mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8256 Commits
49 Branches
Tree: f659797199
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f659797199'
${ noResults }
jgit/org.eclipse.jgit.lfs/src/org/eclipse/jgit/lfs/internal/LfsConnectionFactory.java

LfsConnectionFactory.java 10KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300 
  1. /*

  2.  * Copyright (C) 2017, Markus Duft <markus.duft@ssi-schaefer.com> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.lfs.internal;

  11. 

  12. import static org.eclipse.jgit.util.HttpSupport.ENCODING_GZIP;

  13. import static org.eclipse.jgit.util.HttpSupport.HDR_ACCEPT;

  14. import static org.eclipse.jgit.util.HttpSupport.HDR_ACCEPT_ENCODING;

  15. import static org.eclipse.jgit.util.HttpSupport.HDR_CONTENT_TYPE;

  16. 

  17. import java.io.IOException;

  18. import java.net.ProxySelector;

  19. import java.net.URISyntaxException;

  20. import java.net.URL;

  21. import java.time.LocalDateTime;

  22. import java.time.ZoneOffset;

  23. import java.time.format.DateTimeFormatter;

  24. import java.util.LinkedList;

  25. import java.util.Map;

  26. import java.util.TreeMap;

  27. 

  28. import org.eclipse.jgit.annotations.NonNull;

  29. import org.eclipse.jgit.errors.CommandFailedException;

  30. import org.eclipse.jgit.lfs.LfsPointer;

  31. import org.eclipse.jgit.lfs.Protocol;

  32. import org.eclipse.jgit.lfs.errors.LfsConfigInvalidException;

  33. import org.eclipse.jgit.lib.ConfigConstants;

  34. import org.eclipse.jgit.lib.Repository;

  35. import org.eclipse.jgit.lib.StoredConfig;

  36. import org.eclipse.jgit.transport.HttpConfig;

  37. import org.eclipse.jgit.transport.HttpTransport;

  38. import org.eclipse.jgit.transport.URIish;

  39. import org.eclipse.jgit.transport.http.HttpConnection;

  40. import org.eclipse.jgit.util.HttpSupport;

  41. import org.eclipse.jgit.util.SshSupport;

  42. 

  43. /**

  44.  * Provides means to get a valid LFS connection for a given repository.

  45.  */

  46. public class LfsConnectionFactory {

  47. 

  48. 	private static final int SSH_AUTH_TIMEOUT_SECONDS = 30;

  49. 	private static final String SCHEME_HTTPS = "https"; //$NON-NLS-1$

  50. 	private static final String SCHEME_SSH = "ssh"; //$NON-NLS-1$

  51. 	private static final Map<String, AuthCache> sshAuthCache = new TreeMap<>();

  52. 

  53. 	/**

  54. 	 * Determine URL of LFS server by looking into config parameters lfs.url,

  55. 	 * lfs.[remote].url or remote.[remote].url. The LFS server URL is computed

  56. 	 * from remote.[remote].url by appending "/info/lfs". In case there is no

  57. 	 * URL configured, a SSH remote URI can be used to auto-detect the LFS URI

  58. 	 * by using the remote "git-lfs-authenticate" command.

  59. 	 *

  60. 	 * @param db

  61. 	 *            the repository to work with

  62. 	 * @param method

  63. 	 *            the method (GET,PUT,...) of the request this connection will

  64. 	 *            be used for

  65. 	 * @param purpose

  66. 	 *            the action, e.g. Protocol.OPERATION_DOWNLOAD

  67. 	 * @return the url for the lfs server. e.g.

  68. 	 *         "https://github.com/github/git-lfs.git/info/lfs"

  69. 	 * @throws IOException

  70. 	 */

  71. 	public static HttpConnection getLfsConnection(Repository db, String method,

  72. 			String purpose) throws IOException {

  73. 		StoredConfig config = db.getConfig();

  74. 		Map<String, String> additionalHeaders = new TreeMap<>();

  75. 		String lfsUrl = getLfsUrl(db, purpose, additionalHeaders);

  76. 		URL url = new URL(lfsUrl + Protocol.OBJECTS_LFS_ENDPOINT);

  77. 		HttpConnection connection = HttpTransport.getConnectionFactory().create(

  78. 				url, HttpSupport.proxyFor(ProxySelector.getDefault(), url));

  79. 		connection.setDoOutput(true);

  80. 		if (url.getProtocol().equals(SCHEME_HTTPS)

  81. 				&& !config.getBoolean(HttpConfig.HTTP,

  82. 						HttpConfig.SSL_VERIFY_KEY, true)) {

  83. 			HttpSupport.disableSslVerify(connection);

  84. 		}

  85. 		connection.setRequestMethod(method);

  86. 		connection.setRequestProperty(HDR_ACCEPT,

  87. 				Protocol.CONTENTTYPE_VND_GIT_LFS_JSON);

  88. 		connection.setRequestProperty(HDR_CONTENT_TYPE,

  89. 				Protocol.CONTENTTYPE_VND_GIT_LFS_JSON);

  90. 		additionalHeaders

  91. 				.forEach((k, v) -> connection.setRequestProperty(k, v));

  92. 		return connection;

  93. 	}

  94. 

