mirrors
/
jgit
şunun yansıması https://github.com/eclipse/jgit.git
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Sürümler 204 Wiki Aktivite
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8008 İşlemeler
49 Dallar
Ağaç: 2171f868d9
Dallar Biçim İmleri
${ item.name }
Branş ${ searchTerm } oluştur
'2171f868d9'den
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java

TransportHttp.java 54KB
Ham Normal View Geçmiş

Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Don't doubly wrap TransportException in smart HTTP client If the readAdvertisedRefs() method throws an exception, its already closed the connection and wrapped the underlying cause inside of a suitable TransportException object that it is throwing. We shouldn't catch IOException and rethrow a wrapped copy here, because we'll double wrap the exception thrown by readAdvertisedRefs. This may obsecure the root cause of the connection failure from the end-user. Change-Id: I0ca61560f9888c666323dac8a5582aab25e897ff Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Don't verify host name when sslVerify is false Native git also doesn't verify host names when http.sslVerify=false. See native git's commit a5ccc597. See: http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02047.html Change-Id: I42f509fea8e4ac89fad646aec3dfbf1753ae7e3d Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
11 yıl önce
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Deprecate Constants.CHARSET in favor of StandardCharsets.UTF_8 Change-Id: I3b748620f067582afef20f144feebe40d0332be2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Constants for objects and info/{http-,}alternates These are useful to avoid typos, and also for tab completion. Change-Id: I0f2d267e46b36bc40297c9657c447f3fd8b9f831 Signed-off-by: David Turner <dturner@twosigma.com>
4 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
dump HTTP: Avoid being confused by Content-Length of a gzipped stream TransportHttp sets 'Accept-Encoding: gzip' to allow the server to compress HTTP responses. When fetching a loose object over HTTP, it uses the following code to read the response: InputStream in = openInputStream(c); int len = c.getContentLength(); return new FileStream(in, len); If the content is gzipped, openInputStream decompresses it and produces the correct content for the object. Unfortunately the Content-Length header contains the length of the compressed stream instead of the actual content length. Use a length of -1 instead since we don't know the actual length. Loose objects are already compressed, so the gzip encoding typically produces a longer compressed payload. The value from the Content-Length is too high, producing EOFException: Short read of block. Change-Id: I8d5284dad608e3abd8217823da2b365e8cd998b0 Signed-off-by: Zhen Chen <czhen@google.com> Helped-by: Jonathan Nieder <jrn@google.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Follow redirects in transport Bug: 465167 Change-Id: I6da19c8106201c2a1ac69002bd633b7387f25d96 Signed-off-by: Bo Zhang <zhangbodut@gmail.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Detects background authentication and force use of jgit authentication Sun HttpURLConnection is able to handle authentication like SPNEGO without caller intervention. However, there are some restrictions: - do not need user direct input (user,password for example) - it doesn't work when request body is chunked/streamed (because it cannot be replayed) Unfortunately there is no real way to leverage HttpURLConnection authentication work as the authentication header is stripped off the request before returning to the caller. There's also no way to explicitly disable authentication in HttpURLConnection (SPNEGO auth will always be attempted if a valid token can be created by GSSAPI). This is an issue for jgit since it is expected that the first request will be used to detect authentication method, and reuse for the subsequent requests. This patch modifies TransportHTTP to detect authentication done in the background by HttpURLConnection and sets the jgit authentication method accordingly so it will always work for future requests (assuming that the authentication method used by HttpURLConnection is also supported by jgit). Bug: 428836 Change-Id: I79f3b70ca2b8377e20da8e6a01914e43e96595ce Signed-off-by: Laurent Goujon <lgoujon@twitter.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
TransportHttp: abort on time-out or on SocketException Avoid trying other authentication methods on SocketException or on InterruptedIOException. SocketException is rather fatal, such as nothing listening on the peer's port, connection reset, or it could be a connection time-out. Time-outs enforced by Timeout{Input,Output}Stream may result in InterruptedIOException being thrown. In both cases, it makes no sense to try other authentication methods, and doing so may wrongly report "authentication not supported" or "cannot open git-upload-pack" or some such instead of reporting a time-out. Bug: 563138 Change-Id: I0191b1e784c2471035e550205abd06ec9934fd00 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
TransportHttp: abort on time-out or on SocketException Avoid trying other authentication methods on SocketException or on InterruptedIOException. SocketException is rather fatal, such as nothing listening on the peer's port, connection reset, or it could be a connection time-out. Time-outs enforced by Timeout{Input,Output}Stream may result in InterruptedIOException being thrown. In both cases, it makes no sense to try other authentication methods, and doing so may wrongly report "authentication not supported" or "cannot open git-upload-pack" or some such instead of reporting a time-out. Bug: 563138 Change-Id: I0191b1e784c2471035e550205abd06ec9934fd00 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support "http.userAgent" and "http.extraHeader" from the git config Validate the extra headers and log but otherwise ignore invalid headers. An empty http.extraHeader starts the list afresh. The http.userAgent is restricted to printable 7-bit ASCII, other characters are replaced by '.'. Moves a support method from the ssh.apache bundle to HttpSupport in the main JGit bundle. Bug:541500 Change-Id: Id2d8df12914e2cdbd936ff00dc824d8f871bd580 Signed-off-by: James Wynn <james@jameswynn.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Move JGitText to an internal package Change-Id: I763590a45d75f00a09097ab6f89581a3bbd3c797
12 yıl önce
JGit 3.0: move internal classes into an internal subpackage This breaks all existing callers once. Applications are not supposed to build against the internal storage API unless they can accept API churn and make necessary updates as versions change. Change-Id: I2ab1327c202ef2003565e1b0770a583970e432e9
11 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove trailing whitespace at end of line As discussed on the egit-dev mailing list, we prefer not to have trailing whitespace in our source code. Correct all currently offending lines by trimming them. Change-Id: I002b1d1980071084c0bc53242c8f5900970e6845 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix warnings about redundant specification of type arguments Since the introduction of generic type parameter inference in Java 7, it's not necessary to explicitly specify the type of generic parameters. Enable the warning in Eclipse, and fix all occurrences. Change-Id: I9158caf1beca5e4980b6240ac401f3868520aad0 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
TransportProtocol: Allow null Repository in canHandle() This allows callers to determine if a URI is supported, before worrying about the local repository. Suggested-by: Dariusz Luksza <dariusz@luksza.org> Change-Id: Ifc76a4ba841f2e2e7354bd51306b87b3b9d7f6ab Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
13 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Add Transport URI constructor without a repository Let a Transport instance be opened with only a URI, for use in the upcoming publish-subscribe feature. Change-Id: I391c60c10d034b5c1c0ef19b1f24a9ba76b17bb5
12 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Add Transport URI constructor without a repository Let a Transport instance be opened with only a URI, for use in the upcoming publish-subscribe feature. Change-Id: I391c60c10d034b5c1c0ef19b1f24a9ba76b17bb5
12 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
TransportProtocol: Allow null Repository in canHandle() This allows callers to determine if a URI is supported, before worrying about the local repository. Suggested-by: Dariusz Luksza <dariusz@luksza.org> Change-Id: Ifc76a4ba841f2e2e7354bd51306b87b3b9d7f6ab Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
13 yıl önce
Make the supported Transports extensible and discoverable The new TransportProtocol type describes what a particular Transport implementation wants in order to support a connection. 3rd parties can now plug into the Transport.open() logic by implementing their own TransportProtocol and Transport classes, and registering with Transport.register(). GUI applications can help the user configure a connection by looking at the supported fields of a particular TransportProtocol type, which makes the GUI more dynamic and may better support new Transports. Change-Id: Iafd8e3a6285261412aac6cba8e2c333f8b7b76a5 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
13 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add JUnit tests for HTTP transport No Eclipse support for this project is provided, because the Jetty project does not publish a complete P2 repository. Change-Id: Ic5fe2e79bb216e36920fd4a70ec15dd6ccfd1468 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Creates HttpAuthMethod type enum to support auth ordering Refactors HttpAuthMethod to support more authentication methods, still sorted by priority orders. Bug: 428836 Change-Id: I049c1742e7afbc51f3f6033fa4d471b344813cfa Signed-off-by: Laurent Goujon <lgoujon@twitter.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Add API to permit the setting of additional HTTP headers Signed-off-by: Bogdan Gheorghe <gheorghe@ca.ibm.com> Change-Id: I1047f318bb5c63850f45ba85d73c97fe8bf70a6c
10 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Fix javadoc in org.eclipse.jgit transport package Change-Id: Id70e2c27e38bf12f87e66b28fbd0b06908494764 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Fix javadoc in org.eclipse.jgit transport package Change-Id: Id70e2c27e38bf12f87e66b28fbd0b06908494764 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add Transport URI constructor without a repository Let a Transport instance be opened with only a URI, for use in the upcoming publish-subscribe feature. Change-Id: I391c60c10d034b5c1c0ef19b1f24a9ba76b17bb5
12 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Add Transport URI constructor without a repository Let a Transport instance be opened with only a URI, for use in the upcoming publish-subscribe feature. Change-Id: I391c60c10d034b5c1c0ef19b1f24a9ba76b17bb5
12 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add Transport URI constructor without a repository Let a Transport instance be opened with only a URI, for use in the upcoming publish-subscribe feature. Change-Id: I391c60c10d034b5c1c0ef19b1f24a9ba76b17bb5
12 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Add Transport URI constructor without a repository Let a Transport instance be opened with only a URI, for use in the upcoming publish-subscribe feature. Change-Id: I391c60c10d034b5c1c0ef19b1f24a9ba76b17bb5
12 yıl önce
Add JUnit tests for HTTP transport No Eclipse support for this project is provided, because the Jetty project does not publish a complete P2 repository. Change-Id: Ic5fe2e79bb216e36920fd4a70ec15dd6ccfd1468 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Add JUnit tests for HTTP transport No Eclipse support for this project is provided, because the Jetty project does not publish a complete P2 repository. Change-Id: Ic5fe2e79bb216e36920fd4a70ec15dd6ccfd1468 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
TransportHttp: Refactor to use try-with-resource and suppress resource warning Change-Id: I130269e7c5e46aea2152dea6b02539529208eea2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
Fix javadoc in org.eclipse.jgit transport package Change-Id: Id70e2c27e38bf12f87e66b28fbd0b06908494764 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
TransportHttp: Refactor to use try-with-resource and suppress resource warning Change-Id: I130269e7c5e46aea2152dea6b02539529208eea2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Join catch sections using multicatch Change-Id: I1a9112e6a4f938638c599b489cb0858eca27ab91 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support agent= capability in wire protocol Since git-core ff5effd (v1.7.12.1) the native wire protocol transmits the server and client implementation and version strings using capability "agent=git/1.7.12.1" or similar. Support this in JGit and hang the implementation data off UploadPack and ReceivePack. On HTTP transports default to the User-Agent HTTP header until the client overrides this with the optional capability string in the first line. Extract the user agent string into a UserAgent class under transport where it can be specified to a different value if the application's build process has broken the Implementation-Version header in the JGit package. Change-Id: Icfc6524d84a787386d1786310b421b2f92ae9e65
9 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
TransportHttp: Open auto-closeable resources in try-with-resource Change-Id: I2f713b79ff07f5759c189f384cd25adb9b9f5761 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
TransportHttp: Open auto-closeable resources in try-with-resource Change-Id: I2f713b79ff07f5759c189f384cd25adb9b9f5761 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Remove 86 boxing warnings Use Integer, Character, and Long valueOf methods when passing parameters to MessageFormat and other places that expect objects instead of primitives Change-Id: I5942fbdbca6a378136c00d951ce61167f2366ca4
12 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Deprecate Constants.CHARSET in favor of StandardCharsets.UTF_8 Change-Id: I3b748620f067582afef20f144feebe40d0332be2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Download HEAD by itself if not in info/refs The dumb HTTP transport needs to download the HEAD ref and resolve it manually if HEAD does not appear in info/refs. Its typically for it to not be in the info/refs file. Change-Id: Ie2a58fdfacfeee530b10edb433b8f98c85568585 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Fix javadoc in org.eclipse.jgit transport package Change-Id: Id70e2c27e38bf12f87e66b28fbd0b06908494764 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
TransportHttp: Open auto-closeable resources in try-with-resource Change-Id: I2f713b79ff07f5759c189f384cd25adb9b9f5761 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support agent= capability in wire protocol Since git-core ff5effd (v1.7.12.1) the native wire protocol transmits the server and client implementation and version strings using capability "agent=git/1.7.12.1" or similar. Support this in JGit and hang the implementation data off UploadPack and ReceivePack. On HTTP transports default to the User-Agent HTTP header until the client overrides this with the optional capability string in the first line. Extract the user agent string into a UserAgent class under transport where it can be specified to a different value if the application's build process has broken the Implementation-Version header in the JGit package. Change-Id: Icfc6524d84a787386d1786310b421b2f92ae9e65
9 yıl önce
Add JUnit tests for HTTP transport No Eclipse support for this project is provided, because the Jetty project does not publish a complete P2 repository. Change-Id: Ic5fe2e79bb216e36920fd4a70ec15dd6ccfd1468 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Add JUnit tests for HTTP transport No Eclipse support for this project is provided, because the Jetty project does not publish a complete P2 repository. Change-Id: Ic5fe2e79bb216e36920fd4a70ec15dd6ccfd1468 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Join catch sections using multicatch Change-Id: I1a9112e6a4f938638c599b489cb0858eca27ab91 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support agent= capability in wire protocol Since git-core ff5effd (v1.7.12.1) the native wire protocol transmits the server and client implementation and version strings using capability "agent=git/1.7.12.1" or similar. Support this in JGit and hang the implementation data off UploadPack and ReceivePack. On HTTP transports default to the User-Agent HTTP header until the client overrides this with the optional capability string in the first line. Extract the user agent string into a UserAgent class under transport where it can be specified to a different value if the application's build process has broken the Implementation-Version header in the JGit package. Change-Id: Icfc6524d84a787386d1786310b421b2f92ae9e65
9 yıl önce
Fix javadoc in org.eclipse.jgit transport package Change-Id: Id70e2c27e38bf12f87e66b28fbd0b06908494764 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add API to permit the setting of additional HTTP headers Signed-off-by: Bogdan Gheorghe <gheorghe@ca.ibm.com> Change-Id: I1047f318bb5c63850f45ba85d73c97fe8bf70a6c
10 yıl önce
Add response message, if any, on HTTP status 404 Try to give as much information as possible. The connection's response message might contain additional hints as to why the connection could not be established. Bug: 536541 Change-Id: I7230e4e0be9417be8cedeb8aaab35186fcbf00a5 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Detects background authentication and force use of jgit authentication Sun HttpURLConnection is able to handle authentication like SPNEGO without caller intervention. However, there are some restrictions: - do not need user direct input (user,password for example) - it doesn't work when request body is chunked/streamed (because it cannot be replayed) Unfortunately there is no real way to leverage HttpURLConnection authentication work as the authentication header is stripped off the request before returning to the caller. There's also no way to explicitly disable authentication in HttpURLConnection (SPNEGO auth will always be attempted if a valid token can be created by GSSAPI). This is an issue for jgit since it is expected that the first request will be used to detect authentication method, and reuse for the subsequent requests. This patch modifies TransportHTTP to detect authentication done in the background by HttpURLConnection and sets the jgit authentication method accordingly so it will always work for future requests (assuming that the authentication method used by HttpURLConnection is also supported by jgit). Bug: 428836 Change-Id: I79f3b70ca2b8377e20da8e6a01914e43e96595ce Signed-off-by: Laurent Goujon <lgoujon@twitter.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Creates HttpAuthMethod type enum to support auth ordering Refactors HttpAuthMethod to support more authentication methods, still sorted by priority orders. Bug: 428836 Change-Id: I049c1742e7afbc51f3f6033fa4d471b344813cfa Signed-off-by: Laurent Goujon <lgoujon@twitter.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Detects background authentication and force use of jgit authentication Sun HttpURLConnection is able to handle authentication like SPNEGO without caller intervention. However, there are some restrictions: - do not need user direct input (user,password for example) - it doesn't work when request body is chunked/streamed (because it cannot be replayed) Unfortunately there is no real way to leverage HttpURLConnection authentication work as the authentication header is stripped off the request before returning to the caller. There's also no way to explicitly disable authentication in HttpURLConnection (SPNEGO auth will always be attempted if a valid token can be created by GSSAPI). This is an issue for jgit since it is expected that the first request will be used to detect authentication method, and reuse for the subsequent requests. This patch modifies TransportHTTP to detect authentication done in the background by HttpURLConnection and sets the jgit authentication method accordingly so it will always work for future requests (assuming that the authentication method used by HttpURLConnection is also supported by jgit). Bug: 428836 Change-Id: I79f3b70ca2b8377e20da8e6a01914e43e96595ce Signed-off-by: Laurent Goujon <lgoujon@twitter.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Add response message, if any, on HTTP status 404 Try to give as much information as possible. The connection's response message might contain additional hints as to why the connection could not be established. Bug: 536541 Change-Id: I7230e4e0be9417be8cedeb8aaab35186fcbf00a5 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Creates HttpAuthMethod type enum to support auth ordering Refactors HttpAuthMethod to support more authentication methods, still sorted by priority orders. Bug: 428836 Change-Id: I049c1742e7afbc51f3f6033fa4d471b344813cfa Signed-off-by: Laurent Goujon <lgoujon@twitter.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Retry to call credentials provider if http authentication failed If the user provided wrong credentials or credentials changed we shouldn't give up immediately but retry to get valid credentials from the credentials provider. Reset the credentials provider if authentication failed to avoid it reuses wrong credentials in case it stored them in a persistent store. Bug: 338048 Bug: 342592 Bug: 427735 Change-Id: Ibd62ef3da17be6454991c43f524c8bbc7ca3c37e Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Prevent NPE if no CredentialsProvider is registered If the git server requires authentication and no CredentialsProvider is registered TransportHttp.connect() would throw an NPE since it tries to reset the credentials provider. Instead throw a TransportException explaining the problem. Change-Id: Ib274e7d9c43bba301089975423de6a05ca5169f6 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
9 yıl önce
Ensure that stored credentials aren't reset too early Some commands are started without showing a dialog allowing to enter credentials if needed. Hence we need to tolerate one failing HTTP authentication to trigger loading credentials from the secure store. Hence we should not immediately reset the stored credentials if the first attempt to authenticate fails. Bug: 431209 Change-Id: I1b9fa34c3d70be226bb1c59c9ebe995998d29bc8 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Retry to call credentials provider if http authentication failed If the user provided wrong credentials or credentials changed we shouldn't give up immediately but retry to get valid credentials from the credentials provider. Reset the credentials provider if authentication failed to avoid it reuses wrong credentials in case it stored them in a persistent store. Bug: 338048 Bug: 342592 Bug: 427735 Change-Id: Ibd62ef3da17be6454991c43f524c8bbc7ca3c37e Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Enable providing credentials for HTTP authentication This change is based on http://egit.eclipse.org/r/#change,1652 by David Green. The change adds the concept of a CredentialsProvider which can be registered for git transports and which is responsible to return credential-related data like passwords and usernames. Whenenver the transports detects that an authentication with certain credentials has to be done it will ask the CredentialsProvider for this data. Foreseen implementations for such a Provider may be a EGitCredentialsProvider (caching credential data entered e.g. in the Clone-Wizzard) or a NetRcProvider (gathering data out of ~/.netrc file). Bug: 296201 Change-Id: Ibe13e546b45eed3e193c09ecb414bbec2971d362 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Stefan Lay <stefan.lay@sap.com> Signed-off-by: Shawn O. Pearce <spearce@spearce.org> CC: David Green <dgreen99@gmail.com>
13 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
TransportHttp: support HTTP response 308 Permanent Redirect RFC 7538[1] added HTTP response code 308, signifying a permanent redirect that, contrary to the older 301, does not allow changing the request method from POST to GET. [1] https://tools.ietf.org/html/rfc7538 Bug: 560936 Change-Id: Ib65f3a3ed75db51d74d1fe81d4abe6fe92b0ca12 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Join catch sections using multicatch Change-Id: I1a9112e6a4f938638c599b489cb0858eca27ab91 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
TransportHttp: abort on time-out or on SocketException Avoid trying other authentication methods on SocketException or on InterruptedIOException. SocketException is rather fatal, such as nothing listening on the peer's port, connection reset, or it could be a connection time-out. Time-outs enforced by Timeout{Input,Output}Stream may result in InterruptedIOException being thrown. In both cases, it makes no sense to try other authentication methods, and doing so may wrongly report "authentication not supported" or "cannot open git-upload-pack" or some such instead of reporting a time-out. Bug: 563138 Change-Id: I0191b1e784c2471035e550205abd06ec9934fd00 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Enable and fix warnings about redundant specification of type arguments Since the introduction of generic type parameter inference in Java 7, it's not necessary to explicitly specify the type of generic parameters. Enable the warning in Eclipse, and fix all occurrences. Change-Id: I9158caf1beca5e4980b6240ac401f3868520aad0 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
http transport does not use authentication fallback Git servers supporting HTTP transport can send multiple WWW-Authenticate challenges [1] for different authentication schemes the server supports. If authentication fails now retry all authentication types proposed by the server. [1] https://tools.ietf.org/html/rfc2617#page-3 Bug: 492057 Change-Id: I01d438a5896f9b1008bd6b751ad9c7cbf780af1a Signed-off-by: Christian Pontesegger <christian.pontesegger@web.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
