From f185d956682e96272b5a74db6b2b208f467bcdb6 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 23 Nov 2012 18:18:02 -0500
Subject: [PATCH] Eliminate internal Sun api for CRLs and include X509 tests in
 suite

---
 Gitblit.iml => gitblit.iml                | 32 ++++++++++++++++++-----
 src/com/gitblit/utils/X509Utils.java      | 17 +++++++++---
 tests/com/gitblit/tests/GitBlitSuite.java |  2 +-
 3 files changed, 40 insertions(+), 11 deletions(-)
 rename Gitblit.iml => gitblit.iml (91%)
diff --git a/Gitblit.iml b/gitblit.iml
similarity index 91%
rename from Gitblit.iml
rename to gitblit.iml
index 2efe6cfd..12f69f38 100644
--- a/Gitblit.iml
+++ b/gitblit.iml
@@ -240,24 +240,35 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="bcprov-jdk16-1.46.jar">
+      <library name="bcprov-jdk15on-1.47.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/bcprov-jdk16-1.46.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/bcprov-jdk15on-1.47.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/bcprov-jdk16-1.46-sources.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/bcprov-jdk15on-1.47-sources.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="bcmail-jdk16-1.46.jar">
+      <library name="bcmail-jdk15on-1.47.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/bcmail-jdk16-1.46.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/bcmail-jdk15on-1.47.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/bcmail-jdk16-1.46-sources.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/bcmail-jdk15on-1.47-sources.jar!/" />
+        </SOURCES>
+      </library>
+    </orderEntry>
+    <orderEntry type="module-library">
+      <library name="bcpkix-jdk15on-1.47.jar">
+        <CLASSES>
+          <root url="jar://$MODULE_DIR$/ext/bcpkix-jdk15on-1.47.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES>
+          <root url="jar://$MODULE_DIR$/ext/src/bcpkix-jdk15on-1.47-sources.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
@@ -327,6 +338,15 @@
         </SOURCES>
       </library>
     </orderEntry>
+    <orderEntry type="module-library">
+      <library name="jcalendar-1.3.2.jar">
+        <CLASSES>
+          <root url="jar://$MODULE_DIR$/ext/jcalendar-1.3.2.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES />
+      </library>
+    </orderEntry>
     <orderEntry type="module-library" scope="TEST">
       <library name="junit-4.10.jar">
         <CLASSES>
diff --git a/src/com/gitblit/utils/X509Utils.java b/src/com/gitblit/utils/X509Utils.java
index e27d7bc8..3caff358 100644
--- a/src/com/gitblit/utils/X509Utils.java
+++ b/src/com/gitblit/utils/X509Utils.java
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.Field;
 import java.math.BigInteger;
 import java.security.InvalidKeyException;
@@ -36,6 +37,7 @@ import java.security.cert.CertPathBuilder;
 import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertStore;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.PKIXBuilderParameters;
 import java.security.cert.PKIXCertPathBuilderResult;
@@ -82,8 +84,6 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import sun.security.x509.X509CRLImpl;
-
 import com.gitblit.Constants;
 
 /**
@@ -1034,13 +1034,22 @@ public class X509Utils {
 		if (!caRevocationList.exists()) {
 			return false;
 		}
+		InputStream inStream = null;
 		try {
-			byte [] data = FileUtils.readContent(caRevocationList);
-			X509CRL crl = new X509CRLImpl(data);
+			inStream = new FileInputStream(caRevocationList);
+			CertificateFactory cf = CertificateFactory.getInstance("X.509");
+			X509CRL crl = (X509CRL)cf.generateCRL(inStream);
 			return crl.isRevoked(cert);
 		} catch (Exception e) {
 			logger.error(MessageFormat.format("Failed to check revocation status for certificate {0,number,0} [{1}] in {2}",
 					cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));
+		} finally {
+			if (inStream != null) {
+				try {
+					inStream.close();
+				} catch (Exception e) {
+				}
+			}
 		}
 		return false;
 	}
diff --git a/tests/com/gitblit/tests/GitBlitSuite.java b/tests/com/gitblit/tests/GitBlitSuite.java
index 3527d583..bb734eb7 100644
--- a/tests/com/gitblit/tests/GitBlitSuite.java
+++ b/tests/com/gitblit/tests/GitBlitSuite.java
@@ -57,7 +57,7 @@ import com.gitblit.utils.JGitUtils;
 		StringUtilsTest.class, Base64Test.class, JsonUtilsTest.class, ByteFormatTest.class,
 		ObjectCacheTest.class, PermissionsTest.class, UserServiceTest.class, LdapUserServiceTest.class,
 		MarkdownUtilsTest.class, JGitUtilsTest.class, SyndicationUtilsTest.class,
-		DiffUtilsTest.class, MetricUtilsTest.class, TicgitUtilsTest.class,
+		DiffUtilsTest.class, MetricUtilsTest.class, TicgitUtilsTest.class, X509UtilsTest.class,
 		GitBlitTest.class, FederationTests.class, RpcTests.class, GitServletTest.class,
 		GroovyScriptTest.class, LuceneExecutorTest.class, IssuesTest.class, RepositoryModelTest.class })
 public class GitBlitSuite {
-- 
2.39.5

