HttpClientConnectionFactory.java

/*
 * Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0 which is available at
 * https://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
package org.eclipse.jgit.transport.http.apache;

import java.io.IOException;
import java.net.Proxy;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;

import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.eclipse.jgit.transport.http.HttpConnection;
import org.eclipse.jgit.transport.http.HttpConnectionFactory2;
import org.eclipse.jgit.transport.http.NoCheckX509TrustManager;
import org.eclipse.jgit.transport.http.apache.internal.HttpApacheText;
import org.eclipse.jgit.util.HttpSupport;

/**
 * A factory returning instances of {@link HttpClientConnection}.
 *
 * @since 3.3
 */
public class HttpClientConnectionFactory implements HttpConnectionFactory2 {

    @Override
    public HttpConnection create(URL url) throws IOException {
        return new HttpClientConnection(url.toString());
    }

    @Override
    public HttpConnection create(URL url, Proxy proxy) throws IOException {
        return new HttpClientConnection(url.toString(), proxy);
    }

    @Override
    public GitSession newSession() {
        return new HttpClientSession();
    }

    private static class HttpClientSession implements GitSession {

        private SSLContext securityContext;

        private SSLConnectionSocketFactory socketFactory;

        private boolean isDefault;

        @Override
        public HttpClientConnection configure(HttpConnection connection,
                boolean sslVerify)
                throws IOException, GeneralSecurityException {
            if (!(connection instanceof HttpClientConnection)) {
                throw new IllegalArgumentException(MessageFormat.format(
                        HttpApacheText.get().httpWrongConnectionType,
                        HttpClientConnection.class.getName(),
                        connection.getClass().getName()));
            }
            HttpClientConnection conn = (HttpClientConnection) connection;
            String scheme = conn.getURL().getProtocol();
            if (!"https".equals(scheme)) { //$NON-NLS-1$
                return conn;
            }
            if (securityContext == null || isDefault != sslVerify) {
                isDefault = sslVerify;
                HostnameVerifier verifier;
                if (sslVerify) {
                    securityContext = SSLContext.getDefault();
                    verifier = SSLConnectionSocketFactory
                            .getDefaultHostnameVerifier();
                } else {
                    securityContext = SSLContext.getInstance("TLS");
                    TrustManager[] trustAllCerts = {
                            new NoCheckX509TrustManager() };
                    securityContext.init(null, trustAllCerts, null);
                    verifier = (name, session) -> true;
                }
                socketFactory = new SSLConnectionSocketFactory(securityContext,
                        verifier) {

                    @Override
                    protected void prepareSocket(SSLSocket socket)
                            throws IOException {
                        super.prepareSocket(socket);
                        HttpSupport.configureTLS(socket);
                    }
                };
            }
            conn.setSSLSocketFactory(socketFactory, isDefault);
            return conn;
        }

        @Override
        public void close() {
            securityContext = null;
            socketFactory = null;
        }

    }
}