From 920b2eca39eee4531739ed72b2cb32a19bcfc2df Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Thu, 17 Mar 2016 09:42:34 +0100
Subject: [PATCH] added option for plugins to change ssl context

---
 .../main/java/sonia/scm/ScmServletModule.java |  5 ++
 .../sonia/scm/net/SSLContextProvider.java     | 89 +++++++++++++++++++
 .../net/ahc/DefaultAdvancedHttpClient.java    | 13 ++-
 .../ahc/DefaultAdvancedHttpClientTest.java    |  3 +-
 .../ahc/DefaultAdvancedHttpResponseTest.java  |  3 +-
 .../net/ahc/JsonContentTransformerTest.java   |  1 -
 6 files changed, 110 insertions(+), 4 deletions(-)
 create mode 100644 scm-webapp/src/main/java/sonia/scm/net/SSLContextProvider.java

diff --git a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
index 9087755f93..dded38f0e5 100644
--- a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
+++ b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
@@ -157,6 +157,8 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
+import javax.net.ssl.SSLContext;
+import sonia.scm.net.SSLContextProvider;
 import sonia.scm.net.ahc.AdvancedHttpClient;
 import sonia.scm.net.ahc.ContentTransformer;
 import sonia.scm.net.ahc.DefaultAdvancedHttpClient;
@@ -318,6 +320,9 @@ public class ScmServletModule extends ServletModule
     bind(ChangesetViewerUtil.class);
     bind(RepositoryBrowserUtil.class);
 
+    // bind sslcontext provider
+    bind(SSLContext.class).toProvider(SSLContextProvider.class);
+    
     // bind httpclient
     bind(HttpClient.class, URLHttpClient.class);
     
diff --git a/scm-webapp/src/main/java/sonia/scm/net/SSLContextProvider.java b/scm-webapp/src/main/java/sonia/scm/net/SSLContextProvider.java
new file mode 100644
index 0000000000..aadf8a2b13
--- /dev/null
+++ b/scm-webapp/src/main/java/sonia/scm/net/SSLContextProvider.java
@@ -0,0 +1,89 @@
+/**
+ * Copyright (c) 2014, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+package sonia.scm.net;
+
+import com.google.common.base.Throwables;
+import com.google.inject.Inject;
+import java.security.NoSuchAlgorithmException;
+import javax.inject.Named;
+import javax.inject.Provider;
+import javax.net.ssl.SSLContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Provider for {@link SSLContext}. The provider will first try to retrieve the {@link SSLContext} from an "default"
+ * named optional provider, if this fails the provider will return the jvm default context.
+ *
+ * @author Sebastian Sdorra
+ * @version 1.47
+ */
+public final class SSLContextProvider implements Provider<SSLContext>
+{
+
+  /**
+   * the logger for SSLContextProvider
+   */
+  private static final Logger logger = LoggerFactory.getLogger(SSLContextProvider.class);
+
+  @Named("default")
+  @Inject(optional = true)
+  private Provider<SSLContext> sslContextProvider;
+
+  @Override
+  public SSLContext get()
+  {
+    SSLContext context = null;
+    if (sslContextProvider != null)
+    {
+      context = sslContextProvider.get();
+    }
+
+    if (context == null)
+    {
+      try
+      {
+        logger.trace("could not find ssl context provider, use jvm default");
+        context = SSLContext.getDefault();
+      }
+      catch (NoSuchAlgorithmException ex)
+      {
+        throw Throwables.propagate(ex);
+      }
+    } 
+    else 
+    {
+      logger.trace("use custom ssl context from provider");
+    }
+    return context;
+  }
+
+}
diff --git a/scm-webapp/src/main/java/sonia/scm/net/ahc/DefaultAdvancedHttpClient.java b/scm-webapp/src/main/java/sonia/scm/net/ahc/DefaultAdvancedHttpClient.java
index 2c19afb44d..df6c93515b 100644
--- a/scm-webapp/src/main/java/sonia/scm/net/ahc/DefaultAdvancedHttpClient.java
+++ b/scm-webapp/src/main/java/sonia/scm/net/ahc/DefaultAdvancedHttpClient.java
@@ -66,6 +66,7 @@ import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 
 import java.util.Set;
+import javax.inject.Provider;
 
