Merge pull request libgit2#254 from libgit2/git-cred

Add a GTCred wrapper.

Author: jspahrsummers

Classes/GTCredential+Private.h

@@ -0,0 +1,30 @@
+//
+//  GTCredential+Private.h
+//  ObjectiveGitFramework
+//
+//  Created by Etienne on 10/09/13.
+//  Copyright (c) 2013 GitHub, Inc. All rights reserved.
+//
+
+#import "GTCredential.h"
+
+// If you need to authenticate an operation in libgit2, you'll have to have
+// a `GTCredentialProvider` handy, like a parameter in the method you're writing,
+// setup a GTCredentialAcquireCallbackInfo struct on the stack, and pass both as
+// the arguments to the operation you're attempting.
+//
+// Example: ```
+//   struct GTCredentialAcquireCallbackInfo info = { .credProvider = myProvider }
+//   git_remote_set_cred_acquire_cb(&git_remote, GTCredentialAcquireCallback, &payload);
+// ```
+//
+// `GTCredentialAcquireCallback` will act as a trampoline, and will ask the
+// `GTCredentialProvider` for a `GTCredential` object corresponding to the
+// information requested by `libgit2`. It is the providers's responsibility
+// to check the auth type and initialize its `GTCredential` object accordingly.
+
+typedef struct {
+	__unsafe_unretained GTCredentialProvider *credProvider;
+} GTCredentialAcquireCallbackInfo;
+
+int GTCredentialAcquireCallback(git_cred **cred, const char *url, const char *username_from_url, unsigned int allowed_types, void *payload);

Classes/GTCredential.h

@@ -0,0 +1,76 @@
+//
+//  GTCredential.h
+//  ObjectiveGitFramework
+//
+//  Created by Etienne on 10/09/13.
+//  Copyright (c) 2013 GitHub, Inc. All rights reserved.
+//
+
+#import "git2.h"
+
+// An enum describing the data needed for authentication.
+// See `git_credtype_t`.
+typedef enum {
+    GTCredentialTypeUserPassPlaintext = GIT_CREDTYPE_USERPASS_PLAINTEXT,
+    GTCredentialTypeSSHKeyFilePassPhrase = GIT_CREDTYPE_SSH_KEYFILE_PASSPHRASE,
+    GTCredentialTypeSSHPublicKey = GIT_CREDTYPE_SSH_PUBLICKEY,
+} GTCredentialType;
+
+@class GTCredential;
+
+// The GTCredentialProvider acts as a proxy for GTCredential requests.
+//
+// The default implementation is used through `+providerWithBlock:`,
+// passing your own block that will build a GTCredential object.
+// But you're allowed to subclass it and handle more complex workflows.
+@interface GTCredentialProvider : NSObject
+
+// Creates a provider from a block.
+//
+// credentialBlock - a block that will be called when credentials are requested.
++ (instancetype)providerWithBlock:(GTCredential *(^)(GTCredentialType type, NSString *URL, NSString *userName))credentialBlock;
+
+// Default credential provider method.
+//
+// This method will get called when an operation requests credentials from the
+// provider.
+//
+// The default implementation calls through the `providedBlock` passed
+// in `providerWithBlock:` above, but your subclass is expected to override it
+// to do its specific work.
+//
+// type     - the credential types allowed by the operation.
+// URL      - the URL the operation is authenticating against.
+// userName - the user name provided by the operation. Can be nil, and might be ignored.
+- (GTCredential *)credentialForType:(GTCredentialType)type URL:(NSString *)URL userName:(NSString *)userName;
+@end
+
+// The GTCredential class is used to provide authentication data.
+// It acts as a wrapper around `git_cred` objects.
+@interface GTCredential : NSObject
+
+// Create a credential object from a username/password pair.
+//
+// userName - The username to authenticate as.
+// password - The password belonging to that user.
+// error    - If not NULL, set to any errors that occur.
+//
+// Return a new GTCredential instance, or nil if an error occurred
++ (instancetype)credentialWithUserName:(NSString *)userName password:(NSString *)password error:(NSError **)error;
+
+// Create a credential object from a SSH keyfile
+//
+// userName      - The username to authenticate as.
+// publicKeyURL  - The URL to the public key for that user.
+//                  Can be omitted to reconstruct the public key from the private key.
+// privateKeyURL - The URL to the private key for that user.
+// passphrase    - The passPhrase for the private key. Optional if the private key has no password.
+// error         - If not NULL, set to any errors that occur.
+//
+// Return a new GTCredential instance, or nil if an error occurred
++ (instancetype)credentialWithUserName:(NSString *)userName publicKeyURL:(NSURL *)publicKeyURL privateKeyURL:(NSURL *)privateKeyURL passphrase:(NSString *)passphrase error:(NSError **)error;
+
+// The underlying `git_cred` object.
+- (git_cred *)git_cred __attribute__((objc_returns_inner_pointer));
+
+@end

