@ -66,6 +66,10 @@ import java.net.MalformedURLException;
import java.net.Proxy ;
import java.net.ProxySelector ;
import java.net.URL ;
import java.net.URLConnection ;
import java.security.KeyManagementException ;
import java.security.NoSuchAlgorithmException ;
import java.security.cert.X509Certificate ;
import java.text.MessageFormat ;
import java.util.ArrayList ;
import java.util.Collection ;
@ -75,12 +79,18 @@ import java.util.TreeMap;
import java.util.zip.GZIPInputStream ;
import java.util.zip.GZIPOutputStream ;
import javax.net.ssl.HttpsURLConnection ;
import javax.net.ssl.SSLContext ;
import javax.net.ssl.TrustManager ;
import javax.net.ssl.X509TrustManager ;
import org.eclipse.jgit.JGitText ;
import org.eclipse.jgit.errors.NoRemoteRepositoryException ;
import org.eclipse.jgit.errors.NotSupportedException ;
import org.eclipse.jgit.errors.PackProtocolException ;
import org.eclipse.jgit.errors.TransportException ;
import org.eclipse.jgit.lib.Config ;
import org.eclipse.jgit.lib.Config.SectionParser ;
import org.eclipse.jgit.lib.Constants ;
import org.eclipse.jgit.lib.ObjectId ;
import org.eclipse.jgit.lib.ObjectIdRef ;
@ -88,7 +98,6 @@ import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref ;
import org.eclipse.jgit.lib.Repository ;
import org.eclipse.jgit.lib.SymbolicRef ;
import org.eclipse.jgit.lib.Config.SectionParser ;
import org.eclipse.jgit.storage.file.RefDirectory ;
import org.eclipse.jgit.util.HttpSupport ;
import org.eclipse.jgit.util.IO ;
@ -148,8 +157,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
private static class HttpConfig {
final int postBuffer ;
final boolean sslVerify ;
HttpConfig ( final Config rc ) {
postBuffer = rc . getInt ( "http" , "postbuffer" , 1 * 1024 * 1024 ) ; //$NON-NLS-1$ //$NON-NLS-2$
sslVerify = rc . getBoolean ( "http" , "sslVerify" , true ) ;
}
}
@ -401,6 +413,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
final HttpURLConnection httpOpen ( String method , URL u ) throws IOException {
final Proxy proxy = HttpSupport . proxyFor ( proxySelector , u ) ;
HttpURLConnection conn = ( HttpURLConnection ) u . openConnection ( proxy ) ;
if ( ! http . sslVerify & & "https" . equals ( u . getProtocol ( ) ) ) {
disableSslVerify ( conn ) ;
}
conn . setRequestMethod ( method ) ;
conn . setUseCaches ( false ) ;
conn . setRequestProperty ( HDR_ACCEPT_ENCODING , ENCODING_GZIP ) ;
@ -412,6 +429,21 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
return conn ;
}
private void disableSslVerify ( URLConnection conn )
throws IOException {
final TrustManager [ ] trustAllCerts = new TrustManager [ ] { new DummyX509TrustManager ( ) } ;
try {
SSLContext ctx = SSLContext . getInstance ( "SSL" ) ;
ctx . init ( null , trustAllCerts , null ) ;
final HttpsURLConnection sslConn = ( HttpsURLConnection ) conn ;
sslConn . setSSLSocketFactory ( ctx . getSocketFactory ( ) ) ;
} catch ( KeyManagementException e ) {
throw new IOException ( e ) ;
} catch ( NoSuchAlgorithmException e ) {
throw new IOException ( e ) ;
}
}
final InputStream openInputStream ( HttpURLConnection conn )
throws IOException {
InputStream input = conn . getInputStream ( ) ;
@ -779,4 +811,18 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
}
}
}
private static class DummyX509TrustManager implements X509TrustManager {
public X509Certificate [ ] getAcceptedIssuers ( ) {
return null ;
}
public void checkClientTrusted ( X509Certificate [ ] certs , String authType ) {
// no check
}
public void checkServerTrusted ( X509Certificate [ ] certs , String authType ) {
// no check
}
}
}
Per Salomonsson
14 years ago
committed by
Matthias Sohn