Let a smart subtransport ask for credentials and show the cert

carlosmn · carlosmn · commit 5b6bea0806e3 · 2015-08-23T17:45:36.000+02:00
Implement a method for a smart subtransport implementation ask the
caller for what credentials to use.

The certificate callback is also here, but untested as the web requests
go to the central service point instead of asking individually.
diff --git a/LibGit2Sharp.Tests/SmartSubtransportFixture.cs b/LibGit2Sharp.Tests/SmartSubtransportFixture.cs
@@ -4,6 +4,7 @@
 using System.Net;
 using System.Net.Security;
 using LibGit2Sharp.Tests.TestHelpers;
+using LibGit2Sharp.Core;
 using Xunit;
 using Xunit.Extensions;
 
@@ -76,6 +77,58 @@ public void CustomSmartSubtransportTest(string scheme, string url)
             }
         }
 
+        [Theory]
+        [InlineData("https", "https://bitbucket.org/libgit2/testgitrepository.git", "libgit3", "libgit3")]
+        public void CanUseCredentials(string scheme, string url, string user, string pass)
+        {
+            string remoteName = "testRemote";
+
+            var scd = BuildSelfCleaningDirectory();
+            var repoPath = Repository.Init(scd.RootedDirectoryPath);
+
+            SmartSubtransportRegistration<MockSmartSubtransport> registration = null;
+
+            try
+            {
+                // Disable server certificate validation for testing.
+                // Do *NOT* enable this in production.
+                ServicePointManager.ServerCertificateValidationCallback = certificateValidationCallback;
+
+                registration = GlobalSettings.RegisterSmartSubtransport<MockSmartSubtransport>(scheme);
+                Assert.NotNull(registration);
+
+                using (var repo = new Repository(scd.DirectoryPath))
+                {
+                    Remote remote = repo.Network.Remotes.Add(remoteName, url);
+
+                    // Set up structures for the expected results
+                    // and verifying the RemoteUpdateTips callback.
+                    TestRemoteInfo expectedResults = TestRemoteInfo.TestRemoteInstance;
+                    ExpectedFetchState expectedFetchState = new ExpectedFetchState(remoteName);
+
+                    // Add expected branch objects
+                    foreach (KeyValuePair<string, ObjectId> kvp in expectedResults.BranchTips)
+                    {
+                        expectedFetchState.AddExpectedBranch(kvp.Key, ObjectId.Zero, kvp.Value);
+                    }
+
+                    // Perform the actual fetch
+                    repo.Network.Fetch(remote, new FetchOptions { OnUpdateTips = expectedFetchState.RemoteUpdateTipsHandler, TagFetchMode = TagFetchMode.Auto,
+                        CredentialsProvider = (_user, _valid, _hostname) => new UsernamePasswordCredentials() { Username = "libgit3", Password = "libgit3" },
+                    });
+
+                    // Verify the expected
+                    expectedFetchState.CheckUpdatedReferences(repo);
+                }
+            }
+            finally
+            {
+                GlobalSettings.UnregisterSmartSubtransport(registration);
+
+                ServicePointManager.ServerCertificateValidationCallback -= certificateValidationCallback;
+            }
+        }
+
         [Fact]
         public void CannotReregisterScheme()
         {
@@ -234,14 +287,39 @@ private HttpWebResponse GetResponseWithRedirects()
                             }
                         }
 
-                        response = (HttpWebResponse)request.GetResponse();
+                        try
+                        {
+                            response = (HttpWebResponse)request.GetResponse();
+                        }
+                        catch (WebException ex)
+                        {
+                            response = ex.Response as HttpWebResponse;
+                            if (response.StatusCode == HttpStatusCode.Unauthorized)
+                            {
+                                Credentials cred;
+                                int ret = SmartTransport.AcquireCredentials(out cred, null, typeof(UsernamePasswordCredentials));
+                                if (ret != 0)
+                                {
+                                    throw new InvalidOperationException("dunno");
+                                }
+
+                                request = CreateWebRequest(EndpointUrl, IsPost, ContentType);
+                                UsernamePasswordCredentials userpass = (UsernamePasswordCredentials)cred;
+                                request.Credentials = new NetworkCredential(userpass.Username, userpass.Password);
+                                continue;
+                            }
+
+                            // rethrow if it's not 401
+                            throw ex;
+                        }
 
                         if (response.StatusCode == HttpStatusCode.Moved || response.StatusCode == HttpStatusCode.Redirect)
                         {
                             request = CreateWebRequest(response.Headers["Location"], IsPost, ContentType);
                             continue;
                         }
 
