mirrors
/
jgit
mirror da https://github.com/eclipse/jgit.git
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 204 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8028 Commit
49 Rami (Branch)
Albero (Tree): f802f06e7f
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'f802f06e7f'
${ noResults }
jgit/org.eclipse.jgit.http.test/tst/org/eclipse/jgit/http/test/SmartClientSmartServerSslTe...

SmartClientSmartServerSslTest.java 9.4KB
Originale Blame Cronologia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296 
  1. /*

  2.  * Copyright (C) 2017, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. 

  11. package org.eclipse.jgit.http.test;

  12. 

  13. import static org.junit.Assert.assertEquals;

  14. import static org.junit.Assert.assertFalse;

  15. import static org.junit.Assert.assertTrue;

  16. import static org.junit.Assert.fail;

  17. 

  18. import java.io.IOException;

  19. import java.util.EnumSet;

  20. import java.util.List;

  21. 

  22. import javax.servlet.DispatcherType;

  23. import javax.servlet.Filter;

  24. import javax.servlet.FilterChain;

  25. import javax.servlet.FilterConfig;

  26. import javax.servlet.ServletException;

  27. import javax.servlet.ServletRequest;

  28. import javax.servlet.ServletResponse;

  29. import javax.servlet.http.HttpServletRequest;

  30. import javax.servlet.http.HttpServletResponse;

  31. 

  32. import org.eclipse.jetty.servlet.FilterHolder;

  33. import org.eclipse.jetty.servlet.ServletContextHandler;

  34. import org.eclipse.jetty.servlet.ServletHolder;

  35. import org.eclipse.jgit.errors.TransportException;

  36. import org.eclipse.jgit.errors.UnsupportedCredentialItem;

  37. import org.eclipse.jgit.http.server.GitServlet;

  38. import org.eclipse.jgit.junit.TestRepository;

  39. import org.eclipse.jgit.junit.http.AccessEvent;

  40. import org.eclipse.jgit.junit.http.AppServer;

  41. import org.eclipse.jgit.lib.ConfigConstants;

  42. import org.eclipse.jgit.lib.NullProgressMonitor;

  43. import org.eclipse.jgit.lib.Repository;

  44. import org.eclipse.jgit.revwalk.RevBlob;

  45. import org.eclipse.jgit.revwalk.RevCommit;

  46. import org.eclipse.jgit.transport.CredentialItem;

  47. import org.eclipse.jgit.transport.CredentialsProvider;

  48. import org.eclipse.jgit.transport.Transport;

  49. import org.eclipse.jgit.transport.URIish;

  50. import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider;

  51. import org.eclipse.jgit.util.HttpSupport;

  52. import org.junit.Before;

  53. import org.junit.Test;

  54. import org.junit.runner.RunWith;

  55. import org.junit.runners.Parameterized;

  56. 

  57. @RunWith(Parameterized.class)

  58. public class SmartClientSmartServerSslTest extends AllProtocolsHttpTestCase {

  59. 

  60. 	// We run these tests with a server on localhost with a self-signed

  61. 	// certificate. We don't do authentication tests here, so there's no need

  62. 	// for username and password.

  63. 	//

  64. 	// But the server certificate will not validate. We know that Transport will

  65. 	// ask whether we trust the server all the same. This credentials provider

  66. 	// blindly trusts the self-signed certificate by answering "Yes" to all

  67. 	// questions.

  68. 	private CredentialsProvider testCredentials = new CredentialsProvider() {

  69. 

  70. 		@Override

  71. 		public boolean isInteractive() {

  72. 			return false;

  73. 		}

  74. 

  75. 		@Override

  76. 		public boolean supports(CredentialItem... items) {

  77. 			for (CredentialItem item : items) {

  78. 				if (item instanceof CredentialItem.InformationalMessage) {

  79. 					continue;

  80. 				}

  81. 				if (item instanceof CredentialItem.YesNoType) {

  82. 					continue;

  83. 				}

  84. 				return false;

  85. 			}

  86. 			return true;

  87. 		}

  88. 

  89. 		@Override

  90. 		public boolean get(URIish uri, CredentialItem... items)

  91. 				throws UnsupportedCredentialItem {

  92. 			for (CredentialItem item : items) {

  93. 				if (item instanceof CredentialItem.InformationalMessage) {

  94. 					continue;

  95. 				}

  96. 				if (item instanceof CredentialItem.YesNoType) {

  97. 					((CredentialItem.YesNoType) item).setValue(true);

  98. 					continue;

  99. 				}

  100. 				return false;

  101. 			}

  102. 			return true;

  103. 		}

  104. 	};

  105. 

