clone.c 21.6 KB
Newer Older
1 2 3
#include "clar_libgit2.h"

#include "git2/clone.h"
4
#include "git2/cred_helpers.h"
5
#include "remote.h"
6 7
#include "fileops.h"
#include "refs.h"
8

9 10
#define LIVE_REPO_URL "http://github.com/libgit2/TestGitRepository"
#define LIVE_EMPTYREPO_URL "http://github.com/libgit2/TestEmptyRepository"
11 12 13
#define BB_REPO_URL "https://libgit3@bitbucket.org/libgit2/testgitrepository.git"
#define BB_REPO_URL_WITH_PASS "https://libgit3:libgit3@bitbucket.org/libgit2/testgitrepository.git"
#define BB_REPO_URL_WITH_WRONG_PASS "https://libgit3:wrong@bitbucket.org/libgit2/testgitrepository.git"
14

15 16
#define SSH_REPO_URL "ssh://github.com/libgit2/TestGitRepository"

17
static git_repository *g_repo;
18
static git_clone_options g_options;
19

20 21 22 23 24 25 26
static char *_remote_url = NULL;
static char *_remote_user = NULL;
static char *_remote_pass = NULL;
static char *_remote_ssh_pubkey = NULL;
static char *_remote_ssh_privkey = NULL;
static char *_remote_ssh_passphrase = NULL;
static char *_remote_ssh_fingerprint = NULL;
27 28 29
static char *_remote_proxy_url = NULL;
static char *_remote_proxy_user = NULL;
static char *_remote_proxy_pass = NULL;
30

31 32 33
static int _orig_proxies_need_reset = 0;
static char *_orig_http_proxy = NULL;
static char *_orig_https_proxy = NULL;
34

35
void test_online_clone__initialize(void)
36
{
37
	git_checkout_options dummy_opts = GIT_CHECKOUT_OPTIONS_INIT;
38
	git_fetch_options dummy_fetch = GIT_FETCH_OPTIONS_INIT;
39

40
	g_repo = NULL;
41 42 43

	memset(&g_options, 0, sizeof(git_clone_options));
	g_options.version = GIT_CLONE_OPTIONS_VERSION;
44 45
	g_options.checkout_opts = dummy_opts;
	g_options.checkout_opts.checkout_strategy = GIT_CHECKOUT_SAFE;
46
	g_options.fetch_opts = dummy_fetch;
47 48 49 50 51 52 53 54

	_remote_url = cl_getenv("GITTEST_REMOTE_URL");
	_remote_user = cl_getenv("GITTEST_REMOTE_USER");
	_remote_pass = cl_getenv("GITTEST_REMOTE_PASS");
	_remote_ssh_pubkey = cl_getenv("GITTEST_REMOTE_SSH_PUBKEY");
	_remote_ssh_privkey = cl_getenv("GITTEST_REMOTE_SSH_KEY");
	_remote_ssh_passphrase = cl_getenv("GITTEST_REMOTE_SSH_PASSPHRASE");
	_remote_ssh_fingerprint = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT");
55 56 57
	_remote_proxy_url = cl_getenv("GITTEST_REMOTE_PROXY_URL");
	_remote_proxy_user = cl_getenv("GITTEST_REMOTE_PROXY_USER");
	_remote_proxy_pass = cl_getenv("GITTEST_REMOTE_PROXY_PASS");
58 59

	_orig_proxies_need_reset = 0;
60 61
}

62
void test_online_clone__cleanup(void)
63
{
64
	if (g_repo) {
65
		git_repository_free(g_repo);
66 67
		g_repo = NULL;
	}
68
	cl_fixture_cleanup("./foo");
69 70 71 72 73 74 75 76

	git__free(_remote_url);
	git__free(_remote_user);
	git__free(_remote_pass);
	git__free(_remote_ssh_pubkey);
	git__free(_remote_ssh_privkey);
	git__free(_remote_ssh_passphrase);
	git__free(_remote_ssh_fingerprint);
77 78 79
	git__free(_remote_proxy_url);
	git__free(_remote_proxy_user);
	git__free(_remote_proxy_pass);
80 81 82 83 84 85 86 87

	if (_orig_proxies_need_reset) {
		cl_setenv("HTTP_PROXY", _orig_http_proxy);
		cl_setenv("HTTPS_PROXY", _orig_https_proxy);

		git__free(_orig_http_proxy);
		git__free(_orig_https_proxy);
	}
88 89
}

90
void test_online_clone__network_full(void)
91 92 93
{
	git_remote *origin;