TransportHttp: Check for non-empty list with "!isEmpty()" rather than "size() > 0" Change-Id: Iabb627c8f584346eb8ace3c24afb63b4d1ad3d47 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Enable and fix "Statement unnecessarily nested within else clause" warnings Since [1] the gerrit project includes jgit as a submodule, and has this warning enabled, resulting in 100s of warnings in the console. Also enable the warning here, and fix them. At the same time, add missing braces around adjacent and nearby one-line blocks. [1] https://gerrit-review.googlesource.com/c/gerrit/+/227897 Change-Id: I81df3fc7ed6eedf6874ce1a3bedfa727a1897e4c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
4 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Cache user global and system-wide git configurations So far the git configuration and the system wide git configuration were always reloaded when jgit accessed these global configuration files to access global configuration options which are not in the context of a single git repository. Cache these configurations in SystemReader and only reload them if their file metadata observed using FileSnapshot indicates a modification. Change-Id: I092fe11a5d95f1c5799273cacfc7a415d0b7786c Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Cache user global and system-wide git configurations So far the git configuration and the system wide git configuration were always reloaded when jgit accessed these global configuration files to access global configuration options which are not in the context of a single git repository. Cache these configurations in SystemReader and only reload them if their file metadata observed using FileSnapshot indicates a modification. Change-Id: I092fe11a5d95f1c5799273cacfc7a415d0b7786c Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Cache user global and system-wide git configurations So far the git configuration and the system wide git configuration were always reloaded when jgit accessed these global configuration files to access global configuration options which are not in the context of a single git repository. Cache these configurations in SystemReader and only reload them if their file metadata observed using FileSnapshot indicates a modification. Change-Id: I092fe11a5d95f1c5799273cacfc7a415d0b7786c Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Load the user config before modifying it SystemReader.openUserConfig() does not load the config yet; an explicit StoredConfig.load() is needed. Bug: 374703 Change-Id: I1c397e2fb1a07ac4d9de3675d996417734ff90e9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Cleanup: message reporting for HTTP redirect handling The addition of "tooManyRedirects" in commit 7ac1bfc ("Do authentication re-tries on HTTP POST") was an error I didn't catch after rebasing that change. That message had been renamed in the earlier commit e17bfc9 ("Add support to follow HTTP redirects") to "redirectLimitExceeded". Also make sure we always use the TransportException(URIish, ...) constructor; it'll prefix the message given with the sanitized URI. Change messages to remove the explicit mention of that URI inside the message. Adapt tests that check the expected exception message text. For the info logging of redirects, remove a potentially present password component in the URI to avoid leaking it into the log. Change-Id: I517112404757a9a947e92aaace743c6541dce6aa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Replace usage of String.indexOf with String.contains where possible Change-Id: Iad3fce891077d85cf2533272c54206c33c37afd8 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support extension of TransportHttp This allows subclasses to configure the HTTP connection (for example, to add headers to the request). Bug: 400724 Change-Id: I6f9d699e158a7b9d813c8fa8d273992a28994e41 Signed-off-by: Michael Nelson <michael.nelson@tasktop.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Retry to call credentials provider if http authentication failed If the user provided wrong credentials or credentials changed we shouldn't give up immediately but retry to get valid credentials from the credentials provider. Reset the credentials provider if authentication failed to avoid it reuses wrong credentials in case it stored them in a persistent store. Bug: 338048 Bug: 342592 Bug: 427735 Change-Id: Ibd62ef3da17be6454991c43f524c8bbc7ca3c37e Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Fix javadoc in org.eclipse.jgit transport package Change-Id: Id70e2c27e38bf12f87e66b28fbd0b06908494764 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
6 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Support extension of TransportHttp This allows subclasses to configure the HTTP connection (for example, to add headers to the request). Bug: 400724 Change-Id: I6f9d699e158a7b9d813c8fa8d273992a28994e41 Signed-off-by: Michael Nelson <michael.nelson@tasktop.com> Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
10 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Support for self signed certificate (HTTPS) Add possibility to disable ssl verification, just as i can do with git using: git config --global http.sslVerify false To enable the feature, configure Window->Preferences->Team->Git->Configuration and add a new key/value: http.sslVerify=false When handling repos over https, JGit will then check that flag to see if security is loose and the ssl verification should be ignored. Having it implemented as a key/value makes it not too obvious in the GUI - so the user must know what he/she is doing when adding it. Being aware of the risks etc. Bug: 332487 Change-Id: I2a1b8098b5890bf512b8dbe07da41036c0fc9b72 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Allow to reuse disableSslVerify method, move it to HttpSupport The disableSslVerify method will be used in the follow up change. Change-Id: Ie00b5e14244a9a036cbdef94768007f1c25aa8d3 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
8 yıl önce
Support for self signed certificate (HTTPS) Add possibility to disable ssl verification, just as i can do with git using: git config --global http.sslVerify false To enable the feature, configure Window->Preferences->Team->Git->Configuration and add a new key/value: http.sslVerify=false When handling repos over https, JGit will then check that flag to see if security is loose and the ssl verification should be ignored. Having it implemented as a key/value makes it not too obvious in the GUI - so the user must know what he/she is doing when adding it. Being aware of the risks etc. Bug: 332487 Change-Id: I2a1b8098b5890bf512b8dbe07da41036c0fc9b72 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
Disable the JRE HTTP cache, if any We don't want to use the JRE cache when fetching content. Change-Id: Id76f3e618967c98ed4fbc47a1a2a9e77acbe41ab Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Support "http.userAgent" and "http.extraHeader" from the git config Validate the extra headers and log but otherwise ignore invalid headers. An empty http.extraHeader starts the list afresh. The http.userAgent is restricted to printable 7-bit ASCII, other characters are replaced by '.'. Moves a support method from the ssh.apache bundle to HttpSupport in the main JGit bundle. Bug:541500 Change-Id: Id2d8df12914e2cdbd936ff00dc824d8f871bd580 Signed-off-by: James Wynn <james@jameswynn.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 yıl önce
Support agent= capability in wire protocol Since git-core ff5effd (v1.7.12.1) the native wire protocol transmits the server and client implementation and version strings using capability "agent=git/1.7.12.1" or similar. Support this in JGit and hang the implementation data off UploadPack and ReceivePack. On HTTP transports default to the User-Agent HTTP header until the client overrides this with the optional capability string in the first line. Extract the user agent string into a UserAgent class under transport where it can be specified to a different value if the application's build process has broken the Implementation-Version header in the JGit package. Change-Id: Icfc6524d84a787386d1786310b421b2f92ae9e65
9 yıl önce
Ignore attempts to set the timeout to -1 The value of -1 is the default value used by the underlying http transports provided by the jre. On some versions an attempt to set the timeout explicitly to -1 triggers a check condition, disallowing negative numbers. Bug: 389003 Change-Id: I74a22f8edc6c8e15843ad07c96a137739d9dcad1 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
11 yıl önce
Support "http.userAgent" and "http.extraHeader" from the git config Validate the extra headers and log but otherwise ignore invalid headers. An empty http.extraHeader starts the list afresh. The http.userAgent is restricted to printable 7-bit ASCII, other characters are replaced by '.'. Moves a support method from the ssh.apache bundle to HttpSupport in the main JGit bundle. Bug:541500 Change-Id: Id2d8df12914e2cdbd936ff00dc824d8f871bd580 Signed-off-by: James Wynn <james@jameswynn.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
TransportHttp: Check for non-empty list with "!isEmpty()" rather than "size() > 0" Change-Id: Iabb627c8f584346eb8ace3c24afb63b4d1ad3d47 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Add API to permit the setting of additional HTTP headers Signed-off-by: Bogdan Gheorghe <gheorghe@ca.ibm.com> Change-Id: I1047f318bb5c63850f45ba85d73c97fe8bf70a6c
10 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Add API to permit the setting of additional HTTP headers Signed-off-by: Bogdan Gheorghe <gheorghe@ca.ibm.com> Change-Id: I1047f318bb5c63850f45ba85d73c97fe8bf70a6c
10 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Add API to permit the setting of additional HTTP headers Signed-off-by: Bogdan Gheorghe <gheorghe@ca.ibm.com> Change-Id: I1047f318bb5c63850f45ba85d73c97fe8bf70a6c
10 yıl önce
Support HTTP basic and digest authentication Natively support the HTTP basic and digest authentication methods by setting the Authorization header without going through the JREs java.net.Authenticator API. The Authenticator API is difficult to work with in a multi-threaded server environment, where its using a singleton for the entire JVM. Instead compute the Authorization header from the URIish user and pass, if available. Change-Id: Ibf83fea57cfb17964020d6aeb3363982be944f87 Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support "http.userAgent" and "http.extraHeader" from the git config Validate the extra headers and log but otherwise ignore invalid headers. An empty http.extraHeader starts the list afresh. The http.userAgent is restricted to printable 7-bit ASCII, other characters are replaced by '.'. Moves a support method from the ssh.apache bundle to HttpSupport in the main JGit bundle. Bug:541500 Change-Id: Id2d8df12914e2cdbd936ff00dc824d8f871bd580 Signed-off-by: James Wynn <james@jameswynn.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
TransportHttp: Fix comparison of size with ">= 0" Error Prone reports: [SizeGreaterThanOrEqualsZero] Comparison of a size >= 0 is always true, did you intend to check for non-emptiness? see https://errorprone.info/bugpattern/SizeGreaterThanOrEqualsZero Change-Id: Ie964771cacca4b15569eb45f6e273ad2a7e2e49c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
dump HTTP: Avoid being confused by Content-Length of a gzipped stream TransportHttp sets 'Accept-Encoding: gzip' to allow the server to compress HTTP responses. When fetching a loose object over HTTP, it uses the following code to read the response: InputStream in = openInputStream(c); int len = c.getContentLength(); return new FileStream(in, len); If the content is gzipped, openInputStream decompresses it and produces the correct content for the object. Unfortunately the Content-Length header contains the length of the compressed stream instead of the actual content length. Use a length of -1 instead since we don't know the actual length. Loose objects are already compressed, so the gzip encoding typically produces a longer compressed payload. The value from the Content-Length is too high, producing EOFException: Short read of block. Change-Id: I8d5284dad608e3abd8217823da2b365e8cd998b0 Signed-off-by: Zhen Chen <czhen@google.com> Helped-by: Jonathan Nieder <jrn@google.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Enable and fix "Statement unnecessarily nested within else clause" warnings Since [1] the gerrit project includes jgit as a submodule, and has this warning enabled, resulting in 100s of warnings in the console. Also enable the warning here, and fix them. At the same time, add missing braces around adjacent and nearby one-line blocks. [1] https://gerrit-review.googlesource.com/c/gerrit/+/227897 Change-Id: I81df3fc7ed6eedf6874ce1a3bedfa727a1897e4c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
4 yıl önce
Support reading and writing cookies. The git config entries "http.cookieFile" and "http.saveCookies" are correctly evaluated. Bug: 488572 Change-Id: Icfeeea95e1a5bac3fa4438849d4ac2306d7d5562 Signed-off-by: Konrad Windszus <konrad_w@gmx.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
5 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
dump HTTP: Avoid being confused by Content-Length of a gzipped stream TransportHttp sets 'Accept-Encoding: gzip' to allow the server to compress HTTP responses. When fetching a loose object over HTTP, it uses the following code to read the response: InputStream in = openInputStream(c); int len = c.getContentLength(); return new FileStream(in, len); If the content is gzipped, openInputStream decompresses it and produces the correct content for the object. Unfortunately the Content-Length header contains the length of the compressed stream instead of the actual content length. Use a length of -1 instead since we don't know the actual length. Loose objects are already compressed, so the gzip encoding typically produces a longer compressed payload. The value from the Content-Length is too high, producing EOFException: Short read of block. Change-Id: I8d5284dad608e3abd8217823da2b365e8cd998b0 Signed-off-by: Zhen Chen <czhen@google.com> Helped-by: Jonathan Nieder <jrn@google.com>
7 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Replace trivial reference comparison of PacketLineIn.{DELIM,END} Replace reference comparisons of PacketLineIn's DELIM and END strings with usage of the helper methods isDelimiter() and isEnd(). Change-Id: I52dcfc4ee9097f1bd6970601c716701847d9eebd Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rename local variables/parameters to remove warnings about hiding Change-Id: I73f38492b6a2e7fd6e77005efd0a8a8c65763e74
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Rename local variables/parameters to remove warnings about hiding Change-Id: I73f38492b6a2e7fd6e77005efd0a8a8c65763e74
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rename local variables/parameters to remove warnings about hiding Change-Id: I73f38492b6a2e7fd6e77005efd0a8a8c65763e74
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rename local variables/parameters to remove warnings about hiding Change-Id: I73f38492b6a2e7fd6e77005efd0a8a8c65763e74
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Deprecate Constants.CHARSET in favor of StandardCharsets.UTF_8 Change-Id: I3b748620f067582afef20f144feebe40d0332be2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
5 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Enable and fix warnings about redundant specification of type arguments Since the introduction of generic type parameter inference in Java 7, it's not necessary to explicitly specify the type of generic parameters. Enable the warning in Eclipse, and fix all occurrences. Change-Id: I9158caf1beca5e4980b6240ac401f3868520aad0 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
TransportHttp: Open auto-closeable resources in try-with-resource Change-Id: I2f713b79ff07f5759c189f384cd25adb9b9f5761 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
TransportHttp: Open auto-closeable resources in try-with-resource Change-Id: I2f713b79ff07f5759c189f384cd25adb9b9f5761 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Rename local variables/parameters to remove warnings about hiding Change-Id: I73f38492b6a2e7fd6e77005efd0a8a8c65763e74
9 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
dump HTTP: Avoid being confused by Content-Length of a gzipped stream TransportHttp sets 'Accept-Encoding: gzip' to allow the server to compress HTTP responses. When fetching a loose object over HTTP, it uses the following code to read the response: InputStream in = openInputStream(c); int len = c.getContentLength(); return new FileStream(in, len); If the content is gzipped, openInputStream decompresses it and produces the correct content for the object. Unfortunately the Content-Length header contains the length of the compressed stream instead of the actual content length. Use a length of -1 instead since we don't know the actual length. Loose objects are already compressed, so the gzip encoding typically produces a longer compressed payload. The value from the Content-Length is too high, producing EOFException: Short read of block. Change-Id: I8d5284dad608e3abd8217823da2b365e8cd998b0 Signed-off-by: Zhen Chen <czhen@google.com> Helped-by: Jonathan Nieder <jrn@google.com>
7 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Enable and fix warnings about redundant specification of type arguments Since the introduction of generic type parameter inference in Java 7, it's not necessary to explicitly specify the type of generic parameters. Enable the warning in Eclipse, and fix all occurrences. Change-Id: I9158caf1beca5e4980b6240ac401f3868520aad0 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Rewrite reference handling to be abstract and accurate This commit actually does three major changes to the way references are handled within JGit. Unfortunately they were easier to do as a single massive commit than to break them up into smaller units. Disambiguate symbolic references: --------------------------------- Reporting a symbolic reference such as HEAD as though it were any other normal reference like refs/heads/master causes subtle programming errors. We have been bitten by this error on several occasions, as have some downstream applications written by myself. Instead of reporting HEAD as a reference whose name differs from its "original name", report it as an actual SymbolicRef object that the application can test the type and examine the target of. With this change, Ref is now an abstract type with different subclasses for the different types. In the classical example of "HEAD" being a symbolic reference to branch "refs/heads/master", the Repository.getAllRefs() method will now return: Map<String, Ref> all = repository.getAllRefs(); SymbolicRef HEAD = (SymbolicRef) all.get("HEAD"); ObjectIdRef master = (ObjectIdRef) all.get("refs/heads/master"); assertSame(master, HEAD.getTarget()); assertSame(master.getObjectId(), HEAD.getObjectId()); assertEquals("HEAD", HEAD.getName()); assertEquals("refs/heads/master", master.getName()); A nice side-effect of this change is the storage type of the symbolic reference is no longer ambiguous with the storge type of the underlying reference it targets. In the above example, if master was only available in the packed-refs file, then the following is also true: assertSame(Ref.Storage.LOOSE, HEAD.getStorage()); assertSame(Ref.Storage.PACKED, master.getStorage()); (Prior to this change we returned the ambiguous storage of LOOSE_PACKED for HEAD, which was confusing since it wasn't actually true on disk). Another nice side-effect of this change is all intermediate symbolic references are preserved, and are therefore visible to the application when they walk the target chain. We can now correctly inspect chains of symbolic references. As a result of this change the Ref.getOrigName() method has been removed from the API. Applications should identify a symbolic reference by testing for isSymbolic() and not by using an arcane string comparsion between properties. Abstract the RefDatabase storage: --------------------------------- RefDatabase is now abstract, similar to ObjectDatabase, and a new concrete implementation called RefDirectory is used for the traditional on-disk storage layout. In the future we plan to support additional implementations, such as a pure in-memory RefDatabase for unit testing purposes. Optimize RefDirectory: ---------------------- The implementation of the in-memory reference cache, reading, and update routines has been completely rewritten. Much of the code was heavily borrowed or cribbed from the prior implementation, so copyright notices have been left intact as much as possible. The RefDirectory cache no longer confuses symbolic references with normal references. This permits the cache to resolve the value of a symbolic reference as late as possible, ensuring it is always current, without needing to maintain reverse pointers. The cache is now 2 sorted RefLists, rather than 3 HashMaps. Using sorted lists allows the implementation to reduce the in-memory footprint when storing many refs. Using specialized types for the elements allows the code to avoid additional map lookups for auxiliary stat information. To improve scan time during getRefs(), the lists are returned via a copy-on-write contract. Most callers of getRefs() do not modify the returned collections, so the copy-on-write semantics improves access on repositories with a large number of packed references. Iterator traversals of the returned Map<String,Ref> are performed using a simple merge-join of the two cache lists, ensuring we can perform the entire traversal in linear time as a function of the number of references: O(PackedRefs + LooseRefs). Scans of the loose reference space to update the cache run in O(LooseRefs log LooseRefs) time, as the directory contents are sorted before being merged against the in-memory cache. Since the majority of stable references are kept packed, there typically are only a handful of reference names to be sorted, so the sorting cost should not be very high. Locking is reduced during getRefs() by taking advantage of the copy-on-write semantics of the improved cache data structure. This permits concurrent readers to pull back references without blocking each other. If there is contention updating the cache during a scan, one or more updates are simply skipped and will get picked up again in a future scan. Writing to the $GIT_DIR/packed-refs during reference delete is now fully atomic. The file is locked, reparsed fresh, and written back out if a change is necessary. This avoids all race conditions with concurrent external updates of the packed-refs file. The RefLogWriter class has been fully folded into RefDirectory and is therefore deleted. Maintaining the reference's log is the responsiblity of the database implementation, and not all implementations will use java.io for access. Future work still remains to be done to abstract the ReflogReader class away from local disk IO. Change-Id: I26b9287c45a4b2d2be35ba2849daa316f5eec85d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove 'final' in parameter lists Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Externalize strings from JGit The strings are externalized into the root resource bundles. The resource bundles are stored under the new "resources" source folder to get proper maven build. Strings from tests are, in general, not externalized. Only in cases where it was necessary to make the test pass the strings were externalized. This was typically necessary in cases where e.getMessage() was used in assert and the exception message was slightly changed due to reuse of the externalized strings. Change-Id: Ic0f29c80b9a54fcec8320d8539a3e112852a1f7b Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Enable smart HTTP transport to place EOF at end of pack When fetching over smart HTTP the InputStream that gets fed into a PackParser doesn't really support EOF at the end of the pack. It instead tries to make a new HTTP request, which fails because there is no request body currently buffered by the client. Make EOF work correctly on the end of an HTTP derived InputStream for the pack by denoting no more requests are expected as the higher level code is now consuming the pack (or side-band embedded pack). Smart HTTP support doesn't automatically enqueue execute support onto the end of the UnionInputStream, which allows the UnionInputStream to correctly reflect EOF when the HTTP response is consumed. Change-Id: I975f1ab1c81ab1c1af925716970088bc7b8d6b1a
12 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Don't doubly wrap TransportException in smart HTTP client If the readAdvertisedRefs() method throws an exception, its already closed the connection and wrapped the underlying cause inside of a suitable TransportException object that it is throwing. We shouldn't catch IOException and rethrow a wrapped copy here, because we'll double wrap the exception thrown by readAdvertisedRefs. This may obsecure the root cause of the connection failure from the end-user. Change-Id: I0ca61560f9888c666323dac8a5582aab25e897ff Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Allow users to show server messages while pushing Allow users to provide their OutputStream (via Transport# push(monitor, refUpdates, out)) so that server messages can be written to it (in SideBandInputStream) while they're coming in. CQ: 7065 Bug: 398404 Change-Id: I670782784b38702d52bca98203909aca0496d1c0 Signed-off-by: Andre Dietisheim <andre.dietisheim@gmail.com> Signed-off-by: Chris Aniszczyk <zx@twitter.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
11 yıl önce