  106. 	private URIish remoteURI;

  107. 

  108. 	private URIish secureURI;

  109. 

  110. 	private RevBlob A_txt;

  111. 

  112. 	private RevCommit A, B;

  113. 

  114. 	public SmartClientSmartServerSslTest(TestParameters params) {

  115. 		super(params);

  116. 	}

  117. 

  118. 	@Override

  119. 	protected AppServer createServer() {

  120. 		return new AppServer(0, 0);

  121. 	}

  122. 

  123. 	@Override

  124. 	@Before

  125. 	public void setUp() throws Exception {

  126. 		super.setUp();

  127. 

  128. 		final TestRepository<Repository> src = createTestRepository();

  129. 		final String srcName = src.getRepository().getDirectory().getName();

  130. 		src.getRepository()

  131. 				.getConfig()

  132. 				.setBoolean(ConfigConstants.CONFIG_CORE_SECTION, null,

  133. 						ConfigConstants.CONFIG_KEY_LOGALLREFUPDATES, true);

  134. 		if (enableProtocolV2) {

  135. 			src.getRepository().getConfig().setInt("protocol", null, "version",

  136. 					2);

  137. 		}

  138. 

  139. 		GitServlet gs = new GitServlet();

  140. 

  141. 		ServletContextHandler app = addNormalContext(gs, src, srcName);

  142. 

  143. 		server.setUp();

  144. 

  145. 		remoteURI = toURIish(app, srcName);

  146. 		secureURI = new URIish(rewriteUrl(remoteURI.toString(), "https",

  147. 				server.getSecurePort()));

  148. 

  149. 		A_txt = src.blob("A");

  150. 		A = src.commit().add("A_txt", A_txt).create();

  151. 		B = src.commit().parent(A).add("A_txt", "C").add("B", "B").create();

  152. 		src.update(master, B);

  153. 

  154. 		src.update("refs/garbage/a/very/long/ref/name/to/compress", B);

  155. 	}

  156. 

  157. 	private ServletContextHandler addNormalContext(GitServlet gs, TestRepository<Repository> src, String srcName) {

  158. 		ServletContextHandler app = server.addContext("/git");

  159. 		app.addFilter(new FilterHolder(new Filter() {

  160. 

  161. 			@Override

  162. 			public void init(FilterConfig filterConfig)

  163. 					throws ServletException {

  164. 				// empty

  165. 			}

  166. 

  167. 			// Redirects http to https for requests containing "/https/".

  168. 			@Override

  169. 			public void doFilter(ServletRequest request,

  170. 					ServletResponse response, FilterChain chain)

  171. 					throws IOException, ServletException {

  172. 				final HttpServletResponse httpServletResponse = (HttpServletResponse) response;

  173. 				final HttpServletRequest httpServletRequest = (HttpServletRequest) request;

  174. 				final StringBuffer fullUrl = httpServletRequest.getRequestURL();

  175. 				if (httpServletRequest.getQueryString() != null) {

  176. 					fullUrl.append("?")

  177. 							.append(httpServletRequest.getQueryString());

  178. 				}

  179. 				String urlString = rewriteUrl(fullUrl.toString(), "https",

  180. 						server.getSecurePort());

  181. 				httpServletResponse

  182. 						.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);

  183. 				httpServletResponse.setHeader(HttpSupport.HDR_LOCATION,

  184. 						urlString.replace("/https/", "/"));

  185. 			}

  186. 

  187. 			@Override

  188. 			public void destroy() {

  189. 				// empty

  190. 			}

  191. 		}), "/https/*", EnumSet.of(DispatcherType.REQUEST));

  192. 		app.addFilter(new FilterHolder(new Filter() {

  193. 

  194. 			@Override

  195. 			public void init(FilterConfig filterConfig)

  196. 					throws ServletException {

  197. 				// empty

  198. 			}

  199. 

  200. 			// Redirects https back to http for requests containing "/back/".

  201. 			@Override

  202. 			public void doFilter(ServletRequest request,

  203. 					ServletResponse response, FilterChain chain)

  204. 					throws IOException, ServletException {

  205. 				final HttpServletResponse httpServletResponse = (HttpServletResponse) response;

  206. 				final HttpServletRequest httpServletRequest = (HttpServletRequest) request;

  207. 				final StringBuffer fullUrl = httpServletRequest.getRequestURL();

  208. 				if (httpServletRequest.getQueryString() != null) {

  209. 					fullUrl.append("?")

