D4776: wireprotov2: client support for advertising redirect targets
indygreg (Gregory Szorc)
phabricator at mercurial-scm.org
Thu Sep 27 01:10:31 UTC 2018
indygreg created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
With the server now able to emit a redirect target descriptor, we can
start to teach the client to recognize it.
This commit implements support for filtering the advertised
redirect targets against supported features and for advertising
compatible redirect targets as part of command requests. It also
adds the minimal boilerplate required to fail when a content
redirect is seen.
The server doesn't yet do anything with the advertised redirect
targets. And the client can't yet follow redirects if it did. But
at least we're putting bytes on the wire.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D4776
AFFECTED FILES
mercurial/httppeer.py
mercurial/wireprotoframing.py
mercurial/wireprotov2peer.py
tests/test-wireproto-clientreactor.py
tests/test-wireproto-content-redirects.t
CHANGE DETAILS
diff --git a/tests/test-wireproto-content-redirects.t b/tests/test-wireproto-content-redirects.t
--- a/tests/test-wireproto-content-redirects.t
+++ b/tests/test-wireproto-content-redirects.t
@@ -57,16 +57,17 @@
s> Content-Length: 1970\r\n
s> \r\n
s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa5DnameHtarget-aHprotocolDhttpKsnirequired\xf4Ktlsversions\x82C1.2C1.3Duris\x81Shttp://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash
+ (remote redirect target target-a is compatible)
sending capabilities command
s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n
s> Accept-Encoding: identity\r\n
s> accept: application/mercurial-exp-framing-0005\r\n
s> content-type: application/mercurial-exp-framing-0005\r\n
- s> content-length: 27\r\n
+ s> content-length: 75\r\n
s> host: $LOCALIP:$HGPORT\r\n (glob)
s> user-agent: Mercurial debugwireproto\r\n
s> \r\n
- s> \x13\x00\x00\x01\x00\x01\x01\x11\xa1DnameLcapabilities
+ s> C\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81Htarget-a
s> makefile('rb', None)
s> HTTP/1.1 200 OK\r\n
s> Server: testing stub value\r\n
@@ -308,6 +309,8 @@
}
]
+Unknown protocol is filtered from compatible targets
+
$ cat > redirects.py << EOF
> [
> {
@@ -344,16 +347,18 @@
s> Content-Length: 1997\r\n
s> \r\n
s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x82\xa3DnameHtarget-aHprotocolDhttpDuris\x81Shttp://example.com/\xa3DnameHtarget-bHprotocolGunknownDuris\x81Vunknown://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash
+ (remote redirect target target-a is compatible)
+ (remote redirect target target-b uses unsupported protocol: unknown)
sending capabilities command
s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n
s> Accept-Encoding: identity\r\n
s> accept: application/mercurial-exp-framing-0005\r\n
s> content-type: application/mercurial-exp-framing-0005\r\n
- s> content-length: 27\r\n
+ s> content-length: 75\r\n
s> host: $LOCALIP:$HGPORT\r\n (glob)
s> user-agent: Mercurial debugwireproto\r\n
s> \r\n
- s> \x13\x00\x00\x01\x00\x01\x01\x11\xa1DnameLcapabilities
+ s> C\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81Htarget-a
s> makefile('rb', None)
s> HTTP/1.1 200 OK\r\n
s> Server: testing stub value\r\n
@@ -597,5 +602,586 @@
}
]
+Missing SNI support filters targets that require SNI
+
+ $ cat > nosni.py << EOF
+ > from mercurial import sslutil
+ > sslutil.hassni = False
+ > EOF
+ $ cat >> $HGRCPATH << EOF
+ > [extensions]