Enable smart HTTP transport to place EOF at end of pack When fetching over smart HTTP the InputStream that gets fed into a PackParser doesn't really support EOF at the end of the pack. It instead tries to make a new HTTP request, which fails because there is no request body currently buffered by the client. Make EOF work correctly on the end of an HTTP derived InputStream for the pack by denoting no more requests are expected as the higher level code is now consuming the pack (or side-band embedded pack). Smart HTTP support doesn't automatically enqueue execute support onto the end of the UnionInputStream, which allows the UnionInputStream to correctly reflect EOF when the HTTP response is consumed. Change-Id: I975f1ab1c81ab1c1af925716970088bc7b8d6b1a
12 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Allow users to show server messages while pushing Allow users to provide their OutputStream (via Transport# push(monitor, refUpdates, out)) so that server messages can be written to it (in SideBandInputStream) while they're coming in. CQ: 7065 Bug: 398404 Change-Id: I670782784b38702d52bca98203909aca0496d1c0 Signed-off-by: Andre Dietisheim <andre.dietisheim@gmail.com> Signed-off-by: Chris Aniszczyk <zx@twitter.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
11 yıl önce
Enable smart HTTP transport to place EOF at end of pack When fetching over smart HTTP the InputStream that gets fed into a PackParser doesn't really support EOF at the end of the pack. It instead tries to make a new HTTP request, which fails because there is no request body currently buffered by the client. Make EOF work correctly on the end of an HTTP derived InputStream for the pack by denoting no more requests are expected as the higher level code is now consuming the pack (or side-band embedded pack). Smart HTTP support doesn't automatically enqueue execute support onto the end of the UnionInputStream, which allows the UnionInputStream to correctly reflect EOF when the HTTP response is consumed. Change-Id: I975f1ab1c81ab1c1af925716970088bc7b8d6b1a
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Don't doubly wrap TransportException in smart HTTP client If the readAdvertisedRefs() method throws an exception, its already closed the connection and wrapped the underlying cause inside of a suitable TransportException object that it is throwing. We shouldn't catch IOException and rethrow a wrapped copy here, because we'll double wrap the exception thrown by readAdvertisedRefs. This may obsecure the root cause of the connection failure from the end-user. Change-Id: I0ca61560f9888c666323dac8a5582aab25e897ff Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Allow users to show server messages while pushing Allow users to provide their OutputStream (via Transport# push(monitor, refUpdates, out)) so that server messages can be written to it (in SideBandInputStream) while they're coming in. CQ: 7065 Bug: 398404 Change-Id: I670782784b38702d52bca98203909aca0496d1c0 Signed-off-by: Andre Dietisheim <andre.dietisheim@gmail.com> Signed-off-by: Chris Aniszczyk <zx@twitter.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
11 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Allow users to show server messages while pushing Allow users to provide their OutputStream (via Transport# push(monitor, refUpdates, out)) so that server messages can be written to it (in SideBandInputStream) while they're coming in. CQ: 7065 Bug: 398404 Change-Id: I670782784b38702d52bca98203909aca0496d1c0 Signed-off-by: Andre Dietisheim <andre.dietisheim@gmail.com> Signed-off-by: Chris Aniszczyk <zx@twitter.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
11 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Enable smart HTTP transport to place EOF at end of pack When fetching over smart HTTP the InputStream that gets fed into a PackParser doesn't really support EOF at the end of the pack. It instead tries to make a new HTTP request, which fails because there is no request body currently buffered by the client. Make EOF work correctly on the end of an HTTP derived InputStream for the pack by denoting no more requests are expected as the higher level code is now consuming the pack (or side-band embedded pack). Smart HTTP support doesn't automatically enqueue execute support onto the end of the UnionInputStream, which allows the UnionInputStream to correctly reflect EOF when the HTTP response is consumed. Change-Id: I975f1ab1c81ab1c1af925716970088bc7b8d6b1a
12 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Fix smart HTTP client buffer alignment This proved to be a pretty difficult to find bug. If we read exactly the number of response bytes from the UnionInputStream and didn't try to read beyond that length, the last connection's InputStream is still inside of the UnionInputStream, and UnionInputStream.isEmpty() returns false. But there is no data present, so the next read request to our UnionInputStream returns EOF at a point where the HTTP client code should have started a new request in order to get more data. Instead of wrapping the UnionInputStream, push an dummy stream onto the end of it which when invoked always starts the next request and then returns EOF. The UnionInputStream will automatically pop that dummy stream out, and then read the next request's stream. This way we never get into the state where we don't think we need to run another request in order to satisfy the current read request, but we really do. The bug was hidden for so long because BasePackConnection.init() was always wrapping the InputStream into a BufferedInputStream with an 8 KiB buffer. This made the odds of us reading from the UnionInputStream the exact number of available bytes quite low, as the BufferedInputStream would always try to read a full buffer size. Change-Id: I02b5ec3ef6853688687d91de000a5fbe2354915d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Decide whether to "Accept-Encoding: gzip" on a request-by-request basis When the reply is already compressed (e.g. a packfile fetched using dumb HTTP), "Content-Encoding: gzip" wastes bandwidth relative to sending the content raw. So don't "Accept-Encoding: gzip" for such requests. Change-Id: Id25702c0b0ed2895df8e9790052c3417d713572c Signed-off-by: Zhen Chen <czhen@google.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
TransportHttp: Open auto-closeable resources in try-with-resource Change-Id: I2f713b79ff07f5759c189f384cd25adb9b9f5761 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add response message, if any, on HTTP status 404 Try to give as much information as possible. The connection's response message might contain additional hints as to why the connection could not be established. Bug: 536541 Change-Id: I7230e4e0be9417be8cedeb8aaab35186fcbf00a5 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
TransportHttp: support HTTP response 308 Permanent Redirect RFC 7538[1] added HTTP response code 308, signifying a permanent redirect that, contrary to the older 301, does not allow changing the request method from POST to GET. [1] https://tools.ietf.org/html/rfc7538 Bug: 560936 Change-Id: Ib65f3a3ed75db51d74d1fe81d4abe6fe92b0ca12 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
TransportHttp: resolve redirect URIs from the "Location" header The "Location" header in a redirect response may contain a relative URI. Resolve it against the URI the request was made. Bug: 550033 Change-Id: I29de07dfbbbc794090821b7c190cb2cf662c5a60 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
TransportHttp: retry on IOException with another mechanism When a 401 occurs on POST and the server advertises Negotiate, we may get an exception from GSSAPI if the client isn't configured at all for Kerberos. Add exception logic similar to the GET case: keep trying other authentication mechanisms if this occurs. Bug: 501167 Change-Id: Ic3a3368378d4b3408a35aec93e78ef425d54b3e4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Do authentication re-tries on HTTP POST There is at least one git server out there (GOGS) that does not require authentication on the initial GET for info/refs?service=git-receive-pack but that _does_ require authentication for the subsequent POST to actually do the push. This occurs on GOGS with public repositories; for private repositories it wants authentication up front. Handle this behavior by adding 401 handling to our POST request. Note that this is suboptimal; we'll re-send the push data at least twice if an authentication failure on POST occurs. It would be much better if the server required authentication up-front in the GET request. Added authentication unit tests (using BASIC auth) to the SmartClientSmartServerTest: - clone with authentication - clone with authentication but lacking CredentialsProvider - clone with authentication and wrong password - clone with authentication after redirect - clone with authentication only on POST, but not on GET Also tested manually in the wild using repositories at try.gogs.io. That server offers only BASIC auth, so the other paths (DIGEST, NEGOTIATE, fall back from DIGEST to BASIC) are untested and I have no way to test them. * public repository: GET unauthenticated, POST authenticated Also tested after clearing the credentials and then entering a wrong password: correctly asks three times during the HTTP POST for user name and password, then gives up. * private repository: authentication already on GET; then gets applied correctly initially to the POST request, which succeeds. Also fix the authentication to use the credentials for the redirected URI if redirects had occurred. We must not present the credentials for the original URI in that case. Consider a malicious redirect A->B: this would allow server B to harvest the user credentials for server A. The unit test for authentication after a redirect also tests for this. Bug: 513043 Change-Id: I97ee5058569efa1545a6c6f6edfd2b357c40592a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Handle SSL handshake failures in TransportHttp When a https connection could not be established because the SSL handshake was unsuccessful, TransportHttp would unconditionally throw a TransportException. Other https clients like web browsers or also some SVN clients handle this more gracefully. If there's a problem with the server certificate, they inform the user and give him a possibility to connect to the server all the same. In git, this would correspond to dynamically setting http.sslVerify to false for the server. Implement this using the CredentialsProvider to inform and ask the user. We offer three choices: 1. skip SSL verification for the current git operation, or 2. skip SSL verification for the server always from now on for requests originating from the current repository, or 3. always skip SSL verification for the server from now on. For (1), we just suppress SSL verification for the current instance of TransportHttp. For (2), we store a http.<uri>.sslVerify = false setting for the original URI in the repo config. For (3), we store the http.<uri>.sslVerify setting in the git user config. Adapt the SmartClientSmartServerSslTest such that it uses this mechanism instead of setting http.sslVerify up front. Improve SimpleHttpServer to enable setting it up also with HTTPS support in anticipation of an EGit SWTbot UI test verifying that cloning via HTTPS from a server that has a certificate that doesn't validate pops up the correct dialog, and that cloning subsequently proceeds successfully if the user decides to skip SSL verification. Bug: 374703 Change-Id: Ie1abada9a3d389ad4d8d52c2d5265d2764e3fb0e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
TransportHttp: abort on time-out or on SocketException Avoid trying other authentication methods on SocketException or on InterruptedIOException. SocketException is rather fatal, such as nothing listening on the peer's port, connection reset, or it could be a connection time-out. Time-outs enforced by Timeout{Input,Output}Stream may result in InterruptedIOException being thrown. In both cases, it makes no sense to try other authentication methods, and doing so may wrongly report "authentication not supported" or "cannot open git-upload-pack" or some such instead of reporting a time-out. Bug: 563138 Change-Id: I0191b1e784c2471035e550205abd06ec9934fd00 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
4 yıl önce
TransportHttp: retry on IOException with another mechanism When a 401 occurs on POST and the server advertises Negotiate, we may get an exception from GSSAPI if the client isn't configured at all for Kerberos. Add exception logic similar to the GET case: keep trying other authentication mechanisms if this occurs. Bug: 501167 Change-Id: Ic3a3368378d4b3408a35aec93e78ef425d54b3e4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Add support to follow HTTP redirects git-core follows HTTP redirects so JGit should also provide this. Implement config setting http.followRedirects with possible values "false" (= never), "true" (= always), and "initial" (only on GET, but not on POST).[1] We must do our own redirect handling and cannot rely on the support that the underlying real connection may offer. At least the JDK's HttpURLConnection has two features that get in the way: * it does not allow cross-protocol redirects and thus fails on http->https redirects (for instance, on Github). * it translates a redirect after a POST to a GET unless the system property "http.strictPostRedirect" is set to true. We don't want to manipulate that system setting nor require it. Additionally, git has its own rules about what redirects it accepts;[2] for instance, it does not allow a redirect that adds query arguments. We handle response codes 301, 302, 303, and 307 as per RFC 2616.[3] On POST we do not handle 303, and we follow redirects only if http.followRedirects == true. Redirects are followed only a certain number of times. There are two ways to control that limit: * by default, the limit is given by the http.maxRedirects system property that is also used by the JDK. If the system property is not set, the default is 5. (This is much lower than the JDK default of 20, but I don't see the value of following so many redirects.) * this can be overwritten by a http.maxRedirects git config setting. The JGit http.* git config settings are currently all global; JGit has no support yet for URI-specific settings "http.<pattern>.name". Adding support for that is well beyond the scope of this change. Like git-core, we log every redirect attempt (LOG.info) so that users may know about the redirection having occurred. Extends the test framework to configure an AppServer with HTTPS support so that we can test cloning via HTTPS and redirections involving HTTPS. [1] https://git-scm.com/docs/git-config [2] https://kernel.googlesource.com/pub/scm/git/git/+/6628eb41db5189c0cdfdced6d8697e7c813c5f0f [3] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html CQ: 13987 Bug: 465167 Change-Id: I86518cb76842f7d326b51f8715e3bbf8ada89859 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
9 yıl önce
Follow redirects in transport Bug: 465167 Change-Id: I6da19c8106201c2a1ac69002bd633b7387f25d96 Signed-off-by: Bo Zhang <zhangbodut@gmail.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
7 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Introduce an abstraction for HTTP connections Previously all HTTP communication was done with the help of java.net.HttpUrlConnection. In order to make JGit usable in environments where the direct usage of such connections is not allowed but where the environment provides other means to get network connections an abstraction for connections is introduced. The idea is that new implementations of this interface will be introduced which will not use java.net.HttpUrlConnection but use e.g. org.apache.client.http.HttpClient to provide network connections. One example: certain cloud infrastructures don't allow that components in the cloud communicate directly with HttpUrlConnection. Instead they provide services where a component can ask for a connection (given a symbolic name for the destination) and where the infrastructure returns a preconfigured org.apache.http.client.HttpClient. In order to allow JGit to be running in such environments we need the abstraction introduced in this commit. Change-Id: I3b06629f90a118bd284e55bb3f6465fe7d10463d Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
10 yıl önce
Externalize strings in TransportHttp Some strings were not externalized. Also use them in HTTP tests to ensure that they will also succeed when message bundles are translated. Change-Id: Id02717176557e7d57e676e1339cd89f2be88d330 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
13 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Fix smart HTTP client buffer alignment This proved to be a pretty difficult to find bug. If we read exactly the number of response bytes from the UnionInputStream and didn't try to read beyond that length, the last connection's InputStream is still inside of the UnionInputStream, and UnionInputStream.isEmpty() returns false. But there is no data present, so the next read request to our UnionInputStream returns EOF at a point where the HTTP client code should have started a new request in order to get more data. Instead of wrapping the UnionInputStream, push an dummy stream onto the end of it which when invoked always starts the next request and then returns EOF. The UnionInputStream will automatically pop that dummy stream out, and then read the next request's stream. This way we never get into the state where we don't think we need to run another request in order to satisfy the current read request, but we really do. The bug was hidden for so long because BasePackConnection.init() was always wrapping the InputStream into a BufferedInputStream with an 8 KiB buffer. This made the odds of us reading from the UnionInputStream the exact number of available bytes quite low, as the BufferedInputStream would always try to read a full buffer size. Change-Id: I02b5ec3ef6853688687d91de000a5fbe2354915d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Fix smart HTTP client buffer alignment This proved to be a pretty difficult to find bug. If we read exactly the number of response bytes from the UnionInputStream and didn't try to read beyond that length, the last connection's InputStream is still inside of the UnionInputStream, and UnionInputStream.isEmpty() returns false. But there is no data present, so the next read request to our UnionInputStream returns EOF at a point where the HTTP client code should have started a new request in order to get more data. Instead of wrapping the UnionInputStream, push an dummy stream onto the end of it which when invoked always starts the next request and then returns EOF. The UnionInputStream will automatically pop that dummy stream out, and then read the next request's stream. This way we never get into the state where we don't think we need to run another request in order to satisfy the current read request, but we really do. The bug was hidden for so long because BasePackConnection.init() was always wrapping the InputStream into a BufferedInputStream with an 8 KiB buffer. This made the odds of us reading from the UnionInputStream the exact number of available bytes quite low, as the BufferedInputStream would always try to read a full buffer size. Change-Id: I02b5ec3ef6853688687d91de000a5fbe2354915d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Fix smart HTTP client buffer alignment This proved to be a pretty difficult to find bug. If we read exactly the number of response bytes from the UnionInputStream and didn't try to read beyond that length, the last connection's InputStream is still inside of the UnionInputStream, and UnionInputStream.isEmpty() returns false. But there is no data present, so the next read request to our UnionInputStream returns EOF at a point where the HTTP client code should have started a new request in order to get more data. Instead of wrapping the UnionInputStream, push an dummy stream onto the end of it which when invoked always starts the next request and then returns EOF. The UnionInputStream will automatically pop that dummy stream out, and then read the next request's stream. This way we never get into the state where we don't think we need to run another request in order to satisfy the current read request, but we really do. The bug was hidden for so long because BasePackConnection.init() was always wrapping the InputStream into a BufferedInputStream with an 8 KiB buffer. This made the odds of us reading from the UnionInputStream the exact number of available bytes quite low, as the BufferedInputStream would always try to read a full buffer size. Change-Id: I02b5ec3ef6853688687d91de000a5fbe2354915d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Enable and fix 'Should be tagged with @Override' warning Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
7 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Fix smart HTTP client buffer alignment This proved to be a pretty difficult to find bug. If we read exactly the number of response bytes from the UnionInputStream and didn't try to read beyond that length, the last connection's InputStream is still inside of the UnionInputStream, and UnionInputStream.isEmpty() returns false. But there is no data present, so the next read request to our UnionInputStream returns EOF at a point where the HTTP client code should have started a new request in order to get more data. Instead of wrapping the UnionInputStream, push an dummy stream onto the end of it which when invoked always starts the next request and then returns EOF. The UnionInputStream will automatically pop that dummy stream out, and then read the next request's stream. This way we never get into the state where we don't think we need to run another request in order to satisfy the current read request, but we really do. The bug was hidden for so long because BasePackConnection.init() was always wrapping the InputStream into a BufferedInputStream with an 8 KiB buffer. This made the odds of us reading from the UnionInputStream the exact number of available bytes quite low, as the BufferedInputStream would always try to read a full buffer size. Change-Id: I02b5ec3ef6853688687d91de000a5fbe2354915d Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Support http.<url>.* configs Git has a rather elaborate mechanism to specify HTTP configuration options per URL, based on pattern matching the URL against "http" subsection names.[1] The URLs used for this matching are always the original URLs; redirected URLs do not participate. * Scheme and host must match exactly case-insensitively. * An optional user name must match exactly. * Ports must match exactly after default ports have been filled in. * The path of a subsection, if any, must match a segment prefix of the path of the URL. * Matches with user name take precedence over equal-length path matches without, but longer path matches are preferred over shorter matches with user name. Implement this for JGit. Factor out the HttpConfig from TransportHttp and implement the matching and override mechanism. The set of supported settings is still the same; JGit currently supports only followRedirects, postBuffer, and sslVerify, plus the JGit-specific maxRedirects key. Add tests for path normalization and prefix matching only on segment separators, and use the new mechanism in SmartClientSmartServerSslTest to disable sslVerify selectively for only the test server URLs. Compare also bug 374703 and bug 465492. With this commit it would be possible to set sslVerify to false for only the git server using a self-signed certificate instead of having to switch it off globally via http.sslVerify. [1] https://git-scm.com/docs/git-config Change-Id: I42a3c2399cb937cd7884116a2a32fcaa7a418fcb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
6 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
Remove further unnecessary 'final' keywords Remove it from * package private functions. * try blocks * for loops this was done with the following python script: $ cat f.py import sys import re import os def replaceFinal(m): return m.group(1) + "(" + m.group(2).replace('final ', '') + ")" methodDecl = re.compile(r"^([\t ]*[a-zA-Z_ ]+)\(([^)]*)\)") def subst(fn): input = open(fn) os.rename(fn, fn + "~") dest = open(fn, 'w') for l in input: l = methodDecl.sub(replaceFinal, l) dest.write(l) dest.close() for root, dirs, files in os.walk(".", topdown=False): for f in files: if not f.endswith('.java'): continue full = os.path.join(root, f) print full subst(full) Change-Id: If533a75a417594fc893e7c669d2c1f0f6caeb7ca Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
6 yıl önce
Refactor TransportHttp for long-polling Split Service into MultiRequestService (fetch, push) and LongPollService (upcoming publish-subscribe). Change-Id: Ice373d3dee63c395490d2707473ccf20a022e5cf
12 yıl önce
client side smart HTTP During fetch over http:// clients now try to take advantage of the info/refs?service=git-upload-pack URL to determine if the remote side will support a standard upload-pack command stream. If so each block of 32 have lines is sent in one POST request, prefixed by all of the 'want' lines and any previously discovered common bases as 'have' lines. During push over http:// clients now try to take advantage of the info/refs?service=git-receive-pack URL to determine if the remote side will support a standard receive-pack command stream. If so, commands are sent along with their pack in a single HTTP POST request. Bug: 291002 Change-Id: I8c69b16ac15c442e1a4c3bd60b4ea1a47882b851 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
Initial JGit contribution to eclipse.org Per CQ 3448 this is the initial contribution of the JGit project to eclipse.org. It is derived from the historical JGit repository at commit 3a2dd9921c8a08740a9e02c421469e5b1a9e47cb. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
14 yıl önce
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721 
  1. /*

