mirrors
/
jgit
镜像自地址 https://github.com/eclipse/jgit.git
关注 1
点赞 0
派生 0
代码 工单 0 版本发布 204 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
8179 提交
49 分支
目录树: 471ad49546
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '471ad49546'
${ noResults }
jgit/org.eclipse.jgit.http.apache/src/org/eclipse/jgit/transport/http/apache/HttpClientConnectionFactory...

HttpClientConnectionFactory.java 3.2KB
原始文件 普通视图 文件历史

Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
TransportHttp: shared SSLContext during fetch or push TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 年前
Add an implementation for HttpConnection using Apache HttpClient This change implements the http connection abstraction with the help of org.apache.http.client.HttpClient. The default implementation used by JGit is still the JDK HttpURLConnection. But now JGit users have the possibility to switch completely to org.apache.httpclient. The reason for this is that in certain (e.g. cloud) environments you are forced to use the org.apache classes. Change-Id: I0b357f23243ed13a014c79ba179fa327dfe318b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 年前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. /*

  2.  * Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.transport.http.apache;

  11. 

  12. import java.io.IOException;

  13. import java.net.Proxy;

  14. import java.net.URL;

  15. import java.security.GeneralSecurityException;

  16. import java.text.MessageFormat;

  17. 

  18. import javax.net.ssl.HostnameVerifier;

  19. import javax.net.ssl.SSLContext;

  20. import javax.net.ssl.SSLSocket;

  21. import javax.net.ssl.TrustManager;

  22. 

  23. import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

  24. import org.eclipse.jgit.transport.http.HttpConnection;

  25. import org.eclipse.jgit.transport.http.HttpConnectionFactory2;

  26. import org.eclipse.jgit.transport.http.NoCheckX509TrustManager;

  27. import org.eclipse.jgit.transport.http.apache.internal.HttpApacheText;

  28. import org.eclipse.jgit.util.HttpSupport;

  29. 

  30. /**

  31.  * A factory returning instances of {@link HttpClientConnection}.

  32.  *

  33.  * @since 3.3

  34.  */

  35. public class HttpClientConnectionFactory implements HttpConnectionFactory2 {

  36. 

  37. 	@Override

  38. 	public HttpConnection create(URL url) throws IOException {

  39. 		return new HttpClientConnection(url.toString());

  40. 	}

  41. 

  42. 	@Override

  43. 	public HttpConnection create(URL url, Proxy proxy) throws IOException {

  44. 		return new HttpClientConnection(url.toString(), proxy);

  45. 	}

  46. 

  47. 	@Override

  48. 	public GitSession newSession() {

  49. 		return new HttpClientSession();

  50. 	}

  51. 

  52. 	private static class HttpClientSession implements GitSession {

  53. 

  54. 		private SSLContext securityContext;

  55. 

  56. 		private SSLConnectionSocketFactory socketFactory;

  57. 

  58. 		private boolean isDefault;

  59. 

  60. 		@Override

  61. 		public HttpClientConnection configure(HttpConnection connection,

  62. 				boolean sslVerify)

  63. 				throws IOException, GeneralSecurityException {

  64. 			if (!(connection instanceof HttpClientConnection)) {

  65. 				throw new IllegalArgumentException(MessageFormat.format(

  66. 						HttpApacheText.get().httpWrongConnectionType,

  67. 						HttpClientConnection.class.getName(),

  68. 						connection.getClass().getName()));

  69. 			}

  70. 			HttpClientConnection conn = (HttpClientConnection) connection;

  71. 			String scheme = conn.getURL().getProtocol();

  72. 			if (!"https".equals(scheme)) { //$NON-NLS-1$

  73. 				return conn;

  74. 			}

  75. 			if (securityContext == null || isDefault != sslVerify) {

  76. 				isDefault = sslVerify;

  77. 				HostnameVerifier verifier;

  78. 				if (sslVerify) {

  79. 					securityContext = SSLContext.getDefault();

  80. 					verifier = SSLConnectionSocketFactory

  81. 							.getDefaultHostnameVerifier();

  82. 				} else {

  83. 					securityContext = SSLContext.getInstance("TLS");

  84. 					TrustManager[] trustAllCerts = {

  85. 							new NoCheckX509TrustManager() };

  86. 					securityContext.init(null, trustAllCerts, null);

  87. 					verifier = (name, session) -> true;

  88. 				}

  89. 				socketFactory = new SSLConnectionSocketFactory(securityContext,

  90. 						verifier) {

  91. 

  92. 					@Override

  93. 					protected void prepareSocket(SSLSocket socket)

  94. 							throws IOException {

  95. 						super.prepareSocket(socket);

  96. 						HttpSupport.configureTLS(socket);

  97. 					}

  98. 				};

  99. 			}

  100. 			conn.setSSLSocketFactory(socketFactory, isDefault);

  101. 			return conn;

  102. 		}

  103. 

  104. 		@Override

  105. 		public void close() {

  106. 			securityContext = null;

  107. 			socketFactory = null;

  108. 		}

  109. 

  110. 	}

  111. }