HttpClientConnectionFactory.java
/*
* Copyright (C) 2013, 2020 Christian Halstrick <christian.halstrick@sap.com> and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.transport.http.apache;
import java.io.IOException;
import java.net.Proxy;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.eclipse.jgit.transport.http.HttpConnection;
import org.eclipse.jgit.transport.http.HttpConnectionFactory2;
import org.eclipse.jgit.transport.http.NoCheckX509TrustManager;
import org.eclipse.jgit.transport.http.apache.internal.HttpApacheText;
import org.eclipse.jgit.util.HttpSupport;
/**
* A factory returning instances of {@link HttpClientConnection}.
*
* @since 3.3
*/
public class HttpClientConnectionFactory implements HttpConnectionFactory2 {
@Override
public HttpConnection create(URL url) throws IOException {
return new HttpClientConnection(url.toString());
}
@Override
public HttpConnection create(URL url, Proxy proxy) throws IOException {
return new HttpClientConnection(url.toString(), proxy);
}
@Override
public GitSession newSession() {
return new HttpClientSession();
}
private static class HttpClientSession implements GitSession {
private SSLContext securityContext;
private SSLConnectionSocketFactory socketFactory;
private boolean isDefault;
@Override
public HttpClientConnection configure(HttpConnection connection,
boolean sslVerify)
throws IOException, GeneralSecurityException {
if (!(connection instanceof HttpClientConnection)) {
throw new IllegalArgumentException(MessageFormat.format(
HttpApacheText.get().httpWrongConnectionType,
HttpClientConnection.class.getName(),
connection.getClass().getName()));
}
HttpClientConnection conn = (HttpClientConnection) connection;
String scheme = conn.getURL().getProtocol();
if (!"https".equals(scheme)) { //$NON-NLS-1$
return conn;
}
if (securityContext == null || isDefault != sslVerify) {
isDefault = sslVerify;
HostnameVerifier verifier;
if (sslVerify) {
securityContext = SSLContext.getDefault();
verifier = SSLConnectionSocketFactory
.getDefaultHostnameVerifier();
} else {
securityContext = SSLContext.getInstance("TLS");
TrustManager[] trustAllCerts = {
new NoCheckX509TrustManager() };
securityContext.init(null, trustAllCerts, null);
verifier = (name, session) -> true;
}
socketFactory = new SSLConnectionSocketFactory(securityContext,
verifier) {
@Override
protected void prepareSocket(SSLSocket socket)
throws IOException {
super.prepareSocket(socket);
HttpSupport.configureTLS(socket);
}
};
}
conn.setSSLSocketFactory(socketFactory, isDefault);
return conn;
}
@Override
public void close() {
securityContext = null;
socketFactory = null;
}
}
}