Browse Source

Merge "Support for self signed certificate (HTTPS)"

stable-0.11
Shawn Pearce 14 years ago committed by Code Review
parent
commit
cc983454c0
  1. 48
      org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

48
org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

@ -66,6 +66,10 @@ import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
@ -75,12 +79,18 @@ import java.util.TreeMap;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jgit.JGitText;
import org.eclipse.jgit.errors.NoRemoteRepositoryException;
import org.eclipse.jgit.errors.NotSupportedException;
import org.eclipse.jgit.errors.PackProtocolException;
import org.eclipse.jgit.errors.TransportException;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.Config.SectionParser;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectIdRef;
@ -88,7 +98,6 @@ import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.SymbolicRef;
import org.eclipse.jgit.lib.Config.SectionParser;
import org.eclipse.jgit.storage.file.RefDirectory;
import org.eclipse.jgit.util.HttpSupport;
import org.eclipse.jgit.util.IO;
@ -148,8 +157,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
private static class HttpConfig {
final int postBuffer;
final boolean sslVerify;
HttpConfig(final Config rc) {
postBuffer = rc.getInt("http", "postbuffer", 1 * 1024 * 1024); //$NON-NLS-1$ //$NON-NLS-2$
sslVerify = rc.getBoolean("http", "sslVerify", true);
}
}
@ -401,6 +413,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
final HttpURLConnection httpOpen(String method, URL u) throws IOException {
final Proxy proxy = HttpSupport.proxyFor(proxySelector, u);
HttpURLConnection conn = (HttpURLConnection) u.openConnection(proxy);
if (!http.sslVerify && "https".equals(u.getProtocol())) {
disableSslVerify(conn);
}
conn.setRequestMethod(method);
conn.setUseCaches(false);
conn.setRequestProperty(HDR_ACCEPT_ENCODING, ENCODING_GZIP);
@ -412,6 +429,21 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
return conn;
}
private void disableSslVerify(URLConnection conn)
throws IOException {
final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() };
try {
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, trustAllCerts, null);
final HttpsURLConnection sslConn = (HttpsURLConnection) conn;
sslConn.setSSLSocketFactory(ctx.getSocketFactory());
} catch (KeyManagementException e) {
throw new IOException(e);
} catch (NoSuchAlgorithmException e) {
throw new IOException(e);
}
}
final InputStream openInputStream(HttpURLConnection conn)
throws IOException {
InputStream input = conn.getInputStream();
@ -779,4 +811,18 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
}
}
}
private static class DummyX509TrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
// no check
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
// no check
}
}
}

Loading…
Cancel
Save