  2.  * Copyright (C) 2008-2010, Google Inc.

  3.  * Copyright (C) 2008, Shawn O. Pearce <spearce@spearce.org>

  4.  * Copyright (C) 2013, Matthias Sohn <matthias.sohn@sap.com>

  5.  * Copyright (C) 2017, Thomas Wolf <thomas.wolf@paranor.ch> and others

  6.  *

  7.  * This program and the accompanying materials are made available under the

  8.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  9.  * https://www.eclipse.org/org/documents/edl-v10.php.

  10.  *

  11.  * SPDX-License-Identifier: BSD-3-Clause

  12.  */

  13. 

  14. package org.eclipse.jgit.transport;

  15. 

  16. import static java.nio.charset.StandardCharsets.UTF_8;

  17. import static org.eclipse.jgit.lib.Constants.HEAD;

  18. import static org.eclipse.jgit.lib.Constants.INFO_ALTERNATES;

  19. import static org.eclipse.jgit.lib.Constants.INFO_HTTP_ALTERNATES;

  20. import static org.eclipse.jgit.util.HttpSupport.ENCODING_GZIP;

  21. import static org.eclipse.jgit.util.HttpSupport.ENCODING_X_GZIP;

  22. import static org.eclipse.jgit.util.HttpSupport.HDR_ACCEPT;

  23. import static org.eclipse.jgit.util.HttpSupport.HDR_ACCEPT_ENCODING;

  24. import static org.eclipse.jgit.util.HttpSupport.HDR_CONTENT_ENCODING;

  25. import static org.eclipse.jgit.util.HttpSupport.HDR_CONTENT_TYPE;

  26. import static org.eclipse.jgit.util.HttpSupport.HDR_COOKIE;

  27. import static org.eclipse.jgit.util.HttpSupport.HDR_LOCATION;

  28. import static org.eclipse.jgit.util.HttpSupport.HDR_PRAGMA;

  29. import static org.eclipse.jgit.util.HttpSupport.HDR_SET_COOKIE;

  30. import static org.eclipse.jgit.util.HttpSupport.HDR_SET_COOKIE2;

  31. import static org.eclipse.jgit.util.HttpSupport.HDR_USER_AGENT;

  32. import static org.eclipse.jgit.util.HttpSupport.HDR_WWW_AUTHENTICATE;

  33. import static org.eclipse.jgit.util.HttpSupport.METHOD_GET;

  34. import static org.eclipse.jgit.util.HttpSupport.METHOD_POST;

  35. 

  36. import java.io.BufferedReader;

  37. import java.io.ByteArrayInputStream;

  38. import java.io.FileNotFoundException;

  39. import java.io.IOException;

  40. import java.io.InputStream;

  41. import java.io.InputStreamReader;

  42. import java.io.InterruptedIOException;

  43. import java.io.OutputStream;

  44. import java.net.HttpCookie;

  45. import java.net.MalformedURLException;

  46. import java.net.Proxy;

  47. import java.net.ProxySelector;

  48. import java.net.SocketException;

  49. import java.net.URI;

  50. import java.net.URISyntaxException;

  51. import java.net.URL;

  52. import java.nio.charset.StandardCharsets;

  53. import java.nio.file.InvalidPathException;

  54. import java.nio.file.Path;

  55. import java.nio.file.Paths;

  56. import java.security.cert.CertPathBuilderException;

  57. import java.security.cert.CertPathValidatorException;

  58. import java.security.cert.CertificateException;

  59. import java.text.MessageFormat;

  60. import java.util.ArrayList;

  61. import java.util.Arrays;

  62. import java.util.Collection;

  63. import java.util.Collections;

  64. import java.util.EnumSet;

  65. import java.util.HashSet;

  66. import java.util.LinkedHashSet;

  67. import java.util.LinkedList;

  68. import java.util.List;

  69. import java.util.Locale;

  70. import java.util.Map;

  71. import java.util.Set;

  72. import java.util.TreeMap;

  73. import java.util.zip.GZIPInputStream;

  74. import java.util.zip.GZIPOutputStream;

  75. 

  76. import javax.net.ssl.SSLHandshakeException;

  77. 

  78. import org.eclipse.jgit.errors.ConfigInvalidException;

  79. import org.eclipse.jgit.errors.NoRemoteRepositoryException;

  80. import org.eclipse.jgit.errors.NotSupportedException;

  81. import org.eclipse.jgit.errors.PackProtocolException;

  82. import org.eclipse.jgit.errors.TransportException;

  83. import org.eclipse.jgit.internal.JGitText;

  84. import org.eclipse.jgit.internal.storage.file.RefDirectory;

  85. import org.eclipse.jgit.internal.transport.http.NetscapeCookieFile;

  86. import org.eclipse.jgit.internal.transport.http.NetscapeCookieFileCache;

  87. import org.eclipse.jgit.lib.Constants;

  88. import org.eclipse.jgit.lib.ObjectId;

  89. import org.eclipse.jgit.lib.ObjectIdRef;

  90. import org.eclipse.jgit.lib.ProgressMonitor;

  91. import org.eclipse.jgit.lib.Ref;

  92. import org.eclipse.jgit.lib.Repository;

  93. import org.eclipse.jgit.lib.StoredConfig;

  94. import org.eclipse.jgit.lib.SymbolicRef;

  95. import org.eclipse.jgit.transport.HttpAuthMethod.Type;

  96. import org.eclipse.jgit.transport.HttpConfig.HttpRedirectMode;

  97. import org.eclipse.jgit.transport.http.HttpConnection;

  98. import org.eclipse.jgit.util.HttpSupport;

  99. import org.eclipse.jgit.util.IO;

  100. import org.eclipse.jgit.util.RawParseUtils;

  101. import org.eclipse.jgit.util.StringUtils;

  102. import org.eclipse.jgit.util.SystemReader;

  103. import org.eclipse.jgit.util.TemporaryBuffer;

  104. import org.eclipse.jgit.util.io.DisabledOutputStream;

  105. import org.eclipse.jgit.util.io.UnionInputStream;

  106. import org.slf4j.Logger;

  107. import org.slf4j.LoggerFactory;

  108. 

  109. /**

  110.  * Transport over HTTP and FTP protocols.

  111.  * <p>

  112.  * If the transport is using HTTP and the remote HTTP service is Git-aware

  113.  * (speaks the "smart-http protocol") this client will automatically take

  114.  * advantage of the additional Git-specific HTTP extensions. If the remote

  115.  * service does not support these extensions, the client will degrade to direct

  116.  * file fetching.

  117.  * <p>

  118.  * If the remote (server side) repository does not have the specialized Git

  119.  * support, object files are retrieved directly through standard HTTP GET (or

  120.  * binary FTP GET) requests. This make it easy to serve a Git repository through

  121.  * a standard web host provider that does not offer specific support for Git.

  122.  *

  123.  * @see WalkFetchConnection

  124.  */

  125. public class TransportHttp extends HttpTransport implements WalkTransport,

  126. 		PackTransport {

  127. 

