Add SSH key support with libssh2 (#27)

Author: eddymoulton

LibGit2Sharp.Tests/GlobalSettingsFixture.cs

@@ -61,7 +61,6 @@ public void LoadFromSpecifiedPath(string architecture)
         {
             Skip.IfNot(Platform.IsRunningOnNetFramework(), ".NET Framework only test.");
 
-            var nativeDllFileName = NativeDllName.Name + ".dll";
             var testDir = Path.GetDirectoryName(typeof(GlobalSettingsFixture).Assembly.Location);
             var testAppExe = Path.Combine(testDir, $"NativeLibraryLoadTestApp.{architecture}.exe");
             var tempDir = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
@@ -71,7 +70,10 @@ public void LoadFromSpecifiedPath(string architecture)
             try
             {
                 Directory.CreateDirectory(platformDir);
-                File.Copy(Path.Combine(libraryPath, nativeDllFileName), Path.Combine(platformDir, nativeDllFileName));
+                foreach (var file in Directory.GetFiles(libraryPath, "*.dll"))
+                {
+                    File.Copy(file, Path.Combine(platformDir, Path.GetFileName(file)));
+                }
 
                 var (output, exitCode) = ProcessHelper.RunProcess(testAppExe, arguments: $@"{NativeDllName.Name} ""{platformDir}""", workingDirectory: tempDir);
 

LibGit2Sharp.Tests/NetworkFixture.cs

@@ -22,7 +22,6 @@ public void CanListRemoteReferences(string url)
                 Remote remote = repo.Network.Remotes.Add(remoteName, url);
                 IList<Reference> references = repo.Network.ListReferences(remote).ToList();
 
-
                 foreach (var reference in references)
                 {
                     // None of those references point to an existing
@@ -136,6 +135,133 @@ public void CanListRemoteReferencesWithCredentials()
             }
         }
 
