org.eclipse.jgit/src/org/eclipse/jgit/transport/http/JDKHttpConnectionFactory.java - jgit - Git at Google

 /*
  * Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
  * https://www.eclipse.org/org/documents/edl-v10.php.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 package org.eclipse.jgit.transport.http;

 import java.io.IOException;
 import java.net.Proxy;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.text.MessageFormat;

 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;

 import org.eclipse.jgit.internal.JGitText;
 import org.eclipse.jgit.internal.transport.http.DelegatingSSLSocketFactory;
 import org.eclipse.jgit.util.HttpSupport;

 /**
  * A factory returning instances of
  * {@link org.eclipse.jgit.transport.http.JDKHttpConnection}
  *
  * @since 3.3
  */
 public class JDKHttpConnectionFactory implements HttpConnectionFactory2 {

 	@Override
 	public HttpConnection create(URL url) throws IOException {
 		return new JDKHttpConnection(url);
 	}

 	@Override
 	public HttpConnection create(URL url, Proxy proxy)
 			throws IOException {
 		return new JDKHttpConnection(url, proxy);
 	}

 	@Override
 	public GitSession newSession() {
 		return new JdkConnectionSession();
 	}

 	private static class JdkConnectionSession implements GitSession {

 		private SSLContext securityContext;

 		private SSLSocketFactory socketFactory;

 		@Override
 		public JDKHttpConnection configure(HttpConnection connection,
 				boolean sslVerify) throws GeneralSecurityException {
 			if (!(connection instanceof JDKHttpConnection)) {
 				throw new IllegalArgumentException(MessageFormat.format(
 						JGitText.get().httpWrongConnectionType,
 						JDKHttpConnection.class.getName(),
 						connection.getClass().getName()));
 			}
 			JDKHttpConnection conn = (JDKHttpConnection) connection;
 			String scheme = conn.getURL().getProtocol();
 			if (!"https".equals(scheme) || sslVerify) { //$NON-NLS-1$
 				// sslVerify == true: use the JDK defaults
 				return conn;
 			}
 			if (securityContext == null) {
 				securityContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$
 				TrustManager[] trustAllCerts = {
 						new NoCheckX509TrustManager() };
 				securityContext.init(null, trustAllCerts, null);
 				socketFactory = new DelegatingSSLSocketFactory(
 						securityContext.getSocketFactory()) {

 					@Override
 					protected void configure(SSLSocket socket) {
 						HttpSupport.configureTLS(socket);
 					}
 				};
 			}
 			conn.setHostnameVerifier((name, session) -> true);
 			((HttpsURLConnection) conn.wrappedUrlConnection)
 					.setSSLSocketFactory(socketFactory);
 			return conn;
 		}

 		@Override
 		public void close() {
 			securityContext = null;
 			socketFactory = null;
 		}
 	}

 }
	/*
	* Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others
	*
	* This program and the accompanying materials are made available under the
	* terms of the Eclipse Distribution License v. 1.0 which is available at
	* https://www.eclipse.org/org/documents/edl-v10.php.
	*
	* SPDX-License-Identifier: BSD-3-Clause
	*/
	package org.eclipse.jgit.transport.http;

	import java.io.IOException;
	import java.net.Proxy;
	import java.net.URL;
	import java.security.GeneralSecurityException;
	import java.text.MessageFormat;

	import javax.net.ssl.HttpsURLConnection;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLSocket;
	import javax.net.ssl.SSLSocketFactory;
	import javax.net.ssl.TrustManager;

	import org.eclipse.jgit.internal.JGitText;
	import org.eclipse.jgit.internal.transport.http.DelegatingSSLSocketFactory;
	import org.eclipse.jgit.util.HttpSupport;

	/**
	* A factory returning instances of
	* {@link org.eclipse.jgit.transport.http.JDKHttpConnection}
	*
	* @since 3.3
	*/
	public class JDKHttpConnectionFactory implements HttpConnectionFactory2 {

	@Override
	public HttpConnection create(URL url) throws IOException {
	return new JDKHttpConnection(url);
	}

	@Override
	public HttpConnection create(URL url, Proxy proxy)
	throws IOException {
	return new JDKHttpConnection(url, proxy);
	}

	@Override
	public GitSession newSession() {
	return new JdkConnectionSession();
	}

	private static class JdkConnectionSession implements GitSession {

	private SSLContext securityContext;

	private SSLSocketFactory socketFactory;

	@Override
	public JDKHttpConnection configure(HttpConnection connection,
	boolean sslVerify) throws GeneralSecurityException {
	if (!(connection instanceof JDKHttpConnection)) {
	throw new IllegalArgumentException(MessageFormat.format(
	JGitText.get().httpWrongConnectionType,
	JDKHttpConnection.class.getName(),
	connection.getClass().getName()));
	}
	JDKHttpConnection conn = (JDKHttpConnection) connection;
	String scheme = conn.getURL().getProtocol();
	if (!"https".equals(scheme) \|\| sslVerify) { //$NON-NLS-1$
	// sslVerify == true: use the JDK defaults
	return conn;
	}
	if (securityContext == null) {
	securityContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$
	TrustManager[] trustAllCerts = {
	new NoCheckX509TrustManager() };
	securityContext.init(null, trustAllCerts, null);
	socketFactory = new DelegatingSSLSocketFactory(
	securityContext.getSocketFactory()) {

	@Override
	protected void configure(SSLSocket socket) {
	HttpSupport.configureTLS(socket);
	}
	};
	}
	conn.setHostnameVerifier((name, session) -> true);
	((HttpsURLConnection) conn.wrappedUrlConnection)
	.setSSLSocketFactory(socketFactory);
	return conn;
	}

	@Override
	public void close() {
	securityContext = null;
	socketFactory = null;
	}
	}

	}