blob: a88fbfaf196b243f8f63a57319fa1d984fc76c47 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*******************************************************************************
* Copyright (C) 2015, Christian Halstrick <christian.halstrick@sap.com>
*
* All rights reserved. This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0 which
* accompanies this distribution, and is available at
* https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*******************************************************************************/
package org.eclipse.egit.core;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URISyntaxException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.transport.HttpConfig;
import org.eclipse.jgit.transport.URIish;
/**
* Networking utilities
*/
public class NetUtil {
private static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
// no check
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
// no check
}
} };
private static HostnameVerifier trustAllHostNames = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// always accept
return true;
}
};
/**
* Configures a {@link HttpURLConnection} according to the value of the
* repositories configuration parameter "http.sslVerify". When this value is
* false and when the URL is for the "https" protocol then all hostnames are
* accepted and certificates are also accepted when they can't be validated
*
* @param repo
* the repository to be asked for the configuration parameter
* http.sslVerify
* @param conn
* the connection to be configured
* @throws IOException
*/
public static void setSslVerification(Repository repo,
HttpURLConnection conn) throws IOException {
if ("https".equals(conn.getURL().getProtocol())) { //$NON-NLS-1$
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
try {
HttpConfig http = new HttpConfig(repo.getConfig(),
new URIish(conn.getURL().toString()));
if (!http.isSslVerify()) {
SSLContext ctx = SSLContext.getInstance("TLS"); //$NON-NLS-1$
ctx.init(null, trustAllCerts, null);
httpsConn.setSSLSocketFactory(ctx.getSocketFactory());
httpsConn.setHostnameVerifier(trustAllHostNames);
}
} catch (KeyManagementException | NoSuchAlgorithmException
| URISyntaxException e) {
throw new IOException(e.getMessage(), e);
}
}
}
}
|