Add TrustManagerProvider (#1654)

scm-webapp/src/main/java/sonia/scm/lifecycle/modules/ScmServletModule.java

@@ -58,6 +58,7 @@ import sonia.scm.group.xml.XmlGroupDAO;
 import sonia.scm.metrics.MeterRegistryProvider;
 import sonia.scm.migration.MigrationDAO;
 import sonia.scm.net.SSLContextProvider;
+import sonia.scm.net.TrustManagerProvider;
 import sonia.scm.net.ahc.AdvancedHttpClient;
 import sonia.scm.net.ahc.ContentTransformer;
 import sonia.scm.net.ahc.DefaultAdvancedHttpClient;
@@ -125,6 +126,7 @@ import sonia.scm.web.security.AdministrationContext;
 import sonia.scm.web.security.DefaultAdministrationContext;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 
 /**
  * @author Sebastian Sdorra
@@ -211,9 +213,12 @@ class ScmServletModule extends ServletModule {
     bind(CGIExecutorFactory.class, DefaultCGIExecutorFactory.class);
     bind(StoreExporter.class, FileStoreExporter.class);
 
-    // bind sslcontext provider
+    // bind ssl context provider
     bind(SSLContext.class).toProvider(SSLContextProvider.class);
 
+    // bind trust manager provider
+    bind(TrustManager.class).toProvider(TrustManagerProvider.class);
+
     // bind ahc
     Multibinder<ContentTransformer> transformers =
       Multibinder.newSetBinder(binder(), ContentTransformer.class);

scm-webapp/src/main/java/sonia/scm/net/SSLContextProvider.java

@@ -21,15 +21,17 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-    
+
 package sonia.scm.net;
 
 import com.google.common.base.Throwables;
 import com.google.inject.Inject;
+
 import java.security.NoSuchAlgorithmException;
 import javax.inject.Named;
 import javax.inject.Provider;
 import javax.net.ssl.SSLContext;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -40,8 +42,7 @@ import org.slf4j.LoggerFactory;
  * @author Sebastian Sdorra
  * @version 1.47
  */
-public final class SSLContextProvider implements Provider<SSLContext>
-{
+public final class SSLContextProvider implements Provider<SSLContext> {
 
   /**
    * the logger for SSLContextProvider
@@ -53,28 +54,20 @@ public final class SSLContextProvider implements Provider<SSLContext>
   private Provider<SSLContext> sslContextProvider;
 
   @Override
-  public SSLContext get()
-  {
+  public SSLContext get() {
     SSLContext context = null;
-    if (sslContextProvider != null)
-    {
+    if (sslContextProvider != null) {
       context = sslContextProvider.get();
     }
 
-    if (context == null)
-    {
-      try
-      {
+    if (context == null) {
+      try {
         logger.trace("could not find ssl context provider, use jvm default");
         context = SSLContext.getDefault();
-      }
-      catch (NoSuchAlgorithmException ex)
-      {
+      } catch (NoSuchAlgorithmException ex) {
         throw Throwables.propagate(ex);
       }
-    } 
-    else 
-    {
+    } else {
       logger.trace("use custom ssl context from provider");
     }
     return context;

scm-webapp/src/main/java/sonia/scm/net/TrustManagerProvider.java

@@ -0,0 +1,72 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.net;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.inject.Inject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Named;
+import javax.inject.Provider;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+public class TrustManagerProvider implements Provider<TrustManager> {
+
+  private static final Logger LOG = LoggerFactory.getLogger(TrustManagerProvider.class);
+
+  @Named("default")
+  @Inject(optional = true)
+  private Provider<TrustManager> customTrustManagerProvider;
+
+  @VisibleForTesting
+  void setCustomTrustManagerProvider(Provider<TrustManager> customTrustManagerProvider) {
+    this.customTrustManagerProvider = customTrustManagerProvider;
+  }
+
+  @Override
+  public TrustManager get() {
+    if (customTrustManagerProvider != null) {
+      LOG.trace("use custom trust manager from provider");
+      return customTrustManagerProvider.get();
+    } else {
+      LOG.trace("could not find trust manager provider, use jvm default");
+      return createDefaultTrustManager();
+    }
+  }
+  private TrustManager createDefaultTrustManager() {
+    try {
+      TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+      trustManagerFactory.init((KeyStore) null);
+      return trustManagerFactory.getTrustManagers()[0];
+    } catch (NoSuchAlgorithmException | KeyStoreException ex) {
+      throw new IllegalStateException(ex);
+    }
+  }
+}