94
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
95
	cl_assert(!git_repository_is_bare(g_repo));
96
	cl_git_pass(git_remote_lookup(&origin, g_repo, "origin"));
nulltoken committed
97

98 99
	cl_assert_equal_i(GIT_REMOTE_DOWNLOAD_TAGS_AUTO, origin->download_tags);

nulltoken committed
100
	git_remote_free(origin);
101 102
}

103
void test_online_clone__network_bare(void)
104 105 106
{
	git_remote *origin;

107
	g_options.bare = true;
108

109
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
110
	cl_assert(git_repository_is_bare(g_repo));
111
	cl_git_pass(git_remote_lookup(&origin, g_repo, "origin"));
nulltoken committed
112 113

	git_remote_free(origin);
114 115
}

116
void test_online_clone__empty_repository(void)
117 118 119
{
	git_reference *head;

120
	cl_git_pass(git_clone(&g_repo, LIVE_EMPTYREPO_URL, "./foo", &g_options));
121 122

	cl_assert_equal_i(true, git_repository_is_empty(g_repo));
123
	cl_assert_equal_i(true, git_repository_head_unborn(g_repo));
124 125 126

	cl_git_pass(git_reference_lookup(&head, g_repo, GIT_HEAD_FILE));
	cl_assert_equal_i(GIT_REF_SYMBOLIC, git_reference_type(head));
127
	cl_assert_equal_s("refs/heads/master", git_reference_symbolic_target(head));
128 129 130

	git_reference_free(head);
}
131

132
static void checkout_progress(const char *path, size_t cur, size_t tot, void *payload)
133 134
{
	bool *was_called = (bool*)payload;
Ben Straub committed
135
	GIT_UNUSED(path); GIT_UNUSED(cur); GIT_UNUSED(tot);
136 137 138
	(*was_called) = true;
}

139
static int fetch_progress(const git_transfer_progress *stats, void *payload)
140 141
{
	bool *was_called = (bool*)payload;
Ben Straub committed
142
	GIT_UNUSED(stats);
143
	(*was_called) = true;
144
	return 0;
145 146
}

147
void test_online_clone__can_checkout_a_cloned_repo(void)
148 149
{
	git_buf path = GIT_BUF_INIT;
150
	git_reference *head;
151 152
	bool checkout_progress_cb_was_called = false,
		  fetch_progress_cb_was_called = false;
153

154
	g_options.checkout_opts.checkout_strategy = GIT_CHECKOUT_SAFE;
155 156
	g_options.checkout_opts.progress_cb = &checkout_progress;
	g_options.checkout_opts.progress_payload = &checkout_progress_cb_was_called;
157 158
	g_options.fetch_opts.callbacks.transfer_progress = &fetch_progress;
	g_options.fetch_opts.callbacks.payload = &fetch_progress_cb_was_called;
159

160
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
161 162 163

	cl_git_pass(git_buf_joinpath(&path, git_repository_workdir(g_repo), "master.txt"));
	cl_assert_equal_i(true, git_path_isfile(git_buf_cstr(&path)));
164 165 166

	cl_git_pass(git_reference_lookup(&head, g_repo, "HEAD"));
	cl_assert_equal_i(GIT_REF_SYMBOLIC, git_reference_type(head));
167
	cl_assert_equal_s("refs/heads/master", git_reference_symbolic_target(head));
nulltoken committed
168

169 170
	cl_assert_equal_i(true, checkout_progress_cb_was_called);
	cl_assert_equal_i(true, fetch_progress_cb_was_called);
171

nulltoken committed
172
	git_reference_free(head);
173
	git_buf_dispose(&path);
174
}
Ben Straub committed
175

