summaryrefslogtreecommitdiffstats
path: root/src/main/java/com
diff options
context:
space:
mode:
authorFlorian Zschocke <f.zschocke+git@gmail.com>2022-08-14 14:45:58 +0200
committerFlorian Zschocke <f.zschocke+git@gmail.com>2022-08-14 14:45:58 +0200
commit8d3738a22609c5206c50d7f5fbbf17ddc8df6db7 (patch)
treeb50b369047d43b9226620e2a2973eff188d0648f /src/main/java/com
parent1df20a06c93ac68203f10d89f025d6ee74f5f23b (diff)
downloadgitblit-8d3738a22609c5206c50d7f5fbbf17ddc8df6db7.tar.gz
gitblit-8d3738a22609c5206c50d7f5fbbf17ddc8df6db7.zip
Use existing setting but with new values
Instead of adding another setting and having to explain how the new one and the existing `requireClientCertificates` setting are interdependent, let's use the existing setting and add new values. It is changed from a boolean to a string, with the values `required`, `optional` and `disabled`. To keep backward compatibility with the old values, the `true` value is mapped to `required` and the `false` value is mapped to `optional`.
Diffstat (limited to 'src/main/java/com')
-rw-r--r--src/main/java/com/gitblit/Constants.java22
-rw-r--r--src/main/java/com/gitblit/GitBlitServer.java15
2 files changed, 31 insertions, 6 deletions
diff --git a/src/main/java/com/gitblit/Constants.java b/src/main/java/com/gitblit/Constants.java
index ab503bd3..c73bc24b 100644
--- a/src/main/java/com/gitblit/Constants.java
+++ b/src/main/java/com/gitblit/Constants.java
@@ -645,6 +645,28 @@ public class Constants {
}
}
+ public enum TlsClientCertPolicy {
+ REQUIRED, TRUE, OPTIONAL, FALSE, DISABLED, NONE;
+
+ public static TlsClientCertPolicy fromString(String value) {
+ for (TlsClientCertPolicy t : values()) {
+ if (t.name().equalsIgnoreCase(value)) {
+ switch(t) {
+ case TRUE:
+ return REQUIRED;
+ case FALSE:
+ return OPTIONAL;
+ case NONE:
+ return DISABLED;
+ default:
+ return t;
+ }
+ }
+ }
+ return TlsClientCertPolicy.OPTIONAL;
+ }
+ }
+
/**
* The type of merge Gitblit will use when merging a ticket to the integration branch.
* <p>
diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index 190cc5d2..63914121 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -57,6 +57,7 @@ import org.kohsuke.args4j.Option;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.gitblit.Constants.TlsClientCertPolicy;
import com.gitblit.authority.GitblitAuthority;
import com.gitblit.authority.NewCertificateConfig;
import com.gitblit.servlet.GitblitContext;
@@ -289,10 +290,15 @@ public class GitBlitServer {
logger.info("Setting up HTTPS transport on port " + params.securePort);
GitblitSslContextFactory factory = new GitblitSslContextFactory(params.alias,
serverKeyStore, serverTrustStore, params.storePassword, caRevocationList);
- if (params.requireClientCertificates) {
+ TlsClientCertPolicy clientCertPolicy = TlsClientCertPolicy.fromString(params.requireClientCertificates);
+ if (clientCertPolicy == TlsClientCertPolicy.REQUIRED) {
factory.setNeedClientAuth(true);
+ } else if (clientCertPolicy == TlsClientCertPolicy.OPTIONAL) {
+ factory.setNeedClientAuth(false);
+ factory.setWantClientAuth(true);
} else {
- factory.setWantClientAuth((params.wantClientCertificates));
+ factory.setNeedClientAuth(false);
+ factory.setWantClientAuth(false);
}
ServerConnector connector = new ServerConnector(server, factory);
@@ -600,10 +606,7 @@ public class GitBlitServer {
public Integer shutdownPort = FILESETTINGS.getInteger(Keys.server.shutdownPort, 8081);
@Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.")
- public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false);
-
- @Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.")
- public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false);
+ public String requireClientCertificates = FILESETTINGS.getString(Keys.server.requireClientCertificates, "optional");
/*
* Setting overrides