ManagedHttpSmartSubtransport: provide certificate callbacks

Provide certificate callback functionality when using the managed HTTP smart subtransport.
AppalachiaInteractive · Feb 18, 2020 · 4381f70 · 4381f70
1 parent dc22039
commit 4381f70
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 7 deletions.
diff --git a/LibGit2Sharp/CertificateX509.cs b/LibGit2Sharp/CertificateX509.cs
@@ -10,7 +10,6 @@ namespace LibGit2Sharp
     /// </summary>
     public class CertificateX509 : Certificate
     {
-
         /// <summary>
         /// For mocking purposes
         /// </summary>
@@ -30,6 +29,11 @@ internal unsafe CertificateX509(git_certificate_x509* cert)
             Certificate = new X509Certificate(data);
         }
 
+        internal CertificateX509(X509Certificate cert)
+        {
+            Certificate = cert;
+        }
+
         internal unsafe IntPtr ToPointers(out IntPtr dataPtr)
         {
             var certData = Certificate.Export(X509ContentType.Cert);

diff --git a/LibGit2Sharp/Core/ManagedHttpSmartSubtransport.cs b/LibGit2Sharp/Core/ManagedHttpSmartSubtransport.cs
@@ -1,6 +1,8 @@
 using System;
 using System.IO;
 using System.Net;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 
 namespace LibGit2Sharp.Core
 {
@@ -50,12 +52,12 @@ private class ManagedHttpSmartSubtransportStream : SmartSubtransportStream
             public ManagedHttpSmartSubtransportStream(ManagedHttpSmartSubtransport parent, string endpointUrl, bool isPost, string contentType)
                 : base(parent)
             {
-                EndpointUrl = endpointUrl;
+                EndpointUrl = new Uri(endpointUrl);
                 IsPost = isPost;
                 ContentType = contentType;
             }
 
-            private string EndpointUrl
+            private Uri EndpointUrl
             {
                 get;
                 set;
@@ -100,14 +102,23 @@ public override int Write(Stream dataStream, long length)
                 return 0;
             }
 
-            private static HttpWebRequest CreateWebRequest(string endpointUrl, bool isPost, string contentType)
+            private bool CertificateValidationProxy(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
+            {
+                int ret = SmartTransport.CertificateCheck(new CertificateX509(cert), (errors == SslPolicyErrors.None), EndpointUrl.Host);
+                Ensure.ZeroResult(ret);
+
+                return true;
+            }
+
+            private HttpWebRequest CreateWebRequest(Uri endpointUrl, bool isPost, string contentType)
             {
                 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
 
                 HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(endpointUrl);
                 webRequest.UserAgent = "git/1.0 (libgit2 custom transport)";
                 webRequest.ServicePoint.Expect100Continue = false;
                 webRequest.AllowAutoRedirect = false;
+                webRequest.ServerCertificateValidationCallback += CertificateValidationProxy;
 
                 if (isPost)
                 {
@@ -147,7 +158,18 @@ private HttpWebResponse GetResponseWithRedirects()
                     }
                     catch (WebException ex)
                     {
-                        response = (HttpWebResponse)ex.Response;
+                        if (ex.Response != null)
+                        {
+                            response = (HttpWebResponse)ex.Response;
+                        }
+                        else if (ex.InnerException != null)
+                        {
+                            throw ex.InnerException;
+                        }
+                        else
+                        {
+                            throw new Exception("unknown network failure");
+                        }
                     }
 
                     if (response.StatusCode == HttpStatusCode.OK)
@@ -171,7 +193,7 @@ private HttpWebResponse GetResponseWithRedirects()
                     }
                     else if (response.StatusCode == HttpStatusCode.Moved || response.StatusCode == HttpStatusCode.Redirect)
                     {
-                        request = CreateWebRequest(response.Headers["Location"], IsPost, ContentType);
+                        request = CreateWebRequest(new Uri(response.Headers["Location"]), IsPost, ContentType);
                         continue;
                     }
 

diff --git a/LibGit2Sharp/SmartSubtransportStream.cs b/LibGit2Sharp/SmartSubtransportStream.cs
@@ -102,6 +102,7 @@ private unsafe static int Read(
                 UIntPtr buf_size,
                 out UIntPtr bytes_read)
             {
+                GitErrorCode errorCode = GitErrorCode.Error;
                 bytes_read = UIntPtr.Zero;
 
                 SmartSubtransportStream transportStream =
@@ -124,14 +125,19 @@ private unsafe static int Read(
 
                             return toReturn;
                         }
+                        catch (NativeException ex)
+                        {
+                            errorCode = ex.ErrorCode;
+                            Proxy.giterr_set_str(GitErrorCategory.Net, ex);
+                        }
                         catch (Exception ex)
                         {
                             Proxy.git_error_set_str(GitErrorCategory.Net, ex);
                         }
                     }
                 }
 
-                return (int)GitErrorCode.Error;
+                return (int)errorCode;
             }
 
             private static unsafe int Write(IntPtr stream, IntPtr buffer, UIntPtr len)