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
@@ -113,13 +114,15 @@ public class DefaultAdvancedHttpClient extends AdvancedHttpClient
    *
    * @param configuration scm-manager main configuration
    * @param contentTransformers content transformer
+   * @param sslContextProvider ssl context provider
    */
   @Inject
   public DefaultAdvancedHttpClient(ScmConfiguration configuration,
-    Set<ContentTransformer> contentTransformers)
+    Set<ContentTransformer> contentTransformers, Provider<SSLContext> sslContextProvider)
   {
     this.configuration = configuration;
     this.contentTransformers = contentTransformers;
+    this.sslContextProvider = sslContextProvider;
   }
 
   //~--- methods --------------------------------------------------------------
@@ -329,6 +332,11 @@ public class DefaultAdvancedHttpClient extends AdvancedHttpClient
       {
         logger.error("could not disable certificate validation", ex);
       }
+    } 
+    else 
+    {
+      logger.trace("set ssl socker factory from provider");
+      connection.setSSLSocketFactory(sslContextProvider.get().getSocketFactory());
     }
 
     if (request.isDisableHostnameValidation())
@@ -395,4 +403,7 @@ public class DefaultAdvancedHttpClient extends AdvancedHttpClient
 
   /** set of content transformers */
   private final Set<ContentTransformer> contentTransformers;
+  
+  /** ssl context provider */
+  private final Provider<SSLContext> sslContextProvider;
 }
diff --git a/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpClientTest.java b/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpClientTest.java
index cd26af9d4b..faac9a99e5 100644
--- a/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpClientTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpClientTest.java
@@ -64,6 +64,7 @@ import java.util.Set;
 
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLSocketFactory;
+import sonia.scm.net.SSLContextProvider;
 
 /**
  *
@@ -309,7 +310,7 @@ public class DefaultAdvancedHttpClientTest
     public TestingAdvacedHttpClient(ScmConfiguration configuration,
       Set<ContentTransformer> transformers)
     {
-      super(configuration, transformers);
+      super(configuration, transformers, new SSLContextProvider());
     }
 
     //~--- methods ------------------------------------------------------------
diff --git a/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpResponseTest.java b/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpResponseTest.java
index f19c89eb5f..0a2b4cbdb3 100644
--- a/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpResponseTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/net/ahc/DefaultAdvancedHttpResponseTest.java
@@ -65,6 +65,7 @@ import java.net.HttpURLConnection;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;
+import sonia.scm.net.SSLContextProvider;
 
 /**
  *
@@ -143,7 +144,7 @@ public class DefaultAdvancedHttpResponseTest
   /** Field description */
   private final DefaultAdvancedHttpClient client =
     new DefaultAdvancedHttpClient(new ScmConfiguration(),
-      new HashSet<ContentTransformer>());
+      new HashSet<ContentTransformer>(), new SSLContextProvider());
 
   /** Field description */
   @Mock
diff --git a/scm-webapp/src/test/java/sonia/scm/net/ahc/JsonContentTransformerTest.java b/scm-webapp/src/test/java/sonia/scm/net/ahc/JsonContentTransformerTest.java
index 1a11390993..8094d1c06f 100644
--- a/scm-webapp/src/test/java/sonia/scm/net/ahc/JsonContentTransformerTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/net/ahc/JsonContentTransformerTest.java
@@ -37,7 +37,6 @@ package sonia.scm.net.ahc;
 
 import com.google.common.base.Charsets;
 import com.google.common.io.ByteSource;
-import com.google.common.io.CharSource;
 
 import org.junit.Test;