176 177
static int remote_mirror_cb(git_remote **out, git_repository *repo,
			    const char *name, const char *url, void *payload)
178
{
179
	int error;
180 181
	git_remote *remote;

182
	GIT_UNUSED(payload);
183

184
	if ((error = git_remote_create_with_fetchspec(&remote, repo, name, url, "+refs/*:refs/*")) < 0)
185
		return error;
186

187 188
	*out = remote;
	return 0;
189 190
}

191 192
void test_online_clone__clone_mirror(void)
{
193
	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
194 195 196 197
	git_reference *head;

	bool fetch_progress_cb_was_called = false;

198 199
	opts.fetch_opts.callbacks.transfer_progress = &fetch_progress;
	opts.fetch_opts.callbacks.payload = &fetch_progress_cb_was_called;
200

201 202
	opts.bare = true;
	opts.remote_cb = remote_mirror_cb;
203

204
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo.git", &opts));
205 206 207 208 209 210 211 212

	cl_git_pass(git_reference_lookup(&head, g_repo, "HEAD"));
	cl_assert_equal_i(GIT_REF_SYMBOLIC, git_reference_type(head));
	cl_assert_equal_s("refs/heads/master", git_reference_symbolic_target(head));

	cl_assert_equal_i(true, fetch_progress_cb_was_called);

	git_reference_free(head);
213 214 215
	git_repository_free(g_repo);
	g_repo = NULL;

216 217 218
	cl_fixture_cleanup("./foo.git");
}

Ben Straub committed
219 220 221 222 223 224 225 226
static int update_tips(const char *refname, const git_oid *a, const git_oid *b, void *payload)
{
	int *callcount = (int*)payload;
	GIT_UNUSED(refname); GIT_UNUSED(a); GIT_UNUSED(b);
	*callcount = *callcount + 1;
	return 0;
}

227
void test_online_clone__custom_remote_callbacks(void)
Ben Straub committed
228 229 230
{
	int callcount = 0;

231 232
	g_options.fetch_opts.callbacks.update_tips = update_tips;
	g_options.fetch_opts.callbacks.payload = &callcount;
Ben Straub committed
233 234 235 236 237

	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
	cl_assert(callcount > 0);
}

238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264
void test_online_clone__custom_headers(void)
{
	char *empty_header = "";
	char *unnamed_header = "this is a header about nothing";
	char *newlines = "X-Custom: almost OK\n";
	char *conflict = "Accept: defined-by-git";
	char *ok = "X-Custom: this should be ok";

	g_options.fetch_opts.custom_headers.count = 1;

	g_options.fetch_opts.custom_headers.strings = &empty_header;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	g_options.fetch_opts.custom_headers.strings = &unnamed_header;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	g_options.fetch_opts.custom_headers.strings = &newlines;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	g_options.fetch_opts.custom_headers.strings = &conflict;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	/* Finally, we got it right! */
	g_options.fetch_opts.custom_headers.strings = &ok;
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
}

265 266 267 268 269 270 271
static int cred_failure_cb(
	git_cred **cred,
	const char *url,
	const char *username_from_url,
	unsigned int allowed_types,
	void *data)
{
Russell Belfer committed
272 273
	GIT_UNUSED(cred); GIT_UNUSED(url); GIT_UNUSED(username_from_url);
	GIT_UNUSED(allowed_types); GIT_UNUSED(data);
Ben Straub committed
274
	return -172;
275 276
}

Ben Straub committed
277
void test_online_clone__cred_callback_failure_return_code_is_tunnelled(void)
278
{
279 280
	_remote_url = git__strdup("https://github.com/libgit2/non-existent");
	_remote_user = git__strdup("libgit2test");
281

282
	g_options.fetch_opts.callbacks.credentials = cred_failure_cb;
283

284
	cl_git_fail_with(-172, git_clone(&g_repo, _remote_url, "./foo", &g_options));
285 286
}

287 288 289 290 291 292 293
static int cred_count_calls_cb(git_cred **cred, const char *url, const char *user,
			       unsigned int allowed_types, void *data)
{
	size_t *counter = (size_t *) data;

	GIT_UNUSED(url); GIT_UNUSED(user); GIT_UNUSED(allowed_types);