  128. 	private static final Logger LOG = LoggerFactory

  129. 			.getLogger(TransportHttp.class);

  130. 

  131. 	private static final String SVC_UPLOAD_PACK = "git-upload-pack"; //$NON-NLS-1$

  132. 

  133. 	private static final String SVC_RECEIVE_PACK = "git-receive-pack"; //$NON-NLS-1$

  134. 

  135. 	/**

  136. 	 * Accept-Encoding header in the HTTP request

  137. 	 * (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html).

  138. 	 *

  139. 	 * @since 4.6

  140. 	 */

  141. 	public enum AcceptEncoding {

  142. 		/**

  143. 		 * Do not specify an Accept-Encoding header. In most servers this

  144. 		 * results in the content being transmitted as-is.

  145. 		 */

  146. 		UNSPECIFIED,

  147. 

  148. 		/**

  149. 		 * Accept gzip content encoding.

  150. 		 */

  151. 		GZIP

  152. 	}

  153. 

  154. 	static final TransportProtocol PROTO_HTTP = new TransportProtocol() {

  155. 		private final String[] schemeNames = { "http", "https" }; //$NON-NLS-1$ //$NON-NLS-2$

  156. 

  157. 		private final Set<String> schemeSet = Collections

  158. 				.unmodifiableSet(new LinkedHashSet<>(Arrays

  159. 						.asList(schemeNames)));

  160. 

  161. 		@Override

  162. 		public String getName() {

  163. 			return JGitText.get().transportProtoHTTP;

  164. 		}

  165. 

  166. 		@Override

  167. 		public Set<String> getSchemes() {

  168. 			return schemeSet;

  169. 		}

  170. 

  171. 		@Override

  172. 		public Set<URIishField> getRequiredFields() {

  173. 			return Collections.unmodifiableSet(EnumSet.of(URIishField.HOST,

  174. 					URIishField.PATH));

  175. 		}

  176. 

  177. 		@Override

  178. 		public Set<URIishField> getOptionalFields() {

  179. 			return Collections.unmodifiableSet(EnumSet.of(URIishField.USER,

  180. 					URIishField.PASS, URIishField.PORT));

  181. 		}

  182. 

  183. 		@Override

  184. 		public int getDefaultPort() {

  185. 			return 80;

  186. 		}

  187. 

  188. 		@Override

  189. 		public Transport open(URIish uri, Repository local, String remoteName)

  190. 				throws NotSupportedException {

  191. 			return new TransportHttp(local, uri);

  192. 		}

  193. 

  194. 		@Override

  195. 		public Transport open(URIish uri) throws NotSupportedException {

  196. 			return new TransportHttp(uri);

  197. 		}

  198. 	};

  199. 

  200. 	static final TransportProtocol PROTO_FTP = new TransportProtocol() {

  201. 		@Override

  202. 		public String getName() {

  203. 			return JGitText.get().transportProtoFTP;

  204. 		}

  205. 

  206. 		@Override

  207. 		public Set<String> getSchemes() {

  208. 			return Collections.singleton("ftp"); //$NON-NLS-1$

  209. 		}

  210. 

  211. 		@Override

  212. 		public Set<URIishField> getRequiredFields() {

  213. 			return Collections.unmodifiableSet(EnumSet.of(URIishField.HOST,

  214. 					URIishField.PATH));

  215. 		}

  216. 

  217. 		@Override

  218. 		public Set<URIishField> getOptionalFields() {

  219. 			return Collections.unmodifiableSet(EnumSet.of(URIishField.USER,

  220. 					URIishField.PASS, URIishField.PORT));

  221. 		}

  222. 

  223. 		@Override

  224. 		public int getDefaultPort() {

  225. 			return 21;

  226. 		}

  227. 

  228. 		@Override

  229. 		public Transport open(URIish uri, Repository local, String remoteName)

  230. 				throws NotSupportedException {

  231. 			return new TransportHttp(local, uri);

  232. 		}

  233. 	};

  234. 

  235. 	/**

  236. 	 * The current URI we're talking to. The inherited (final) field

  237. 	 * {@link #uri} stores the original URI; {@code currentUri} may be different

  238. 	 * after redirects.

  239. 	 */

  240. 	private URIish currentUri;

  241. 

  242. 	private URL baseUrl;

  243. 

  244. 	private URL objectsUrl;

  245. 

  246. 	private final HttpConfig http;

  247. 

  248. 	private final ProxySelector proxySelector;

  249. 

  250. 	private boolean useSmartHttp = true;

  251. 

  252. 	private HttpAuthMethod authMethod = HttpAuthMethod.Type.NONE.method(null);

  253. 

  254. 	private Map<String, String> headers;

  255. 

  256. 	private boolean sslVerify;

  257. 

  258. 	private boolean sslFailure = false;

  259. 

  260. 	/**

  261. 	 * All stored cookies bound to this repo (independent of the baseUrl)

  262. 	 */

  263. 	private final NetscapeCookieFile cookieFile;

  264. 

  265. 	/**

  266. 	 * The cookies to be sent with each request to the given {@link #baseUrl}.

  267. 	 * Filtered view on top of {@link #cookieFile} where only cookies which

  268. 	 * apply to the current url are left. This set needs to be filtered for

  269. 	 * expired entries each time prior to sending them.

  270. 	 */

  271. 	private final Set<HttpCookie> relevantCookies;

  272. 

  273. 	TransportHttp(Repository local, URIish uri)

  274. 			throws NotSupportedException {

  275. 		super(local, uri);

  276. 		setURI(uri);

  277. 		http = new HttpConfig(local.getConfig(), uri);

  278. 		proxySelector = ProxySelector.getDefault();

  279. 		sslVerify = http.isSslVerify();

  280. 		cookieFile = getCookieFileFromConfig(http);

  281. 		relevantCookies = filterCookies(cookieFile, baseUrl);

  282. 	}

  283. 

  284. 	private URL toURL(URIish urish) throws MalformedURLException {

  285. 		String uriString = urish.toString();

  286. 		if (!uriString.endsWith("/")) { //$NON-NLS-1$

  287. 			uriString += '/';

  288. 		}

  289. 		return new URL(uriString);

  290. 	}

  291. 

  292. 	/**

  293. 	 * Set uri a {@link org.eclipse.jgit.transport.URIish} object.

  294. 	 *

  295. 	 * @param uri

  296. 	 *            a {@link org.eclipse.jgit.transport.URIish} object.

  297. 	 * @throws org.eclipse.jgit.errors.NotSupportedException

  298. 	 * @since 4.9

  299. 	 */

  300. 	protected void setURI(URIish uri) throws NotSupportedException {

  301. 		try {

  302. 			currentUri = uri;

  303. 			baseUrl = toURL(uri);

  304. 			objectsUrl = new URL(baseUrl, "objects/"); //$NON-NLS-1$

  305. 		} catch (MalformedURLException e) {

  306. 			throw new NotSupportedException(MessageFormat.format(JGitText.get().invalidURL, uri), e);

  307. 		}

  308. 	}

  309. 

  310. 	/**

  311. 	 * Create a minimal HTTP transport with default configuration values.

  312. 	 *

  313. 	 * @param uri

  314. 	 * @throws NotSupportedException

  315. 	 */

  316. 	TransportHttp(URIish uri) throws NotSupportedException {

  317. 		super(uri);

  318. 		setURI(uri);

  319. 		http = new HttpConfig(uri);

  320. 		proxySelector = ProxySelector.getDefault();

  321. 		sslVerify = http.isSslVerify();

  322. 		cookieFile = getCookieFileFromConfig(http);

  323. 		relevantCookies = filterCookies(cookieFile, baseUrl);

  324. 	}

  325. 

  326. 	/**

  327. 	 * Toggle whether or not smart HTTP transport should be used.

  328. 	 * <p>

  329. 	 * This flag exists primarily to support backwards compatibility testing

  330. 	 * within a testing framework, there is no need to modify it in most

  331. 	 * applications.

  332. 	 *

  333. 	 * @param on

  334. 	 *            if {@code true} (default), smart HTTP is enabled.

  335. 	 */

  336. 	public void setUseSmartHttp(boolean on) {

  337. 		useSmartHttp = on;

  338. 	}

  339. 

  340. 	@SuppressWarnings("resource") // Closed by caller

  341. 	private FetchConnection getConnection(HttpConnection c, InputStream in,

  342. 			String service) throws IOException {

  343. 		BaseConnection f;

  344. 		if (isSmartHttp(c, service)) {

  345. 			readSmartHeaders(in, service);

  346. 			f = new SmartHttpFetchConnection(in);

  347. 		} else {

  348. 			// Assume this server doesn't support smart HTTP fetch

  349. 			// and fall back on dumb object walking.

  350. 			f = newDumbConnection(in);

  351. 		}

  352. 		f.setPeerUserAgent(c.getHeaderField(HttpSupport.HDR_SERVER));

  353. 		return (FetchConnection) f;

  354. 	}

  355. 

  356. 	/** {@inheritDoc} */

  357. 	@Override

  358. 	public FetchConnection openFetch() throws TransportException,

  359. 			NotSupportedException {

  360. 		final String service = SVC_UPLOAD_PACK;

  361. 		try {

  362. 			final HttpConnection c = connect(service);

  363. 			try (InputStream in = openInputStream(c)) {

  364. 				return getConnection(c, in, service);

  365. 			}

  366. 		} catch (NotSupportedException | TransportException err) {

  367. 			throw err;

  368. 		} catch (IOException err) {

  369. 			throw new TransportException(uri, JGitText.get().errorReadingInfoRefs, err);

  370. 		}

  371. 	}

  372. 

  373. 	private WalkFetchConnection newDumbConnection(InputStream in)

  374. 			throws IOException, PackProtocolException {

  375. 		HttpObjectDB d = new HttpObjectDB(objectsUrl);

  376. 		Map<String, Ref> refs;

  377. 		try (BufferedReader br = toBufferedReader(in)) {

  378. 			refs = d.readAdvertisedImpl(br);

  379. 		}

  380. 

  381. 		if (!refs.containsKey(HEAD)) {

  382. 			// If HEAD was not published in the info/refs file (it usually

  383. 			// is not there) download HEAD by itself as a loose file and do

  384. 			// the resolution by hand.

  385. 			//

  386. 			HttpConnection conn = httpOpen(

  387. 					METHOD_GET,

  388. 					new URL(baseUrl, HEAD),

  389. 					AcceptEncoding.GZIP);

  390. 			int status = HttpSupport.response(conn);

  391. 			switch (status) {

  392. 			case HttpConnection.HTTP_OK: {

  393. 				try (BufferedReader br = toBufferedReader(

  394. 						openInputStream(conn))) {

  395. 					String line = br.readLine();

  396. 					if (line != null && line.startsWith(RefDirectory.SYMREF)) {

  397. 						String target = line.substring(RefDirectory.SYMREF.length());

  398. 						Ref r = refs.get(target);

  399. 						if (r == null)

  400. 							r = new ObjectIdRef.Unpeeled(Ref.Storage.NEW, target, null);

  401. 						r = new SymbolicRef(HEAD, r);

  402. 						refs.put(r.getName(), r);

  403. 					} else if (line != null && ObjectId.isId(line)) {

  404. 						Ref r = new ObjectIdRef.Unpeeled(Ref.Storage.NETWORK,

  405. 								HEAD, ObjectId.fromString(line));

  406. 						refs.put(r.getName(), r);

  407. 					}

  408. 				}

  409. 				break;

  410. 			}

  411. 

  412. 			case HttpConnection.HTTP_NOT_FOUND:

  413. 				break;

  414. 

  415. 			default:

  416. 				throw new TransportException(uri, MessageFormat.format(

  417. 						JGitText.get().cannotReadHEAD, Integer.valueOf(status),

  418. 						conn.getResponseMessage()));

  419. 			}

  420. 		}

  421. 

  422. 		WalkFetchConnection wfc = new WalkFetchConnection(this, d);

  423. 		wfc.available(refs);

  424. 		return wfc;

  425. 	}

  426. 

  427. 	private BufferedReader toBufferedReader(InputStream in) {

  428. 		return new BufferedReader(new InputStreamReader(in, UTF_8));

  429. 	}

  430. 

  431. 	/** {@inheritDoc} */

  432. 	@Override

  433. 	public PushConnection openPush() throws NotSupportedException,

  434. 			TransportException {

  435. 		final String service = SVC_RECEIVE_PACK;

  436. 		try {

  437. 			final HttpConnection c = connect(service);

  438. 			try (InputStream in = openInputStream(c)) {

  439. 				if (isSmartHttp(c, service)) {

  440. 					return smartPush(service, c, in);

  441. 				} else if (!useSmartHttp) {

  442. 					final String msg = JGitText.get().smartHTTPPushDisabled;

  443. 					throw new NotSupportedException(msg);

  444. 

  445. 				} else {

  446. 					final String msg = JGitText.get().remoteDoesNotSupportSmartHTTPPush;

  447. 					throw new NotSupportedException(msg);

  448. 				}

  449. 			}

  450. 		} catch (NotSupportedException | TransportException err) {

  451. 			throw err;

  452. 		} catch (IOException err) {

  453. 			throw new TransportException(uri, JGitText.get().errorReadingInfoRefs, err);

  454. 		}

  455. 	}

  456. 

  457. 	private PushConnection smartPush(String service, HttpConnection c,

  458. 			InputStream in) throws IOException, TransportException {

  459. 		readSmartHeaders(in, service);

  460. 		SmartHttpPushConnection p = new SmartHttpPushConnection(in);

  461. 		p.setPeerUserAgent(c.getHeaderField(HttpSupport.HDR_SERVER));

  462. 		return p;

  463. 	}

  464. 

  465. 	/** {@inheritDoc} */

  466. 	@Override

  467. 	public void close() {

  468. 		// No explicit connections are maintained.

  469. 	}

  470. 

  471. 	/**

  472. 	 * Set additional headers on the HTTP connection

  473. 	 *

  474. 	 * @param headers

  475. 	 *            a map of name:values that are to be set as headers on the HTTP

  476. 	 *            connection

  477. 	 * @since 3.4

  478. 	 */

  479. 	public void setAdditionalHeaders(Map<String, String> headers) {

  480. 		this.headers = headers;

  481. 	}

  482. 

  483. 	private NoRemoteRepositoryException createNotFoundException(URIish u,

  484. 			URL url, String msg) {

  485. 		String text;

  486. 		if (msg != null && !msg.isEmpty()) {

  487. 			text = MessageFormat.format(JGitText.get().uriNotFoundWithMessage,

  488. 					url, msg);

  489. 		} else {

  490. 			text = MessageFormat.format(JGitText.get().uriNotFound, url);

  491. 		}

  492. 		return new NoRemoteRepositoryException(u, text);

  493. 	}

  494. 

  495. 	private HttpConnection connect(String service)

  496. 			throws TransportException, NotSupportedException {

  497. 		URL u = getServiceURL(service);

  498. 		int authAttempts = 1;

  499. 		int redirects = 0;

  500. 		Collection<Type> ignoreTypes = null;

  501. 		for (;;) {

  502. 			try {

  503. 				final HttpConnection conn = httpOpen(METHOD_GET, u, AcceptEncoding.GZIP);

  504. 				if (useSmartHttp) {

  505. 					String exp = "application/x-" + service + "-advertisement"; //$NON-NLS-1$ //$NON-NLS-2$

  506. 					conn.setRequestProperty(HDR_ACCEPT, exp + ", */*"); //$NON-NLS-1$

  507. 				} else {

  508. 					conn.setRequestProperty(HDR_ACCEPT, "*/*"); //$NON-NLS-1$

  509. 				}

  510. 				final int status = HttpSupport.response(conn);

  511. 				processResponseCookies(conn);

  512. 				switch (status) {

  513. 				case HttpConnection.HTTP_OK:

  514. 					// Check if HttpConnection did some authentication in the

  515. 					// background (e.g Kerberos/SPNEGO).

  516. 					// That may not work for streaming requests and jgit

  517. 					// explicit authentication would be required

  518. 					if (authMethod.getType() == HttpAuthMethod.Type.NONE

  519. 							&& conn.getHeaderField(HDR_WWW_AUTHENTICATE) != null)

  520. 						authMethod = HttpAuthMethod.scanResponse(conn, ignoreTypes);

  521. 					return conn;

  522. 

  523. 				case HttpConnection.HTTP_NOT_FOUND:

  524. 					throw createNotFoundException(uri, u,

  525. 							conn.getResponseMessage());

  526. 

  527. 				case HttpConnection.HTTP_UNAUTHORIZED:

  528. 					authMethod = HttpAuthMethod.scanResponse(conn, ignoreTypes);

  529. 					if (authMethod.getType() == HttpAuthMethod.Type.NONE)

  530. 						throw new TransportException(uri, MessageFormat.format(

  531. 								JGitText.get().authenticationNotSupported, uri));

  532. 					CredentialsProvider credentialsProvider = getCredentialsProvider();

  533. 					if (credentialsProvider == null)

  534. 						throw new TransportException(uri,

  535. 								JGitText.get().noCredentialsProvider);

  536. 					if (authAttempts > 1)

  537. 						credentialsProvider.reset(currentUri);

  538. 					if (3 < authAttempts

  539. 							|| !authMethod.authorize(currentUri,

  540. 									credentialsProvider)) {

  541. 						throw new TransportException(uri,

  542. 								JGitText.get().notAuthorized);

  543. 					}

  544. 					authAttempts++;

  545. 					continue;

  546. 

