7 years ago · 370487036c
--- a/.classpath
+++ b/.classpath
@@ -49,7 +49,7 @@
 	<classpathentry kind="lib" path="ext/httpcore-4.3.3.jar" sourcepath="ext/src/httpcore-4.3.3.jar" />
 	<classpathentry kind="lib" path="ext/commons-logging-1.1.3.jar" sourcepath="ext/src/commons-logging-1.1.3.jar" />
 	<classpathentry kind="lib" path="ext/commons-codec-1.7.jar" sourcepath="ext/src/commons-codec-1.7.jar" />
 	<classpathentry kind="lib" path="ext/org.eclipse.jdt.annotation-1.1.0.jar" />
 	<classpathentry kind="lib" path="ext/org.eclipse.jdt.annotation-1.1.0.jar" sourcepath="ext/src/org.eclipse.jdt.annotation-1.1.0.jar" />
 	<classpathentry kind="lib" path="ext/org.eclipse.jgit.http.server-4.1.1.201511131810-r.jar" sourcepath="ext/src/org.eclipse.jgit.http.server-4.1.1.201511131810-r.jar" />
 	<classpathentry kind="lib" path="ext/bcprov-jdk15on-1.52.jar" sourcepath="ext/src/bcprov-jdk15on-1.52.jar" />
 	<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.52.jar" sourcepath="ext/src/bcmail-jdk15on-1.52.jar" />
@@ -94,10 +94,5 @@
 	<classpathentry kind="lib" path="ext/mockito-core-1.10.19.jar" sourcepath="ext/src/mockito-core-1.10.19.jar" />
 	<classpathentry kind="lib" path="ext/objenesis-2.1.jar" sourcepath="ext/src/objenesis-2.1.jar" />
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER" />
 	<classpathentry kind="src" path="src/main/dagger">
 		<attributes>
 			<attribute name="optional" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="output" path="bin/classes" />
 </classpath>
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -491,7 +491,9 @@
          <root url="jar://$MODULE_DIR$/ext/org.eclipse.jdt.annotation-1.1.0.jar!/" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />
        <SOURCES>
          <root url="jar://$MODULE_DIR$/ext/src/org.eclipse.jdt.annotation-1.1.0.jar!/" />
        </SOURCES>
      </library>
    </orderEntry>
    <orderEntry type="module-library">
--- a/src/main/distrib/data/certs/instructions.tmpl_zh_TW
+++ b/src/main/distrib/data/certs/instructions.tmpl_zh_TW
@@ -0,0 +1,111 @@
 ********************************************************************************
 Gitblit 伺服器 $serverHostname 所需之 SSL 用戶端憑證
 ********************************************************************************

 $userDisplayname 您好,

 伺服器 $serverHostname 所需要的私鑰,公鑰以及Gitblit簽證檔案(CA)存放於 $username.p12, PKCS#12 certificate store[1] 以及 $username.pem.

 兩種證書皆受密碼保護. 
 密碼提示: $storePasswordHint


 Git 憑證匯入步驟
 =============================================

 附件之 PEM 檔案可以直接匯入至您的git程式裡.
 
    git config [--global] http.sslCert path/to/$username.pem
    
 PEM檔案受密碼保護,因此匯入過程會提示多次.  如果您偏好不使用密碼,您需要另外匯出無密碼之私鑰後,再匯入git程式裡.
 
    openssl rsa -in path/to/$username.pem -out path/to/$username.key    
    git config [--global] http.sslKey path/to/$username.key

 此外,您應該妥善保管已經解除密碼保護之私鑰.
 
 註:
 如果沒有匯出私鑰, 有些早期git版本將會發生匯入失敗問題,例如:Ubuntu 12.04 with git 1.7.9.5.


 Firefox 憑證匯入步驟
 =============================================

 Firefox 有自己的證書管理介面.

 1. 點選 "選項->進階->憑證"
 2. 點選 "檢視憑證清單"
 3. 切換至 "您的憑證"
 4. 點選 "匯入(M)"
 5. 選擇電腦中的憑證檔案 $username.p12
 6. 輸入憑證檔案所需的密碼    
 7. 切換至"憑證機構"
 8. 找到 "Gitblit Certificate Authority" 憑證
 9. 點選"編輯信任(E)"
 10.選擇信任網站.


 Chrome/IE (Windows) 憑證匯入步驟
 =============================================

 在Windows作業系統下, Chrome 與 IE 共用相同的憑證設定.