294 295 296
	if (allowed_types == GIT_CREDTYPE_USERNAME)
		return git_cred_username_new(cred, "foo");

297 298 299 300 301 302 303 304 305 306 307 308
	(*counter)++;

	if (*counter == 3)
		return GIT_EUSER;

	return git_cred_userpass_plaintext_new(cred, "foo", "bar");
}

void test_online_clone__cred_callback_called_again_on_auth_failure(void)
{
	size_t counter = 0;

309 310
	_remote_url = git__strdup("https://github.com/libgit2/non-existent");
	_remote_user = git__strdup("libgit2test");
311

312 313
	g_options.fetch_opts.callbacks.credentials = cred_count_calls_cb;
	g_options.fetch_opts.callbacks.payload = &counter;
314

315
	cl_git_fail_with(GIT_EUSER, git_clone(&g_repo, _remote_url, "./foo", &g_options));
316 317 318
	cl_assert_equal_i(3, counter);
}

319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335
int cred_default(
	git_cred **cred,
	const char *url,
	const char *user_from_url,
	unsigned int allowed_types,
	void *payload)
{
	GIT_UNUSED(url);
	GIT_UNUSED(user_from_url);
	GIT_UNUSED(payload);

	if (!(allowed_types & GIT_CREDTYPE_DEFAULT))
		return 0;

	return git_cred_default_new(cred);
}

336
void test_online_clone__credentials(void)
Ben Straub committed
337
{
338 339 340
	/* Remote URL environment variable must be set.
	 * User and password are optional.
	 */
341
	git_cred_userpass_payload user_pass = {
342 343
		_remote_user,
		_remote_pass
Ben Straub committed
344 345
	};

346 347
	if (!_remote_url)
		clar__skip();
Ben Straub committed
348

349
	if (cl_is_env_set("GITTEST_REMOTE_DEFAULT")) {
350
		g_options.fetch_opts.callbacks.credentials = cred_default;
351
	} else {
352 353
		g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
		g_options.fetch_opts.callbacks.payload = &user_pass;
354
	}
Ben Straub committed
355

356
	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
357 358 359 360 361 362 363
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
}

void test_online_clone__bitbucket_style(void)
{
	git_cred_userpass_payload user_pass = {
364
		"libgit3", "libgit3"
365 366
	};

367 368
	g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
	g_options.fetch_opts.callbacks.payload = &user_pass;
369 370 371 372

	cl_git_pass(git_clone(&g_repo, BB_REPO_URL, "./foo", &g_options));
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
373 374 375 376 377 378 379
}

void test_online_clone__bitbucket_uses_creds_in_url(void)
{
	git_cred_userpass_payload user_pass = {
		"libgit2", "wrong"
	};
380

381 382 383 384 385 386 387
	g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
	g_options.fetch_opts.callbacks.payload = &user_pass;

	/*
	 * Correct user and pass are in the URL; the (incorrect) creds in
	 * the `git_cred_userpass_payload` should be ignored.
	 */
388 389 390
	cl_git_pass(git_clone(&g_repo, BB_REPO_URL_WITH_PASS, "./foo", &g_options));
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
391
}
392

393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411
void test_online_clone__bitbucket_falls_back_to_specified_creds(void)
{
	git_cred_userpass_payload user_pass = {
		"libgit2", "libgit2"
	};

	g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
	g_options.fetch_opts.callbacks.payload = &user_pass;

	/*
	 * TODO: as of March 2018, bitbucket sporadically fails with
	 * 403s instead of replying with a 401 - but only sometimes.
	 */
	cl_skip();

	/*
	 * Incorrect user and pass are in the URL; the (correct) creds in
	 * the `git_cred_userpass_payload` should be used as a fallback.
	 */
412 413 414
	cl_git_pass(git_clone(&g_repo, BB_REPO_URL_WITH_WRONG_PASS, "./foo", &g_options));
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
Ben Straub committed
415
}
416 417 418 419 420 421

static int cancel_at_half(const git_transfer_progress *stats, void *payload)
{
	GIT_UNUSED(payload);

	if (stats->received_objects > (stats->total_objects/2))
422
		return 4321;
423 424 425 426 427
	return 0;
}

void test_online_clone__can_cancel(void)
{
428
	g_options.fetch_opts.callbacks.transfer_progress = cancel_at_half;
429