  547. 				case HttpConnection.HTTP_FORBIDDEN:

  548. 					throw new TransportException(uri, MessageFormat.format(

  549. 							JGitText.get().serviceNotPermitted, baseUrl,

  550. 							service));

  551. 

  552. 				case HttpConnection.HTTP_MOVED_PERM:

  553. 				case HttpConnection.HTTP_MOVED_TEMP:

  554. 				case HttpConnection.HTTP_SEE_OTHER:

  555. 				case HttpConnection.HTTP_11_MOVED_PERM:

  556. 				case HttpConnection.HTTP_11_MOVED_TEMP:

  557. 					// SEE_OTHER should actually never be sent by a git server,

  558. 					// and in general should occur only on POST requests. But it

  559. 					// doesn't hurt to accept it here as a redirect.

  560. 					if (http.getFollowRedirects() == HttpRedirectMode.FALSE) {

  561. 						throw new TransportException(uri,

  562. 								MessageFormat.format(

  563. 										JGitText.get().redirectsOff,

  564. 										Integer.valueOf(status)));

  565. 					}

  566. 					URIish newUri = redirect(u,

  567. 							conn.getHeaderField(HDR_LOCATION),

  568. 							Constants.INFO_REFS, redirects++);

  569. 					setURI(newUri);

  570. 					u = getServiceURL(service);

  571. 					authAttempts = 1;

  572. 					break;

  573. 				default:

  574. 					String err = status + " " + conn.getResponseMessage(); //$NON-NLS-1$

  575. 					throw new TransportException(uri, err);

  576. 				}

  577. 			} catch (NotSupportedException | TransportException e) {

  578. 				throw e;

  579. 			} catch (InterruptedIOException e) {

  580. 				// Timeout!? Don't try other authentication methods.

  581. 				throw new TransportException(uri, MessageFormat.format(

  582. 						JGitText.get().connectionTimeOut, u.getHost()), e);

  583. 			} catch (SocketException e) {

  584. 				// Nothing on other end, timeout, connection reset, ...

  585. 				throw new TransportException(uri,

  586. 						JGitText.get().connectionFailed, e);

  587. 			} catch (SSLHandshakeException e) {

  588. 				handleSslFailure(e);

  589. 				continue; // Re-try

  590. 			} catch (IOException e) {

  591. 				if (authMethod.getType() != HttpAuthMethod.Type.NONE) {

  592. 					if (ignoreTypes == null) {

  593. 						ignoreTypes = new HashSet<>();

  594. 					}

  595. 

  596. 					ignoreTypes.add(authMethod.getType());

  597. 

  598. 					// reset auth method & attempts for next authentication type

  599. 					authMethod = HttpAuthMethod.Type.NONE.method(null);

  600. 					authAttempts = 1;

  601. 

  602. 					continue;

  603. 				}

  604. 

  605. 				throw new TransportException(uri, MessageFormat.format(JGitText.get().cannotOpenService, service), e);

  606. 			}

  607. 		}

  608. 	}

  609. 

  610. 	void processResponseCookies(HttpConnection conn) {

  611. 		if (cookieFile != null && http.getSaveCookies()) {

  612. 			List<HttpCookie> foundCookies = new LinkedList<>();

  613. 

  614. 			List<String> cookieHeaderValues = conn

  615. 					.getHeaderFields(HDR_SET_COOKIE);

  616. 			if (!cookieHeaderValues.isEmpty()) {

  617. 				foundCookies.addAll(

  618. 						extractCookies(HDR_SET_COOKIE, cookieHeaderValues));

  619. 			}

  620. 			cookieHeaderValues = conn.getHeaderFields(HDR_SET_COOKIE2);

  621. 			if (!cookieHeaderValues.isEmpty()) {

  622. 				foundCookies.addAll(

  623. 						extractCookies(HDR_SET_COOKIE2, cookieHeaderValues));

  624. 			}

  625. 			if (!foundCookies.isEmpty()) {

  626. 				try {

  627. 					// update cookie lists with the newly received cookies!

  628. 					Set<HttpCookie> cookies = cookieFile.getCookies(false);

  629. 					cookies.addAll(foundCookies);

  630. 					cookieFile.write(baseUrl);

  631. 					relevantCookies.addAll(foundCookies);

  632. 				} catch (IOException | IllegalArgumentException

  633. 						| InterruptedException e) {

  634. 					LOG.warn(MessageFormat.format(

  635. 							JGitText.get().couldNotPersistCookies,

  636. 							cookieFile.getPath()), e);

  637. 				}

  638. 			}

  639. 		}

  640. 	}

  641. 

  642. 	private List<HttpCookie> extractCookies(String headerKey,

  643. 			List<String> headerValues) {

  644. 		List<HttpCookie> foundCookies = new LinkedList<>();

  645. 		for (String headerValue : headerValues) {

  646. 			foundCookies

  647. 					.addAll(HttpCookie.parse(headerKey + ':' + headerValue));

  648. 		}

  649. 		// HttpCookies.parse(...) is only compliant with RFC 2965. Make it RFC

  650. 		// 6265 compliant by applying the logic from

  651. 		// https://tools.ietf.org/html/rfc6265#section-5.2.3

  652. 		for (HttpCookie foundCookie : foundCookies) {

  653. 			String domain = foundCookie.getDomain();

  654. 			if (domain != null && domain.startsWith(".")) { //$NON-NLS-1$

  655. 				foundCookie.setDomain(domain.substring(1));

  656. 			}

  657. 		}

  658. 		return foundCookies;

  659. 	}

  660. 

  661. 	private static class CredentialItems {

  662. 		CredentialItem.InformationalMessage message;

  663. 

  664. 		/** Trust the server for this git operation */

  665. 		CredentialItem.YesNoType now;

  666. 

  667. 		/**

  668. 		 * Trust the server for all git operations from this repository; may be

  669. 		 * {@code null} if the transport was created via

  670. 		 * {@link #TransportHttp(URIish)}.

  671. 		 */

  672. 		CredentialItem.YesNoType forRepo;

  673. 

  674. 		/** Always trust the server from now on. */

  675. 		CredentialItem.YesNoType always;

  676. 

  677. 		public CredentialItem[] items() {

  678. 			if (forRepo == null) {

  679. 				return new CredentialItem[] { message, now, always };

  680. 			}

  681. 			return new CredentialItem[] { message, now, forRepo, always };

  682. 		}

  683. 	}

  684. 

  685. 	private void handleSslFailure(Throwable e) throws TransportException {

  686. 		if (sslFailure || !trustInsecureSslConnection(e.getCause())) {

  687. 			throw new TransportException(uri,

  688. 					MessageFormat.format(

  689. 							JGitText.get().sslFailureExceptionMessage,

  690. 							currentUri.setPass(null)),

  691. 					e);

  692. 		}

  693. 		sslFailure = true;

  694. 	}

  695. 

  696. 	private boolean trustInsecureSslConnection(Throwable cause) {

  697. 		if (cause instanceof CertificateException

  698. 				|| cause instanceof CertPathBuilderException

  699. 				|| cause instanceof CertPathValidatorException) {

  700. 			// Certificate expired or revoked, PKIX path building not

  701. 			// possible, self-signed certificate, host does not match ...

  702. 			CredentialsProvider provider = getCredentialsProvider();

  703. 			if (provider != null) {

  704. 				CredentialItems trust = constructSslTrustItems(cause);

  705. 				CredentialItem[] items = trust.items();

  706. 				if (provider.supports(items)) {

  707. 					boolean answered = provider.get(uri, items);

  708. 					if (answered) {

  709. 						// Not canceled

  710. 						boolean trustNow = trust.now.getValue();

  711. 						boolean trustLocal = trust.forRepo != null

  712. 								&& trust.forRepo.getValue();

  713. 						boolean trustAlways = trust.always.getValue();

  714. 						if (trustNow || trustLocal || trustAlways) {

  715. 							sslVerify = false;

  716. 							if (trustAlways) {

  717. 								updateSslVerifyUser(false);

  718. 							} else if (trustLocal) {

  719. 								updateSslVerify(local.getConfig(), false);

  720. 							}

  721. 							return true;

  722. 						}

  723. 					}

  724. 				}

  725. 			}

  726. 		}

  727. 		return false;

  728. 	}

  729. 

  730. 	private CredentialItems constructSslTrustItems(Throwable cause) {

  731. 		CredentialItems items = new CredentialItems();

  732. 		String info = MessageFormat.format(JGitText.get().sslFailureInfo,

  733. 				currentUri.setPass(null));

  734. 		String sslMessage = cause.getLocalizedMessage();

  735. 		if (sslMessage == null) {

  736. 			sslMessage = cause.toString();

  737. 		}

  738. 		sslMessage = MessageFormat.format(JGitText.get().sslFailureCause,

  739. 				sslMessage);

  740. 		items.message = new CredentialItem.InformationalMessage(info + '\n'

  741. 				+ sslMessage + '\n'

  742. 				+ JGitText.get().sslFailureTrustExplanation);

  743. 		items.now = new CredentialItem.YesNoType(JGitText.get().sslTrustNow);

  744. 		if (local != null) {

  745. 			items.forRepo = new CredentialItem.YesNoType(

  746. 					MessageFormat.format(JGitText.get().sslTrustForRepo,

  747. 					local.getDirectory()));

  748. 		}

  749. 		items.always = new CredentialItem.YesNoType(

  750. 				JGitText.get().sslTrustAlways);

  751. 		return items;

  752. 	}

  753. 

  754. 	private void updateSslVerify(StoredConfig config, boolean value) {

  755. 		// Since git uses the original URI for matching, we must also use the

  756. 		// original URI and cannot use the current URI (which might be different

  757. 		// after redirects).

  758. 		String uriPattern = uri.getScheme() + "://" + uri.getHost(); //$NON-NLS-1$

  759. 		int port = uri.getPort();

  760. 		if (port > 0) {

  761. 			uriPattern += ":" + port; //$NON-NLS-1$

  762. 		}

  763. 		config.setBoolean(HttpConfig.HTTP, uriPattern,

  764. 				HttpConfig.SSL_VERIFY_KEY, value);

  765. 		try {

  766. 			config.save();

  767. 		} catch (IOException e) {

  768. 			LOG.error(JGitText.get().sslVerifyCannotSave, e);

  769. 		}

  770. 	}

  771. 

  772. 	private void updateSslVerifyUser(boolean value) {

  773. 		StoredConfig userConfig = null;

  774. 		try {

  775. 			userConfig = SystemReader.getInstance().getUserConfig();

  776. 			updateSslVerify(userConfig, value);

  777. 		} catch (IOException | ConfigInvalidException e) {

  778. 			// Log it, but otherwise ignore here.

  779. 			LOG.error(e.getMessage(), e);

  780. 		}

  781. 	}

  782. 

  783. 	private URIish redirect(URL currentUrl, String location, String checkFor,

  784. 			int redirects)

  785. 			throws TransportException {

  786. 		if (location == null || location.isEmpty()) {

  787. 			throw new TransportException(uri,

  788. 					MessageFormat.format(JGitText.get().redirectLocationMissing,

  789. 							baseUrl));

  790. 		}

  791. 		if (redirects >= http.getMaxRedirects()) {

  792. 			throw new TransportException(uri,

  793. 					MessageFormat.format(JGitText.get().redirectLimitExceeded,

  794. 							Integer.valueOf(http.getMaxRedirects()), baseUrl,

  795. 							location));

  796. 		}

  797. 		try {

  798. 			URI redirectTo = new URI(location);

  799. 			redirectTo = currentUrl.toURI().resolve(redirectTo);

  800. 			String redirected = redirectTo.toASCIIString();

  801. 			if (!isValidRedirect(baseUrl, redirected, checkFor)) {

  802. 				throw new TransportException(uri,

  803. 						MessageFormat.format(JGitText.get().redirectBlocked,

  804. 								baseUrl, redirected));

  805. 			}

  806. 			redirected = redirected.substring(0, redirected.indexOf(checkFor));

  807. 			URIish result = new URIish(redirected);

  808. 			if (LOG.isInfoEnabled()) {

  809. 				LOG.info(MessageFormat.format(JGitText.get().redirectHttp,

  810. 						uri.setPass(null),

  811. 						Integer.valueOf(redirects), baseUrl, result));

  812. 			}

  813. 			return result;

  814. 		} catch (URISyntaxException e) {

  815. 			throw new TransportException(uri,

  816. 					MessageFormat.format(JGitText.get().invalidRedirectLocation,

  817. 							baseUrl, location),

  818. 					e);

  819. 		}

  820. 	}

  821. 

  822. 	private boolean isValidRedirect(URL current, String next, String checkFor) {

  823. 		// Protocols must be the same, or current is "http" and next "https". We

  824. 		// do not follow redirects from https back to http.

  825. 		String oldProtocol = current.getProtocol().toLowerCase(Locale.ROOT);

  826. 		int schemeEnd = next.indexOf("://"); //$NON-NLS-1$

  827. 		if (schemeEnd < 0) {

  828. 			return false;

  829. 		}

  830. 		String newProtocol = next.substring(0, schemeEnd)

  831. 				.toLowerCase(Locale.ROOT);

  832. 		if (!oldProtocol.equals(newProtocol)) {

  833. 			if (!"https".equals(newProtocol)) { //$NON-NLS-1$

  834. 				return false;

  835. 			}

  836. 		}

  837. 		// git allows only rewriting the root, i.e., everything before INFO_REFS

  838. 		// or the service name

  839. 		if (!next.contains(checkFor)) {

  840. 			return false;

  841. 		}

  842. 		// Basically we should test here that whatever follows INFO_REFS is

  843. 		// unchanged. But since we re-construct the query part

  844. 		// anyway, it doesn't matter.

  845. 		return true;

  846. 	}

  847. 

  848. 	private URL getServiceURL(String service)

  849. 			throws NotSupportedException {

  850. 		try {

  851. 			final StringBuilder b = new StringBuilder();

  852. 			b.append(baseUrl);

  853. 

  854. 			if (b.charAt(b.length() - 1) != '/') {

  855. 				b.append('/');

  856. 			}

  857. 			b.append(Constants.INFO_REFS);

  858. 

  859. 			if (useSmartHttp) {

  860. 				b.append(b.indexOf("?") < 0 ? '?' : '&'); //$NON-NLS-1$

  861. 				b.append("service="); //$NON-NLS-1$

  862. 				b.append(service);

  863. 			}

  864. 

  865. 			return new URL(b.toString());

  866. 		} catch (MalformedURLException e) {

  867. 			throw new NotSupportedException(MessageFormat.format(JGitText.get().invalidURL, uri), e);

  868. 		}

  869. 	}

  870. 

  871. 	/**

  872. 	 * Open an HTTP connection.

  873. 	 *

  874. 	 * @param method HTTP request method

  875. 	 * @param u url of the HTTP connection

  876. 	 * @param acceptEncoding accept-encoding header option

  877. 	 * @return the HTTP connection

  878. 	 * @throws java.io.IOException

  879. 	 * @since 4.6

  880. 	 */

  881. 	protected HttpConnection httpOpen(String method, URL u,

  882. 			AcceptEncoding acceptEncoding) throws IOException {

  883. 		if (method == null || u == null || acceptEncoding == null) {

  884. 			throw new NullPointerException();

  885. 		}

  886. 

  887. 		final Proxy proxy = HttpSupport.proxyFor(proxySelector, u);

  888. 		HttpConnection conn = connectionFactory.create(u, proxy);

  889. 

  890. 		if (!sslVerify && "https".equals(u.getProtocol())) { //$NON-NLS-1$

  891. 			HttpSupport.disableSslVerify(conn);

  892. 		}

  893. 

  894. 		// We must do our own redirect handling to implement git rules and to

  895. 		// handle http->https redirects

  896. 		conn.setInstanceFollowRedirects(false);

  897. 

  898. 		conn.setRequestMethod(method);

  899. 		conn.setUseCaches(false);

  900. 		if (acceptEncoding == AcceptEncoding.GZIP) {

  901. 			conn.setRequestProperty(HDR_ACCEPT_ENCODING, ENCODING_GZIP);

  902. 		}

  903. 		conn.setRequestProperty(HDR_PRAGMA, "no-cache"); //$NON-NLS-1$

  904. 		if (http.getUserAgent() != null) {

  905. 			conn.setRequestProperty(HDR_USER_AGENT, http.getUserAgent());

  906. 		} else if (UserAgent.get() != null) {

  907. 			conn.setRequestProperty(HDR_USER_AGENT, UserAgent.get());

  908. 		}

  909. 		int timeOut = getTimeout();

  910. 		if (timeOut != -1) {

  911. 			int effTimeOut = timeOut * 1000;

  912. 			conn.setConnectTimeout(effTimeOut);

  913. 			conn.setReadTimeout(effTimeOut);

  914. 		}

  915. 		addHeaders(conn, http.getExtraHeaders());

  916. 		// set cookie header if necessary

  917. 		if (!relevantCookies.isEmpty()) {

  918. 			setCookieHeader(conn);

  919. 		}

  920. 

  921. 		if (this.headers != null && !this.headers.isEmpty()) {

  922. 			for (Map.Entry<String, String> entry : this.headers.entrySet()) {

  923. 				conn.setRequestProperty(entry.getKey(), entry.getValue());

  924. 			}

  925. 		}

  926. 		authMethod.configureRequest(conn);

  927. 		return conn;

  928. 	}

  929. 

