From d63157b22bb8a7294080be29ca0fca8ecda96db9 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 05 Dec 2012 17:36:16 -0500
Subject: [PATCH] Checkbox to automatically set the new ssl certificate alias

---
 src/com/gitblit/GitBlitServer.java |   40 ++++++++++++++++++++++++++++++++++++----
 1 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/GitBlitServer.java b/src/com/gitblit/GitBlitServer.java
index 52afb54..5eaa4c9 100644
--- a/src/com/gitblit/GitBlitServer.java
+++ b/src/com/gitblit/GitBlitServer.java
@@ -16,7 +16,9 @@
 package com.gitblit;
 
 import java.io.BufferedReader;
+import java.io.BufferedWriter;
 import java.io.File;
+import java.io.FileWriter;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
@@ -55,10 +57,12 @@
 import com.beust.jcommander.Parameter;
 import com.beust.jcommander.ParameterException;
 import com.beust.jcommander.Parameters;
+import com.gitblit.authority.GitblitAuthority;
 import com.gitblit.authority.NewCertificateConfig;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.utils.TimeUtils;
 import com.gitblit.utils.X509Utils;
+import com.gitblit.utils.X509Utils.X509Log;
 import com.gitblit.utils.X509Utils.X509Metadata;
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
@@ -194,7 +198,7 @@
 
 		// conditionally configure the https connector
 		if (params.securePort > 0) {
-			File folder = new File(System.getProperty("user.dir"));
+			final File folder = new File(System.getProperty("user.dir"));
 			File certificatesConf = new File(folder, X509Utils.CA_CONFIG);
 			File serverKeyStore = new File(folder, X509Utils.SERVER_KEY_STORE);
 			File serverTrustStore = new File(folder, X509Utils.SERVER_TRUST_STORE);
@@ -215,10 +219,30 @@
 			}
 			
 			metadata.notAfter = new Date(System.currentTimeMillis() + 10*TimeUtils.ONEYEAR);
-			X509Utils.prepareX509Infrastructure(metadata, folder);
+			X509Utils.prepareX509Infrastructure(metadata, folder, new X509Log() {
+				@Override
+				public void log(String message) {
+					BufferedWriter writer = null;
+					try {
+						writer = new BufferedWriter(new FileWriter(new File(folder, X509Utils.CERTS + File.separator + "log.txt"), true));
+						writer.write(MessageFormat.format("{0,date,yyyy-MM-dd HH:mm}: {1}", new Date(), message));
+						writer.newLine();
+						writer.flush();
+					} catch (Exception e) {
+						LoggerFactory.getLogger(GitblitAuthority.class).error("Failed to append log entry!", e);
+					} finally {
+						if (writer != null) {
+							try {
+								writer.close();
+							} catch (IOException e) {
+							}
+						}
+					}
+				}
+			});
 
 			if (serverKeyStore.exists()) {		        
-				Connector secureConnector = createSSLConnector(serverKeyStore, serverTrustStore, params.storePassword,
+				Connector secureConnector = createSSLConnector(params.alias, serverKeyStore, serverTrustStore, params.storePassword,
 						caRevocationList, params.useNIO, params.securePort, params.requireClientCertificates);
 				String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);
 				if (!StringUtils.isEmpty(bindInterface)) {
@@ -389,6 +413,7 @@
 	 * SSL renegotiation will be enabled if the JVM is 1.6.0_22 or later.
 	 * oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
 	 * 
+	 * @param certAlias
 	 * @param keyStore
 	 * @param clientTrustStore
 	 * @param storePassword
@@ -398,7 +423,7 @@
 	 * @param requireClientCertificates
 	 * @return an https connector
 	 */
-	private static Connector createSSLConnector(File keyStore, File clientTrustStore,
+	private static Connector createSSLConnector(String certAlias, File keyStore, File clientTrustStore,
 			String storePassword, File caRevocationList, boolean useNIO, int port, 
 			boolean requireClientCertificates) {
 		SslContextFactory sslContext = new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH);
@@ -442,6 +467,10 @@
 		sslContext.setTrustStore(clientTrustStore.getAbsolutePath());
 		sslContext.setTrustStorePassword(storePassword);
 		sslContext.setCrlPath(caRevocationList.getAbsolutePath());
+		if (!StringUtils.isEmpty(certAlias)) {
+			logger.info("   certificate alias = " + certAlias);
+			sslContext.setCertAlias(certAlias);
+		}
 		connector.setPort(port);
 		connector.setMaxIdleTime(30000);
 		return connector;
@@ -572,6 +601,9 @@
 		@Parameter(names = "--ajpPort", description = "AJP port to serve.  (port <= 0 will disable this connector)")
 		public Integer ajpPort = FILESETTINGS.getInteger(Keys.server.ajpPort, 0);
 
+		@Parameter(names = "--alias", description = "Alias of SSL certificate in keystore for serving https.")
+		public String alias = FILESETTINGS.getString(Keys.server.certificateAlias, "");
+
 		@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")
 		public String storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");
 

--
Gitblit v1.9.1