430 431
	cl_git_fail_with(
		git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options), 4321);
432
}
433

434 435 436 437 438
static int cred_cb(git_cred **cred, const char *url, const char *user_from_url,
		   unsigned int allowed_types, void *payload)
{
	GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);

439
	if (allowed_types & GIT_CREDTYPE_USERNAME)
440
		return git_cred_username_new(cred, _remote_user);
441

442
	if (allowed_types & GIT_CREDTYPE_SSH_KEY)
443 444 445
		return git_cred_ssh_key_new(cred,
			_remote_user, _remote_ssh_pubkey,
			_remote_ssh_privkey, _remote_ssh_passphrase);
446 447 448 449

	giterr_set(GITERR_NET, "unexpected cred type");
	return -1;
}
450

451 452 453
static int check_ssh_auth_methods(git_cred **cred, const char *url, const char *username_from_url,
				  unsigned int allowed_types, void *data)
{
454
	int *with_user = (int *) data;
455
	GIT_UNUSED(cred); GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(data);
456

457 458 459 460
	if (!*with_user)
		cl_assert_equal_i(GIT_CREDTYPE_USERNAME, allowed_types);
	else
		cl_assert(!(allowed_types & GIT_CREDTYPE_USERNAME));
461

462 463
	return GIT_EUSER;
}
464

465 466
void test_online_clone__ssh_auth_methods(void)
{
467 468
	int with_user;

469 470 471
#ifndef GIT_SSH
	clar__skip();
#endif
472 473
	g_options.fetch_opts.callbacks.credentials = check_ssh_auth_methods;
	g_options.fetch_opts.callbacks.payload = &with_user;
474

475
	with_user = 0;
476 477
	cl_git_fail_with(GIT_EUSER,
		git_clone(&g_repo, SSH_REPO_URL, "./foo", &g_options));
478 479 480 481 482 483

	with_user = 1;
	cl_git_fail_with(GIT_EUSER,
		git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
}

484 485 486 487 488 489 490 491 492
static int custom_remote_ssh_with_paths(
	git_remote **out,
	git_repository *repo,
	const char *name,
	const char *url,
	void *payload)
{
	int error;

493
	GIT_UNUSED(payload);
494

495
	if ((error = git_remote_create(out, repo, name, url)) < 0)
496
		return error;
497

498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515
	return 0;
}

void test_online_clone__ssh_with_paths(void)
{
	char *bad_paths[] = {
		"/bin/yes",
		"/bin/false",
	};
	char *good_paths[] = {
		"/usr/bin/git-upload-pack",
		"/usr/bin/git-receive-pack",
	};
	git_strarray arr = {
		bad_paths,
		2,
	};

516 517 518
#ifndef GIT_SSH
	clar__skip();
#endif
519
	if (!_remote_url || !_remote_user || strncmp(_remote_url, "ssh://", 5) != 0)
520 521 522
		clar__skip();

	g_options.remote_cb = custom_remote_ssh_with_paths;
523
	g_options.fetch_opts.callbacks.transport = git_transport_ssh_with_paths;
524
	g_options.fetch_opts.callbacks.credentials = cred_cb;
525
	g_options.fetch_opts.callbacks.payload = &arr;
526

527
	cl_git_fail(git_clone(&g_repo, _remote_url, "./foo", &g_options));
528

529
	arr.strings = good_paths;
530
	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
531
}
532

533 534 535 536 537 538 539 540 541 542 543
static int cred_foo_bar(git_cred **cred, const char *url, const char *username_from_url,
				  unsigned int allowed_types, void *data)

{
	GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(allowed_types); GIT_UNUSED(data);

	return git_cred_userpass_plaintext_new(cred, "foo", "bar");
}

void test_online_clone__ssh_cannot_change_username(void)
{
544 545 546
#ifndef GIT_SSH
	clar__skip();
#endif
547
	g_options.fetch_opts.callbacks.credentials = cred_foo_bar;
548 549

	cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
550
}
551

552
int ssh_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
553 554 555 556 557 558 559
{
	git_cert_hostkey *key;
	git_oid expected = {{0}}, actual = {{0}};

