View Javadoc
1   /*
2    * Copyright (C) 2008-2010, Google Inc.
3    * and other copyright owners as documented in the project's IP log.
4    *
5    * This program and the accompanying materials are made available
6    * under the terms of the Eclipse Distribution License v1.0 which
7    * accompanies this distribution, is reproduced below, and is
8    * available at http://www.eclipse.org/org/documents/edl-v10.php
9    *
10   * All rights reserved.
11   *
12   * Redistribution and use in source and binary forms, with or
13   * without modification, are permitted provided that the following
14   * conditions are met:
15   *
16   * - Redistributions of source code must retain the above copyright
17   *   notice, this list of conditions and the following disclaimer.
18   *
19   * - Redistributions in binary form must reproduce the above
20   *   copyright notice, this list of conditions and the following
21   *   disclaimer in the documentation and/or other materials provided
22   *   with the distribution.
23   *
24   * - Neither the name of the Eclipse Foundation, Inc. nor the
25   *   names of its contributors may be used to endorse or promote
26   *   products derived from this software without specific prior
27   *   written permission.
28   *
29   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
30   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
31   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
34   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
35   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
37   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
41   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42   */
43  
44  package org.eclipse.jgit.transport;
45  
46  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_ATOMIC;
47  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_DELETE_REFS;
48  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_OFS_DELTA;
49  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_PUSH_OPTIONS;
50  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_QUIET;
51  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_REPORT_STATUS;
52  import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_SIDE_BAND_64K;
53  import static org.eclipse.jgit.transport.GitProtocolConstants.OPTION_AGENT;
54  import static org.eclipse.jgit.transport.SideBandOutputStream.CH_DATA;
55  import static org.eclipse.jgit.transport.SideBandOutputStream.CH_ERROR;
56  import static org.eclipse.jgit.transport.SideBandOutputStream.CH_PROGRESS;
57  import static org.eclipse.jgit.transport.SideBandOutputStream.MAX_BUF;
58  
59  import java.io.EOFException;
60  import java.io.IOException;
61  import java.io.InputStream;
62  import java.io.OutputStream;
63  import java.text.MessageFormat;
64  import java.util.ArrayList;
65  import java.util.Collections;
66  import java.util.HashSet;
67  import java.util.List;
68  import java.util.Map;
69  import java.util.Set;
70  import java.util.concurrent.TimeUnit;
71  
72  import org.eclipse.jgit.errors.InvalidObjectIdException;
73  import org.eclipse.jgit.errors.MissingObjectException;
74  import org.eclipse.jgit.errors.PackProtocolException;
75  import org.eclipse.jgit.errors.TooLargePackException;
76  import org.eclipse.jgit.internal.JGitText;
77  import org.eclipse.jgit.internal.storage.file.PackLock;
78  import org.eclipse.jgit.lib.BatchRefUpdate;
79  import org.eclipse.jgit.lib.Config;
80  import org.eclipse.jgit.lib.Config.SectionParser;
81  import org.eclipse.jgit.lib.Constants;
82  import org.eclipse.jgit.lib.NullProgressMonitor;
83  import org.eclipse.jgit.lib.ObjectChecker;
84  import org.eclipse.jgit.lib.ObjectId;
85  import org.eclipse.jgit.lib.ObjectIdSubclassMap;
86  import org.eclipse.jgit.lib.ObjectInserter;
87  import org.eclipse.jgit.lib.PersonIdent;
88  import org.eclipse.jgit.lib.ProgressMonitor;
89  import org.eclipse.jgit.lib.Ref;
90  import org.eclipse.jgit.lib.Repository;
91  import org.eclipse.jgit.revwalk.ObjectWalk;
92  import org.eclipse.jgit.revwalk.RevBlob;
93  import org.eclipse.jgit.revwalk.RevCommit;
94  import org.eclipse.jgit.revwalk.RevFlag;
95  import org.eclipse.jgit.revwalk.RevObject;
96  import org.eclipse.jgit.revwalk.RevSort;
97  import org.eclipse.jgit.revwalk.RevTree;
98  import org.eclipse.jgit.revwalk.RevWalk;
99  import org.eclipse.jgit.transport.ReceiveCommand.Result;
100 import org.eclipse.jgit.util.io.InterruptTimer;
101 import org.eclipse.jgit.util.io.LimitedInputStream;
102 import org.eclipse.jgit.util.io.TimeoutInputStream;
103 import org.eclipse.jgit.util.io.TimeoutOutputStream;
104 
105 /**
106  * Base implementation of the side of a push connection that receives objects.
