summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.classpath7
-rw-r--r--gitblit.iml4
-rw-r--r--src/main/distrib/data/certs/instructions.tmpl_zh_TW111
-rw-r--r--src/main/distrib/data/certs/mail.tmpl_zh_TW5
-rw-r--r--src/main/java/com/gitblit/authority/GitblitAuthority.java15
-rw-r--r--src/main/java/com/gitblit/utils/X509Utils.java32
-rw-r--r--src/main/java/com/gitblit/wicket/GitBlitWebApp.properties1
-rw-r--r--src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties1
8 files changed, 164 insertions, 12 deletions
diff --git a/.classpath b/.classpath
index 095cb036..3dac2010 100644
--- a/.classpath
+++ b/.classpath
@@ -49,7 +49,7 @@
<classpathentry kind="lib" path="ext/httpcore-4.3.3.jar" sourcepath="ext/src/httpcore-4.3.3.jar" />
<classpathentry kind="lib" path="ext/commons-logging-1.1.3.jar" sourcepath="ext/src/commons-logging-1.1.3.jar" />
<classpathentry kind="lib" path="ext/commons-codec-1.7.jar" sourcepath="ext/src/commons-codec-1.7.jar" />
- <classpathentry kind="lib" path="ext/org.eclipse.jdt.annotation-1.1.0.jar" />
+ <classpathentry kind="lib" path="ext/org.eclipse.jdt.annotation-1.1.0.jar" sourcepath="ext/src/org.eclipse.jdt.annotation-1.1.0.jar" />
<classpathentry kind="lib" path="ext/org.eclipse.jgit.http.server-4.1.1.201511131810-r.jar" sourcepath="ext/src/org.eclipse.jgit.http.server-4.1.1.201511131810-r.jar" />
<classpathentry kind="lib" path="ext/bcprov-jdk15on-1.52.jar" sourcepath="ext/src/bcprov-jdk15on-1.52.jar" />
<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.52.jar" sourcepath="ext/src/bcmail-jdk15on-1.52.jar" />
@@ -94,10 +94,5 @@
<classpathentry kind="lib" path="ext/mockito-core-1.10.19.jar" sourcepath="ext/src/mockito-core-1.10.19.jar" />
<classpathentry kind="lib" path="ext/objenesis-2.1.jar" sourcepath="ext/src/objenesis-2.1.jar" />
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER" />
- <classpathentry kind="src" path="src/main/dagger">
- <attributes>
- <attribute name="optional" value="true"/>
- </attributes>
- </classpathentry>
<classpathentry kind="output" path="bin/classes" />
</classpath>
diff --git a/gitblit.iml b/gitblit.iml
index 71907a59..038c4f4d 100644
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -491,7 +491,9 @@
<root url="jar://$MODULE_DIR$/ext/org.eclipse.jdt.annotation-1.1.0.jar!/" />
</CLASSES>
<JAVADOC />
- <SOURCES />
+ <SOURCES>
+ <root url="jar://$MODULE_DIR$/ext/src/org.eclipse.jdt.annotation-1.1.0.jar!/" />
+ </SOURCES>
</library>
</orderEntry>
<orderEntry type="module-library">
diff --git a/src/main/distrib/data/certs/instructions.tmpl_zh_TW b/src/main/distrib/data/certs/instructions.tmpl_zh_TW
new file mode 100644
index 00000000..72b99e0d
--- /dev/null
+++ b/src/main/distrib/data/certs/instructions.tmpl_zh_TW
@@ -0,0 +1,111 @@
+********************************************************************************
+ Gitblit 伺服器 $serverHostname 所需之 SSL 用戶端憑證
+********************************************************************************
+
+ $userDisplayname 您好,
+
+ 伺服器 $serverHostname 所需要的私鑰,公鑰以及Gitblit簽證檔案(CA)存放於 $username.p12, PKCS#12 certificate store[1] 以及 $username.pem.
+
+ 兩種證書皆受密碼保護.
+ 密碼提示: $storePasswordHint
+
+
+Git 憑證匯入步驟
+=============================================
+
+ 附件之 PEM 檔案可以直接匯入至您的git程式裡.
+
+ git config [--global] http.sslCert path/to/$username.pem
+
+ PEM檔案受密碼保護,因此匯入過程會提示多次. 如果您偏好不使用密碼,您需要另外匯出無密碼之私鑰後,再匯入git程式裡.
+
+ openssl rsa -in path/to/$username.pem -out path/to/$username.key
+ git config [--global] http.sslKey path/to/$username.key
+
+ 此外,您應該妥善保管已經解除密碼保護之私鑰.
+
+ 註:
+ 如果沒有匯出私鑰, 有些早期git版本將會發生匯入失敗問題,例如:Ubuntu 12.04 with git 1.7.9.5.
+
+
+Firefox 憑證匯入步驟
+=============================================
+
+ Firefox 有自己的證書管理介面.