+ > nosni=`pwd`/nosni.py
+ > EOF
+
+ $ cat > redirects.py << EOF
+ > [
+ > {
+ > b'name': b'target-bad-tls',
+ > b'protocol': b'https',
+ > b'uris': [b'https://example.com/'],
+ > b'snirequired': True,
+ > },
+ > ]
+ > EOF
+
+ $ sendhttpv2peerhandshake << EOF
+ > command capabilities
+ > EOF
+ creating http peer for wire protocol version 2
+ s> GET /?cmd=capabilities HTTP/1.1\r\n
+ s> Accept-Encoding: identity\r\n
+ s> vary: X-HgProto-1,X-HgUpgrade-1\r\n
+ s> x-hgproto-1: cbor\r\n
+ s> x-hgupgrade-1: exp-http-v2-0002\r\n
+ s> accept: application/mercurial-0.1\r\n
+ s> host: $LOCALIP:$HGPORT\r\n (glob)
+ s> user-agent: Mercurial debugwireproto\r\n
+ s> \r\n
+ s> makefile('rb', None)
+ s> HTTP/1.1 200 OK\r\n
+ s> Server: testing stub value\r\n
+ s> Date: $HTTP_DATE$\r\n
+ s> Content-Type: application/mercurial-cbor\r\n
+ s> Content-Length: 1957\r\n
+ s> \r\n
+ s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKsnirequired\xf5Duris\x81Thttps://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash
+ (redirect target target-bad-tls requires SNI, which is unsupported)
+ sending capabilities command
+ s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n
+ s> Accept-Encoding: identity\r\n
+ s> accept: application/mercurial-exp-framing-0005\r\n
+ s> content-type: application/mercurial-exp-framing-0005\r\n
+ s> content-length: 66\r\n
+ s> host: $LOCALIP:$HGPORT\r\n (glob)
+ s> user-agent: Mercurial debugwireproto\r\n
+ s> \r\n
+ s> :\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x80
+ s> makefile('rb', None)
+ s> HTTP/1.1 200 OK\r\n
+ s> Server: testing stub value\r\n
+ s> Date: $HTTP_DATE$\r\n
+ s> Content-Type: application/mercurial-exp-framing-0005\r\n
+ s> Transfer-Encoding: chunked\r\n
+ s> \r\n
+ s> 13\r\n
+ s> \x0b\x00\x00\x01\x00\x02\x011
+ s> \xa1FstatusBok
+ s> \r\n
+ received frame(size=11; request=1; stream=2; streamflags=stream-begin; type=command-response; flags=continuation)
+ s> 59e\r\n
+ s> \x96\x05\x00\x01\x00\x02\x001
+ s> \xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKsnirequired\xf5Duris\x81Thttps://example.com/
+ s> \r\n
+ received frame(size=1430; request=1; stream=2; streamflags=; type=command-response; flags=continuation)
+ s> 8\r\n
+ s> \x00\x00\x00\x01\x00\x02\x002
+ s> \r\n
+ s> 0\r\n
+ s> \r\n
+ received frame(size=0; request=1; stream=2; streamflags=; type=command-response; flags=eos)
+ response: gen[
+ {
+ b'commands': {
+ b'branchmap': {
+ b'args': {},
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'capabilities': {
+ b'args': {},
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'changesetdata': {
+ b'args': {
+ b'fields': {
+ b'default': set([]),
+ b'required': False,
+ b'type': b'set',
+ b'validvalues': set([
+ b'bookmarks',
+ b'parents',
+ b'phase',
+ b'revision'
+ ])
+ },
+ b'noderange': {
+ b'default': None,
+ b'required': False,
+ b'type': b'list'
+ },
+ b'nodes': {
+ b'default': None,
+ b'required': False,
+ b'type': b'list'
+ },
+ b'nodesdepth': {
+ b'default': None,
+ b'required': False,
+ b'type': b'int'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'filedata': {
+ b'args': {
+ b'fields': {
+ b'default': set([]),
+ b'required': False,
+ b'type': b'set',
+ b'validvalues': set([
+ b'parents',
+ b'revision'
+ ])
+ },
+ b'haveparents': {
+ b'default': False,
+ b'required': False,
+ b'type': b'bool'
+ },
+ b'nodes': {
+ b'required': True,
+ b'type': b'list'
+ },
+ b'path': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'heads': {