107  * <p>
108  * Contains high-level operations for initializing and closing streams,
109  * advertising refs, reading commands, and receiving and applying a pack.
110  * Subclasses compose these operations into full service implementations.
111  */
112 public abstract class BaseReceivePack {
113 	/** Data in the first line of a request, the line itself plus capabilities. */
114 	public static class FirstLine {
115 		private final String line;
116 		private final Set<String> capabilities;
117 
118 		/**
119 		 * Parse the first line of a receive-pack request.
120 		 *
121 		 * @param line
122 		 *            line from the client.
123 		 */
124 		public FirstLine(String line) {
125 			final HashSet<String> caps = new HashSet<String>();
126 			final int nul = line.indexOf('\0');
127 			if (nul >= 0) {
128 				for (String c : line.substring(nul + 1).split(" ")) //$NON-NLS-1$
129 					caps.add(c);
130 				this.line = line.substring(0, nul);
131 			} else
132 				this.line = line;
133 			this.capabilities = Collections.unmodifiableSet(caps);
134 		}
135 
136 		/** @return non-capabilities part of the line. */
137 		public String getLine() {
138 			return line;
139 		}
140 
141 		/** @return capabilities parsed from the line. */
142 		public Set<String> getCapabilities() {
143 			return capabilities;
144 		}
145 	}
146 
147 	/** Database we write the stored objects into. */
148 	private final Repository db;
149 
150 	/** Revision traversal support over {@link #db}. */
151 	private final RevWalk walk;
152 
153 	/**
154 	 * Is the client connection a bi-directional socket or pipe?
155 	 * <p>
156 	 * If true, this class assumes it can perform multiple read and write cycles
157 	 * with the client over the input and output streams. This matches the
158 	 * functionality available with a standard TCP/IP connection, or a local
159 	 * operating system or in-memory pipe.
160 	 * <p>
161 	 * If false, this class runs in a read everything then output results mode,
162 	 * making it suitable for single round-trip systems RPCs such as HTTP.
163 	 */
164 	private boolean biDirectionalPipe = true;
165 
166 	/** Expecting data after the pack footer */
167 	private boolean expectDataAfterPackFooter;
168 
169 	/** Should an incoming transfer validate objects? */
170 	private ObjectChecker objectChecker;
171 
172 	/** Should an incoming transfer permit create requests? */
173 	private boolean allowCreates;
174 
175 	/** Should an incoming transfer permit delete requests? */
176 	private boolean allowAnyDeletes;
177 	private boolean allowBranchDeletes;
178 
179 	/** Should an incoming transfer permit non-fast-forward requests? */
180 	private boolean allowNonFastForwards;
181 
182 	/** Should an incoming transfer permit push options? **/
183 	private boolean allowPushOptions;
184 
185 	/**
186 	 * Should the requested ref updates be performed as a single atomic
187 	 * transaction?
188 	 */
189 	private boolean atomic;
190 
191 	private boolean allowOfsDelta;
192 	private boolean allowQuiet = true;
193 
194 	/** Identity to record action as within the reflog. */
195 	private PersonIdent refLogIdent;
196 
197 	/** Hook used while advertising the refs to the client. */
198 	private AdvertiseRefsHook advertiseRefsHook;
199 
200 	/** Filter used while advertising the refs to the client. */
201 	private RefFilter refFilter;
202 
203 	/** Timeout in seconds to wait for client interaction. */
204 	private int timeout;
205 
206 	/** Timer to manage {@link #timeout}. */
207 	private InterruptTimer timer;
208 
209 	private TimeoutInputStream timeoutIn;
210 
211 	// Original stream passed to init(), since rawOut may be wrapped in a
212 	// sideband.