+
+ 1. 點選 "選項->進階->憑證"
+ 2. 點選 "檢視憑證清單"
+ 3. 切換至 "您的憑證"
+ 4. 點選 "匯入(M)"
+ 5. 選擇電腦中的憑證檔案 $username.p12
+ 6. 輸入憑證檔案所需的密碼
+ 7. 切換至"憑證機構"
+ 8. 找到 "Gitblit Certificate Authority" 憑證
+ 9. 點選"編輯信任(E)"
+ 10.選擇信任網站.
+
+
+Chrome/IE (Windows) 憑證匯入步驟
+=============================================
+
+ 在Windows作業系統下, Chrome 與 IE 共用相同的憑證設定.
+
+ IE
+ ------------------------------------
+ 1. 選擇 "網際網路選項->內容"
+ 2. 點選"憑證"
+
+ Chrome
+ ------------------------------------
+ 1. 選擇 "設定->顯示進階設定->HTTP/SSL"
+ 2. 點選"管理憑證"
+
+ 共同步驟 (Windows)
+ ------------------------------------
+ 3. 切換至 "個人"
+ 4. 點選"匯入(I)"
+ 5. 依照指示匯入.
+ 請切換匯入檔案類型為p12並且找到 $username.p12 這個憑證檔案
+ 6. 輸入憑證檔案保護密碼
+ 7. 由於主要發放憑證單位(CA)與個人憑證檔案皆儲存於 $username.p12, 因此匯入時候,必須選擇 "自動根據憑證類型來選擇憑證存放區".
+ 如果選擇預設值匯入, 將不會安裝主要發放憑證單位(CA)
+
+
+Chrome (Linux) Installation Instructions
+=============================================
+
+ On Linux, Chrome maintains it's own certificate store.
+
+ 1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
+ 2. Click the "Manage Certificates..." button
+ 3. Navigate your filesystem and select $username.p12
+ 4. At the password prompt enter the certificate store password
+ You have now imported your private key, public certificate, and the CA certificate
+ but now we must manually set the trust settings of the CA certificate.
+ 5. Switch to the "Authorities" tab
+ 6. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
+ 7. Select it and click "Edit Trust..."
+ 8. Check "This certificate can identify websites" and click OK.
+
+
+Chrome/Safari (Mac OS X) Installation Instructions
+=============================================
+
+On Mac OS X, Chrome and Safari both use Keychain Access to store certificates
+so configuring one will automatically apply for both.
+
+ 1. Double-click $username.pem
+ 2. At the password prompt enter the certificate store password
+ You have now imported your private key, public certificate, and the CA certificate
+ but now we must manually set the trust settings of the CA certificate.
+ 3. Find the Gitblit Certificate Authority certificate, it should have a red
+ indicator meaning untrusted, and double-click it.
+ 4. Open the "Trust" disclosure triangle and change "When using this certificate"
+ to "Always Trust".
+ 5. Close the certificate view and enter your system password to save the changes
+ to your keychain.
+
+
+[1] PKCS#12 is one of the standard container formats for sharing private keys and
+ public certificates.
+[2] http://www.openssl.org
diff --git a/src/main/distrib/data/certs/mail.tmpl_zh_TW b/src/main/distrib/data/certs/mail.tmpl_zh_TW
new file mode 100644
index 00000000..20eb5183
--- /dev/null
+++ b/src/main/distrib/data/certs/mail.tmpl_zh_TW
@@ -0,0 +1,5 @@
+$userDisplayname 您好
+
+ 伺服器 $serverHostname 所需要的私鑰,公鑰以及Gitblit簽證檔案(CA)已經全部打包並且以zip壓縮檔方式寄給您.
+
+ 此外,檔案還附上各瀏覽器設定步驟供您參考. \ No newline at end of file
diff --git a/src/main/java/com/gitblit/authority/GitblitAuthority.java b/src/main/java/com/gitblit/authority/GitblitAuthority.java
index 5f4a7e7f..904042c9 100644
--- a/src/main/java/com/gitblit/authority/GitblitAuthority.java
+++ b/src/main/java/com/gitblit/authority/GitblitAuthority.java
@@ -49,6 +49,7 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.ResourceBundle;
import javax.mail.Message;
import javax.swing.ImageIcon;
@@ -98,6 +99,7 @@ import com.gitblit.utils.X509Utils;
import com.gitblit.utils.X509Utils.RevocationReason;
import com.gitblit.utils.X509Utils.X509Log;
import com.gitblit.utils.X509Utils.X509Metadata;
+import com.gitblit.wicket.GitBlitWebSession;
/**
* Simple GUI tool for administering Gitblit client certificates.
