Merge "Support for self signed certificate (HTTPS)"

org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

@@ -66,6 +66,10 @@ import java.net.MalformedURLException;
 import java.net.Proxy;
 import java.net.ProxySelector;
 import java.net.URL;
+import java.net.URLConnection;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -75,12 +79,18 @@ import java.util.TreeMap;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
 
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 import org.eclipse.jgit.JGitText;
 import org.eclipse.jgit.errors.NoRemoteRepositoryException;
 import org.eclipse.jgit.errors.NotSupportedException;
 import org.eclipse.jgit.errors.PackProtocolException;
 import org.eclipse.jgit.errors.TransportException;
 import org.eclipse.jgit.lib.Config;
+import org.eclipse.jgit.lib.Config.SectionParser;
 import org.eclipse.jgit.lib.Constants;
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.ObjectIdRef;
@@ -88,7 +98,6 @@ import org.eclipse.jgit.lib.ProgressMonitor;
 import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.lib.SymbolicRef;
-import org.eclipse.jgit.lib.Config.SectionParser;
 import org.eclipse.jgit.storage.file.RefDirectory;
 import org.eclipse.jgit.util.HttpSupport;
 import org.eclipse.jgit.util.IO;
@@ -148,8 +157,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
 	private static class HttpConfig {
 		final int postBuffer;
 
+		final boolean sslVerify;
+
 		HttpConfig(final Config rc) {
 			postBuffer = rc.getInt("http", "postbuffer", 1 * 1024 * 1024); //$NON-NLS-1$  //$NON-NLS-2$
+			sslVerify = rc.getBoolean("http", "sslVerify", true);
 		}
 	}
 
@@ -401,6 +413,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
 	final HttpURLConnection httpOpen(String method, URL u) throws IOException {
 		final Proxy proxy = HttpSupport.proxyFor(proxySelector, u);
 		HttpURLConnection conn = (HttpURLConnection) u.openConnection(proxy);
+
+		if (!http.sslVerify && "https".equals(u.getProtocol())) {
+			disableSslVerify(conn);
+		}
+
 		conn.setRequestMethod(method);
 		conn.setUseCaches(false);
 		conn.setRequestProperty(HDR_ACCEPT_ENCODING, ENCODING_GZIP);
@@ -412,6 +429,21 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
 		return conn;
 	}
 
+	private void disableSslVerify(URLConnection conn)
+			throws IOException {
+		final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() };
+		try {
+			SSLContext ctx = SSLContext.getInstance("SSL");
+			ctx.init(null, trustAllCerts, null);
+			final HttpsURLConnection sslConn = (HttpsURLConnection) conn;
+			sslConn.setSSLSocketFactory(ctx.getSocketFactory());
+		} catch (KeyManagementException e) {
+			throw new IOException(e);
+		} catch (NoSuchAlgorithmException e) {
+			throw new IOException(e);
+		}
+	}
+
 	final InputStream openInputStream(HttpURLConnection conn)
 			throws IOException {
 		InputStream input = conn.getInputStream();
@@ -779,4 +811,18 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
 			}
 		}
 	}
+
+	private static class DummyX509TrustManager implements X509TrustManager {
+		public X509Certificate[] getAcceptedIssuers() {
+			return null;
+		}
+
+		public void checkClientTrusted(X509Certificate[] certs, String authType) {
+			// no check
+		}
+
+		public void checkServerTrusted(X509Certificate[] certs, String authType) {
+			// no check
+		}
+	}
 }