| /* |
| * Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Distribution License v. 1.0 which is available at |
| * https://www.eclipse.org/org/documents/edl-v10.php. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| package org.eclipse.jgit.transport.http; |
| |
| import java.io.IOException; |
| import java.net.Proxy; |
| import java.net.URL; |
| import java.security.GeneralSecurityException; |
| import java.text.MessageFormat; |
| |
| import javax.net.ssl.HttpsURLConnection; |
| import javax.net.ssl.SSLContext; |
| import javax.net.ssl.SSLSocket; |
| import javax.net.ssl.SSLSocketFactory; |
| import javax.net.ssl.TrustManager; |
| |
| import org.eclipse.jgit.internal.JGitText; |
| import org.eclipse.jgit.internal.transport.http.DelegatingSSLSocketFactory; |
| import org.eclipse.jgit.util.HttpSupport; |
| |
| /** |
| * A factory returning instances of |
| * {@link org.eclipse.jgit.transport.http.JDKHttpConnection} |
| * |
| * @since 3.3 |
| */ |
| public class JDKHttpConnectionFactory implements HttpConnectionFactory2 { |
| |
| @Override |
| public HttpConnection create(URL url) throws IOException { |
| return new JDKHttpConnection(url); |
| } |
| |
| @Override |
| public HttpConnection create(URL url, Proxy proxy) |
| throws IOException { |
| return new JDKHttpConnection(url, proxy); |
| } |
| |
| @Override |
| public GitSession newSession() { |
| return new JdkConnectionSession(); |
| } |
| |
| private static class JdkConnectionSession implements GitSession { |
| |
| private SSLContext securityContext; |
| |
| private SSLSocketFactory socketFactory; |
| |
| @Override |
| public JDKHttpConnection configure(HttpConnection connection, |
| boolean sslVerify) throws GeneralSecurityException { |
| if (!(connection instanceof JDKHttpConnection)) { |
| throw new IllegalArgumentException(MessageFormat.format( |
| JGitText.get().httpWrongConnectionType, |
| JDKHttpConnection.class.getName(), |
| connection.getClass().getName())); |
| } |
| JDKHttpConnection conn = (JDKHttpConnection) connection; |
| String scheme = conn.getURL().getProtocol(); |
| if (!"https".equals(scheme) || sslVerify) { //$NON-NLS-1$ |
| // sslVerify == true: use the JDK defaults |
| return conn; |
| } |
| if (securityContext == null) { |
| securityContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$ |
| TrustManager[] trustAllCerts = { |
| new NoCheckX509TrustManager() }; |
| securityContext.init(null, trustAllCerts, null); |
| socketFactory = new DelegatingSSLSocketFactory( |
| securityContext.getSocketFactory()) { |
| |
| @Override |
| protected void configure(SSLSocket socket) { |
| HttpSupport.configureTLS(socket); |
| } |
| }; |
| } |
| conn.setHostnameVerifier((name, session) -> true); |
| ((HttpsURLConnection) conn.wrappedUrlConnection) |
| .setSSLSocketFactory(socketFactory); |
| return conn; |
| } |
| |
| @Override |
| public void close() { |
| securityContext = null; |
| socketFactory = null; |
| } |
| } |
| |
| } |