Classes/GTCredential.m

@@ -0,0 +1,108 @@
+//
+//  GTCredential.m
+//  ObjectiveGitFramework
+//
+//  Created by Etienne on 10/09/13.
+//  Copyright (c) 2013 GitHub, Inc. All rights reserved.
+//
+
+#import <ObjectiveGit/NSError+Git.h>
+#import "GTCredential.h"
+#import "GTCredential+Private.h"
+#import <libssh2.h>
+
+typedef GTCredential *(^GTCredentialProviderBlock)(GTCredentialType allowedTypes, NSString *URL, NSString *userName);
+
+@interface GTCredentialProvider ()
+@property (nonatomic, readonly, copy) GTCredentialProviderBlock credBlock;
+@end
+
+@implementation GTCredentialProvider
++ (instancetype)providerWithBlock:(GTCredentialProviderBlock)credentialBlock {
+	NSParameterAssert(credentialBlock != nil);
+
+	GTCredentialProvider *provider = [[self alloc] init];
+
+	provider->_credBlock = [credentialBlock copy];
+
+	return provider;
+}
+
+- (GTCredential *)credentialForType:(GTCredentialType)type URL:(NSString *)URL userName:(NSString *)userName {
+	NSAssert(self.credBlock != nil, @"Provider asked for credentials without block being set.");
+
+	return self.credBlock(type, URL, userName);
+}
+
+@end
+
+@interface GTCredential ()
+@property (nonatomic, assign, readonly) git_cred *git_cred;
+@end
+
+@implementation GTCredential
+
++ (instancetype)credentialWithUserName:(NSString *)userName password:(NSString *)password error:(NSError **)error {
+	git_cred *cred;
+	int gitError = git_cred_userpass_plaintext_new(&cred, userName.UTF8String, password.UTF8String);
+	if (gitError != GIT_OK) {
+		if (error) *error = [NSError git_errorFor:gitError description:@"Failed to create credentials object" failureReason:@"There was an error creating a credential object for username %@.", userName];
+		return nil;
+	}
+
+	return [[self alloc] initWithGitCred:cred];
+}
+
++ (instancetype)credentialWithUserName:(NSString *)userName publicKeyURL:(NSURL *)publicKeyURL privateKeyURL:(NSURL *)privateKeyURL passphrase:(NSString *)passphrase error:(NSError **)error {
+	NSParameterAssert(privateKeyURL != nil);
+	NSString *publicKeyPath = publicKeyURL.filePathURL.path;
+	NSString *privateKeyPath = privateKeyURL.filePathURL.path;
+	NSAssert(privateKeyPath != nil, @"Invalid file URL passed: %@", privateKeyURL);
+
+	git_cred *cred;
+	int gitError = git_cred_ssh_keyfile_passphrase_new(&cred, userName.UTF8String, publicKeyPath.fileSystemRepresentation, privateKeyPath.fileSystemRepresentation, passphrase.UTF8String);
+	if (gitError != GIT_OK) {
+		if (error) *error = [NSError git_errorFor:gitError description:@"Failed to create credentials object" failureReason:@"There was an error creating a credential object for username %@ with the provided public/private key pair.\nPublic key: %@\nPrivate key: %@", userName, publicKeyURL, privateKeyURL];
+		return nil;
+	}
+
+	return [[self alloc] initWithGitCred:cred];
+}
+
+- (instancetype)initWithGitCred:(git_cred *)cred {
+	NSParameterAssert(cred != nil);
+	self = [self init];
+
+	if (self == nil) return nil;
+
+	_git_cred = cred;
+
+	return self;
+}
+
+@end
+
+int GTCredentialAcquireCallback(git_cred **git_cred, const char *url, const char *username_from_url, unsigned int allowed_types, void *payload) {
+	NSCParameterAssert(git_cred != NULL);
+	NSCParameterAssert(payload != NULL);
+
+	GTCredentialAcquireCallbackInfo *info = payload;
+	GTCredentialProvider *provider = info->credProvider;
+
+	if (provider == nil) {
+		giterr_set_str(GIT_EUSER, "No GTCredentialProvider set, but authentication was requested.");
+		return GIT_ERROR;
+	}
+
+	NSString *URL = (url != NULL ? @(url) : nil);
+	NSString *userName = (username_from_url != NULL ? @(username_from_url) : nil);
+
+	GTCredential *cred = [provider credentialForType:(GTCredentialType)allowed_types URL:URL userName:userName];
+	if (cred == nil) {
+		giterr_set_str(GIT_EUSER, "GTCredentialProvider failed to provide credentials.");
+		return GIT_ERROR;
+	}
+
+	*git_cred = cred.git_cred;
+	return GIT_OK;
+}

