Support for self signed certificate (HTTPS)

Add possibility to disable ssl verification, just as i can do with git
using: git config --global http.sslVerify false

To enable the feature, configure
Window->Preferences->Team->Git->Configuration
and add a new key/value: http.sslVerify=false

When handling repos over https, JGit will then check that flag to see
if security is loose and the ssl verification should be ignored.

Having it implemented as a key/value makes it not too obvious in the
GUI - so the user must know what he/she is doing when adding it. Being
aware of the risks etc.

Bug: 332487
Change-Id: I2a1b8098b5890bf512b8dbe07da41036c0fc9b72
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

 import java.net.Proxy;
 import java.net.ProxySelector;
 import java.net.URL;
+import java.net.URLConnection;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
 
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 import org.eclipse.jgit.JGitText;
 import org.eclipse.jgit.errors.NoRemoteRepositoryException;
 import org.eclipse.jgit.errors.NotSupportedException;
 import org.eclipse.jgit.errors.PackProtocolException;
 import org.eclipse.jgit.errors.TransportException;
 import org.eclipse.jgit.lib.Config;
+import org.eclipse.jgit.lib.Config.SectionParser;
 import org.eclipse.jgit.lib.Constants;
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.ObjectIdRef;
 import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.lib.SymbolicRef;
-import org.eclipse.jgit.lib.Config.SectionParser;
 import org.eclipse.jgit.storage.file.RefDirectory;
 import org.eclipse.jgit.util.HttpSupport;
 import org.eclipse.jgit.util.IO;
 	private static class HttpConfig {
 		final int postBuffer;
 
+		final boolean sslVerify;
+
 		HttpConfig(final Config rc) {
 			postBuffer = rc.getInt("http", "postbuffer", 1 * 1024 * 1024); //$NON-NLS-1$  //$NON-NLS-2$
+			sslVerify = rc.getBoolean("http", "sslVerify", true);
 		}
 	}
 
 	final HttpURLConnection httpOpen(String method, URL u) throws IOException {
 		final Proxy proxy = HttpSupport.proxyFor(proxySelector, u);
 		HttpURLConnection conn = (HttpURLConnection) u.openConnection(proxy);
+
+		if (!http.sslVerify && "https".equals(u.getProtocol())) {
+			disableSslVerify(conn);
+		}
+
 		conn.setRequestMethod(method);
 		conn.setUseCaches(false);
 		conn.setRequestProperty(HDR_ACCEPT_ENCODING, ENCODING_GZIP);
 		return conn;
 	}
 
+	private void disableSslVerify(URLConnection conn)
+			throws IOException {
+		final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() };
+		try {
+			SSLContext ctx = SSLContext.getInstance("SSL");
+			ctx.init(null, trustAllCerts, null);
+			final HttpsURLConnection sslConn = (HttpsURLConnection) conn;
+			sslConn.setSSLSocketFactory(ctx.getSocketFactory());
+		} catch (KeyManagementException e) {
+			throw new IOException(e);
+		} catch (NoSuchAlgorithmException e) {
+			throw new IOException(e);
+		}
+	}
+
 	final InputStream openInputStream(HttpURLConnection conn)
 			throws IOException {
 		InputStream input = conn.getInputStream();
 			}
 		}
 	}
+
+	private static class DummyX509TrustManager implements X509TrustManager {
+		public X509Certificate[] getAcceptedIssuers() {
+			return null;
+		}
+
+		public void checkClientTrusted(X509Certificate[] certs, String authType) {
+			// no check
+		}
+
+		public void checkServerTrusted(X509Certificate[] certs, String authType) {
+			// no check
+		}
+	}
 }