	GIT_UNUSED(valid);
	GIT_UNUSED(payload);

560
	cl_assert(_remote_ssh_fingerprint);
561

562
	cl_git_pass(git_oid_fromstrp(&expected, _remote_ssh_fingerprint));
563 564
	cl_assert_equal_i(GIT_CERT_HOSTKEY_LIBSSH2, cert->cert_type);
	key = (git_cert_hostkey *) cert;
565

566 567 568 569 570
	/*
	 * We need to figure out how long our input was to check for
	 * the type. Here we abuse the fact that both hashes fit into
	 * our git_oid type.
	 */
571
	if (strlen(_remote_ssh_fingerprint) == 32 && key->type & GIT_CERT_SSH_MD5) {
572
		memcpy(&actual.id, key->hash_md5, 16);
573
	} else 	if (strlen(_remote_ssh_fingerprint) == 40 && key->type & GIT_CERT_SSH_SHA1) {
574 575 576 577
		memcpy(&actual, key->hash_sha1, 20);
	} else {
		cl_fail("Cannot find a usable SSH hash");
	}
578

579
	cl_assert(!memcmp(&expected, &actual, 20));
580

581 582
	cl_assert_equal_s("localhost", host);

583 584 585 586 587
	return GIT_EUSER;
}

void test_online_clone__ssh_cert(void)
{
588
	g_options.fetch_opts.callbacks.certificate_check = ssh_certificate_check;
589

590
	if (!_remote_ssh_fingerprint)
591 592
		cl_skip();

593
	cl_git_fail_with(GIT_EUSER, git_clone(&g_repo, _remote_url, "./foo", &g_options));
594 595
}

596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621
static char *read_key_file(const char *path)
{
	FILE *f;
	char *buf;
	long key_length;

	if (!path || !*path)
		return NULL;

	cl_assert((f = fopen(path, "r")) != NULL);
	cl_assert(fseek(f, 0, SEEK_END) != -1);
	cl_assert((key_length = ftell(f)) != -1);
	cl_assert(fseek(f, 0, SEEK_SET) != -1);
	cl_assert((buf = malloc(key_length)) != NULL);
	cl_assert(fread(buf, key_length, 1, f) == 1);
	fclose(f);

	return buf;
}

static int ssh_memory_cred_cb(git_cred **cred, const char *url, const char *user_from_url,
		   unsigned int allowed_types, void *payload)
{
	GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);

	if (allowed_types & GIT_CREDTYPE_USERNAME)
622
		return git_cred_username_new(cred, _remote_user);
623 624 625

	if (allowed_types & GIT_CREDTYPE_SSH_KEY)
	{
626 627
		char *pubkey = read_key_file(_remote_ssh_pubkey);
		char *privkey = read_key_file(_remote_ssh_privkey);
628

629
		int ret = git_cred_ssh_key_memory_new(cred, _remote_user, pubkey, privkey, _remote_ssh_passphrase);
630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646

		if (privkey)
			free(privkey);
		if (pubkey)
			free(pubkey);
		return ret;
	}

	giterr_set(GITERR_NET, "unexpected cred type");
	return -1;
}

void test_online_clone__ssh_memory_auth(void)
{
#ifndef GIT_SSH_MEMORY_CREDENTIALS
	clar__skip();
#endif
647
	if (!_remote_url || !_remote_user || !_remote_ssh_privkey || strncmp(_remote_url, "ssh://", 5) != 0)
648 649 650 651
		clar__skip();

	g_options.fetch_opts.callbacks.credentials = ssh_memory_cred_cb;

652
	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
653 654
}

655 656 657 658 659
void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void)
{
	cl_git_fail_with(git_clone(&g_repo, "http://github.com", "./foo", &g_options),
		GIT_EINVALIDSPEC);
}
660

661
static int fail_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
662
{
663
	GIT_UNUSED(cert);
664
	GIT_UNUSED(valid);
665
	GIT_UNUSED(host);
666 667
	GIT_UNUSED(payload);

