58,6 +58,7 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
+import org.apache.wicket.RequestCycle;
import org.apache.wicket.protocol.http.WebResponse;
import org.apache.wicket.resource.ContextRelativeResource;
import org.apache.wicket.util.resource.ResourceStreamNotFoundException;
@@ -75,6 +76,7 @@
import com.gitblit.Constants.AccessPermission;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthenticationType;
import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationRequest;
import com.gitblit.Constants.FederationStrategy;
@@ -100,12 +102,15 @@
import com.gitblit.utils.ContainerUtils;
import com.gitblit.utils.DeepCopier;
import com.gitblit.utils.FederationUtils;
+import com.gitblit.utils.HttpUtils;
import com.gitblit.utils.JGitUtils;
import com.gitblit.utils.JsonUtils;
import com.gitblit.utils.MetricUtils;
import com.gitblit.utils.ObjectCache;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.TimeUtils;
+import com.gitblit.utils.X509Utils.X509Metadata;
+import com.gitblit.wicket.GitBlitWebSession;
import com.gitblit.wicket.WicketUtils;
/**
@@ -536,7 +541,7 @@
* @param cookies
* @return a user object or null
*/
- public UserModel authenticate(Cookie[] cookies) {
+ protected UserModel authenticate(Cookie[] cookies) {
if (userService == null) {
return null;
}
@@ -554,13 +559,52 @@
}
/**
- * Authenticate a user based on HTTP request paramters.
- * This method is inteded to be used as fallback when other
- * means of authentication are failing (username / password or cookies).
+ * Authenticate a user based on HTTP request parameters.
+ *
+ * Authentication by X509Certificate is tried first and then by cookie.
+ *
* @param httpRequest
* @return a user object or null
*/
public UserModel authenticate(HttpServletRequest httpRequest) {
+ // try to authenticate by certificate
+ boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
+ String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
+ UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
+ if (model != null) {
+ // grab real user model and preserve certificate serial number
+ UserModel user = getUserModel(model.username);
+ if (user != null) {
+ RequestCycle requestCycle = RequestCycle.get();
+ if (requestCycle != null) {
+ // flag the Wicket session, if this is a Wicket request
+ GitBlitWebSession session = GitBlitWebSession.get();
+ session.authenticationType = AuthenticationType.CERTIFICATE;
+ }
+ X509Metadata metadata = HttpUtils.getCertificateMetadata(httpRequest);
+ logger.info(MessageFormat.format("{0} authenticated by client certificate {1} from {2}",
+ user.username, metadata.serialNumber, httpRequest.getRemoteAddr()));
+ return user;
+ }
+ }
+
+ // try to authenticate by cookie
+ Cookie[] cookies = httpRequest.getCookies();
+ if (allowCookieAuthentication() && cookies != null && cookies.length > 0) {
+ // Grab cookie from Browser Session
+ UserModel user = authenticate(cookies);
+ if (user != null) {
+ RequestCycle requestCycle = RequestCycle.get();
+ if (requestCycle != null) {
+ // flag the Wicket session, if this is a Wicket request
+ GitBlitWebSession session = GitBlitWebSession.get();
+ session.authenticationType = AuthenticationType.COOKIE;
+ }
+ logger.info(MessageFormat.format("{0} authenticated by cookie from {1}",
+ user.username, httpRequest.getRemoteAddr()));
+ return user;
+ }
+ }
return null;
}
--
Gitblit v1.9.1