+        [Theory]
+        [InlineData("http://github.com/libgit2/TestGitRepository")]
+        [InlineData("https://github.com/libgit2/TestGitRepository")]
+        public void CanListRemoteReferencesWithListRemoteOptions(string url)
+        {
+            string remoteName = "testRemote";
+
+            string repoPath = InitNewRepository();
+
+            using (var repo = new Repository(repoPath))
+            {
+                Remote remote = repo.Network.Remotes.Add(remoteName, url);
+                var options = new ListRemoteOptions
+                {
+                    ProxyOptions = new ProxyOptions()
+                };
+
+                IList<Reference> references = repo.Network.ListReferences(remote, options).ToList();
+
+                foreach (var reference in references)
+                {
+                    Assert.Null(reference.ResolveToDirectReference().Target);
+                }
+
+                List<Tuple<string, string>> actualRefs = references.
+                    Select(directRef => new Tuple<string, string>(directRef.CanonicalName, directRef.ResolveToDirectReference()
+                        .TargetIdentifier)).ToList();
+
+                Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs.Count, actualRefs.Count);
+                Assert.True(references.Single(reference => reference.CanonicalName == "HEAD") is SymbolicReference);
+                for (int i = 0; i < TestRemoteRefs.ExpectedRemoteRefs.Count; i++)
+                {
+                    Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs[i].Item2, actualRefs[i].Item2);
+                    Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs[i].Item1, actualRefs[i].Item1);
+                }
+            }
+        }
+
+        [Theory]
+        [InlineData("http://github.com/libgit2/TestGitRepository")]
+        [InlineData("https://github.com/libgit2/TestGitRepository")]
+        public void CanListRemoteReferencesFromUrlWithListRemoteOptions(string url)
+        {
+            string repoPath = InitNewRepository();
+
+            using (var repo = new Repository(repoPath))
+            {
+                var options = new ListRemoteOptions
+                {
+                    ProxyOptions = new ProxyOptions()
+                };
+
+                IList<Reference> references = repo.Network.ListReferences(url, options).ToList();
+
+                foreach (var reference in references)
+                {
+                    Assert.Null(reference.ResolveToDirectReference().Target);
+                }
+
+                List<Tuple<string, string>> actualRefs = references.
+                    Select(directRef => new Tuple<string, string>(directRef.CanonicalName, directRef.ResolveToDirectReference()
+                        .TargetIdentifier)).ToList();
+
+                Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs.Count, actualRefs.Count);
+                Assert.True(references.Single(reference => reference.CanonicalName == "HEAD") is SymbolicReference);
+                for (int i = 0; i < TestRemoteRefs.ExpectedRemoteRefs.Count; i++)
+                {
+                    Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs[i].Item2, actualRefs[i].Item2);
+                    Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs[i].Item1, actualRefs[i].Item1);
+                }
+            }
+        }
+
+        [Theory]
+        [InlineData("https://github.com/libgit2/TestGitRepository")]
+        public void CanListRemoteReferencesWithCertificateCheckCallback(string url)
+        {
+            string repoPath = InitNewRepository();
+
+            bool certificateCheckCalled = false;
+
+            using (var repo = new Repository(repoPath))
+            {
+                var options = new ListRemoteOptions
+                {
+                    CertificateCheck = (cert, valid, host) =>
+                    {
+                        certificateCheckCalled = true;
+                        return true;
+                    }
+                };
+
+                IList<Reference> references = repo.Network.ListReferences(url, options).ToList();
+
+                Assert.True(certificateCheckCalled);
+                Assert.NotEmpty(references);
+            }
+        }
+
+        [SkippableFact]
+        public void CanListRemoteReferencesWithCredentialsInListRemoteOptions()
+        {
+            InconclusiveIf(() => string.IsNullOrEmpty(Constants.PrivateRepoUrl),
+                "Populate Constants.PrivateRepo* to run this test");
+
+            string remoteName = "origin";
+
+            string repoPath = InitNewRepository();
+
+            using (var repo = new Repository(repoPath))
+            {
+                Remote remote = repo.Network.Remotes.Add(remoteName, Constants.PrivateRepoUrl);
+
+                var options = new ListRemoteOptions
+                {
+                    CredentialsProvider = Constants.PrivateRepoCredentials
+                };
+
+                var references = repo.Network.ListReferences(remote, options);
+
+                foreach (var reference in references)
+                {
+                    Assert.NotNull(reference);
+                }
+            }
+        }
+
         [Theory]
         [InlineData(FastForwardStrategy.Default)]
         [InlineData(FastForwardStrategy.NoFastForward)]

LibGit2Sharp.Tests/PushFixture.cs

@@ -135,6 +135,18 @@ public void CanInvokePrePushCallbackAndFail()
             Assert.True(prePushHandlerCalled);
         }
 
+        [Fact]
+        public void CanPushWithRemoteProgressCallback()
+        {
+            PushOptions options = new PushOptions()
+            {
+                OnPushStatusError = OnPushStatusError,
+                OnPushRemoteProgress = (progress) => { return true; },
+            };
+
+            AssertPush(repo => repo.Network.Push(repo.Network.Remotes["origin"], "HEAD", @"refs/heads/master", options));
+        }
+
         [Fact]
         public void PushingABranchThatDoesNotTrackAnUpstreamBranchThrows()
         {

LibGit2Sharp.Tests/RepositoryFixture.cs

@@ -724,6 +724,30 @@ public void CanListRemoteReferences(string url)
             }
         }
 
+        [Theory]
+        [InlineData("http://github.com/libgit2/TestGitRepository")]
+        [InlineData("https://github.com/libgit2/TestGitRepository")]
+        public void CanListRemoteReferencesWithListRemoteOptions(string url)
+        {
+            var options = new ListRemoteOptions
+            {
+                ProxyOptions = new ProxyOptions()
+            };
+
+            IEnumerable<Reference> references = Repository.ListRemoteReferences(url, options).ToList();
+
+            List<Tuple<string, string>> actualRefs = references.
+                Select(reference => new Tuple<string, string>(reference.CanonicalName, reference.ResolveToDirectReference().TargetIdentifier)).ToList();
+
+            Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs.Count, actualRefs.Count);
+            Assert.True(references.Single(reference => reference.CanonicalName == "HEAD") is SymbolicReference);
+            for (int i = 0; i < TestRemoteRefs.ExpectedRemoteRefs.Count; i++)
+            {
+                Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs[i].Item2, actualRefs[i].Item2);
+                Assert.Equal(TestRemoteRefs.ExpectedRemoteRefs[i].Item1, actualRefs[i].Item1);
+            }
+        }
+
         [Fact]
         public void CanListRemoteReferencesWithDetachedRemoteHead()
         {

