ManagedHttpSmartSubtransport: provide certificate callbacks

ethomson · ethomson · commit e06837a3a808 · 2018-10-14T07:26:37.000-07:00
Provide certificate callback functionality when using the managed HTTP
smart subtransport.
diff --git a/LibGit2Sharp/CertificateX509.cs b/LibGit2Sharp/CertificateX509.cs
@@ -10,7 +10,6 @@ namespace LibGit2Sharp
     /// </summary>
     public class CertificateX509 : Certificate
     {
-
         /// <summary>
         /// For mocking purposes
         /// </summary>
@@ -30,6 +29,11 @@ internal unsafe CertificateX509(git_certificate_x509* cert)
             Certificate = new X509Certificate(data);
         }
 
+        internal CertificateX509(X509Certificate cert)
+        {
+            Certificate = cert;
+        }
+
         internal unsafe IntPtr ToPointers(out IntPtr dataPtr)
         {
             var certData = Certificate.Export(X509ContentType.Cert);
diff --git a/LibGit2Sharp/Core/ManagedHttpSmartSubtransport.cs b/LibGit2Sharp/Core/ManagedHttpSmartSubtransport.cs
@@ -1,6 +1,8 @@
 using System;
 using System.IO;
 using System.Net;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 
 namespace LibGit2Sharp.Core
 {
@@ -50,12 +52,12 @@ private class ManagedHttpSmartSubtransportStream : SmartSubtransportStream
             public ManagedHttpSmartSubtransportStream(ManagedHttpSmartSubtransport parent, string endpointUrl, bool isPost, string contentType)
                 : base(parent)
             {
-                EndpointUrl = endpointUrl;
+                EndpointUrl = new Uri(endpointUrl);
                 IsPost = isPost;
                 ContentType = contentType;
             }
 
-            private string EndpointUrl
+            private Uri EndpointUrl
             {
                 get;
                 set;
@@ -100,14 +102,27 @@ public override int Write(Stream dataStream, long length)
                 return 0;
             }
 
-            private static HttpWebRequest CreateWebRequest(string endpointUrl, bool isPost, string contentType)
+            private bool CertificateValidationProxy(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
+            {
+                int ret = SmartTransport.CertificateCheck(new CertificateX509(cert), (errors == SslPolicyErrors.None), EndpointUrl.Host);
+
+                if (ret != 0)
+                {
+                    throw new UserCancelledException("bar");
+                }
+
+                return true;
+            }
+
+            private HttpWebRequest CreateWebRequest(Uri endpointUrl, bool isPost, string contentType)
             {
                 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
 
                 HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(endpointUrl);
                 webRequest.UserAgent = "git/1.0 (libgit2 custom transport)";
                 webRequest.ServicePoint.Expect100Continue = false;
                 webRequest.AllowAutoRedirect = false;
+                webRequest.ServerCertificateValidationCallback += CertificateValidationProxy;
 
                 if (isPost)
                 {
@@ -147,7 +162,18 @@ private HttpWebResponse GetResponseWithRedirects()
                     }
                     catch (WebException ex)
                     {
-                        response = (HttpWebResponse)ex.Response;
+                        if (ex.Response != null)
+                        {
+                            response = (HttpWebResponse)ex.Response;
+                        }
+                        else if (ex.InnerException != null)
+                        {
+                            throw ex.InnerException;
+                        }
+                        else
+                        {
+                            throw new Exception("unknown network failure");
+                        }
                     }
 
                     if (response.StatusCode == HttpStatusCode.OK)
@@ -171,7 +197,7 @@ private HttpWebResponse GetResponseWithRedirects()
                     }
                     else if (response.StatusCode == HttpStatusCode.Moved || response.StatusCode == HttpStatusCode.Redirect)
                     {
-                        request = CreateWebRequest(response.Headers["Location"], IsPost, ContentType);
+                        request = CreateWebRequest(new Uri(response.Headers["Location"]), IsPost, ContentType);
                         continue;
                     }
 
diff --git a/LibGit2Sharp/SmartSubtransportStream.cs b/LibGit2Sharp/SmartSubtransportStream.cs
@@ -102,6 +102,7 @@ private unsafe static int Read(
                 UIntPtr buf_size,
                 out UIntPtr bytes_read)
             {
+                GitErrorCode errorCode = GitErrorCode.Error;
                 bytes_read = UIntPtr.Zero;
 
                 SmartSubtransportStream transportStream =
@@ -124,14 +125,19 @@ private unsafe static int Read(
 
                             return toReturn;
                         }
+                        catch (NativeException ex)
+                        {
+                            errorCode = ex.ErrorCode;
+                            Proxy.giterr_set_str(GitErrorCategory.Net, ex);
+                        }
                         catch (Exception ex)
                         {
                             Proxy.giterr_set_str(GitErrorCategory.Net, ex);
                         }
                     }
                 }
 
-                return (int)GitErrorCode.Error;
+                return (int)errorCode;
             }
 
             private static unsafe int Write(IntPtr stream, IntPtr buffer, UIntPtr len)

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@ namespace LibGit2Sharp`
`10`	`10`	`/// </summary>`
`11`	`11`	`public class CertificateX509 : Certificate`
`12`	`12`	`{`
`13`		`-`
`14`	`13`	`/// <summary>`
`15`	`14`	`/// For mocking purposes`
`16`	`15`	`/// </summary>`
`@@ -30,6 +29,11 @@ internal unsafe CertificateX509(git_certificate_x509* cert)`
`30`	`29`	`Certificate = new X509Certificate(data);`
`31`	`30`	`}`
`32`	`31`
	`32`	`+ internal CertificateX509(X509Certificate cert)`
	`33`	`+ {`
	`34`	`+ Certificate = cert;`
	`35`	`+ }`
	`36`	`+`
`33`	`37`	`internal unsafe IntPtr ToPointers(out IntPtr dataPtr)`
`34`	`38`	`{`
`35`	`39`	`var certData = Certificate.Export(X509ContentType.Cert);`
Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,7 @@ private unsafe static int Read(`
`102`	`102`	`UIntPtr buf_size,`
`103`	`103`	`out UIntPtr bytes_read)`
`104`	`104`	`{`
	`105`	`+ GitErrorCode errorCode = GitErrorCode.Error;`
`105`	`106`	`bytes_read = UIntPtr.Zero;`
`106`	`107`
`107`	`108`	`SmartSubtransportStream transportStream =`
`@@ -124,14 +125,19 @@ private unsafe static int Read(`
`124`	`125`
`125`	`126`	`return toReturn;`
`126`	`127`	`}`
	`128`	`+ catch (NativeException ex)`
	`129`	`+ {`
	`130`	`+ errorCode = ex.ErrorCode;`
	`131`	`+ Proxy.giterr_set_str(GitErrorCategory.Net, ex);`
	`132`	`+ }`
`127`	`133`	`catch (Exception ex)`
`128`	`134`	`{`
`129`	`135`	`Proxy.giterr_set_str(GitErrorCategory.Net, ex);`
`130`	`136`	`}`
`131`	`137`	`}`
`132`	`138`	`}`
`133`	`139`
`134`		`- return (int)GitErrorCode.Error;`
	`140`	`+ return (int)errorCode;`
`135`	`141`	`}`
`136`	`142`
`137`	`143`	`private static unsafe int Write(IntPtr stream, IntPtr buffer, UIntPtr len)`