 IE
 ------------------------------------
 1. 選擇 "網際網路選項->內容"
 2. 點選"憑證"

 Chrome
 ------------------------------------
 1. 選擇 "設定->顯示進階設定->HTTP/SSL"
 2. 點選"管理憑證"

 共同步驟 (Windows)
 ------------------------------------
 3. 切換至 "個人"
 4. 點選"匯入(I)" 
 5. 依照指示匯入.
    請切換匯入檔案類型為p12並且找到 $username.p12 這個憑證檔案
 6. 輸入憑證檔案保護密碼
 7. 由於主要發放憑證單位(CA)與個人憑證檔案皆儲存於 $username.p12, 因此匯入時候,必須選擇 "自動根據憑證類型來選擇憑證存放區".
    如果選擇預設值匯入, 將不會安裝主要發放憑證單位(CA)


 Chrome (Linux) Installation Instructions
 =============================================
 
 On Linux, Chrome maintains it's own certificate store.
 
 1. Navigate to Settings->Show Advanced Settings->HTTP/SSL
 2. Click the "Manage Certificates..." button
 3. Navigate your filesystem and select $username.p12
 4. At the password prompt enter the certificate store password
    You have now imported your private key, public certificate, and the CA certificate
    but now we must manually set the trust settings of the CA certificate.
 5. Switch to the "Authorities" tab
 6. Scroll down and find "Gitblit-> Gitblit Certificate Authority"
 7. Select it and click "Edit Trust..."
 8. Check "This certificate can identify websites" and click OK.


 Chrome/Safari (Mac OS X) Installation Instructions
 =============================================

 On Mac OS X, Chrome and Safari both use Keychain Access to store certificates
 so configuring one will automatically apply for both.

 1. Double-click $username.pem
 2. At the password prompt enter the certificate store password
    You have now imported your private key, public certificate, and the CA certificate
    but now we must manually set the trust settings of the CA certificate.
 3. Find the Gitblit Certificate Authority certificate, it should have a red
    indicator meaning untrusted, and double-click it.
 4. Open the "Trust" disclosure triangle and change "When using this certificate"
    to "Always Trust".
 5. Close the certificate view and enter your system password to save the changes
    to your keychain. 
  
    
 [1] PKCS#12 is one of the standard container formats for sharing private keys and
    public certificates.
 [2] http://www.openssl.org
--- a/src/main/distrib/data/certs/mail.tmpl_zh_TW
+++ b/src/main/distrib/data/certs/mail.tmpl_zh_TW
@@ -0,0 +1,5 @@
 $userDisplayname 您好

 伺服器 $serverHostname 所需要的私鑰,公鑰以及Gitblit簽證檔案(CA)已經全部打包並且以zip壓縮檔方式寄給您.

 此外,檔案還附上各瀏覽器設定步驟供您參考.
--- a/src/main/java/com/gitblit/authority/GitblitAuthority.java
+++ b/src/main/java/com/gitblit/authority/GitblitAuthority.java
@@ -49,6 +49,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.ResourceBundle;

 import javax.mail.Message;
 import javax.swing.ImageIcon;
@@ -98,6 +99,7 @@ import com.gitblit.utils.X509Utils;
 import com.gitblit.utils.X509Utils.RevocationReason;
 import com.gitblit.utils.X509Utils.X509Log;
 import com.gitblit.utils.X509Utils.X509Metadata;
 import com.gitblit.wicket.GitBlitWebSession;

 /**
 * Simple GUI tool for administering Gitblit client certificates.
@@ -447,7 +449,7 @@ public class GitblitAuthority extends JFrame implements X509Log {
 				}

 				File caKeystoreFile = new File(folder, X509Utils.CA_KEY_STORE);
 				File zip = X509Utils.newClientBundle(metadata, caKeystoreFile, caKeystorePassword, GitblitAuthority.this);
 				File zip = X509Utils.newClientBundle(user,metadata, caKeystoreFile, caKeystorePassword, GitblitAuthority.this);