  210. 							.append(httpServletRequest.getQueryString());

  211. 				}

  212. 				String urlString = rewriteUrl(fullUrl.toString(), "http",

  213. 						server.getPort());

  214. 				httpServletResponse

  215. 						.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);

  216. 				httpServletResponse.setHeader(HttpSupport.HDR_LOCATION,

  217. 						urlString.replace("/back/", "/"));

  218. 			}

  219. 

  220. 			@Override

  221. 			public void destroy() {

  222. 				// empty

  223. 			}

  224. 		}), "/back/*", EnumSet.of(DispatcherType.REQUEST));

  225. 		gs.setRepositoryResolver(new TestRepositoryResolver(src, srcName));

  226. 		app.addServlet(new ServletHolder(gs), "/*");

  227. 		return app;

  228. 	}

  229. 

  230. 	@Test

  231. 	public void testInitialClone_ViaHttps() throws Exception {

  232. 		Repository dst = createBareRepository();

  233. 		assertFalse(dst.getObjectDatabase().has(A_txt));

  234. 

  235. 		try (Transport t = Transport.open(dst, secureURI)) {

  236. 			t.setCredentialsProvider(testCredentials);

  237. 			t.fetch(NullProgressMonitor.INSTANCE, mirror(master));

  238. 		}

  239. 		assertTrue(dst.getObjectDatabase().has(A_txt));

  240. 		assertEquals(B, dst.exactRef(master).getObjectId());

  241. 		fsck(dst, B);

  242. 

  243. 		List<AccessEvent> requests = getRequests();

  244. 		assertEquals(enableProtocolV2 ? 3 : 2, requests.size());

  245. 	}

  246. 

  247. 	@Test

  248. 	public void testInitialClone_RedirectToHttps() throws Exception {

  249. 		Repository dst = createBareRepository();

  250. 		assertFalse(dst.getObjectDatabase().has(A_txt));

  251. 

  252. 		URIish cloneFrom = extendPath(remoteURI, "/https");

  253. 		try (Transport t = Transport.open(dst, cloneFrom)) {

  254. 			t.setCredentialsProvider(testCredentials);

  255. 			t.fetch(NullProgressMonitor.INSTANCE, mirror(master));

  256. 		}

  257. 		assertTrue(dst.getObjectDatabase().has(A_txt));

  258. 		assertEquals(B, dst.exactRef(master).getObjectId());

  259. 		fsck(dst, B);

  260. 

  261. 		List<AccessEvent> requests = getRequests();

  262. 		assertEquals(enableProtocolV2 ? 4 : 3, requests.size());

  263. 	}

  264. 

  265. 	@Test

  266. 	public void testInitialClone_RedirectBackToHttp() throws Exception {

  267. 		Repository dst = createBareRepository();

  268. 		assertFalse(dst.getObjectDatabase().has(A_txt));

  269. 

  270. 		URIish cloneFrom = extendPath(secureURI, "/back");

  271. 		try (Transport t = Transport.open(dst, cloneFrom)) {

  272. 			t.setCredentialsProvider(testCredentials);

  273. 			t.fetch(NullProgressMonitor.INSTANCE, mirror(master));

  274. 			fail("Should have failed (redirect from https to http)");

  275. 		} catch (TransportException e) {

  276. 			assertTrue(e.getMessage().contains("not allowed"));

  277. 		}

  278. 	}

  279. 

  280. 	@Test

  281. 	public void testInitialClone_SslFailure() throws Exception {

  282. 		Repository dst = createBareRepository();

  283. 		assertFalse(dst.getObjectDatabase().has(A_txt));

  284. 

  285. 		try (Transport t = Transport.open(dst, secureURI)) {

  286. 			// Set a credentials provider that doesn't handle questions

  287. 			t.setCredentialsProvider(

  288. 					new UsernamePasswordCredentialsProvider("any", "anypwd"));

  289. 			t.fetch(NullProgressMonitor.INSTANCE, mirror(master));

  290. 			fail("Should have failed (SSL certificate not trusted)");

  291. 		} catch (TransportException e) {

  292. 			assertTrue(e.getMessage().contains("Secure connection"));

  293. 		}

  294. 	}

  295. 

  296. }