  95. 	private static String getLfsUrl(Repository db, String purpose,

  96. 			Map<String, String> additionalHeaders)

  97. 			throws LfsConfigInvalidException {

  98. 		StoredConfig config = db.getConfig();

  99. 		String lfsUrl = config.getString(ConfigConstants.CONFIG_SECTION_LFS,

  100. 				null,

  101. 				ConfigConstants.CONFIG_KEY_URL);

  102. 		Exception ex = null;

  103. 		if (lfsUrl == null) {

  104. 			String remoteUrl = null;

  105. 			for (String remote : db.getRemoteNames()) {

  106. 				lfsUrl = config.getString(ConfigConstants.CONFIG_SECTION_LFS,

  107. 						remote,

  108. 						ConfigConstants.CONFIG_KEY_URL);

  109. 				// This could be done better (more precise logic), but according

  110. 				// to https://github.com/git-lfs/git-lfs/issues/1759 git-lfs

  111. 				// generally only supports 'origin' in an integrated workflow.

  112. 				if (lfsUrl == null && (remote.equals(

  113. 						org.eclipse.jgit.lib.Constants.DEFAULT_REMOTE_NAME))) {

  114. 					remoteUrl = config.getString(

  115. 							ConfigConstants.CONFIG_KEY_REMOTE, remote,

  116. 							ConfigConstants.CONFIG_KEY_URL);

  117. 					break;

  118. 				}

  119. 			}

  120. 			if (lfsUrl == null && remoteUrl != null) {

  121. 				try {

  122. 					lfsUrl = discoverLfsUrl(db, purpose, additionalHeaders,

  123. 							remoteUrl);

  124. 				} catch (URISyntaxException | IOException

  125. 						| CommandFailedException e) {

  126. 					ex = e;

  127. 				}

  128. 			} else {

  129. 				lfsUrl = lfsUrl + Protocol.INFO_LFS_ENDPOINT;

  130. 			}

  131. 		}

  132. 		if (lfsUrl == null) {

  133. 			if (ex != null) {

  134. 				throw new LfsConfigInvalidException(

  135. 						LfsText.get().lfsNoDownloadUrl, ex);

  136. 			}

  137. 			throw new LfsConfigInvalidException(LfsText.get().lfsNoDownloadUrl);

  138. 		}

  139. 		return lfsUrl;

  140. 	}

  141. 

  142. 	private static String discoverLfsUrl(Repository db, String purpose,

  143. 			Map<String, String> additionalHeaders, String remoteUrl)

  144. 			throws URISyntaxException, IOException, CommandFailedException {

  145. 		URIish u = new URIish(remoteUrl);

  146. 		if (u.getScheme() == null || SCHEME_SSH.equals(u.getScheme())) {

  147. 			Protocol.ExpiringAction action = getSshAuthentication(db, purpose,

  148. 					remoteUrl, u);

  149. 			additionalHeaders.putAll(action.header);

  150. 			return action.href;

  151. 		}

  152. 		return remoteUrl + Protocol.INFO_LFS_ENDPOINT;

  153. 	}

  154. 

  155. 	private static Protocol.ExpiringAction getSshAuthentication(

  156. 			Repository db, String purpose, String remoteUrl, URIish u)

  157. 			throws IOException, CommandFailedException {

  158. 		AuthCache cached = sshAuthCache.get(remoteUrl);

  159. 		Protocol.ExpiringAction action = null;

  160. 		if (cached != null && cached.validUntil > System.currentTimeMillis()) {

  161. 			action = cached.cachedAction;

  162. 		}

  163. 

  164. 		if (action == null) {

  165. 			// discover and authenticate; git-lfs does "ssh

  166. 			// -p <port> -- <host> git-lfs-authenticate

  167. 			// <project> <upload/download>"

  168. 			String json = SshSupport.runSshCommand(u.setPath(""), //$NON-NLS-1$

  169. 					null, db.getFS(),

  170. 					"git-lfs-authenticate " + extractProjectName(u) + " " //$NON-NLS-1$//$NON-NLS-2$

  171. 							+ purpose,

  172. 					SSH_AUTH_TIMEOUT_SECONDS);

  173. 

  174. 			action = Protocol.gson().fromJson(json,

  175. 					Protocol.ExpiringAction.class);

  176. 

  177. 			// cache the result as long as possible.

  178. 			AuthCache c = new AuthCache(action);

  179. 			sshAuthCache.put(remoteUrl, c);

  180. 		}

  181. 		return action;

  182. 	}

  183. 

  184. 	/**

  185. 	 * Create a connection for the specified

  186. 	 * {@link org.eclipse.jgit.lfs.Protocol.Action}.