@@ -447,7 +449,7 @@ public class GitblitAuthority extends JFrame implements X509Log {
}
File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
- File zip = X509Utils.newClientBundle(metadata, caKeystoreFile, caKeystorePassword, GitblitAuthority.this);
+ File zip = X509Utils.newClientBundle(user,metadata, caKeystoreFile, caKeystorePassword, GitblitAuthority.this);
// save latest expiration date
if (ucm.expires == null || metadata.notAfter.before(ucm.expires)) {
@@ -850,9 +852,16 @@ public class GitblitAuthority extends JFrame implements X509Log {
try {
if (mail.isReady()) {
Mailing mailing = Mailing.newPlain();
- mailing.subject = "Your Gitblit client certificate for " + metadata.serverHostname;
+ mailing.subject = MessageFormat.format(ResourceBundle.getBundle("com.gitblit.wicket.GitBlitWebApp",user.getPreferences().getLocale()).getString("gb.emailClientCertificateSubject"), metadata.serverHostname);
mailing.setRecipients(user.emailAddress);
- String body = X509Utils.processTemplate(new File(folder, X509Utils.CERTS + File.separator + "mail.tmpl"), metadata);
+ File fileMailTmp = null;
+ String body = null;
+ if( (fileMailTmp = new File(folder, X509Utils.CERTS + File.separator + "mail.tmpl"+"_"+user.getPreferences().getLocale())).exists())
+ body = X509Utils.processTemplate(fileMailTmp, metadata);
+ else{
+ fileMailTmp = new File(folder, X509Utils.CERTS + File.separator + "mail.tmpl");
+ body = X509Utils.processTemplate(fileMailTmp, metadata);
+ }
if (StringUtils.isEmpty(body)) {
body = MessageFormat.format("Hi {0}\n\nHere is your client certificate bundle.\nInside the zip file are installation instructions.", user.getDisplayName());
}
diff --git a/src/main/java/com/gitblit/utils/X509Utils.java b/src/main/java/com/gitblit/utils/X509Utils.java
index a2650be4..b661922d 100644
--- a/src/main/java/com/gitblit/utils/X509Utils.java
+++ b/src/main/java/com/gitblit/utils/X509Utils.java
@@ -743,6 +743,25 @@ public class X509Utils {
*/
public static File newClientBundle(X509Metadata clientMetadata, File caKeystoreFile,
String caKeystorePassword, X509Log x509log) {
+ return newClientBundle(null,clientMetadata,caKeystoreFile,caKeystorePassword,x509log);
+ }
+
+ /**
+ * Creates a new client certificate PKCS#12 and PEM store. Any existing
+ * stores are destroyed. After generation, the certificates are bundled
+ * into a zip file with a personalized README file.
+ *
+ * The zip file reference is returned.
+ *
+ * @param user
+ * @param clientMetadata a container for dynamic parameters needed for generation
+ * @param caKeystoreFile
+ * @param caKeystorePassword
+ * @param x509log
+ * @return a zip file containing the P12, PEM, and personalized README
+ */
+ public static File newClientBundle(com.gitblit.models.UserModel user,X509Metadata clientMetadata, File caKeystoreFile,
+ String caKeystorePassword, X509Log x509log) {
try {
// read the Gitblit CA key and certificate
KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
@@ -755,8 +774,17 @@ public class X509Utils {
x509log.log(MessageFormat.format("New client certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getSubjectDN().getName()));
// process template message
- String readme = processTemplate(new File(caKeystoreFile.getParentFile(), "instructions.tmpl"), clientMetadata);
-
+ String readme = null;
+ String sInstructionsFileName = "instructions.tmpl";
+ if( user == null )
+ readme = processTemplate(new File(caKeystoreFile.getParentFile(),sInstructionsFileName), clientMetadata);
+ else{
+ File fileInstructionsTmp = null;
+ if( (fileInstructionsTmp = new File(caKeystoreFile.getParentFile(),sInstructionsFileName+"_"+user.getPreferences().getLocale())).exists() )
+ readme = processTemplate(fileInstructionsTmp,clientMetadata);
+ else
+ readme = processTemplate(new File(caKeystoreFile.getParentFile(),sInstructionsFileName),clientMetadata);
+ }
// Create a zip bundle with the p12, pem, and a personalized readme
File zipFile = new File(targetFolder, clientMetadata.commonName + ".zip");
if (zipFile.exists()) {
diff --git a/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties b/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties
index b3cbef82..66101f4d 100644
--- a/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties
@@ -783,3 +783,4 @@ gb.deletePatchsetSuccess = Deleted Patchset {0}.
gb.deletePatchsetFailure = Error deleting Patchset {0}.
gb.referencedByCommit = Referenced by commit.
gb.referencedByTicket = Referenced by ticket.
+gb.emailClientCertificateSubject = Your Gitblit client certificate for {0}
diff --git a/src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties b/src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties
index bf2d2c32..157dd566 100644
--- a/src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties
@@ -781,3 +781,4 @@ gb.deletePatchsetSuccess = \u5df2\u522a\u9664 Patchset {0}.
gb.deletePatchsetFailure = \u522a\u9664 Patchset {0} \u932f\u8aa4.
gb.referencedByCommit = Referenced by commit.
gb.referencedByTicket = Referenced by ticket.
+gb.emailClientCertificateSubject = \u4F3A\u670D\u5668 {0} \u9023\u7DDA\u6191\u8B49