213 	private OutputStream origOut;
214 
215 	/** Raw input stream. */
216 	protected InputStream rawIn;
217 
218 	/** Raw output stream. */
219 	protected OutputStream rawOut;
220 
221 	/** Optional message output stream. */
222 	protected OutputStream msgOut;
223 	private SideBandOutputStream errOut;
224 
225 	/** Packet line input stream around {@link #rawIn}. */
226 	protected PacketLineIn pckIn;
227 
228 	/** Packet line output stream around {@link #rawOut}. */
229 	protected PacketLineOut pckOut;
230 
231 	private final MessageOutputWrapper msgOutWrapper = new MessageOutputWrapper();
232 
233 	private PackParser parser;
234 
235 	/** The refs we advertised as existing at the start of the connection. */
236 	private Map<String, Ref> refs;
237 
238 	/** All SHA-1s shown to the client, which can be possible edges. */
239 	private Set<ObjectId> advertisedHaves;
240 
241 	/** Capabilities requested by the client. */
242 	private Set<String> enabledCapabilities;
243 	String userAgent;
244 	private Set<ObjectId> clientShallowCommits;
245 	private List<ReceiveCommand> commands;
246 
247 	private StringBuilder advertiseError;
248 
249 	/** If {@link BasePackPushConnection#CAPABILITY_SIDE_BAND_64K} is enabled. */
250 	private boolean sideBand;
251 
252 	private boolean quiet;
253 
254 	/** Lock around the received pack file, while updating refs. */
255 	private PackLock packLock;
256 
257 	private boolean checkReferencedIsReachable;
258 
259 	/** Git object size limit */
260 	private long maxObjectSizeLimit;
261 
262 	/** Total pack size limit */
263 	private long maxPackSizeLimit = -1;
264 
265 	/** The size of the received pack, including index size */
266 	private Long packSize;
267 
268 	private PushCertificateParser pushCertificateParser;
269 	private SignedPushConfig signedPushConfig;
270 	private PushCertificate pushCert;
271 
272 	/**
273 	 * Get the push certificate used to verify the pusher's identity.
274 	 * <p>
275 	 * Only valid after commands are read from the wire.
276 	 *
277 	 * @return the parsed certificate, or null if push certificates are disabled
278 	 *         or no cert was presented by the client.
279 	 * @since 4.1
280 	 */
281 	public PushCertificate getPushCertificate() {
282 		return pushCert;
283 	}
284 
285 	/**
286 	 * Set the push certificate used to verify the pusher's identity.
287 	 * <p>
288 	 * Should only be called if reconstructing an instance without going through
289 	 * the normal {@link #recvCommands()} flow.
290 	 *
291 	 * @param cert
292 	 *            the push certificate to set.
293 	 * @since 4.1
294 	 */
295 	public void setPushCertificate(PushCertificate cert) {
296 		pushCert = cert;
297 	}
298 
299 	/**
300 	 * Create a new pack receive for an open repository.
301 	 *
302 	 * @param into
303 	 *            the destination repository.
304 	 */
305 	protected BaseReceivePack(final Repository into) {
306 		db = into;
307 		walk = new RevWalk(db);
308 
309 		TransferConfig tc = db.getConfig().get(TransferConfig.KEY);
310 		objectChecker = tc.newReceiveObjectChecker();
311 
312 		ReceiveConfig rc = db.getConfig().get(ReceiveConfig.KEY);
313 		allowCreates = rc.allowCreates;
314 		allowAnyDeletes = true;
315 		allowBranchDeletes = rc.allowDeletes;
316 		allowNonFastForwards = rc.allowNonFastForwards;
317 		allowOfsDelta = rc.allowOfsDelta;
318 		allowPushOptions = rc.allowPushOptions;
319 		advertiseRefsHook = AdvertiseRefsHook.DEFAULT;
320 		refFilter = RefFilter.DEFAULT;
321 		advertisedHaves = new HashSet<ObjectId>();
322 		clientShallowCommits = new HashSet<ObjectId>();
323 		signedPushConfig = rc.signedPush;
324 	}
325 
326 	/** Configuration for receive operations. */
327 	protected static class ReceiveConfig {
328 		static final SectionParser<ReceiveConfig> KEY = new SectionParser<ReceiveConfig>() {
329 			public ReceiveConfig parse(final Config cfg) {
330 				return new ReceiveConfig(cfg);
331 			}
332 		};
333 
334 		final boolean allowCreates;
335 		final boolean allowDeletes;
336 		final boolean allowNonFastForwards;
337 		final boolean allowOfsDelta;
338 		final boolean allowPushOptions;
339 
340 		final SignedPushConfig signedPush;
341 
342 		ReceiveConfig(final Config config) {
343 			allowCreates = true;
344 			allowDeletes = !config.getBoolean("receive", "denydeletes", false); //$NON-NLS-1$ //$NON-NLS-2$
345 			allowNonFastForwards = !config.getBoolean("receive", //$NON-NLS-1$
346 					"denynonfastforwards", false); //$NON-NLS-1$
347 			allowOfsDelta = config.getBoolean("repack", "usedeltabaseoffset", //$NON-NLS-1$ //$NON-NLS-2$
348 					true);
349 			allowPushOptions = config.getBoolean("receive", "pushoptions", //$NON-NLS-1$ //$NON-NLS-2$
350 					false);
351 			signedPush = SignedPushConfig.KEY.parse(config);
352 		}
353 	}
354 
355 	/**
356 	 * Output stream that wraps the current {@link #msgOut}.