  930. 	/**

  931. 	 * Adds a list of header strings to the connection. Headers are expected to

  932. 	 * separate keys from values, i.e. "Key: Value". Headers without colon or

  933. 	 * key are ignored (and logged), as are headers with keys that are not RFC

  934. 	 * 7230 tokens or with non-ASCII values.

  935. 	 *

  936. 	 * @param conn

  937. 	 *            The target HttpConnection

  938. 	 * @param headersToAdd

  939. 	 *            A list of header strings

  940. 	 */

  941. 	static void addHeaders(HttpConnection conn, List<String> headersToAdd) {

  942. 		for (String header : headersToAdd) {

  943. 			// Empty values are allowed according to

  944. 			// https://tools.ietf.org/html/rfc7230

  945. 			int colon = header.indexOf(':');

  946. 			String key = null;

  947. 			if (colon > 0) {

  948. 				key = header.substring(0, colon).trim();

  949. 			}

  950. 			if (key == null || key.isEmpty()) {

  951. 				LOG.warn(MessageFormat.format(

  952. 						JGitText.get().invalidHeaderFormat, header));

  953. 			} else if (HttpSupport.scanToken(key, 0) != key.length()) {

  954. 				LOG.warn(MessageFormat.format(JGitText.get().invalidHeaderKey,

  955. 						header));

  956. 			} else {

  957. 				String value = header.substring(colon + 1).trim();

  958. 				if (!StandardCharsets.US_ASCII.newEncoder().canEncode(value)) {

  959. 					LOG.warn(MessageFormat

  960. 							.format(JGitText.get().invalidHeaderValue, header));

  961. 				} else {

  962. 					conn.setRequestProperty(key, value);

  963. 				}

  964. 			}

  965. 		}

  966. 	}

  967. 

  968. 	private void setCookieHeader(HttpConnection conn) {

  969. 		StringBuilder cookieHeaderValue = new StringBuilder();

  970. 		for (HttpCookie cookie : relevantCookies) {

  971. 			if (!cookie.hasExpired()) {

  972. 				if (cookieHeaderValue.length() > 0) {

  973. 					cookieHeaderValue.append(';');

  974. 				}

  975. 				cookieHeaderValue.append(cookie.toString());

  976. 			}

  977. 		}

  978. 		if (cookieHeaderValue.length() > 0) {

  979. 			conn.setRequestProperty(HDR_COOKIE, cookieHeaderValue.toString());

  980. 		}

  981. 	}

  982. 

  983. 	final InputStream openInputStream(HttpConnection conn)

  984. 			throws IOException {

  985. 		InputStream input = conn.getInputStream();

  986. 		if (isGzipContent(conn))

  987. 			input = new GZIPInputStream(input);

  988. 		return input;

  989. 	}

  990. 

  991. 	IOException wrongContentType(String expType, String actType) {

  992. 		final String why = MessageFormat.format(JGitText.get().expectedReceivedContentType, expType, actType);

  993. 		return new TransportException(uri, why);

  994. 	}

  995. 

  996. 	private static NetscapeCookieFile getCookieFileFromConfig(

  997. 			HttpConfig config) {

  998. 		if (!StringUtils.isEmptyOrNull(config.getCookieFile())) {

  999. 			try {

  1000. 				Path cookieFilePath = Paths.get(config.getCookieFile());

  1001. 				return NetscapeCookieFileCache.getInstance(config)

  1002. 						.getEntry(cookieFilePath);

  1003. 			} catch (InvalidPathException e) {

  1004. 				LOG.warn(MessageFormat.format(

  1005. 						JGitText.get().couldNotReadCookieFile,

  1006. 						config.getCookieFile()), e);

  1007. 			}

  1008. 		}

  1009. 		return null;

  1010. 	}

  1011. 

  1012. 	private static Set<HttpCookie> filterCookies(NetscapeCookieFile cookieFile,

  1013. 			URL url) {

  1014. 		if (cookieFile != null) {

  1015. 			return filterCookies(cookieFile.getCookies(true), url);

  1016. 		}

  1017. 		return Collections.emptySet();

  1018. 	}

  1019. 

  1020. 	/**

  1021. 	 *

  1022. 	 * @param allCookies

  1023. 	 *            a list of cookies.

  1024. 	 * @param url

  1025. 	 *            the url for which to filter the list of cookies.

  1026. 	 * @return only the cookies from {@code allCookies} which are relevant (i.e.

  1027. 	 *         are not expired, have a matching domain, have a matching path and

  1028. 	 *         have a matching secure attribute)

  1029. 	 */

  1030. 	private static Set<HttpCookie> filterCookies(Set<HttpCookie> allCookies,

  1031. 			URL url) {

  1032. 		Set<HttpCookie> filteredCookies = new HashSet<>();

  1033. 		for (HttpCookie cookie : allCookies) {

  1034. 			if (cookie.hasExpired()) {

  1035. 				continue;

  1036. 			}

  1037. 			if (!matchesCookieDomain(url.getHost(), cookie.getDomain())) {

  1038. 				continue;

  1039. 			}

  1040. 			if (!matchesCookiePath(url.getPath(), cookie.getPath())) {

  1041. 				continue;

  1042. 			}

  1043. 			if (cookie.getSecure() && !"https".equals(url.getProtocol())) { //$NON-NLS-1$

  1044. 				continue;

  1045. 			}

  1046. 			filteredCookies.add(cookie);

  1047. 		}

  1048. 		return filteredCookies;

  1049. 	}

  1050. 

  1051. 	/**

  1052. 	 *

  1053. 	 * The utility method to check whether a host name is in a cookie's domain

  1054. 	 * or not. Similar to {@link HttpCookie#domainMatches(String, String)} but

  1055. 	 * implements domain matching rules according to

  1056. 	 * <a href="https://tools.ietf.org/html/rfc6265#section-5.1.3">RFC 6265,

  1057. 	 * section 5.1.3</a> instead of the rules from

  1058. 	 * <a href="https://tools.ietf.org/html/rfc2965#section-3.3">RFC 2965,

  1059. 	 * section 3.3.1</a>.

  1060. 	 * <p>

  1061. 	 * The former rules are also used by libcurl internally.

  1062. 	 * <p>

  1063. 	 * The rules are as follows

  1064. 	 *

  1065. 	 * A string matches another domain string if at least one of the following

  1066. 	 * conditions holds:

  1067. 	 * <ul>

  1068. 	 * <li>The domain string and the string are identical. (Note that both the

  1069. 	 * domain string and the string will have been canonicalized to lower case

  1070. 	 * at this point.)</li>

  1071. 	 * <li>All of the following conditions hold

  1072. 	 * <ul>

  1073. 	 * <li>The domain string is a suffix of the string.</li>

  1074. 	 * <li>The last character of the string that is not included in the domain

  1075. 	 * string is a %x2E (".") character.</li>

  1076. 	 * <li>The string is a host name (i.e., not an IP address).</li>

  1077. 	 * </ul>

  1078. 	 * </li>

  1079. 	 * </ul>

  1080. 	 *

  1081. 	 * @param host

  1082. 	 *            the host to compare against the cookieDomain

  1083. 	 * @param cookieDomain

  1084. 	 *            the domain to compare against

  1085. 	 * @return {@code true} if they domain-match; {@code false} if not

  1086. 	 *

  1087. 	 * @see <a href= "https://tools.ietf.org/html/rfc6265#section-5.1.3">RFC

  1088. 	 *      6265, section 5.1.3 (Domain Matching)</a>

  1089. 	 * @see <a href=

  1090. 	 *      "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8206092">JDK-8206092

  1091. 	 *      : HttpCookie.domainMatches() does not match to sub-sub-domain</a>

  1092. 	 */

  1093. 	static boolean matchesCookieDomain(String host, String cookieDomain) {

  1094. 		cookieDomain = cookieDomain.toLowerCase(Locale.ROOT);

  1095. 		host = host.toLowerCase(Locale.ROOT);

  1096. 		if (host.equals(cookieDomain)) {

  1097. 			return true;

  1098. 		}

  1099. 		if (!host.endsWith(cookieDomain)) {

  1100. 			return false;

  1101. 		}

  1102. 		return host.charAt(host.length() - cookieDomain.length() - 1) == '.';

  1103. 	}

  1104. 

  1105. 	/**

  1106. 	 * The utility method to check whether a path is matching a cookie path

  1107. 	 * domain or not. The rules are defined by

  1108. 	 * <a href="https://tools.ietf.org/html/rfc6265#section-5.1.4">RFC 6265,

  1109. 	 * section 5.1.4</a>:

  1110. 	 *

  1111. 	 * A request-path path-matches a given cookie-path if at least one of the

  1112. 	 * following conditions holds:

  1113. 	 * <ul>

  1114. 	 * <li>The cookie-path and the request-path are identical.</li>

  1115. 	 * <li>The cookie-path is a prefix of the request-path, and the last

  1116. 	 * character of the cookie-path is %x2F ("/").</li>

  1117. 	 * <li>The cookie-path is a prefix of the request-path, and the first

  1118. 	 * character of the request-path that is not included in the cookie- path is

  1119. 	 * a %x2F ("/") character.</li>

  1120. 	 * </ul>

  1121. 	 * @param path

  1122. 	 *            the path to check

  1123. 	 * @param cookiePath

  1124. 	 *            the cookie's path

  1125. 	 *

  1126. 	 * @return {@code true} if they path-match; {@code false} if not

  1127. 	 */

  1128. 	static boolean matchesCookiePath(String path, String cookiePath) {

  1129. 		if (cookiePath.equals(path)) {

  1130. 			return true;

  1131. 		}

  1132. 		if (!cookiePath.endsWith("/")) { //$NON-NLS-1$

  1133. 			cookiePath += "/"; //$NON-NLS-1$

  1134. 		}

  1135. 		return path.startsWith(cookiePath);

  1136. 	}

  1137. 

  1138. 	private boolean isSmartHttp(HttpConnection c, String service) {

  1139. 		final String expType = "application/x-" + service + "-advertisement"; //$NON-NLS-1$ //$NON-NLS-2$

  1140. 		final String actType = c.getContentType();

  1141. 		return expType.equals(actType);

  1142. 	}

  1143. 

  1144. 	private boolean isGzipContent(HttpConnection c) {

  1145. 		return ENCODING_GZIP.equals(c.getHeaderField(HDR_CONTENT_ENCODING))

  1146. 				|| ENCODING_X_GZIP.equals(c.getHeaderField(HDR_CONTENT_ENCODING));

  1147. 	}

  1148. 

  1149. 	private void readSmartHeaders(InputStream in, String service)

  1150. 			throws IOException {

  1151. 		// A smart reply will have a '#' after the first 4 bytes, but

  1152. 		// a dumb reply cannot contain a '#' until after byte 41. Do a

  1153. 		// quick check to make sure its a smart reply before we parse

  1154. 		// as a pkt-line stream.

  1155. 		//

  1156. 		final byte[] magic = new byte[5];

  1157. 		IO.readFully(in, magic, 0, magic.length);

  1158. 		if (magic[4] != '#') {

  1159. 			throw new TransportException(uri, MessageFormat.format(

  1160. 					JGitText.get().expectedPktLineWithService, RawParseUtils.decode(magic)));

  1161. 		}

  1162. 

  1163. 		final PacketLineIn pckIn = new PacketLineIn(new UnionInputStream(

  1164. 				new ByteArrayInputStream(magic), in));

  1165. 		final String exp = "# service=" + service; //$NON-NLS-1$

  1166. 		final String act = pckIn.readString();

  1167. 		if (!exp.equals(act)) {

  1168. 			throw new TransportException(uri, MessageFormat.format(

  1169. 					JGitText.get().expectedGot, exp, act));

  1170. 		}

  1171. 

  1172. 		while (!PacketLineIn.isEnd(pckIn.readString())) {

  1173. 			// for now, ignore the remaining header lines

  1174. 		}

  1175. 	}

  1176. 

  1177. 	class HttpObjectDB extends WalkRemoteObjectDatabase {

  1178. 		private final URL httpObjectsUrl;

  1179. 

  1180. 		HttpObjectDB(URL b) {

  1181. 			httpObjectsUrl = b;

  1182. 		}

  1183. 

  1184. 		@Override

  1185. 		URIish getURI() {

  1186. 			return new URIish(httpObjectsUrl);

  1187. 		}

  1188. 

  1189. 		@Override

  1190. 		Collection<WalkRemoteObjectDatabase> getAlternates() throws IOException {

  1191. 			try {

  1192. 				return readAlternates(INFO_HTTP_ALTERNATES);

  1193. 			} catch (FileNotFoundException err) {

  1194. 				// Fall through.

  1195. 			}

  1196. 

  1197. 			try {

  1198. 				return readAlternates(INFO_ALTERNATES);

  1199. 			} catch (FileNotFoundException err) {

  1200. 				// Fall through.

  1201. 			}

  1202. 

  1203. 			return null;

  1204. 		}

  1205. 

  1206. 		@Override

  1207. 		WalkRemoteObjectDatabase openAlternate(String location)

  1208. 				throws IOException {

  1209. 			return new HttpObjectDB(new URL(httpObjectsUrl, location));

  1210. 		}

  1211. 

  1212. 		@Override

  1213. 		BufferedReader openReader(String path) throws IOException {

  1214. 			// Line oriented readable content is likely to compress well.

  1215. 			// Request gzip encoding.

  1216. 			InputStream is = open(path, AcceptEncoding.GZIP).in;

  1217. 			return new BufferedReader(new InputStreamReader(is, UTF_8));

  1218. 		}

  1219. 

  1220. 		@Override

  1221. 		Collection<String> getPackNames() throws IOException {

  1222. 			final Collection<String> packs = new ArrayList<>();

  1223. 			try (BufferedReader br = openReader(INFO_PACKS)) {

  1224. 				for (;;) {

  1225. 					final String s = br.readLine();

  1226. 					if (s == null || s.length() == 0)

  1227. 						break;

  1228. 					if (!s.startsWith("P pack-") || !s.endsWith(".pack")) //$NON-NLS-1$ //$NON-NLS-2$

  1229. 						throw invalidAdvertisement(s);

  1230. 					packs.add(s.substring(2));

  1231. 				}

  1232. 				return packs;

  1233. 			} catch (FileNotFoundException err) {

  1234. 				return packs;

  1235. 			}

  1236. 		}

  1237. 

  1238. 		@Override

  1239. 		FileStream open(String path) throws IOException {

  1240. 			return open(path, AcceptEncoding.UNSPECIFIED);

  1241. 		}

  1242. 

  1243. 		FileStream open(String path, AcceptEncoding acceptEncoding)

  1244. 				throws IOException {

  1245. 			final URL base = httpObjectsUrl;

  1246. 			final URL u = new URL(base, path);

  1247. 			final HttpConnection c = httpOpen(METHOD_GET, u, acceptEncoding);

  1248. 			switch (HttpSupport.response(c)) {

  1249. 			case HttpConnection.HTTP_OK:

  1250. 				final InputStream in = openInputStream(c);

  1251. 				// If content is being gzipped and then transferred, the content

  1252. 				// length in the header is the zipped content length, not the

  1253. 				// actual content length.

  1254. 				if (!isGzipContent(c)) {

  1255. 					final int len = c.getContentLength();

  1256. 					return new FileStream(in, len);

  1257. 				}

  1258. 				return new FileStream(in);

  1259. 			case HttpConnection.HTTP_NOT_FOUND:

  1260. 				throw new FileNotFoundException(u.toString());

  1261. 			default:

  1262. 				throw new IOException(u.toString() + ": " //$NON-NLS-1$

  1263. 						+ HttpSupport.response(c) + " " //$NON-NLS-1$

  1264. 						+ c.getResponseMessage());

  1265. 			}

  1266. 		}

  1267. 

  1268. 		Map<String, Ref> readAdvertisedImpl(final BufferedReader br)

  1269. 				throws IOException, PackProtocolException {

  1270. 			final TreeMap<String, Ref> avail = new TreeMap<>();

  1271. 			for (;;) {

  1272. 				String line = br.readLine();

  1273. 				if (line == null)

  1274. 					break;

  1275. 

  1276. 				final int tab = line.indexOf('\t');

  1277. 				if (tab < 0)

  1278. 					throw invalidAdvertisement(line);

  1279. 

  1280. 				String name;

  1281. 				final ObjectId id;

  1282. 

  1283. 				name = line.substring(tab + 1);

  1284. 				id = ObjectId.fromString(line.substring(0, tab));

  1285. 				if (name.endsWith("^{}")) { //$NON-NLS-1$

  1286. 					name = name.substring(0, name.length() - 3);

  1287. 					final Ref prior = avail.get(name);

  1288. 					if (prior == null)

  1289. 						throw outOfOrderAdvertisement(name);

  1290. 

  1291. 					if (prior.getPeeledObjectId() != null)

  1292. 						throw duplicateAdvertisement(name + "^{}"); //$NON-NLS-1$

  1293. 

  1294. 					avail.put(name, new ObjectIdRef.PeeledTag(

  1295. 							Ref.Storage.NETWORK, name,

  1296. 							prior.getObjectId(), id));

  1297. 				} else {

  1298. 					Ref prior = avail.put(name, new ObjectIdRef.PeeledNonTag(

  1299. 							Ref.Storage.NETWORK, name, id));

  1300. 					if (prior != null)

  1301. 						throw duplicateAdvertisement(name);

  1302. 				}

  1303. 			}

  1304. 			return avail;

  1305. 		}

  1306. 

  1307. 		private PackProtocolException outOfOrderAdvertisement(String n) {

  1308. 			return new PackProtocolException(MessageFormat.format(JGitText.get().advertisementOfCameBefore, n, n));

  1309. 		}

  1310. 

