Skip to content

Commit 5dfd621

Browse files
kohsukekohsuke
authored
Merge pull request hub4j#420 from randomvariable/fix/tlsv12
OkHttpConnector: Enforce use of TLSv1.2 to match current Github and Github Enterprise TLS support.
2 parents 192e21a + f0f6a99 commit 5dfd621

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

src/main/java/org/kohsuke/github/extras/OkHttpConnector.java

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,25 @@
11
package org.kohsuke.github.extras;
22

3+
import com.squareup.okhttp.ConnectionSpec;
34
import com.squareup.okhttp.OkHttpClient;
45
import com.squareup.okhttp.OkUrlFactory;
6+
57
import org.kohsuke.github.HttpConnector;
68

79
import java.io.IOException;
10+
811
import java.net.HttpURLConnection;
912
import java.net.URL;
1013

14+
import java.security.KeyManagementException;
15+
import java.security.NoSuchAlgorithmException;
16+
17+
import java.util.Arrays;
18+
import java.util.List;
19+
20+
import javax.net.ssl.SSLContext;
21+
import javax.net.ssl.SSLSocketFactory;
22+
1123
/**
1224
* {@link HttpConnector} for {@link OkHttpClient}.
1325
*
@@ -23,10 +35,33 @@ public class OkHttpConnector implements HttpConnector {
2335
private final OkUrlFactory urlFactory;
2436

2537
public OkHttpConnector(OkUrlFactory urlFactory) {
38+
urlFactory.client().setSslSocketFactory(TlsSocketFactory());
39+
urlFactory.client().setConnectionSpecs(TlsConnectionSpecs());
2640
this.urlFactory = urlFactory;
2741
}
2842

2943
public HttpURLConnection connect(URL url) throws IOException {
3044
return urlFactory.open(url);
3145
}
46+
47+
/** Returns TLSv1.2 only SSL Socket Factory. */
48+
private SSLSocketFactory TlsSocketFactory() {
49+
SSLContext sc;
50+
try {
51+
sc = SSLContext.getInstance("TLSv1.2");
52+
} catch (NoSuchAlgorithmException e) {
53+
throw new RuntimeException(e.getMessage(), e);
54+
}
55+
try {
56+
sc.init(null, null, null);
57+
return sc.getSocketFactory();
58+
} catch (KeyManagementException e) {
59+
throw new RuntimeException(e.getMessage(), e);
60+
}
61+
}
62+
63+
/** Returns connection spec with TLS v1.2 in it */
64+
private List<ConnectionSpec> TlsConnectionSpecs() {
65+
return Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT);
66+
}
3267
}

0 commit comments

Comments
 (0)