diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/gitblit/build/Build.java | 30 | ||||
| -rw-r--r-- | src/com/gitblit/utils/X509Utils.java | 56 |
2 files changed, 86 insertions, 0 deletions
diff --git a/src/com/gitblit/build/Build.java b/src/com/gitblit/build/Build.java index c74c6cb7..4c5fa195 100644 --- a/src/com/gitblit/build/Build.java +++ b/src/com/gitblit/build/Build.java @@ -69,6 +69,11 @@ public class Build { runtime();
compiletime();
buildSettingKeys();
+ delete(
+ "bcmail-jdk16-1.46.jar",
+ "bcprov-jdk16-1.46.jar",
+ "src/bcmail-jdk16-1.46-sources.jar",
+ "src/bcprov-jdk16-1.46-sources.jar");
}
public static void runtime() {
@@ -145,6 +150,15 @@ public class Build { // needed for site publishing
downloadFromApache(MavenObject.COMMONSNET, BuildType.RUNTIME);
}
+
+ private static void delete(String... files) {
+ for (String name : files) {
+ File file = new File("ext", name);
+ if (file.exists()) {
+ file.delete();
+ }
+ }
+ }
public static void federationClient() {
downloadFromApache(MavenObject.JCOMMANDER, BuildType.RUNTIME);
@@ -173,6 +187,22 @@ public class Build { downloadFromEclipse(MavenObject.JGIT, BuildType.RUNTIME);
}
+
+ public static void authority(DownloadListener listener) {
+ downloadListener = listener;
+ downloadFromApache(MavenObject.JCOMMANDER, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.JSCH, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.SLF4JAPI, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.SLF4LOG4J, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.LOG4J, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.BOUNCYCASTLE, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.BOUNCYCASTLE_MAIL, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.BOUNCYCASTLE_PKIX, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.JCALENDAR, BuildType.RUNTIME);
+ downloadFromApache(MavenObject.MAIL, BuildType.RUNTIME);
+
+ downloadFromEclipse(MavenObject.JGIT, BuildType.RUNTIME);
+ }
/**
* Builds the Keys class based on the gitblit.properties file and inserts
diff --git a/src/com/gitblit/utils/X509Utils.java b/src/com/gitblit/utils/X509Utils.java index e6ffec1a..e27d7bc8 100644 --- a/src/com/gitblit/utils/X509Utils.java +++ b/src/com/gitblit/utils/X509Utils.java @@ -232,6 +232,13 @@ public class X509Utils { saveCertificate(caCert, new File(caKeyStore.getParentFile(), "ca.cer"));
}
+ // Gitblit CRL
+ File caRevocationList = new File(folder, CA_REVOCATION_LIST);
+ if (!caRevocationList.exists()) {
+ logger.info(MessageFormat.format("Generating {0} CRL ({1})", CA_CN, caRevocationList.getAbsolutePath()));
+ newCertificateRevocationList(caRevocationList, caKeyStore, metadata.password);
+ }
+
// rename the old keystore to the new name
File oldKeyStore = new File(folder, "keystore");
if (oldKeyStore.exists()) {
@@ -602,6 +609,55 @@ public class X509Utils { }
/**
+ * Creates a new certificate revocation list (CRL). This function will
+ * destroy any existing CRL file.
+ *
+ * @param caRevocationList
+ * @param storeFile
+ * @param keystorePassword
+ * @return
+ */
+ public static void newCertificateRevocationList(File caRevocationList, File caKeystoreFile, String caKeystorePassword) {
+ try {
+ // read the Gitblit CA key and certificate
+ KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
+ PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_FN, caKeystorePassword.toCharArray());
+ X509Certificate caCert = (X509Certificate) store.getCertificate(CA_FN);
+
+ X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
+ X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());
+
+ // build and sign CRL with CA private key
+ ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPrivateKey);
+ X509CRLHolder crl = crlBuilder.build(signer);
+
+ File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
+ FileOutputStream fos = null;
+ try {
+ fos = new FileOutputStream(tmpFile);
+ fos.write(crl.getEncoded());
+ fos.flush();
+ fos.close();
+ if (caRevocationList.exists()) {
+ caRevocationList.delete();
+ }
+ tmpFile.renameTo(caRevocationList);
+
+ log(caRevocationList.getParentFile(), "new certificate revocation list created");
+ } finally {
+ if (fos != null) {
+ fos.close();
+ }
+ if (tmpFile.exists()) {
+ tmpFile.delete();
+ }
+ }
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to create new certificate revocation list " + caRevocationList, e);
+ }
+ }
+
+ /**
* Imports a certificate into the trust store.
*
* @param alias
|