diff options
author | James Moger <james.moger@gitblit.com> | 2012-12-03 17:03:31 -0500 |
---|---|---|
committer | James Moger <james.moger@gitblit.com> | 2012-12-03 17:03:31 -0500 |
commit | d3c18925529690716ce1b9038169d7a07e53b287 (patch) | |
tree | 3093efba039b384841bfb1d32e0ec78d6b9ae82c /src/com/gitblit | |
parent | 37fa664c58df034607edf2485a1414b3417b2755 (diff) | |
download | gitblit-d3c18925529690716ce1b9038169d7a07e53b287.tar.gz gitblit-d3c18925529690716ce1b9038169d7a07e53b287.zip |
Set subjectAlternativeName on SSL cert if CN=IPAddress (issue-170)
Diffstat (limited to 'src/com/gitblit')
-rw-r--r-- | src/com/gitblit/utils/HttpUtils.java | 22 | ||||
-rw-r--r-- | src/com/gitblit/utils/X509Utils.java | 12 |
2 files changed, 34 insertions, 0 deletions
diff --git a/src/com/gitblit/utils/HttpUtils.java b/src/com/gitblit/utils/HttpUtils.java index b40088c8..56c8bd20 100644 --- a/src/com/gitblit/utils/HttpUtils.java +++ b/src/com/gitblit/utils/HttpUtils.java @@ -178,4 +178,26 @@ public class HttpUtils { }
return null;
}
+
+ public static boolean isIpAddress(String address) {
+ if (StringUtils.isEmpty(address)) {
+ return false;
+ }
+ String [] fields = address.split("\\.");
+ if (fields.length == 4) {
+ // IPV4
+ for (String field : fields) {
+ try {
+ int value = Integer.parseInt(field);
+ if (value < 0 || value > 255) {
+ return false;
+ }
+ } catch (Exception e) {
+ return false;
+ }
+ }
+ }
+ // TODO IPV6?
+ return false;
+ }
}
diff --git a/src/com/gitblit/utils/X509Utils.java b/src/com/gitblit/utils/X509Utils.java index cfad9ec0..237c8dad 100644 --- a/src/com/gitblit/utils/X509Utils.java +++ b/src/com/gitblit/utils/X509Utils.java @@ -46,11 +46,13 @@ import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
@@ -556,6 +558,16 @@ public class X509Utils { certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));
+ // support alternateSubjectNames for SSL certificates
+ List<GeneralName> altNames = new ArrayList<GeneralName>();
+ if (HttpUtils.isIpAddress(sslMetadata.commonName)) {
+ altNames.add(new GeneralName(GeneralName.iPAddress, sslMetadata.commonName));
+ }
+ if (altNames.size() > 0) {
+ GeneralNames subjectAltName = new GeneralNames(altNames.toArray(new GeneralName [altNames.size()]));
+ certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
+ }
+
ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
.setProvider(BC).build(caPrivateKey);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
|