aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPer Salomonsson2011-01-25 19:16:24 (EST)
committerMatthias Sohn2011-01-25 19:17:01 (EST)
commitd49530ad861ee7053ca1a92d619f127b5d6bc3a1 (patch)
tree855530600ce0afb589b290afb8d1524c2f7bd42c
parentf21495255211042c6fcc4cc6f7f5af2bf750f647 (diff)
downloadjgit-d49530ad861ee7053ca1a92d619f127b5d6bc3a1.zip
jgit-d49530ad861ee7053ca1a92d619f127b5d6bc3a1.tar.gz
jgit-d49530ad861ee7053ca1a92d619f127b5d6bc3a1.tar.bz2
Support for self signed certificate (HTTPS)refs/changes/18/2318/2
Add possibility to disable ssl verification, just as i can do with git using: git config --global http.sslVerify false To enable the feature, configure Window->Preferences->Team->Git->Configuration and add a new key/value: http.sslVerify=false When handling repos over https, JGit will then check that flag to see if security is loose and the ssl verification should be ignored. Having it implemented as a key/value makes it not too obvious in the GUI - so the user must know what he/she is doing when adding it. Being aware of the risks etc. Bug: 332487 Change-Id: I2a1b8098b5890bf512b8dbe07da41036c0fc9b72 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java48
1 files changed, 47 insertions, 1 deletions
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
index 9eb1d2d..3ec8871 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
@@ -66,6 +66,10 @@ import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.URL;
+import java.net.URLConnection;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
@@ -75,12 +79,18 @@ import java.util.TreeMap;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
import org.eclipse.jgit.JGitText;
import org.eclipse.jgit.errors.NoRemoteRepositoryException;
import org.eclipse.jgit.errors.NotSupportedException;
import org.eclipse.jgit.errors.PackProtocolException;
import org.eclipse.jgit.errors.TransportException;
import org.eclipse.jgit.lib.Config;
+import org.eclipse.jgit.lib.Config.SectionParser;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectIdRef;
@@ -88,7 +98,6 @@ import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.SymbolicRef;
-import org.eclipse.jgit.lib.Config.SectionParser;
import org.eclipse.jgit.storage.file.RefDirectory;
import org.eclipse.jgit.util.HttpSupport;
import org.eclipse.jgit.util.IO;
@@ -148,8 +157,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
private static class HttpConfig {
final int postBuffer;
+ final boolean sslVerify;
+
HttpConfig(final Config rc) {
postBuffer = rc.getInt("http", "postbuffer", 1 * 1024 * 1024); //$NON-NLS-1$ //$NON-NLS-2$
+ sslVerify = rc.getBoolean("http", "sslVerify", true);
}
}
@@ -401,6 +413,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
final HttpURLConnection httpOpen(String method, URL u) throws IOException {
final Proxy proxy = HttpSupport.proxyFor(proxySelector, u);
HttpURLConnection conn = (HttpURLConnection) u.openConnection(proxy);
+
+ if (!http.sslVerify && "https".equals(u.getProtocol())) {
+ disableSslVerify(conn);
+ }
+
conn.setRequestMethod(method);
conn.setUseCaches(false);
conn.setRequestProperty(HDR_ACCEPT_ENCODING, ENCODING_GZIP);
@@ -412,6 +429,21 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
return conn;
}
+ private void disableSslVerify(URLConnection conn)
+ throws IOException {
+ final TrustManager[] trustAllCerts = new TrustManager[] { new DummyX509TrustManager() };
+ try {
+ SSLContext ctx = SSLContext.getInstance("SSL");
+ ctx.init(null, trustAllCerts, null);
+ final HttpsURLConnection sslConn = (HttpsURLConnection) conn;
+ sslConn.setSSLSocketFactory(ctx.getSocketFactory());
+ } catch (KeyManagementException e) {
+ throw new IOException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new IOException(e);
+ }
+ }
+
final InputStream openInputStream(HttpURLConnection conn)
throws IOException {
InputStream input = conn.getInputStream();
@@ -779,4 +811,18 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
}
}
}
+
+ private static class DummyX509TrustManager implements X509TrustManager {
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+ public void checkClientTrusted(X509Certificate[] certs, String authType) {
+ // no check
+ }
+
+ public void checkServerTrusted(X509Certificate[] certs, String authType) {
+ // no check
+ }
+ }
}