+ b'args': {
+ b'publiconly': {
+ b'default': False,
+ b'required': False,
+ b'type': b'bool'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'known': {
+ b'args': {
+ b'nodes': {
+ b'default': [],
+ b'required': False,
+ b'type': b'list'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'listkeys': {
+ b'args': {
+ b'namespace': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'lookup': {
+ b'args': {
+ b'key': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'manifestdata': {
+ b'args': {
+ b'fields': {
+ b'default': set([]),
+ b'required': False,
+ b'type': b'set',
+ b'validvalues': set([
+ b'parents',
+ b'revision'
+ ])
+ },
+ b'haveparents': {
+ b'default': False,
+ b'required': False,
+ b'type': b'bool'
+ },
+ b'nodes': {
+ b'required': True,
+ b'type': b'list'
+ },
+ b'tree': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'pushkey': {
+ b'args': {
+ b'key': {
+ b'required': True,
+ b'type': b'bytes'
+ },
+ b'namespace': {
+ b'required': True,
+ b'type': b'bytes'
+ },
+ b'new': {
+ b'required': True,
+ b'type': b'bytes'
+ },
+ b'old': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'push'
+ ]
+ }
+ },
+ b'compression': [
+ {
+ b'name': b'zstd'
+ },
+ {
+ b'name': b'zlib'
+ }
+ ],
+ b'framingmediatypes': [
+ b'application/mercurial-exp-framing-0005'
+ ],
+ b'pathfilterprefixes': set([
+ b'path:',
+ b'rootfilesin:'
+ ]),
+ b'rawrepoformats': [
+ b'generaldelta',
+ b'revlogv1'
+ ],
+ b'redirect': {
+ b'hashes': [
+ b'sha256',
+ b'sha1'
+ ],
+ b'targets': [
+ {
+ b'name': b'target-bad-tls',
+ b'protocol': b'https',
+ b'snirequired': True,
+ b'uris': [
+ b'https://example.com/'
+ ]
+ }
+ ]
+ }
+ }
+ ]
+
+ $ cat >> $HGRCPATH << EOF
+ > [extensions]
+ > nosni=!
+ > EOF
+
+Unknown tls value is filtered from compatible targets
+
+ $ cat > redirects.py << EOF
+ > [
+ > {
+ > b'name': b'target-bad-tls',
+ > b'protocol': b'https',
+ > b'uris': [b'https://example.com/'],
+ > b'tlsversions': [b'42', b'39'],
+ > },
+ > ]
+ > EOF
+
+ $ sendhttpv2peerhandshake << EOF
+ > command capabilities
+ > EOF
+ creating http peer for wire protocol version 2
+ s> GET /?cmd=capabilities HTTP/1.1\r\n
+ s> Accept-Encoding: identity\r\n
+ s> vary: X-HgProto-1,X-HgUpgrade-1\r\n
+ s> x-hgproto-1: cbor\r\n
+ s> x-hgupgrade-1: exp-http-v2-0002\r\n
+ s> accept: application/mercurial-0.1\r\n
+ s> host: $LOCALIP:$HGPORT\r\n (glob)
+ s> user-agent: Mercurial debugwireproto\r\n
+ s> \r\n
+ s> makefile('rb', None)
+ s> HTTP/1.1 200 OK\r\n
+ s> Server: testing stub value\r\n
+ s> Date: $HTTP_DATE$\r\n
+ s> Content-Type: application/mercurial-cbor\r\n
+ s> Content-Length: 1963\r\n
+ s> \r\n
+ s> \xa3GapibaseDapi/Dapis\xa1Pexp-http-v2-0002\xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKtlsversions\x82B42B39Duris\x81Thttps://example.com/Nv1capabilitiesY\x01\xd8batch branchmap $USUAL_BUNDLE2_CAPS$ changegroupsubset compression=$BUNDLE2_COMPRESSIONS$ getbundle httpheader=1024 httpmediatype=0.1rx,0.1tx,0.2tx known lookup pushkey streamreqs=generaldelta,revlogv1 unbundle=HG10GZ,HG10BZ,HG10UN unbundlehash
+ (remote redirect target target-bad-tls requires unsupported TLS versions: 39, 42)
+ sending capabilities command
+ s> POST /api/exp-http-v2-0002/ro/capabilities HTTP/1.1\r\n
+ s> Accept-Encoding: identity\r\n
+ s> accept: application/mercurial-exp-framing-0005\r\n
+ s> content-type: application/mercurial-exp-framing-0005\r\n
+ s> content-length: 66\r\n
+ s> host: $LOCALIP:$HGPORT\r\n (glob)
