Interface ISVNSSLManager

The ISVNSSLManager interface is intended for creating secure SSL contexts over sockets used for data i/o.

When accessing a repository over http:// there's a risk that passwords (in the case of a BASIC authentication they are transmitted as a plain text) may be sniffed by a malefactor. SSL manager provides a secure connection encrypting all data i/o over a socket.

To get an SSL manager to access a particular repository use the getSSLManager() method of an authentication manager.

A default implementation of ISVNSSLManager (that comes along with a default implementation of ISVNAuthenticationManager - org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager) uses ssl options from the standard servers file (it can be found in the Subversion runtime configuration area - read more here). That is to accept a server certificate, it first looks for the "trusted" CA sertificate in the in-memory runtime auth storage (see ISVNAuthenticationStorage). If the one is not found, it then tries to find it in the disk auth storage in the runtime config area. Also if the "ssl-trust-default-ca" is set to "yes", then SVNKit will trust those CAs found in the JDK "JKS" KeyStore. User certificates are also got from the options in the servers file.

An SSL manager is invoked when a user tries to access a repository via the https:// protocol.

public void acknowledgeSSLContext(boolean accepted,
                                  SVNErrorMessage errorMessage)

public SVNSSLAuthentication getClientAuthentication()

public SSLContext getSSLContext()
            throws IOException

public boolean isClientCertPromptRequired()

public void setClientAuthentication(SVNSSLAuthentication sslAuthentication)