LibGit2Sharp/CertificateSsh.cs

@@ -25,6 +25,11 @@ protected CertificateSsh()
         /// </summary>
         public readonly byte[] HashSHA1;
 
+        /// <summary>
+        /// The SHA256 hash of the host. Meaningful if <see cref="HasSHA256"/> is true
+        /// </summary>
+        public readonly byte[] HashSHA256;
+
         /// <summary>
         /// True if we have the MD5 hostkey hash from the server
         /// </summary>
@@ -35,11 +40,17 @@ protected CertificateSsh()
         /// </summary>
         public readonly bool HasSHA1;
 
+        /// <summary>
+        /// True if we have the SHA256 hostkey hash from the server
+        /// </summary>
+        public readonly bool HasSHA256;
+
         internal unsafe CertificateSsh(git_certificate_ssh* cert)
         {
 
             HasMD5 = cert->type.HasFlag(GitCertificateSshType.MD5);
             HasSHA1 = cert->type.HasFlag(GitCertificateSshType.SHA1);
+            HasSHA256 = cert->type.HasFlag(GitCertificateSshType.SHA256);
 
             HashMD5 = new byte[16];
             for (var i = 0; i < HashMD5.Length; i++)
@@ -52,6 +63,12 @@ internal unsafe CertificateSsh(git_certificate_ssh* cert)
             {
                 HashSHA1[i] = cert->HashSHA1[i];
             }
+
+            HashSHA256 = new byte[32];
+            for (var i = 0; i < HashSHA256.Length; i++)
+            {
+                HashSHA256[i] = cert->HashSHA256[i];
+            }
         }
 
         internal unsafe IntPtr ToPointer()
@@ -65,6 +82,10 @@ internal unsafe IntPtr ToPointer()
             {
                 sshCertType |= GitCertificateSshType.SHA1;
             }
+            if (HasSHA256)
+            {
+                sshCertType |= GitCertificateSshType.SHA256;
+            }
 
             var gitCert = new git_certificate_ssh()
             {
@@ -88,6 +109,14 @@ internal unsafe IntPtr ToPointer()
                 }
             }
 
+            fixed (byte* p = &HashSHA256[0])
+            {
+                for (var i = 0; i < HashSHA256.Length; i++)
+                {
+                    gitCert.HashSHA256[i] = p[i];
+                }
+            }
+
             var ptr = Marshal.AllocHGlobal(Marshal.SizeOf(gitCert));
             Marshal.StructureToPtr(gitCert, ptr, false);
 

LibGit2Sharp/Core/NativeMethods.cs

@@ -102,12 +102,37 @@ private static IntPtr ResolveDll(string libraryName, Assembly assembly, DllImpor
                 // libc/OpenSSL libraries. Try them out.
                 if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
                 {
-                    // The libraries are located at 'runtimes/<rid>/native/lib{libraryName}.so'
-                    // The <rid> ends with the processor architecture. e.g. fedora-x64.
                     string assemblyDirectory = Path.GetDirectoryName(AppContext.BaseDirectory);
                     string processorArchitecture = RuntimeInformation.ProcessArchitecture.ToString().ToLowerInvariant();
                     string runtimesDirectory = Path.Combine(assemblyDirectory, "runtimes");
 