  1311. 		private PackProtocolException invalidAdvertisement(String n) {

  1312. 			return new PackProtocolException(MessageFormat.format(JGitText.get().invalidAdvertisementOf, n));

  1313. 		}

  1314. 

  1315. 		private PackProtocolException duplicateAdvertisement(String n) {

  1316. 			return new PackProtocolException(MessageFormat.format(JGitText.get().duplicateAdvertisementsOf, n));

  1317. 		}

  1318. 

  1319. 		@Override

  1320. 		void close() {

  1321. 			// We do not maintain persistent connections.

  1322. 		}

  1323. 	}

  1324. 

  1325. 	class SmartHttpFetchConnection extends BasePackFetchConnection {

  1326. 		private MultiRequestService svc;

  1327. 

  1328. 		SmartHttpFetchConnection(InputStream advertisement)

  1329. 				throws TransportException {

  1330. 			super(TransportHttp.this);

  1331. 			statelessRPC = true;

  1332. 

  1333. 			init(advertisement, DisabledOutputStream.INSTANCE);

  1334. 			outNeedsEnd = false;

  1335. 			readAdvertisedRefs();

  1336. 		}

  1337. 

  1338. 		@Override

  1339. 		protected void doFetch(final ProgressMonitor monitor,

  1340. 				final Collection<Ref> want, final Set<ObjectId> have,

  1341. 				final OutputStream outputStream) throws TransportException {

  1342. 			try {

  1343. 				svc = new MultiRequestService(SVC_UPLOAD_PACK);

  1344. 				init(svc.getInputStream(), svc.getOutputStream());

  1345. 				super.doFetch(monitor, want, have, outputStream);

  1346. 			} finally {

  1347. 				svc = null;

  1348. 			}

  1349. 		}

  1350. 

  1351. 		@Override

  1352. 		protected void onReceivePack() {

  1353. 			svc.finalRequest = true;

  1354. 		}

  1355. 	}

  1356. 

  1357. 	class SmartHttpPushConnection extends BasePackPushConnection {

  1358. 		SmartHttpPushConnection(InputStream advertisement)

  1359. 				throws TransportException {

  1360. 			super(TransportHttp.this);

  1361. 			statelessRPC = true;

  1362. 

  1363. 			init(advertisement, DisabledOutputStream.INSTANCE);

  1364. 			outNeedsEnd = false;

  1365. 			readAdvertisedRefs();

  1366. 		}

  1367. 

  1368. 		@Override

  1369. 		protected void doPush(final ProgressMonitor monitor,

  1370. 				final Map<String, RemoteRefUpdate> refUpdates,

  1371. 				OutputStream outputStream) throws TransportException {

  1372. 			final Service svc = new MultiRequestService(SVC_RECEIVE_PACK);

  1373. 			init(svc.getInputStream(), svc.getOutputStream());

  1374. 			super.doPush(monitor, refUpdates, outputStream);

  1375. 		}

  1376. 	}

  1377. 

  1378. 	/** Basic service for sending and receiving HTTP requests. */

  1379. 	abstract class Service {

  1380. 		protected final String serviceName;

  1381. 

  1382. 		protected final String requestType;

  1383. 

  1384. 		protected final String responseType;

  1385. 

  1386. 		protected HttpConnection conn;

  1387. 

  1388. 		protected HttpOutputStream out;

  1389. 

  1390. 		protected final HttpExecuteStream execute;

  1391. 

  1392. 		final UnionInputStream in;

  1393. 

  1394. 		Service(String serviceName) {

  1395. 			this.serviceName = serviceName;

  1396. 			this.requestType = "application/x-" + serviceName + "-request"; //$NON-NLS-1$ //$NON-NLS-2$

  1397. 			this.responseType = "application/x-" + serviceName + "-result"; //$NON-NLS-1$ //$NON-NLS-2$

  1398. 

  1399. 			this.out = new HttpOutputStream();

  1400. 			this.execute = new HttpExecuteStream();

  1401. 			this.in = new UnionInputStream(execute);

  1402. 		}

  1403. 

  1404. 		void openStream() throws IOException {

  1405. 			conn = httpOpen(METHOD_POST, new URL(baseUrl, serviceName),

  1406. 					AcceptEncoding.GZIP);

  1407. 			conn.setInstanceFollowRedirects(false);

  1408. 			conn.setDoOutput(true);

  1409. 			conn.setRequestProperty(HDR_CONTENT_TYPE, requestType);

  1410. 			conn.setRequestProperty(HDR_ACCEPT, responseType);

  1411. 		}

  1412. 

  1413. 		void sendRequest() throws IOException {

  1414. 			// Try to compress the content, but only if that is smaller.

  1415. 			TemporaryBuffer buf = new TemporaryBuffer.Heap(

  1416. 					http.getPostBuffer());

  1417. 			try (GZIPOutputStream gzip = new GZIPOutputStream(buf)) {

  1418. 				out.writeTo(gzip, null);

  1419. 				if (out.length() < buf.length())

  1420. 					buf = out;

  1421. 			} catch (IOException err) {

  1422. 				// Most likely caused by overflowing the buffer, meaning

  1423. 				// its larger if it were compressed. Don't compress.

  1424. 				buf = out;

  1425. 			}

  1426. 

  1427. 			HttpAuthMethod authenticator = null;

  1428. 			Collection<Type> ignoreTypes = EnumSet.noneOf(Type.class);

  1429. 			// Counts number of repeated authentication attempts using the same

  1430. 			// authentication scheme

  1431. 			int authAttempts = 1;

  1432. 			int redirects = 0;

  1433. 			for (;;) {

  1434. 				try {

  1435. 					// The very first time we will try with the authentication

  1436. 					// method used on the initial GET request. This is a hint

  1437. 					// only; it may fail. If so, we'll then re-try with proper

  1438. 					// 401 handling, going through the available authentication

  1439. 					// schemes.

  1440. 					openStream();

  1441. 					if (buf != out) {

  1442. 						conn.setRequestProperty(HDR_CONTENT_ENCODING,

  1443. 								ENCODING_GZIP);

  1444. 					}

  1445. 					conn.setFixedLengthStreamingMode((int) buf.length());

  1446. 					try (OutputStream httpOut = conn.getOutputStream()) {

  1447. 						buf.writeTo(httpOut, null);

  1448. 					}

  1449. 

  1450. 					final int status = HttpSupport.response(conn);

  1451. 					switch (status) {

  1452. 					case HttpConnection.HTTP_OK:

  1453. 						// We're done.

  1454. 						return;

  1455. 

  1456. 					case HttpConnection.HTTP_NOT_FOUND:

  1457. 						throw createNotFoundException(uri, conn.getURL(),

  1458. 								conn.getResponseMessage());

  1459. 

  1460. 					case HttpConnection.HTTP_FORBIDDEN:

  1461. 						throw new TransportException(uri,

  1462. 								MessageFormat.format(

  1463. 										JGitText.get().serviceNotPermitted,

  1464. 										baseUrl, serviceName));

  1465. 

  1466. 					case HttpConnection.HTTP_MOVED_PERM:

  1467. 					case HttpConnection.HTTP_MOVED_TEMP:

  1468. 					case HttpConnection.HTTP_11_MOVED_PERM:

  1469. 					case HttpConnection.HTTP_11_MOVED_TEMP:

  1470. 						// SEE_OTHER after a POST doesn't make sense for a git

  1471. 						// server, so we don't handle it here and thus we'll

  1472. 						// report an error in openResponse() later on.

  1473. 						if (http.getFollowRedirects() != HttpRedirectMode.TRUE) {

  1474. 							// Let openResponse() issue an error

  1475. 							return;

  1476. 						}

  1477. 						currentUri = redirect(conn.getURL(),

  1478. 								conn.getHeaderField(HDR_LOCATION),

  1479. 								'/' + serviceName, redirects++);

  1480. 						try {

  1481. 							baseUrl = toURL(currentUri);

  1482. 						} catch (MalformedURLException e) {

  1483. 							throw new TransportException(uri,

  1484. 									MessageFormat.format(

  1485. 											JGitText.get().invalidRedirectLocation,

  1486. 											baseUrl, currentUri),

  1487. 									e);

  1488. 						}

  1489. 						continue;

  1490. 

  1491. 					case HttpConnection.HTTP_UNAUTHORIZED:

  1492. 						HttpAuthMethod nextMethod = HttpAuthMethod

  1493. 								.scanResponse(conn, ignoreTypes);

  1494. 						switch (nextMethod.getType()) {

  1495. 						case NONE:

  1496. 							throw new TransportException(uri,

  1497. 									MessageFormat.format(

  1498. 											JGitText.get().authenticationNotSupported,

  1499. 											conn.getURL()));

  1500. 						case NEGOTIATE:

  1501. 							// RFC 4559 states "When using the SPNEGO [...] with

  1502. 							// [...] POST, the authentication should be complete

  1503. 							// [...] before sending the user data." So in theory

  1504. 							// the initial GET should have been authenticated

  1505. 							// already. (Unless there was a redirect?)

  1506. 							//

  1507. 							// We try this only once:

  1508. 							ignoreTypes.add(HttpAuthMethod.Type.NEGOTIATE);

  1509. 							if (authenticator != null) {

  1510. 								ignoreTypes.add(authenticator.getType());

  1511. 							}

  1512. 							authAttempts = 1;

  1513. 							// We only do the Kerberos part of SPNEGO, which

  1514. 							// requires only one round.

  1515. 							break;

  1516. 						default:

  1517. 							// DIGEST or BASIC. Let's be sure we ignore

  1518. 							// NEGOTIATE; if it was available, we have tried it

  1519. 							// before.

  1520. 							ignoreTypes.add(HttpAuthMethod.Type.NEGOTIATE);

  1521. 							if (authenticator == null || authenticator

  1522. 									.getType() != nextMethod.getType()) {

  1523. 								if (authenticator != null) {

  1524. 									ignoreTypes.add(authenticator.getType());

  1525. 								}

  1526. 								authAttempts = 1;

  1527. 							}

  1528. 							break;

  1529. 						}

  1530. 						authMethod = nextMethod;

  1531. 						authenticator = nextMethod;

  1532. 						CredentialsProvider credentialsProvider = getCredentialsProvider();

  1533. 						if (credentialsProvider == null) {

  1534. 							throw new TransportException(uri,

  1535. 									JGitText.get().noCredentialsProvider);

  1536. 						}

  1537. 						if (authAttempts > 1) {

  1538. 							credentialsProvider.reset(currentUri);

  1539. 						}

  1540. 						if (3 < authAttempts || !authMethod

  1541. 								.authorize(currentUri, credentialsProvider)) {

  1542. 							throw new TransportException(uri,

  1543. 									JGitText.get().notAuthorized);

  1544. 						}

  1545. 						authAttempts++;

  1546. 						continue;

  1547. 

  1548. 					default:

  1549. 						// Just return here; openResponse() will report an

  1550. 						// appropriate error.

  1551. 						return;

  1552. 					}

  1553. 				} catch (SSLHandshakeException e) {

  1554. 					handleSslFailure(e);

  1555. 					continue; // Re-try

  1556. 				} catch (SocketException | InterruptedIOException e) {

  1557. 					// Timeout!? Must propagate; don't try other authentication

  1558. 					// methods.

  1559. 					throw e;

  1560. 				} catch (IOException e) {

  1561. 					if (authenticator == null || authMethod

  1562. 							.getType() != HttpAuthMethod.Type.NONE) {

  1563. 						// Can happen for instance if the server advertises

  1564. 						// Negotiate, but the client isn't configured for

  1565. 						// Kerberos. The first time (authenticator == null) we

  1566. 						// must re-try even if the authMethod was NONE: this may

  1567. 						// occur if the server advertised NTLM on the GET

  1568. 						// and the HttpConnection managed to successfully

  1569. 						// authenticate under the hood with NTLM. We might not

  1570. 						// have picked this up on the GET's 200 response.

  1571. 						if (authMethod.getType() != HttpAuthMethod.Type.NONE) {

  1572. 							ignoreTypes.add(authMethod.getType());

  1573. 						}

  1574. 						// Start over with the remaining available methods.

  1575. 						authMethod = HttpAuthMethod.Type.NONE.method(null);

  1576. 						authenticator = authMethod;

  1577. 						authAttempts = 1;

  1578. 						continue;

  1579. 					}

  1580. 					throw e;

  1581. 				}

  1582. 			}

  1583. 		}

  1584. 

  1585. 		void openResponse() throws IOException {

  1586. 			final int status = HttpSupport.response(conn);

  1587. 			if (status != HttpConnection.HTTP_OK) {

  1588. 				throw new TransportException(uri, status + " " //$NON-NLS-1$

  1589. 						+ conn.getResponseMessage());

  1590. 			}

  1591. 

  1592. 			final String contentType = conn.getContentType();

  1593. 			if (!responseType.equals(contentType)) {

  1594. 				conn.getInputStream().close();

  1595. 				throw wrongContentType(responseType, contentType);

  1596. 			}

  1597. 		}

  1598. 

  1599. 		HttpOutputStream getOutputStream() {

  1600. 			return out;

  1601. 		}

  1602. 

  1603. 		InputStream getInputStream() {

  1604. 			return in;

  1605. 		}

  1606. 

  1607. 		abstract void execute() throws IOException;

  1608. 

  1609. 		class HttpExecuteStream extends InputStream {

  1610. 			@Override

  1611. 			public int read() throws IOException {

  1612. 				execute();

  1613. 				return -1;

  1614. 			}

  1615. 

  1616. 			@Override

  1617. 			public int read(byte[] b, int off, int len) throws IOException {

  1618. 				execute();

  1619. 				return -1;

  1620. 			}

  1621. 

  1622. 			@Override

  1623. 			public long skip(long n) throws IOException {

  1624. 				execute();

  1625. 				return 0;

  1626. 			}

  1627. 		}

  1628. 

  1629. 		class HttpOutputStream extends TemporaryBuffer {

  1630. 			HttpOutputStream() {

  1631. 				super(http.getPostBuffer());

  1632. 			}

  1633. 

  1634. 			@Override

  1635. 			protected OutputStream overflow() throws IOException {

  1636. 				openStream();

  1637. 				conn.setChunkedStreamingMode(0);

  1638. 				return conn.getOutputStream();

  1639. 			}

  1640. 		}

  1641. 	}

  1642. 

  1643. 	/**

  1644. 	 * State required to speak multiple HTTP requests with the remote.

  1645. 	 * <p>

  1646. 	 * A service wrapper provides a normal looking InputStream and OutputStream

  1647. 	 * pair which are connected via HTTP to the named remote service. Writing to

  1648. 	 * the OutputStream is buffered until either the buffer overflows, or

  1649. 	 * reading from the InputStream occurs. If overflow occurs HTTP/1.1 and its

  1650. 	 * chunked transfer encoding is used to stream the request data to the

  1651. 	 * remote service. If the entire request fits in the memory buffer, the

  1652. 	 * older HTTP/1.0 standard and a fixed content length is used instead.

  1653. 	 * <p>

  1654. 	 * It is an error to attempt to read without there being outstanding data

  1655. 	 * ready for transmission on the OutputStream.

  1656. 	 * <p>

  1657. 	 * No state is preserved between write-read request pairs. The caller is

  1658. 	 * responsible for replaying state vector information as part of the request

  1659. 	 * data written to the OutputStream. Any session HTTP cookies may or may not

  1660. 	 * be preserved between requests, it is left up to the JVM's implementation

  1661. 	 * of the HTTP client.

  1662. 	 */

  1663. 	class MultiRequestService extends Service {

  1664. 		boolean finalRequest;

  1665. 

  1666. 		MultiRequestService(String serviceName) {

  1667. 			super(serviceName);

  1668. 		}

  1669. 

  1670. 		/** Keep opening send-receive pairs to the given URI. */

  1671. 		@Override

  1672. 		void execute() throws IOException {

  1673. 			out.close();

  1674. 

  1675. 			if (conn == null) {

  1676. 				if (out.length() == 0) {

  1677. 					// Request output hasn't started yet, but more data is being

  1678. 					// requested. If there is no request data buffered and the

  1679. 					// final request was already sent, do nothing to ensure the

  1680. 					// caller is shown EOF on the InputStream; otherwise an

  1681. 					// programming error has occurred within this module.

  1682. 					if (finalRequest)

  1683. 						return;

  1684. 					throw new TransportException(uri,

  1685. 							JGitText.get().startingReadStageWithoutWrittenRequestDataPendingIsNotSupported);

  1686. 				}

  1687. 

  1688. 				sendRequest();

  1689. 			}

  1690. 

  1691. 			out.reset();

  1692. 

  1693. 			openResponse();

  1694. 

  1695. 			in.add(openInputStream(conn));

  1696. 			if (!finalRequest)

  1697. 				in.add(execute);

  1698. 			conn = null;

  1699. 		}

  1700. 	}

  1701. 

  1702. 	/** Service for maintaining a single long-poll connection. */

  1703. 	class LongPollService extends Service {

  1704. 		/**

  1705. 		 * @param serviceName

  1706. 		 */

  1707. 		LongPollService(String serviceName) {

  1708. 			super(serviceName);

  1709. 		}

  1710. 

  1711. 		/** Only open one send-receive request. */

  1712. 		@Override

  1713. 		void execute() throws IOException {

  1714. 			out.close();

  1715. 			if (conn == null)

  1716. 				sendRequest();

  1717. 			openResponse();

  1718. 			in.add(openInputStream(conn));

  1719. 		}

  1720. 	}

  1721. }