Classes/GTRepository.h

@@ -114,6 +114,9 @@ extern NSString *const GTRepositoryCloneOptionsBare;
 // Default value is `YES`.
 extern NSString *const GTRepositoryCloneOptionsCheckout;
 
+// A `GTCredentialProvider`, that will be used to authenticate against the remote.
+extern NSString *const GTRepositoryCloneOptionsCredentialProvider;
+
 typedef void (^GTRepositoryStatusBlock)(NSURL *fileURL, GTRepositoryFileStatus status, BOOL *stop);
 
 @interface GTRepository : NSObject

Classes/GTRepository.m

@@ -43,10 +43,13 @@
 #import "NSError+Git.h"
 #import "NSString+Git.h"
 #import "GTDiffFile.h"
+#import "GTCredential.h"
+#import "GTCredential+Private.h"
 
 NSString *const GTRepositoryCloneOptionsBare = @"GTRepositoryCloneOptionsBare";
 NSString *const GTRepositoryCloneOptionsCheckout = @"GTRepositoryCloneOptionsCheckout";
 NSString *const GTRepositoryCloneOptionsTransportFlags = @"GTRepositoryCloneOptionsTransportFlags";
+NSString *const GTRepositoryCloneOptionsCredentialProvider = @"GTRepositoryCloneOptionsCredentialProvider";
 
 typedef void (^GTRepositorySubmoduleEnumerationBlock)(GTSubmodule *submodule, BOOL *stop);
 typedef void (^GTRepositoryTagEnumerationBlock)(GTTag *tag, BOOL *stop);
@@ -190,6 +193,13 @@ + (id)cloneFromURL:(NSURL *)originURL toWorkingDirectory:(NSURL *)workdirURL opt
 		cloneOptions.checkout_opts = checkoutOptions;
 	}
 
+	GTCredentialProvider *provider = options[GTRepositoryCloneOptionsCredentialProvider];
+	if (provider) {
+		GTCredentialAcquireCallbackInfo info = { .credProvider = provider };
+		cloneOptions.cred_acquire_cb = GTCredentialAcquireCallback;
+		cloneOptions.cred_acquire_payload = &info;
+	}
+
 	cloneOptions.fetch_progress_cb = transferProgressCallback;
 	cloneOptions.fetch_progress_payload = (__bridge void *)transferProgressBlock;