+                    // The default libgit2 binary is linked against OpenSSL 3. On hosts that have only
+                    // libcrypto.so.1.1 fall back to the OpenSSL-1.1 variant shipped alongside it. We probe
+                    // both layouts: flat (self-contained publish copies natives next to the assembly) and
+                    // 'runtimes/<rid>/native/' (framework-dependent / build output).
+                    if (!NativeLibrary.TryLoad("libcrypto.so.3", out _) && NativeLibrary.TryLoad("libcrypto.so.1.1", out _))
+                    {
+                        string variantFile = $"lib{libraryName}-openssl1.1.so";
+
+                        string flatVariantPath = Path.Combine(assemblyDirectory, variantFile);
+                        if (NativeLibrary.TryLoad(flatVariantPath, out handle))
+                        {
+                            return handle;
+                        }
+
+                        if (Directory.Exists(runtimesDirectory))
+                        {
+                            foreach (var runtimeFolder in Directory.GetDirectories(runtimesDirectory, $"*-{processorArchitecture}"))
+                            {
+                                string variantPath = Path.Combine(runtimeFolder, "native", variantFile);
+                                if (NativeLibrary.TryLoad(variantPath, out handle))
+                                {
+                                    return handle;
+                                }
+                            }
+                        }
+                    }
+
                     if (Directory.Exists(runtimesDirectory))
                     {
                         foreach (var runtimeFolder in Directory.GetDirectories(runtimesDirectory, $"*-{processorArchitecture}"))
@@ -132,8 +157,26 @@ private static IntPtr ResolveDll(string libraryName, Assembly assembly, DllImpor
         [DllImport("libdl", EntryPoint = "dlopen")]
         private static extern IntPtr LoadUnixLibrary(string path, int flags);
 
-        [DllImport("kernel32", EntryPoint = "LoadLibrary")]
-        private static extern IntPtr LoadWindowsLibrary(string path);
+        [DllImport("kernel32", EntryPoint = "AddDllDirectory", CharSet = CharSet.Unicode)]
+        private static extern IntPtr AddDllDirectory(string path);
+
+        [DllImport("kernel32", EntryPoint = "LoadLibraryExW", CharSet = CharSet.Unicode)]
+        private static extern IntPtr LoadWindowsLibraryEx(string path, IntPtr hFile, uint flags);
+
+        private const uint LOAD_LIBRARY_SEARCH_DEFAULT_DIRS = 0x00001000;
+
+        // Use AddDllDirectory + LoadLibraryEx so that transitive native dependencies
+        // (e.g. libssh2 -> libcrypto) in the same directory are resolved at load time.
+        private static IntPtr LoadWindowsLibrary(string path)
+        {
+            var directory = Path.GetDirectoryName(path);
+            if (directory != null)
+            {
+                AddDllDirectory(directory);
+            }
+
+            return LoadWindowsLibraryEx(path, IntPtr.Zero, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS);
+        }
 
         // Avoid inlining this method because otherwise mono's JITter may try
         // to load the library _before_ we've configured the path.

LibGit2Sharp/Core/SshExtensions.cs

@@ -0,0 +1,27 @@
+using LibGit2Sharp.Core;
+using System;
+using System.Runtime.InteropServices;
+
+namespace LibGit2Sharp.Ssh
+{
+    internal static class NativeMethods
+    {
+        private const string libgit2 = NativeDllName.Name;
+
+        [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
+        internal static extern int git_cred_ssh_key_new(
+             out IntPtr cred,
+             [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string username,
+             [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string publickey,
+             [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string privatekey,
+             [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string passphrase);
+
+        [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
+        internal static extern int git_cred_ssh_key_memory_new(
+              out IntPtr cred,
+              [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string username,
+              [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string publickey,
+              [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string privatekey,
+              [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string passphrase);
+    }
+}

LibGit2Sharp/LibGit2Sharp.csproj

@@ -30,7 +30,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Octopus.LibGit2Sharp.NativeBinaries" Version="2.0.323-octopus.1" PrivateAssets="none" />
+    <PackageReference Include="Octopus.LibGit2Sharp.NativeBinaries" Version="2.0.323-octopus.3" PrivateAssets="none" />
     <PackageReference Include="MinVer" Version="6.0.0" PrivateAssets="all" />
   </ItemGroup>