668
	return GIT_ECERTIFICATE;
669 670 671 672
}

void test_online_clone__certificate_invalid(void)
{
673
	g_options.fetch_opts.callbacks.certificate_check = fail_certificate_check;
674

675
	cl_git_fail_with(git_clone(&g_repo, "https://github.com/libgit2/TestGitRepository", "./foo", &g_options),
676
		GIT_ECERTIFICATE);
677

678
#ifdef GIT_SSH
679 680
	cl_git_fail_with(git_clone(&g_repo, "ssh://github.com/libgit2/TestGitRepository", "./foo", &g_options),
		GIT_ECERTIFICATE);
681
#endif
682 683
}

684
static int succeed_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
685
{
686
	GIT_UNUSED(cert);
687
	GIT_UNUSED(valid);
688 689
	GIT_UNUSED(payload);

690 691
	cl_assert_equal_s("github.com", host);

692
	return 0;
693 694 695 696
}

void test_online_clone__certificate_valid(void)
{
697
	g_options.fetch_opts.callbacks.certificate_check = succeed_certificate_check;
698

699
	cl_git_pass(git_clone(&g_repo, "https://github.com/libgit2/TestGitRepository", "./foo", &g_options));
700
}
701 702 703

void test_online_clone__start_with_http(void)
{
704
	g_options.fetch_opts.callbacks.certificate_check = succeed_certificate_check;
705 706 707

	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
}
708 709 710 711

static int called_proxy_creds;
static int proxy_creds(git_cred **out, const char *url, const char *username, unsigned int allowed, void *payload)
{
712
	GIT_UNUSED(url);
713
	GIT_UNUSED(username);
714 715
	GIT_UNUSED(allowed);
	GIT_UNUSED(payload);
716 717 718 719 720 721 722

	called_proxy_creds = 1;
	return git_cred_userpass_plaintext_new(out, _remote_proxy_user, _remote_proxy_pass);
}

void test_online_clone__proxy_credentials_request(void)
{
723 724
	git_buf url = GIT_BUF_INIT;

725 726 727
	if (!_remote_proxy_url || !_remote_proxy_user || !_remote_proxy_pass)
		cl_skip();

728 729
	cl_git_pass(git_buf_printf(&url, "http://%s/", _remote_proxy_url));

730
	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
731
	g_options.fetch_opts.proxy_opts.url = url.ptr;
732 733 734 735
	g_options.fetch_opts.proxy_opts.credentials = proxy_creds;
	called_proxy_creds = 0;
	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
	cl_assert(called_proxy_creds);
736

737
	git_buf_dispose(&url);
738 739 740 741
}

void test_online_clone__proxy_credentials_in_url(void)
{
742 743 744
	git_buf url = GIT_BUF_INIT;

	if (!_remote_proxy_url || !_remote_proxy_user || !_remote_proxy_pass)
745 746
		cl_skip();

747 748
	cl_git_pass(git_buf_printf(&url, "http://%s:%s@%s/", _remote_proxy_user, _remote_proxy_pass, _remote_proxy_url));

749
	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
750
	g_options.fetch_opts.proxy_opts.url = url.ptr;
751 752 753
	called_proxy_creds = 0;
	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
	cl_assert(called_proxy_creds == 0);
754

755
	git_buf_dispose(&url);
756
}
757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777

void test_online_clone__proxy_credentials_in_environment(void)
{
	git_buf url = GIT_BUF_INIT;

	if (!_remote_proxy_url || !_remote_proxy_user || !_remote_proxy_pass)
		cl_skip();

	_orig_http_proxy = cl_getenv("HTTP_PROXY");
	_orig_https_proxy = cl_getenv("HTTPS_PROXY");
	_orig_proxies_need_reset = 1;

	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_AUTO;

	cl_git_pass(git_buf_printf(&url, "http://%s:%s@%s/", _remote_proxy_user, _remote_proxy_pass, _remote_proxy_url));

	cl_setenv("HTTP_PROXY", url.ptr);
	cl_setenv("HTTPS_PROXY", url.ptr);

	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));

778
	git_buf_dispose(&url);
779
}