The disableSslVerify method will be used in the follow up change. Change-Id: Ie00b5e14244a9a036cbdef94768007f1c25aa8d3 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>tags/v4.3.0.201603230630-rc1
@@ -67,9 +67,6 @@ import java.net.MalformedURLException; | |||
import java.net.Proxy; | |||
import java.net.ProxySelector; | |||
import java.net.URL; | |||
import java.security.KeyManagementException; | |||
import java.security.NoSuchAlgorithmException; | |||
import java.security.cert.X509Certificate; | |||
import java.text.MessageFormat; | |||
import java.util.ArrayList; | |||
import java.util.Arrays; | |||
@@ -83,11 +80,6 @@ import java.util.TreeMap; | |||
import java.util.zip.GZIPInputStream; | |||
import java.util.zip.GZIPOutputStream; | |||
import javax.net.ssl.HostnameVerifier; | |||
import javax.net.ssl.SSLSession; | |||
import javax.net.ssl.TrustManager; | |||
import javax.net.ssl.X509TrustManager; | |||
import org.eclipse.jgit.errors.NoRemoteRepositoryException; | |||
import org.eclipse.jgit.errors.NotSupportedException; | |||
import org.eclipse.jgit.errors.PackProtocolException; | |||
@@ -538,7 +530,7 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
HttpConnection conn = connectionFactory.create(u, proxy); | |||
if (!http.sslVerify && "https".equals(u.getProtocol())) { //$NON-NLS-1$ | |||
disableSslVerify(conn); | |||
HttpSupport.disableSslVerify(conn); | |||
} | |||
conn.setRequestMethod(method); | |||
@@ -562,19 +554,6 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
return conn; | |||
} | |||
private void disableSslVerify(HttpConnection conn) | |||
throws IOException { | |||
final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() }; | |||
try { | |||
conn.configure(null, trustAllCerts, null); | |||
conn.setHostnameVerifier(new DummyHostnameVerifier()); | |||
} catch (KeyManagementException e) { | |||
throw new IOException(e.getMessage()); | |||
} catch (NoSuchAlgorithmException e) { | |||
throw new IOException(e.getMessage()); | |||
} | |||
} | |||
final InputStream openInputStream(HttpConnection conn) | |||
throws IOException { | |||
InputStream input = conn.getInputStream(); | |||
@@ -1002,25 +981,4 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
in.add(openInputStream(conn)); | |||
} | |||
} | |||
private static class DummyX509TrustManager implements X509TrustManager { | |||
public X509Certificate[] getAcceptedIssuers() { | |||
return null; | |||
} | |||
public void checkClientTrusted(X509Certificate[] certs, String authType) { | |||
// no check | |||
} | |||
public void checkServerTrusted(X509Certificate[] certs, String authType) { | |||
// no check | |||
} | |||
} | |||
private static class DummyHostnameVerifier implements HostnameVerifier { | |||
public boolean verify(String hostname, SSLSession session) { | |||
// always accept | |||
return true; | |||
} | |||
} | |||
} |
@@ -52,8 +52,16 @@ import java.net.ProxySelector; | |||
import java.net.URISyntaxException; | |||
import java.net.URL; | |||
import java.net.URLEncoder; | |||
import java.security.KeyManagementException; | |||
import java.security.NoSuchAlgorithmException; | |||
import java.security.cert.X509Certificate; | |||
import java.text.MessageFormat; | |||
import javax.net.ssl.HostnameVerifier; | |||
import javax.net.ssl.SSLSession; | |||
import javax.net.ssl.TrustManager; | |||
import javax.net.ssl.X509TrustManager; | |||
import org.eclipse.jgit.internal.JGitText; | |||
import org.eclipse.jgit.transport.http.HttpConnection; | |||
@@ -62,6 +70,14 @@ public class HttpSupport { | |||
/** The {@code GET} HTTP method. */ | |||
public static final String METHOD_GET = "GET"; //$NON-NLS-1$ | |||
/** The {@code HEAD} HTTP method. | |||
* @since 4.3 */ | |||
public static final String METHOD_HEAD = "HEAD"; //$NON-NLS-1$ | |||
/** The {@code POST} HTTP method. | |||
* @since 4.3 */ | |||
public static final String METHOD_PUT = "PUT"; //$NON-NLS-1$ | |||
/** The {@code POST} HTTP method. */ | |||
public static final String METHOD_POST = "POST"; //$NON-NLS-1$ | |||
@@ -234,6 +250,50 @@ public class HttpSupport { | |||
} | |||
} | |||
/** | |||
* Disable SSL and hostname verification for given HTTP connection | |||
* | |||
* @param conn | |||
* @throws IOException | |||
* @since 4.3 | |||
*/ | |||
public static void disableSslVerify(HttpConnection conn) | |||
throws IOException { | |||
final TrustManager[] trustAllCerts = new TrustManager[] { | |||
new DummyX509TrustManager() }; | |||
try { | |||
conn.configure(null, trustAllCerts, null); | |||
conn.setHostnameVerifier(new DummyHostnameVerifier()); | |||
} catch (KeyManagementException e) { | |||
throw new IOException(e.getMessage()); | |||
} catch (NoSuchAlgorithmException e) { | |||
throw new IOException(e.getMessage()); | |||
} | |||
} | |||
private static class DummyX509TrustManager implements X509TrustManager { | |||
public X509Certificate[] getAcceptedIssuers() { | |||
return null; | |||
} | |||
public void checkClientTrusted(X509Certificate[] certs, | |||
String authType) { | |||
// no check | |||
} | |||
public void checkServerTrusted(X509Certificate[] certs, | |||
String authType) { | |||
// no check | |||
} | |||
} | |||
private static class DummyHostnameVerifier implements HostnameVerifier { | |||
public boolean verify(String hostname, SSLSession session) { | |||
// always accept | |||
return true; | |||
} | |||
} | |||
private HttpSupport() { | |||
// Utility class only. | |||
} |