+ s> user-agent: Mercurial debugwireproto\r\n
+ s> \r\n
+ s> :\x00\x00\x01\x00\x01\x01\x11\xa2DnameLcapabilitiesHredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x80
+ s> makefile('rb', None)
+ s> HTTP/1.1 200 OK\r\n
+ s> Server: testing stub value\r\n
+ s> Date: $HTTP_DATE$\r\n
+ s> Content-Type: application/mercurial-exp-framing-0005\r\n
+ s> Transfer-Encoding: chunked\r\n
+ s> \r\n
+ s> 13\r\n
+ s> \x0b\x00\x00\x01\x00\x02\x011
+ s> \xa1FstatusBok
+ s> \r\n
+ received frame(size=11; request=1; stream=2; streamflags=stream-begin; type=command-response; flags=continuation)
+ s> 5a4\r\n
+ s> \x9c\x05\x00\x01\x00\x02\x001
+ s> \xa6Hcommands\xaaIbranchmap\xa2Dargs\xa0Kpermissions\x81DpullLcapabilities\xa2Dargs\xa0Kpermissions\x81DpullMchangesetdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x84IbookmarksGparentsEphaseHrevisionInoderange\xa3Gdefault\xf6Hrequired\xf4DtypeDlistEnodes\xa3Gdefault\xf6Hrequired\xf4DtypeDlistJnodesdepth\xa3Gdefault\xf6Hrequired\xf4DtypeCintKpermissions\x81DpullHfiledata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDpath\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullEheads\xa2Dargs\xa1Jpubliconly\xa3Gdefault\xf4Hrequired\xf4DtypeDboolKpermissions\x81DpullEknown\xa2Dargs\xa1Enodes\xa3Gdefault\x80Hrequired\xf4DtypeDlistKpermissions\x81DpullHlistkeys\xa2Dargs\xa1Inamespace\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullFlookup\xa2Dargs\xa1Ckey\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullLmanifestdata\xa2Dargs\xa4Ffields\xa4Gdefault\xd9\x01\x02\x80Hrequired\xf4DtypeCsetKvalidvalues\xd9\x01\x02\x82GparentsHrevisionKhaveparents\xa3Gdefault\xf4Hrequired\xf4DtypeDboolEnodes\xa2Hrequired\xf5DtypeDlistDtree\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpullGpushkey\xa2Dargs\xa4Ckey\xa2Hrequired\xf5DtypeEbytesInamespace\xa2Hrequired\xf5DtypeEbytesCnew\xa2Hrequired\xf5DtypeEbytesCold\xa2Hrequired\xf5DtypeEbytesKpermissions\x81DpushKcompression\x82\xa1DnameDzstd\xa1DnameDzlibQframingmediatypes\x81X&application/mercurial-exp-framing-0005Rpathfilterprefixes\xd9\x01\x02\x82Epath:Lrootfilesin:Nrawrepoformats\x82LgeneraldeltaHrevlogv1Hredirect\xa2Fhashes\x82Fsha256Dsha1Gtargets\x81\xa4DnameNtarget-bad-tlsHprotocolEhttpsKtlsversions\x82B42B39Duris\x81Thttps://example.com/
+ s> \r\n
+ received frame(size=1436; request=1; stream=2; streamflags=; type=command-response; flags=continuation)
+ s> 8\r\n
+ s> \x00\x00\x00\x01\x00\x02\x002
+ s> \r\n
+ s> 0\r\n
+ s> \r\n
+ received frame(size=0; request=1; stream=2; streamflags=; type=command-response; flags=eos)
+ response: gen[
+ {
+ b'commands': {
+ b'branchmap': {
+ b'args': {},
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'capabilities': {
+ b'args': {},
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'changesetdata': {
+ b'args': {
+ b'fields': {
+ b'default': set([]),
+ b'required': False,
+ b'type': b'set',
+ b'validvalues': set([
+ b'bookmarks',
+ b'parents',
+ b'phase',
+ b'revision'
+ ])
+ },
+ b'noderange': {
+ b'default': None,
+ b'required': False,
+ b'type': b'list'
+ },
+ b'nodes': {
+ b'default': None,
+ b'required': False,
+ b'type': b'list'
+ },
+ b'nodesdepth': {
+ b'default': None,
+ b'required': False,
+ b'type': b'int'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'filedata': {
+ b'args': {
+ b'fields': {
+ b'default': set([]),
+ b'required': False,
+ b'type': b'set',
+ b'validvalues': set([
+ b'parents',
+ b'revision'
+ ])
+ },
