22
33import lombok .extern .slf4j .Slf4j ;
44
5+ import java .security .KeyManagementException ;
6+ import java .security .NoSuchAlgorithmException ;
7+ import java .security .cert .X509Certificate ;
8+ import javax .net .ssl .HttpsURLConnection ;
9+ import javax .net .ssl .SSLContext ;
10+ import javax .net .ssl .TrustManager ;
11+ import javax .net .ssl .X509TrustManager ;
12+
513import jakarta .inject .Singleton ;
614
715import org .eclipse .jgit .api .Git ;
@@ -39,17 +47,24 @@ public class GitFactory {
3947 public Git git (final GitProperties gitProperties ,
4048 final RepositoryDirectoryProvider repositoryDirectoryProvider ) throws GitAPIException {
4149 final var credentialsProvider = createCredentialsProvider (gitProperties );
42- // CredentialsProvider.setDefault(credentialsProvider);
50+ CredentialsProvider .setDefault (credentialsProvider );
4351 final var repositoryDirectory = repositoryDirectoryProvider .getRepository ();
4452
53+ // Configure SSL verification
54+ if (!gitProperties .isSslVerify ()) {
55+ log .warn ("SSL verification is disabled for git repository [{}]. This is insecure and should only be used in development!" ,
56+ gitProperties .getUri ());
57+ configureInsecureSSL ();
58+ }
59+
4560 log .debug ("Cloning repository [{}]" , gitProperties .getUri ());
4661 return Git .cloneRepository ()
4762 .setURI (gitProperties .getUri ())
4863 .setDirectory (repositoryDirectory .toFile ())
4964 .setGitDir (repositoryDirectory .resolve (Constants .DOT_GIT ).toFile ())
5065 .setBranch (gitProperties .getBranch ())
5166 .setRemote (Constants .DEFAULT_REMOTE_NAME )
52- .setCredentialsProvider (credentialsProvider )
67+ // .setCredentialsProvider(credentialsProvider)
5368 .call ();
5469 }
5570
@@ -62,4 +77,45 @@ private static CredentialsProvider createCredentialsProvider(final GitProperties
6277 }
6378 }
6479
80+ /**
81+ * Configures JGit to skip SSL certificate verification.
82+ * This creates a trust manager that accepts all certificates and installs it as the default.
83+ * <p>
84+ * WARNING: This is insecure and should only be used in development/testing environments
85+ * with self-signed certificates or internal CAs.
86+ */
87+ private static void configureInsecureSSL () {
88+ try {
89+ // Create a trust manager that accepts all certificates
90+ final var trustAllCerts = new TrustManager []{
91+ new X509TrustManager () {
92+ @ Override
93+ public X509Certificate [] getAcceptedIssuers () {
94+ return new X509Certificate [0 ];
95+ }
96+
97+ @ Override
98+ public void checkClientTrusted (X509Certificate [] certs , String authType ) {
99+ }
100+
101+ @ Override
102+ public void checkServerTrusted (X509Certificate [] certs , String authType ) {
103+ }
104+ }
105+ };
106+
107+ // Install the all-trusting trust manager
108+ final var sslContext = SSLContext .getInstance ("TLS" );
109+ sslContext .init (null , trustAllCerts , new java .security .SecureRandom ());
110+
111+ // Set default SSL context for HTTPS connections
112+ HttpsURLConnection .setDefaultSSLSocketFactory (sslContext .getSocketFactory ());
113+ HttpsURLConnection .setDefaultHostnameVerifier ((hostname , session ) -> true );
114+
115+ } catch (NoSuchAlgorithmException | KeyManagementException e ) {
116+ log .error ("Failed to configure insecure SSL" , e );
117+ throw new RuntimeException ("Failed to configure SSL for git operations" , e );
118+ }
119+ }
120+
65121}
0 commit comments