in maven-resolver-transport-jdk-parent/maven-resolver-transport-jdk-11/src/main/java/org/eclipse/aether/transport/jdk/JdkTransporter.java [428:532]
private HttpClient createClient(RepositorySystemSession session, RemoteRepository repository, boolean insecure)
throws RuntimeException {
HashMap<Authenticator.RequestorType, PasswordAuthentication> authentications = new HashMap<>();
SSLContext sslContext = null;
try (AuthenticationContext repoAuthContext = AuthenticationContext.forRepository(session, repository)) {
if (repoAuthContext != null) {
sslContext = repoAuthContext.get(AuthenticationContext.SSL_CONTEXT, SSLContext.class);
String username = repoAuthContext.get(AuthenticationContext.USERNAME);
String password = repoAuthContext.get(AuthenticationContext.PASSWORD);
authentications.put(
Authenticator.RequestorType.SERVER,
new PasswordAuthentication(username, password.toCharArray()));
}
}
if (sslContext == null) {
try {
if (insecure) {
sslContext = SSLContext.getInstance("TLS");
X509ExtendedTrustManager tm = new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new X509TrustManager[] {tm}, null);
} else {
sslContext = SSLContext.getDefault();
}
} catch (Exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
} else {
throw new IllegalStateException("SSL Context setup failure", e);
}
}
}
HttpClient.Builder builder = HttpClient.newBuilder()
.version(HttpClient.Version.valueOf(ConfigUtils.getString(
session,
DEFAULT_HTTP_VERSION,
CONFIG_PROP_HTTP_VERSION + "." + repository.getId(),
CONFIG_PROP_HTTP_VERSION)))
.followRedirects(HttpClient.Redirect.NORMAL)
.connectTimeout(Duration.ofMillis(connectTimeout))
.sslContext(sslContext);
if (insecure) {
SSLParameters sslParameters = sslContext.getDefaultSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm(null);
builder.sslParameters(sslParameters);
}
setLocalAddress(builder, () -> getHttpLocalAddress(session, repository));
if (repository.getProxy() != null) {
ProxySelector proxy = ProxySelector.of(new InetSocketAddress(
repository.getProxy().getHost(), repository.getProxy().getPort()));
builder.proxy(proxy);
try (AuthenticationContext proxyAuthContext = AuthenticationContext.forProxy(session, repository)) {
if (proxyAuthContext != null) {
String username = proxyAuthContext.get(AuthenticationContext.USERNAME);
String password = proxyAuthContext.get(AuthenticationContext.PASSWORD);
authentications.put(
Authenticator.RequestorType.PROXY,
new PasswordAuthentication(username, password.toCharArray()));
}
}
}
if (!authentications.isEmpty()) {
builder.authenticator(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return authentications.get(getRequestorType());
}
});
}
return builder.build();
}