+ b'haveparents': {
+ b'default': False,
+ b'required': False,
+ b'type': b'bool'
+ },
+ b'nodes': {
+ b'required': True,
+ b'type': b'list'
+ },
+ b'path': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'heads': {
+ b'args': {
+ b'publiconly': {
+ b'default': False,
+ b'required': False,
+ b'type': b'bool'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'known': {
+ b'args': {
+ b'nodes': {
+ b'default': [],
+ b'required': False,
+ b'type': b'list'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'listkeys': {
+ b'args': {
+ b'namespace': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'lookup': {
+ b'args': {
+ b'key': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'manifestdata': {
+ b'args': {
+ b'fields': {
+ b'default': set([]),
+ b'required': False,
+ b'type': b'set',
+ b'validvalues': set([
+ b'parents',
+ b'revision'
+ ])
+ },
+ b'haveparents': {
+ b'default': False,
+ b'required': False,
+ b'type': b'bool'
+ },
+ b'nodes': {
+ b'required': True,
+ b'type': b'list'
+ },
+ b'tree': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'pull'
+ ]
+ },
+ b'pushkey': {
+ b'args': {
+ b'key': {
+ b'required': True,
+ b'type': b'bytes'
+ },
+ b'namespace': {
+ b'required': True,
+ b'type': b'bytes'
+ },
+ b'new': {
+ b'required': True,
+ b'type': b'bytes'
+ },
+ b'old': {
+ b'required': True,
+ b'type': b'bytes'
+ }
+ },
+ b'permissions': [
+ b'push'
+ ]
+ }
+ },
+ b'compression': [
+ {
+ b'name': b'zstd'
+ },
+ {
+ b'name': b'zlib'
+ }
+ ],
+ b'framingmediatypes': [
+ b'application/mercurial-exp-framing-0005'
+ ],
+ b'pathfilterprefixes': set([
+ b'path:',
+ b'rootfilesin:'
+ ]),
+ b'rawrepoformats': [
+ b'generaldelta',
+ b'revlogv1'
+ ],
+ b'redirect': {
+ b'hashes': [
+ b'sha256',
+ b'sha1'
+ ],
+ b'targets': [
+ {
+ b'name': b'target-bad-tls',
+ b'protocol': b'https',
+ b'tlsversions': [
+ b'42',
+ b'39'
+ ],
+ b'uris': [
+ b'https://example.com/'
+ ]
+ }
+ ]
+ }
+ }
+ ]
+
$ cat error.log
$ killdaemons.py
diff --git a/tests/test-wireproto-clientreactor.py b/tests/test-wireproto-clientreactor.py
--- a/tests/test-wireproto-clientreactor.py
+++ b/tests/test-wireproto-clientreactor.py
@@ -139,6 +139,29 @@
ffs(b'%d 0 0 command-response eos bar' % request.requestid))
self.assertEqual(action, b'responsedata')
+class RedirectTests(unittest.TestCase):
+ def testredirect(self):
+ reactor = framing.clientreactor(buffersends=False)
+
+ redirect = {
+ b'targets': [b'a', b'b'],
+ b'hashes': [b'sha256'],
+ }
+
+ request, action, meta = reactor.callcommand(
+ b'foo', {}, redirect=redirect)
+
+ self.assertEqual(action, b'sendframes')
+
+ frames = list(meta[b'framegen'])
+ self.assertEqual(len(frames), 1)
+
+ self.assertEqual(frames[0],
+ ffs(b'1 1 stream-begin command-request new '
+ b"cbor:{b'name': b'foo', "
+ b"b'redirect': {b'targets': [b'a', b'b'], "
+ b"b'hashes': [b'sha256']}}"))
+
if __name__ == '__main__':
import silenttestrunner
silenttestrunner.main(__name__)
diff --git a/mercurial/wireprotov2peer.py b/mercurial/wireprotov2peer.py
--- a/mercurial/wireprotov2peer.py
+++ b/mercurial/wireprotov2peer.py
@@ -13,6 +13,7 @@
from . import (
encoding,
error,
+ sslutil,
wireprotoframing,
)
from .utils import (
@@ -34,6 +35,74 @@
return b''.join(chunks)
+SUPPORTED_REDIRECT_PROTOCOLS = {
+ b'http',
+ b'https',
+}
+
+SUPPORTED_CONTENT_HASHES = {
+ b'sha1',
+ b'sha256',
+}
+
+def redirecttargetsupported(ui, target):
+ """Determine whether a redirect target entry is supported.