+
                         break;
                     }
 
diff --git a/LibGit2Sharp/SmartSubtransport.cs b/LibGit2Sharp/SmartSubtransport.cs
@@ -1,6 +1,8 @@
 ﻿using System;
 using System.Runtime.InteropServices;
+using System.Text;
 using LibGit2Sharp.Core;
+using LibGit2Sharp.Core.Handles;
 
 namespace LibGit2Sharp
 {
@@ -47,6 +49,76 @@ public abstract class RpcSmartSubtransport : SmartSubtransport
     /// </summary>
     public abstract class SmartSubtransport
     {
+        internal IntPtr Transport { get; set; }
+
+        /// <summary>
+        /// Call the certificate check callback
+        /// </summary>
+        /// <param name="cert">The certificate to send</param>
+        /// <param name="valid">Whether we consider the certificate to be valid</param>
+        /// <param name="hostname">The hostname we connected to</param>
+        public int CertificateCheck(Certificate cert, bool valid, string hostname)
+        {
+            CertificateSsh sshCert = cert as CertificateSsh;
+            CertificateX509 x509Cert = cert as CertificateX509;
+
+            if (sshCert == null && x509Cert == null)
+            {
+                throw new InvalidOperationException("Unsupported certificate type");
+            }
+
+            int ret;
+            if (sshCert != null)
+            {
+                var certPtr = sshCert.ToPointer();
+                ret = NativeMethods.git_transport_smart_certificate_check(Transport, certPtr, valid ? 1 : 0, hostname);
+                Marshal.FreeHGlobal(certPtr);
+            } else {
+                IntPtr certPtr, dataPtr;
+                certPtr = x509Cert.ToPointers(out dataPtr);
+                ret = NativeMethods.git_transport_smart_certificate_check(Transport, certPtr, valid ? 1 : 0, hostname);
+                Marshal.FreeHGlobal(dataPtr);
+                Marshal.FreeHGlobal(certPtr);
+            }
+
+            return ret;
+        }
+
+        public int AcquireCredentials(out Credentials cred, string user, params Type[] methods)
+        {
+            // Convert the user-provided types to libgit2's flags
+            int allowed = 0;
+            foreach (var method in methods)
+            {
+                if (method == typeof(UsernamePasswordCredentials))
+                {
+                    allowed |= (int)GitCredentialType.UserPassPlaintext;
+                }
+                else
+                {
+                    throw new InvalidOperationException("Unknown type passes as allowed credential");
+                }
+            }
+
+            IntPtr credHandle = IntPtr.Zero;
+            int res = Proxy.git_transport_smart_credentials(out credHandle, Transport, user, allowed);
+            if (res != 0)
+            {
+                cred = null;
+                return res;
+            }
+
+            var baseCred = credHandle.MarshalAs<GitCredential>();
+            switch (baseCred.credtype)
+            {
+                case GitCredentialType.UserPassPlaintext:
+                    cred = UsernamePasswordCredentials.FromNative(credHandle.MarshalAs<GitCredentialUserpass>());
+                    return 0;
+                default:
+                    throw new InvalidOperationException("User returned an unkown credential type");
+            }
+        }
+
         /// <summary>
         /// Invoked by libgit2 to create a connection using this subtransport.
         /// </summary>
diff --git a/LibGit2Sharp/SmartSubtransportRegistration.cs b/LibGit2Sharp/SmartSubtransportRegistration.cs
@@ -1,6 +1,7 @@
 ﻿using System;
 using System.Runtime.InteropServices;
 using LibGit2Sharp.Core;
+using LibGit2Sharp.Core.Handles;
 
 namespace LibGit2Sharp
 {
@@ -75,7 +76,9 @@ private static int Subtransport(
 
                 try
                 {
-                    subtransport = new T().GitSmartSubtransportPointer;
+                    var obj = new T();
+                    obj.Transport = transport;
+                    subtransport = obj.GitSmartSubtransportPointer;
 
                     return 0;
                 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`using System;`
`2`	`2`	`using System.Runtime.InteropServices;`
`3`	`3`	`using LibGit2Sharp.Core;`
	`4`	`+using LibGit2Sharp.Core.Handles;`
`4`	`5`
`5`	`6`	`namespace LibGit2Sharp`
`6`	`7`	`{`
`@@ -75,7 +76,9 @@ private static int Subtransport(`
`75`	`76`
`76`	`77`	`try`
`77`	`78`	`{`
`78`		`- subtransport = new T().GitSmartSubtransportPointer;`
	`79`	`+ var obj = new T();`
	`80`	`+ obj.Transport = transport;`
	`81`	`+ subtransport = obj.GitSmartSubtransportPointer;`
`79`	`82`
`80`	`83`	`return 0;`
`81`	`84`	`}`