Skip to main content
aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-01-14TransportHttp: shared SSLContext during fetch or pushThomas Wolf3-19/+107
TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2020-01-03Update EDL 1.0 license headers to new short SPDX compliant formatMatthias Sohn4-152/+20
This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2020-01-03TLS support on IBM JDKsThomas Wolf1-4/+36
SSLContext.getInstance("TLS") by default behaves differently on IBM JDK than on Oracle or OpenJDK.[1] On IBM JDK one gets sockets that have only TLSv1 enabled, which makes HTTPS connections fail since most servers refuse this old protocol version. On Oracle JDK/OpenJDK, one gets sockets with all available protocol versions enabled. Explicitly enable all available TLS protocol versions to make HTTPS connections work also on IBM JDK. [1] https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html#matchsslcontext_tls Bug: 558709 Change-Id: I5ffc57a78e67a6239b9dad54840a49a8ed28930a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2019-10-07Apache HTTP: support proxy authenticationThomas Wolf1-0/+3
Add a credentials provider that forwards to the java.net.Authenticator. Needed to support proxies requiring authentication. Bug: 549832 Change-Id: I181ee27a6c9f1b3fa402ce58affdd5ff3f7c96c9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2019-08-26Apache HTTP: run more testsThomas Wolf1-0/+1
Factor out the test parameterization to use both connection factories into a common super class and use it in more tests. This made HttpClientTests.testV2HttpSubsequentResponse() fail for Apache HTTP. The test used the pattern - create POST connection - setDoOutput(true) - connect() - write output stream - get & read input stream This pattern is never used in JGit, which actually calls connect() only in one case in LFS, and that's on a HEAD request. The above pattern works on JDK, but fails on Apache HTTP because with Apache HTTP a connect() actually executes the full request including writing the entity. To work with Apache HTTP, the pattern would need to be - create POST connection - setDoOutput(true) - write output stream - connect() - get & read input stream which is fine for both. JDK connects implicitly in getOutputStream() and treats the later explicit connect() as a no-op, and Apache works because the entity is written when connect() is called. Because JDK connects implicitly on getOutputStream(), the following pattern also works with JDK: - create POST connection - setDoOutput(true) - write output stream - get & read input stream Support this with Apache HTTP too: let getInputStream() execute the request if it wasn't executed already. Remove explicit connect() calls from test code, since JGit doesn't do those either. Change-Id: Ica038c00a7b8edcc01d5660d18e961146305b87f Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2018-11-26Add a method to get all values of HTTP header defined as listMatthias Sohn1-1/+11
According to RFC 2616 [1] header field names are case insensitive. Header fields defined as a comma separated list can have multiple header fields with the same field name. Add a method to HttpConnection which retrieves all values with a given header field name with the field name compared case insensitive. [1] https://tools.ietf.org/html/rfc2616#section-4.2" Change-Id: I7f601b21cda99e84f43f866c7c7cb4cb0e3cf5c3 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2018-07-23HttpClientConnection.getHeaderFields should support multiple values for same ↵Gabriel Couto1-3/+7
header Bug: 537166 Change-Id: I1ba645968efe01a88f2484f030b7572228ba169c Signed-off-by: Gabriel Couto <gmcouto@gmail.com>
2018-05-15Remove 'final' in parameter listsHan-Wen Nienhuys1-1/+1
Change-Id: Id924f79c8b2c720297ebc49bf9c5d4ddd6d52547 Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
2017-12-17Fix javadoc in org.eclipse.jgit.http.apacheMatthias Sohn4-7/+52
Change-Id: I38a4854856b0103790a410b48c1c3d708b6500c1 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2017-12-12Remove use of deprecated X509HostnameVerifierMatthias Sohn1-29/+2
Change-Id: I318f5457ade3d11b2ac1c99f6ef382a0a147a352 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2017-02-20Enable and fix warnings about redundant specification of type argumentsDavid Pursehouse1-2/+2
Since the introduction of generic type parameter inference in Java 7, it's not necessary to explicitly specify the type of generic parameters. Enable the warning in Eclipse, and fix all occurrences. Change-Id: I9158caf1beca5e4980b6240ac401f3868520aad0 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
2017-02-19Enable and fix 'Should be tagged with @Override' warningDavid Pursehouse3-0/+34
Set missingOverrideAnnotation=warning in Eclipse compiler preferences which enables the warning: The method <method> of type <type> should be tagged with @Override since it actually overrides a superclass method Justification for this warning is described in: http://stackoverflow.com/a/94411/381622 Enabling this causes in excess of 1000 warnings across the entire code-base. They are very easy to fix automatically with Eclipse's "Quick Fix" tool. Fix all of them except 2 which cause compilation failure when the project is built with mvn; add TODO comments on those for further investigation. Change-Id: I5772061041fd361fe93137fd8b0ad356e748a29c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
2016-11-22Fix content length in HttpClientConnectionZhen Chen1-2/+11
Per the interface specification, the getContentLength method should return -1 if content length is unknown or greater than Integer.MAX_VALUE. For chunked transfer encoding, the content length is not included in the header, hence will cause a NullPointerException when trying to parse the content length header. Change-Id: Iaa36b5c146a8d654e364635fa0bd2d14129baf17 Signed-off-by: Zhen Chen <czhen@google.com>
2016-10-18Use valueOf rather than constructor for Integer and BooleanDavid Pursehouse2-4/+4
Change-Id: I1c65b2e40ba6ec5860903b11b4631e014f3dc5ce Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
2016-10-13HttpClientConnection: Register connection socket factory for httpMatthias Sohn1-1/+4
It is necessary to register a socket connection factory to prevent the "http protocol is not supported" error when connecting over a proxy. Change-Id: Iedf554acef841f52c1f2e3401ef0a0583ac5253b Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2016-09-22HttpClientConnection: Don't use deprecated HttpClient classesDavid Pursehouse1-30/+39
- raise minimum version for HttpClient packages to 4.3 since some of the used classes aren't available in older versions - recompute OSGi uses clauses Change-Id: I8f0bff1433762561e02f7439db27a6a9e846c290 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2016-08-24Fix HttpClientConnection leaking temporary buffer filesMatthias Sohn2-12/+33
HttpClientConnection uses a TemporaryBufferEntity which uses TemporaryBuffer.LocalFile to buffer an HttpEntity. It was leaking temporary files if the buffered entities were larger than 1MB since it failed to destroy the TemporaryBuffer.LocalFile. Bug: 500079 Change-Id: Ib963e04efc252bdd0420a5c69b1a19181e9e6169 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2016-02-04Add support for HEAD requests to HttpClientConnectionMatthias Sohn1-4/+12
Change-Id: I501f37e06b686a3a0bb5fd857dd72e424da91d3e Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2015-12-16Fix NPE in HttpSupportMatthias Sohn1-13/+14
Bug: 483366 Change-Id: I107f1b44e0e6371e3cfbd1cc18a970412e1fc679 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
2014-11-25Apache HttpClientConnection: replace calls to deprecated LocalFile()Matthias Sohn1-3/+3
Change-Id: I79f422e004f386b3f2875de6997e5a0949fff566
2014-02-20Move Apache httpclient based HTTP support to a separate bundleMatthias Sohn4-0/+603
This move avoids that all consumers of org.eclipse.jgit depend on Apache httpclient. Also add another feature to make this optional for OSGi consumers as well. Change-Id: I5ef5e00c53678b9e1d7cfd54bbca3ff6f1c1c967 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

    Back to the top