 				// save latest expiration date
 				if (ucm.expires == null || metadata.notAfter.before(ucm.expires)) {
@@ -850,9 +852,16 @@ public class GitblitAuthority extends JFrame implements X509Log {
 		try {
 			if (mail.isReady()) {
 				Mailing mailing = Mailing.newPlain();
 				mailing.subject = "Your Gitblit client certificate for " + metadata.serverHostname;
 				mailing.subject = MessageFormat.format(ResourceBundle.getBundle("com.gitblit.wicket.GitBlitWebApp",user.getPreferences().getLocale()).getString("gb.emailClientCertificateSubject"), metadata.serverHostname);
 				mailing.setRecipients(user.emailAddress);
 				String body = X509Utils.processTemplate(new File(folder, X509Utils.CERTS + File.separator + "mail.tmpl"), metadata);
 				File fileMailTmp = null;
 				String body = null;
 				if( (fileMailTmp = new File(folder, X509Utils.CERTS + File.separator +  "mail.tmpl"+"_"+user.getPreferences().getLocale())).exists())
 				  body = X509Utils.processTemplate(fileMailTmp, metadata);
 				else{
 				  fileMailTmp = new File(folder, X509Utils.CERTS + File.separator +  "mail.tmpl");
 				  body = X509Utils.processTemplate(fileMailTmp, metadata);
 				}  
 				if (StringUtils.isEmpty(body)) {
 					body = MessageFormat.format("Hi {0}\n\nHere is your client certificate bundle.\nInside the zip file are installation instructions.", user.getDisplayName());
 				}
--- a/src/main/java/com/gitblit/utils/X509Utils.java
+++ b/src/main/java/com/gitblit/utils/X509Utils.java
@@ -743,6 +743,25 @@ public class X509Utils {
 	 */
 	public static File newClientBundle(X509Metadata clientMetadata, File caKeystoreFile,
 			String caKeystorePassword, X509Log x509log) {
 		return newClientBundle(null,clientMetadata,caKeystoreFile,caKeystorePassword,x509log);
 	}

 	/**
 	 * Creates a new client certificate PKCS#12 and PEM store.  Any existing
 	 * stores are destroyed.  After generation, the certificates are bundled
 	 * into a zip file with a personalized README file.
 	 *
 	 * The zip file reference is returned.
 	 *
 	 * @param user 
 	 * @param clientMetadata a container for dynamic parameters needed for generation
 	 * @param caKeystoreFile
 	 * @param caKeystorePassword
 	 * @param x509log
 	 * @return a zip file containing the P12, PEM, and personalized README
 	 */
 	public static File newClientBundle(com.gitblit.models.UserModel user,X509Metadata clientMetadata, File caKeystoreFile,
 				String caKeystorePassword, X509Log x509log) {		
 		try {
 			// read the Gitblit CA key and certificate
 			KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
@@ -755,8 +774,17 @@ public class X509Utils {
 	        x509log.log(MessageFormat.format("New client certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getSubjectDN().getName()));

 	        // process template message
 	        String readme = processTemplate(new File(caKeystoreFile.getParentFile(), "instructions.tmpl"), clientMetadata);

 	        String readme = null;
 	        String sInstructionsFileName = "instructions.tmpl";
 	        if( user == null )
 	        	readme = processTemplate(new File(caKeystoreFile.getParentFile(),sInstructionsFileName), clientMetadata);
 	        else{
 	        	File fileInstructionsTmp = null;
 	        	if( (fileInstructionsTmp = new File(caKeystoreFile.getParentFile(),sInstructionsFileName+"_"+user.getPreferences().getLocale())).exists() )
 	        		readme = processTemplate(fileInstructionsTmp,clientMetadata);
 	        	else
 	        		readme = processTemplate(new File(caKeystoreFile.getParentFile(),sInstructionsFileName),clientMetadata);
 	        }
 	        // Create a zip bundle with the p12, pem, and a personalized readme
 	        File zipFile = new File(targetFolder, clientMetadata.commonName + ".zip");
 	        if (zipFile.exists()) {
--- a/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties
@@ -783,3 +783,4 @@ gb.deletePatchsetSuccess = Deleted Patchset {0}.
 gb.deletePatchsetFailure = Error deleting Patchset {0}.
 gb.referencedByCommit = Referenced by commit.
 gb.referencedByTicket = Referenced by ticket.
 gb.emailClientCertificateSubject = Your Gitblit client certificate for {0}
--- a/src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp_zh_TW.properties
@@ -781,3 +781,4 @@ gb.deletePatchsetSuccess = \u5df2\u522a\u9664 Patchset {0}.
 gb.deletePatchsetFailure = \u522a\u9664 Patchset {0} \u932f\u8aa4.
 gb.referencedByCommit = Referenced by commit.
 gb.referencedByTicket = Referenced by ticket.
 gb.emailClientCertificateSubject = \u4F3A\u670D\u5668 {0} \u9023\u7DDA\u6191\u8B49