+
+ ``target`` should come from the capabilities data structure emitted by
+ the server.
+ """
+ if target.get(b'protocol') not in SUPPORTED_REDIRECT_PROTOCOLS:
+ ui.note(_('(remote redirect target %s uses unsupported protocol: %s)\n')
+ % (target[b'name'], target.get(b'protocol', b'')))
+ return False
+
+ if target.get(b'snirequired') and not sslutil.hassni:
+ ui.note(_('(redirect target %s requires SNI, which is unsupported)\n') %
+ target[b'name'])
+ return False
+
+ if b'tlsversions' in target:
+ tlsversions = set(target[b'tlsversions'])
+ supported = set()
+
+ for v in sslutil.supportedprotocols:
+ assert v.startswith(b'tls')
+ supported.add(v[3:])
+
+ if not tlsversions & supported:
+ ui.note(_('(remote redirect target %s requires unsupported TLS '
+ 'versions: %s)\n') % (
+ target[b'name'], b', '.join(sorted(tlsversions))))
+ return False
+
+ ui.note(_('(remote redirect target %s is compatible)\n') % target[b'name'])
+
+ return True
+
+def supportedredirects(ui, apidescriptor):
+ """Resolve the "redirect" command request key given an API descriptor.
+
+ Given an API descriptor returned by the server, returns a data structure
+ that can be used in hte "redirect" field of command requests to advertise
+ support for compatible redirect targets.
+
+ Returns None if no redirect targets are remotely advertised or if none are
+ supported.
+ """
+ if not apidescriptor or b'redirect' not in apidescriptor:
+ return None
+
+ targets = [t[b'name'] for t in apidescriptor[b'redirect'][b'targets']
+ if redirecttargetsupported(ui, t)]
+
+ hashes = [h for h in apidescriptor[b'redirect'][b'hashes']
+ if h in SUPPORTED_CONTENT_HASHES]
+
+ return {
+ b'targets': targets,
+ b'hashes': hashes,
+ }
+
class commandresponse(object):
"""Represents the response to a command request.
@@ -87,9 +156,12 @@
def _handleinitial(self, o):
self._seeninitial = True
- if o[b'status'] == 'ok':
+ if o[b'status'] == b'ok':
return
+ elif o[b'status'] == b'redirect':
+ raise error.Abort(_('redirect responses not yet supported'))
+
atoms = [{'msg': o[b'error'][b'message']}]
if b'args' in o[b'error']:
atoms[0]['args'] = o[b'error'][b'args']
@@ -150,12 +222,13 @@
self._responses = {}
self._frameseof = False
- def callcommand(self, command, args, f):
+ def callcommand(self, command, args, f, redirect=None):
"""Register a request to call a command.
Returns an iterable of frames that should be sent over the wire.
"""
- request, action, meta = self._reactor.callcommand(command, args)
+ request, action, meta = self._reactor.callcommand(command, args,
+ redirect=redirect)
if action != 'noop':
raise error.ProgrammingError('%s not yet supported' % action)
diff --git a/mercurial/wireprotoframing.py b/mercurial/wireprotoframing.py
--- a/mercurial/wireprotoframing.py
+++ b/mercurial/wireprotoframing.py
@@ -280,7 +280,8 @@
payload)
def createcommandframes(stream, requestid, cmd, args, datafh=None,
- maxframesize=DEFAULT_MAX_FRAME_SIZE):
+ maxframesize=DEFAULT_MAX_FRAME_SIZE,
+ redirect=None):
"""Create frames necessary to transmit a request to run a command.