357 	 * <p>
358 	 * We don't want to expose {@link #msgOut} directly because it can change
359 	 * several times over the course of a session.
360 	 */
361 	class MessageOutputWrapper extends OutputStream {
362 		@Override
363 		public void write(int ch) {
364 			if (msgOut != null) {
365 				try {
366 					msgOut.write(ch);
367 				} catch (IOException e) {
368 					// Ignore write failures.
369 				}
370 			}
371 		}
372 
373 		@Override
374 		public void write(byte[] b, int off, int len) {
375 			if (msgOut != null) {
376 				try {
377 					msgOut.write(b, off, len);
378 				} catch (IOException e) {
379 					// Ignore write failures.
380 				}
381 			}
382 		}
383 
384 		@Override
385 		public void write(byte[] b) {
386 			write(b, 0, b.length);
387 		}
388 
389 		@Override
390 		public void flush() {
391 			if (msgOut != null) {
392 				try {
393 					msgOut.flush();
394 				} catch (IOException e) {
395 					// Ignore write failures.
396 				}
397 			}
398 		}
399 	}
400 
401 	/** @return the process name used for pack lock messages. */
402 	protected abstract String getLockMessageProcessName();
403 
404 	/** @return the repository this receive completes into. */
405 	public final Repository getRepository() {
406 		return db;
407 	}
408 
409 	/** @return the RevWalk instance used by this connection. */
410 	public final RevWalk getRevWalk() {
411 		return walk;
412 	}
413 
414 	/**
415 	 * Get refs which were advertised to the client.
416 	 *
417 	 * @return all refs which were advertised to the client, or null if
418 	 *         {@link #setAdvertisedRefs(Map, Set)} has not been called yet.
419 	 */
420 	public final Map<String, Ref> getAdvertisedRefs() {
421 		return refs;
422 	}
423 
424 	/**
425 	 * Set the refs advertised by this ReceivePack.
426 	 * <p>
427 	 * Intended to be called from a {@link PreReceiveHook}.
428 	 *
429 	 * @param allRefs
430 	 *            explicit set of references to claim as advertised by this
431 	 *            ReceivePack instance. This overrides any references that
432 	 *            may exist in the source repository. The map is passed
433 	 *            to the configured {@link #getRefFilter()}. If null, assumes
434 	 *            all refs were advertised.
435 	 * @param additionalHaves
436 	 *            explicit set of additional haves to claim as advertised. If
437 	 *            null, assumes the default set of additional haves from the
438 	 *            repository.
439 	 */
440 	public void setAdvertisedRefs(Map<String, Ref> allRefs, Set<ObjectId> additionalHaves) {
441 		refs = allRefs != null ? allRefs : db.getAllRefs();
442 		refs = refFilter.filter(refs);
443 
444 		Ref head = refs.get(Constants.HEAD);
445 		if (head != null && head.isSymbolic())
446 			refs.remove(Constants.HEAD);
447 
448 		for (Ref ref : refs.values()) {
449 			if (ref.getObjectId() != null)
450 				advertisedHaves.add(ref.getObjectId());
451 		}
452 		if (additionalHaves != null)
453 			advertisedHaves.addAll(additionalHaves);
454 		else
455 			advertisedHaves.addAll(db.getAdditionalHaves());
456 	}
457 
458 	/**
459 	 * Get objects advertised to the client.
460 	 *
461 	 * @return the set of objects advertised to the as present in this repository,
462 	 *         or null if {@link #setAdvertisedRefs(Map, Set)} has not been called
463 	 *         yet.
464 	 */
465 	public final Set<ObjectId> getAdvertisedObjects() {
466 		return advertisedHaves;
467 	}
468 
469 	/**
470 	 * @return true if this instance will validate all referenced, but not
471 	 *         supplied by the client, objects are reachable from another
472 	 *         reference.
