In my project I am using jgit to clone the git repository and do some modifications to the files and commit the code changes.
I am currently using SSH with public key authentication method to do the git authentication.
But as a requirement I need to accept only the stash certificate is signed by companies CA.
So far I have implemented a trust manager using X509TrustManger.
Something similar to below stack-overflow answer
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream inputStream = new FileInputStream("CACertificate.cer");
X509Certificate caCertificate = (X509Certificate)cf.generateCertificate(inputStream);
X509TrustManager cutomTm = new X509TrustManager() {
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws CertificateException {
if (certs == null || certs.length == 0) {
throw new IllegalArgumentException("null or zero-length certificate chain");
}
if (authType == null || authType.length() == 0) {
throw new IllegalArgumentException("null or zero-length authentication type");
}
if(!certs[0].equals(caCertificate)){
try
{
certs[0].verify(caCertificate.getPublicKey())
}
catch(Exception e){
throw new CertificateException("Certificate not trusted",e);
}
}
try{
certs[0].checkValidity();
}
catch(Exception e){
throw new CertificateException("Certificate not trusted. It has expired",e);
}
}
}
Now I need to configure this trust manager in JGit client.
I am using org.eclipse.jgit.http.apache HttpClientConnection to configure the custom trust manager as below. I am debugging and ensure that when establish the SSL connection with the stash it is not calling to the checkServerTrusted method in X509TrustManger .
HttpClientConnection clientConnection = new HttpClientConnection(" https://git@stash.mycompany.com:7999/PROJECT/repo.git");
clientConnection.configure(null, new TrustManager[]{customTm}, null);
I am using below dependencies.
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit.http.apache</artifactId>
<version>3.6.2.201501210735-r</version>
</dependency>
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit</artifactId>
<version>4.5.0.201609210915-r</version>
</dependency>
Please correct me if I am doing wrong and help me to configure my custom trust manager to JGit client...