This is a generator of bytearrays. Each item represents a frame
@@ -290,6 +291,9 @@
if args:
data[b'args'] = args
+ if redirect:
+ data[b'redirect'] = redirect
+
data = b''.join(cborutil.streamencode(data))
offset = 0
@@ -1135,11 +1139,12 @@
class commandrequest(object):
"""Represents a request to run a command."""
- def __init__(self, requestid, name, args, datafh=None):
+ def __init__(self, requestid, name, args, datafh=None, redirect=None):
self.requestid = requestid
self.name = name
self.args = args
self.datafh = datafh
+ self.redirect = redirect
self.state = 'pending'
class clientreactor(object):
@@ -1178,7 +1183,7 @@
self._activerequests = {}
self._incomingstreams = {}
- def callcommand(self, name, args, datafh=None):
+ def callcommand(self, name, args, datafh=None, redirect=None):
"""Request that a command be executed.
Receives the command name, a dict of arguments to pass to the command,
@@ -1192,7 +1197,8 @@
requestid = self._nextrequestid
self._nextrequestid += 2
- request = commandrequest(requestid, name, args, datafh=datafh)
+ request = commandrequest(requestid, name, args, datafh=datafh,
+ redirect=redirect)
if self._buffersends:
self._pendingrequests.append(request)
@@ -1256,7 +1262,8 @@
request.requestid,
request.name,
request.args,
- request.datafh)
+ datafh=request.datafh,
+ redirect=request.redirect)
for frame in res:
yield frame
diff --git a/mercurial/httppeer.py b/mercurial/httppeer.py
--- a/mercurial/httppeer.py
+++ b/mercurial/httppeer.py
@@ -508,7 +508,8 @@
def _abort(self, exception):
raise exception
-def sendv2request(ui, opener, requestbuilder, apiurl, permission, requests):
+def sendv2request(ui, opener, requestbuilder, apiurl, permission, requests,
+ redirect):
reactor = wireprotoframing.clientreactor(hasmultiplesend=False,
buffersends=True)
@@ -525,7 +526,8 @@
for command, args, f in requests:
ui.debug('sending command %s: %s\n' % (
command, stringutil.pprint(args, indent=2)))
- assert not list(handler.callcommand(command, args, f))
+ assert not list(handler.callcommand(command, args, f,
+ redirect=redirect))
# TODO stream this.
body = b''.join(map(bytes, handler.flushcommands()))
@@ -567,12 +569,14 @@
@interfaceutil.implementer(repository.ipeercommandexecutor)
class httpv2executor(object):
- def __init__(self, ui, opener, requestbuilder, apiurl, descriptor):
+ def __init__(self, ui, opener, requestbuilder, apiurl, descriptor,
+ redirect):
self._ui = ui
self._opener = opener
self._requestbuilder = requestbuilder
self._apiurl = apiurl
self._descriptor = descriptor
+ self._redirect = redirect
self._sent = False
self._closed = False
self._neededpermissions = set()
@@ -672,7 +676,7 @@
handler, resp = sendv2request(
self._ui, self._opener, self._requestbuilder, self._apiurl,
- permission, calls)
+ permission, calls, self._redirect)
# TODO we probably want to validate the HTTP code, media type, etc.
@@ -734,6 +738,8 @@
self._requestbuilder = requestbuilder
self._descriptor = apidescriptor
+ self._redirect = wireprotov2peer.supportedredirects(ui, apidescriptor)
+
# Start of ipeerconnection.
def url(self):
@@ -791,7 +797,7 @@
def commandexecutor(self):
return httpv2executor(self.ui, self._opener, self._requestbuilder,
- self._apiurl, self._descriptor)
+ self._apiurl, self._descriptor, self._redirect)
# Registry of API service names to metadata about peers that handle it.
#
To: indygreg, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list