  187. 	 *

  188. 	 * @param repo

  189. 	 *            the repo to fetch required configuration from

  190. 	 * @param action

  191. 	 *            the action for which to create a connection

  192. 	 * @param method

  193. 	 *            the target method (GET or PUT)

  194. 	 * @return a connection. output mode is not set.

  195. 	 * @throws IOException

  196. 	 *             in case of any error.

  197. 	 */

  198. 	@NonNull

  199. 	public static HttpConnection getLfsContentConnection(

  200. 			Repository repo, Protocol.Action action, String method)

  201. 			throws IOException {

  202. 		URL contentUrl = new URL(action.href);

  203. 		HttpConnection contentServerConn = HttpTransport.getConnectionFactory()

  204. 				.create(contentUrl, HttpSupport

  205. 						.proxyFor(ProxySelector.getDefault(), contentUrl));

  206. 		contentServerConn.setRequestMethod(method);

  207. 		if (action.header != null) {

  208. 			action.header.forEach(

  209. 					(k, v) -> contentServerConn.setRequestProperty(k, v));

  210. 		}

  211. 		if (contentUrl.getProtocol().equals(SCHEME_HTTPS)

  212. 				&& !repo.getConfig().getBoolean(HttpConfig.HTTP,

  213. 						HttpConfig.SSL_VERIFY_KEY, true)) {

  214. 			HttpSupport.disableSslVerify(contentServerConn);

  215. 		}

  216. 

  217. 		contentServerConn.setRequestProperty(HDR_ACCEPT_ENCODING,

  218. 				ENCODING_GZIP);

  219. 

  220. 		return contentServerConn;

  221. 	}

  222. 

  223. 	private static String extractProjectName(URIish u) {

  224. 		String path = u.getPath();

  225. 

  226. 		// begins with a slash if the url contains a port (gerrit vs. github).

  227. 		if (path.startsWith("/")) { //$NON-NLS-1$

  228. 			path = path.substring(1);

  229. 		}

  230. 

  231. 		if (path.endsWith(org.eclipse.jgit.lib.Constants.DOT_GIT)) {

  232. 			return path.substring(0, path.length() - 4);

  233. 		}

  234. 		return path;

  235. 	}

  236. 

  237. 	/**

  238. 	 * @param operation

  239. 	 *            the operation to perform, e.g. Protocol.OPERATION_DOWNLOAD

  240. 	 * @param resources

  241. 	 *            the LFS resources affected

  242. 	 * @return a request that can be serialized to JSON

  243. 	 */

  244. 	public static Protocol.Request toRequest(String operation,

  245. 			LfsPointer... resources) {

  246. 		Protocol.Request req = new Protocol.Request();

  247. 		req.operation = operation;

  248. 		if (resources != null) {

  249. 			req.objects = new LinkedList<>();

  250. 			for (LfsPointer res : resources) {

  251. 				Protocol.ObjectSpec o = new Protocol.ObjectSpec();

  252. 				o.oid = res.getOid().getName();

  253. 				o.size = res.getSize();

  254. 				req.objects.add(o);

  255. 			}

  256. 		}

  257. 		return req;

  258. 	}

  259. 

  260. 	private static final class AuthCache {

  261. 		private static final long AUTH_CACHE_EAGER_TIMEOUT = 500;

  262. 

  263. 		private static final DateTimeFormatter ISO_FORMAT = DateTimeFormatter

  264. 				.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSX"); //$NON-NLS-1$

  265. 

  266. 		/**

  267. 		 * Creates a cache entry for an authentication response.

  268. 		 * <p>

  269. 		 * The timeout of the cache token is extracted from the given action. If

  270. 		 * no timeout can be determined, the token will be used only once.

  271. 		 *

  272. 		 * @param action

  273. 		 */

  274. 		public AuthCache(Protocol.ExpiringAction action) {

  275. 			this.cachedAction = action;

  276. 			try {

  277. 				if (action.expiresIn != null && !action.expiresIn.isEmpty()) {

  278. 					this.validUntil = (System.currentTimeMillis()

  279. 							+ Long.parseLong(action.expiresIn))

  280. 							- AUTH_CACHE_EAGER_TIMEOUT;

  281. 				} else if (action.expiresAt != null

  282. 						&& !action.expiresAt.isEmpty()) {

  283. 					this.validUntil = LocalDateTime

  284. 							.parse(action.expiresAt, ISO_FORMAT)

  285. 							.atZone(ZoneOffset.UTC).toInstant().toEpochMilli()

  286. 							- AUTH_CACHE_EAGER_TIMEOUT;

  287. 				} else {

  288. 					this.validUntil = System.currentTimeMillis();

  289. 				}

  290. 			} catch (Exception e) {

  291. 				this.validUntil = System.currentTimeMillis();

  292. 			}

  293. 		}

  294. 

  295. 		long validUntil;

  296. 

  297. 		Protocol.ExpiringAction cachedAction;

  298. 	}

  299. 

  300. }