View Javadoc
1   /*
2    * Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others
3    *
4    * This program and the accompanying materials are made available under the
5    * terms of the Eclipse Distribution License v. 1.0 which is available at
6    * https://www.eclipse.org/org/documents/edl-v10.php.
7    *
8    * SPDX-License-Identifier: BSD-3-Clause
9    */
10  package org.eclipse.jgit.transport.http;
11  
12  import java.io.IOException;
13  import java.net.Proxy;
14  import java.net.URL;
15  import java.security.GeneralSecurityException;
16  import java.text.MessageFormat;
17  
18  import javax.net.ssl.HttpsURLConnection;
19  import javax.net.ssl.SSLContext;
20  import javax.net.ssl.SSLSocket;
21  import javax.net.ssl.SSLSocketFactory;
22  import javax.net.ssl.TrustManager;
23  
24  import org.eclipse.jgit.internal.JGitText;
25  import org.eclipse.jgit.internal.transport.http.DelegatingSSLSocketFactory;
26  import org.eclipse.jgit.util.HttpSupport;
27  
28  /**
29   * A factory returning instances of
30   * {@link org.eclipse.jgit.transport.http.JDKHttpConnection}
31   *
32   * @since 3.3
33   */
34  public class JDKHttpConnectionFactory implements HttpConnectionFactory2 {
35  
36  	@Override
37  	public HttpConnection create(URL url) throws IOException {
38  		return new JDKHttpConnection(url);
39  	}
40  
41  	@Override
42  	public HttpConnection create(URL url, Proxy proxy)
43  			throws IOException {
44  		return new JDKHttpConnection(url, proxy);
45  	}
46  
47  	@Override
48  	public GitSession newSession() {
49  		return new JdkConnectionSession();
50  	}
51  
52  	private static class JdkConnectionSession implements GitSession {
53  
54  		private SSLContext securityContext;
55  
56  		private SSLSocketFactory socketFactory;
57  
58  		@Override
59  		public JDKHttpConnection configure(HttpConnection connection,
60  				boolean sslVerify) throws GeneralSecurityException {
61  			if (!(connection instanceof JDKHttpConnection)) {
62  				throw new IllegalArgumentException(MessageFormat.format(
63  						JGitText.get().httpWrongConnectionType,
64  						JDKHttpConnection.class.getName(),
65  						connection.getClass().getName()));
66  			}
67  			JDKHttpConnection conn = (JDKHttpConnection) connection;
68  			String scheme = conn.getURL().getProtocol();
69  			if (!"https".equals(scheme) || sslVerify) { //$NON-NLS-1$
70  				// sslVerify == true: use the JDK defaults
71  				return conn;
72  			}
73  			if (securityContext == null) {
74  				securityContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$
75  				TrustManager[] trustAllCerts = {
76  						new NoCheckX509TrustManager() };
77  				securityContext.init(null, trustAllCerts, null);
78  				socketFactory = new DelegatingSSLSocketFactory(
79  						securityContext.getSocketFactory()) {
80  
81  					@Override
82  					protected void configure(SSLSocket socket) {
83  						HttpSupport.configureTLS(socket);
84  					}
85  				};
86  			}
87  			conn.setHostnameVerifier((name, session) -> true);
88  			((HttpsURLConnection) conn.wrappedUrlConnection)
89  					.setSSLSocketFactory(socketFactory);
90  			return conn;
91  		}
92  
93  		@Override
94  		public void close() {
95  			securityContext = null;
96  			socketFactory = null;
97  		}
98  	}
99  
100 }