Browse Source
Support for self signed certificate (HTTPS)
Add possibility to disable ssl verification, just as i can do with git using: git config --global http.sslVerify false To enable the feature, configure Window->Preferences->Team->Git->Configuration and add a new key/value: http.sslVerify=false When handling repos over https, JGit will then check that flag to see if security is loose and the ssl verification should be ignored. Having it implemented as a key/value makes it not too obvious in the GUI - so the user must know what he/she is doing when adding it. Being aware of the risks etc. Bug: 332487 Change-Id: I2a1b8098b5890bf512b8dbe07da41036c0fc9b72 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>tags/v0.11.1
Per Salomonsson
13 years ago
1 changed files with 47 additions and 1 deletions
+ 47
- 1
org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
View File
| @@ -66,6 +66,10 @@ import java.net.MalformedURLException; | |||
| import java.net.Proxy; | |||
| import java.net.ProxySelector; | |||
| import java.net.URL; | |||
| import java.net.URLConnection; | |||
| import java.security.KeyManagementException; | |||
| import java.security.NoSuchAlgorithmException; | |||
| import java.security.cert.X509Certificate; | |||
| import java.text.MessageFormat; | |||
| import java.util.ArrayList; | |||
| import java.util.Collection; | |||
| @@ -75,12 +79,18 @@ import java.util.TreeMap; | |||
| import java.util.zip.GZIPInputStream; | |||
| import java.util.zip.GZIPOutputStream; | |||
| import javax.net.ssl.HttpsURLConnection; | |||
| import javax.net.ssl.SSLContext; | |||
| import javax.net.ssl.TrustManager; | |||
| import javax.net.ssl.X509TrustManager; | |||
| import org.eclipse.jgit.JGitText; | |||
| import org.eclipse.jgit.errors.NoRemoteRepositoryException; | |||
| import org.eclipse.jgit.errors.NotSupportedException; | |||
| import org.eclipse.jgit.errors.PackProtocolException; | |||
| import org.eclipse.jgit.errors.TransportException; | |||
| import org.eclipse.jgit.lib.Config; | |||
| import org.eclipse.jgit.lib.Config.SectionParser; | |||
| import org.eclipse.jgit.lib.Constants; | |||
| import org.eclipse.jgit.lib.ObjectId; | |||
| import org.eclipse.jgit.lib.ObjectIdRef; | |||
| @@ -88,7 +98,6 @@ import org.eclipse.jgit.lib.ProgressMonitor; | |||
| import org.eclipse.jgit.lib.Ref; | |||
| import org.eclipse.jgit.lib.Repository; | |||
| import org.eclipse.jgit.lib.SymbolicRef; | |||
| import org.eclipse.jgit.lib.Config.SectionParser; | |||
| import org.eclipse.jgit.storage.file.RefDirectory; | |||
| import org.eclipse.jgit.util.HttpSupport; | |||
| import org.eclipse.jgit.util.IO; | |||
| @@ -148,8 +157,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
| private static class HttpConfig { | |||
| final int postBuffer; | |||
| final boolean sslVerify; | |||
| HttpConfig(final Config rc) { | |||
| postBuffer = rc.getInt("http", "postbuffer", 1 * 1024 * 1024); //$NON-NLS-1$ //$NON-NLS-2$ | |||
| sslVerify = rc.getBoolean("http", "sslVerify", true); | |||
| } | |||
| } | |||
| @@ -401,6 +413,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
| final HttpURLConnection httpOpen(String method, URL u) throws IOException { | |||
| final Proxy proxy = HttpSupport.proxyFor(proxySelector, u); | |||
| HttpURLConnection conn = (HttpURLConnection) u.openConnection(proxy); | |||
| if (!http.sslVerify && "https".equals(u.getProtocol())) { | |||
| disableSslVerify(conn); | |||
| } | |||
| conn.setRequestMethod(method); | |||
| conn.setUseCaches(false); | |||
| conn.setRequestProperty(HDR_ACCEPT_ENCODING, ENCODING_GZIP); | |||
| @@ -412,6 +429,21 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
| return conn; | |||
| } | |||
| private void disableSslVerify(URLConnection conn) | |||
| throws IOException { | |||
| final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() }; | |||
| try { | |||
| SSLContext ctx = SSLContext.getInstance("SSL"); | |||
| ctx.init(null, trustAllCerts, null); | |||
| final HttpsURLConnection sslConn = (HttpsURLConnection) conn; | |||
| sslConn.setSSLSocketFactory(ctx.getSocketFactory()); | |||
| } catch (KeyManagementException e) { | |||
| throw new IOException(e); | |||
| } catch (NoSuchAlgorithmException e) { | |||
| throw new IOException(e); | |||
| } | |||
| } | |||
| final InputStream openInputStream(HttpURLConnection conn) | |||
| throws IOException { | |||
| InputStream input = conn.getInputStream(); | |||
| @@ -779,4 +811,18 @@ public class TransportHttp extends HttpTransport implements WalkTransport, | |||
| } | |||
| } | |||
| } | |||
| private static class DummyX509TrustManager implements X509TrustManager { | |||
| public X509Certificate[] getAcceptedIssuers() { | |||
| return null; | |||
| } | |||
| public void checkClientTrusted(X509Certificate[] certs, String authType) { | |||
| // no check | |||
| } | |||
| public void checkServerTrusted(X509Certificate[] certs, String authType) { | |||
| // no check | |||
| } | |||
| } | |||
| } | |||
Loading…