473 	 */
474 	public boolean isCheckReferencedObjectsAreReachable() {
475 		return checkReferencedIsReachable;
476 	}
477 
478 	/**
479 	 * Validate all referenced but not supplied objects are reachable.
480 	 * <p>
481 	 * If enabled, this instance will verify that references to objects not
482 	 * contained within the received pack are already reachable through at least
483 	 * one other reference displayed as part of {@link #getAdvertisedRefs()}.
484 	 * <p>
485 	 * This feature is useful when the application doesn't trust the client to
486 	 * not provide a forged SHA-1 reference to an object, in an attempt to
487 	 * access parts of the DAG that they aren't allowed to see and which have
488 	 * been hidden from them via the configured {@link AdvertiseRefsHook} or
489 	 * {@link RefFilter}.
490 	 * <p>
491 	 * Enabling this feature may imply at least some, if not all, of the same
492 	 * functionality performed by {@link #setCheckReceivedObjects(boolean)}.
493 	 * Applications are encouraged to enable both features, if desired.
494 	 *
495 	 * @param b
496 	 *            {@code true} to enable the additional check.
497 	 */
498 	public void setCheckReferencedObjectsAreReachable(boolean b) {
499 		this.checkReferencedIsReachable = b;
500 	}
501 
502 	/**
503 	 * @return true if this class expects a bi-directional pipe opened between
504 	 *         the client and itself. The default is true.
505 	 */
506 	public boolean isBiDirectionalPipe() {
507 		return biDirectionalPipe;
508 	}
509 
510 	/**
511 	 * @param twoWay
512 	 *            if true, this class will assume the socket is a fully
513 	 *            bidirectional pipe between the two peers and takes advantage
514 	 *            of that by first transmitting the known refs, then waiting to
515 	 *            read commands. If false, this class assumes it must read the
516 	 *            commands before writing output and does not perform the
517 	 *            initial advertising.
518 	 */
519 	public void setBiDirectionalPipe(final boolean twoWay) {
520 		biDirectionalPipe = twoWay;
521 	}
522 
523 	/** @return true if there is data expected after the pack footer. */
524 	public boolean isExpectDataAfterPackFooter() {
525 		return expectDataAfterPackFooter;
526 	}
527 
528 	/**
529 	 * @param e
530 	 *            true if there is additional data in InputStream after pack.
531 	 */
532 	public void setExpectDataAfterPackFooter(boolean e) {
533 		expectDataAfterPackFooter = e;
534 	}
535 
536 	/**
537 	 * @return true if this instance will verify received objects are formatted
538 	 *         correctly. Validating objects requires more CPU time on this side
539 	 *         of the connection.
540 	 */
541 	public boolean isCheckReceivedObjects() {
542 		return objectChecker != null;
543 	}
544 
545 	/**
546 	 * @param check
547 	 *            true to enable checking received objects; false to assume all
548 	 *            received objects are valid.
549 	 * @see #setObjectChecker(ObjectChecker)
550 	 */
551 	public void setCheckReceivedObjects(final boolean check) {
552 		if (check && objectChecker == null)
553 			setObjectChecker(new ObjectChecker());
554 		else if (!check && objectChecker != null)
555 			setObjectChecker(null);
556 	}
557 
558 	/**
559 	 * @param impl if non-null the object checking instance to verify each
560 	 *        received object with; null to disable object checking.
561 	 * @since 3.4
562 	 */
563 	public void setObjectChecker(ObjectChecker impl) {
564 		objectChecker = impl;
565 	}
566 
567 	/** @return true if the client can request refs to be created. */
568 	public boolean isAllowCreates() {
569 		return allowCreates;
570 	}
571 
572 	/**
573 	 * @param canCreate
574 	 *            true to permit create ref commands to be processed.
575 	 */
576 	public void setAllowCreates(final boolean canCreate) {
577 		allowCreates = canCreate;
578 	}
579 
580 	/** @return true if the client can request refs to be deleted. */
581 	public boolean isAllowDeletes() {
582 		return allowAnyDeletes;
583 	}
584 
585 	/**
586 	 * @param canDelete
587 	 *            true to permit delete ref commands to be processed.
588 	 */
589 	public void setAllowDeletes(final boolean canDelete) {
590 		allowAnyDeletes = canDelete;
591 	}
592 
593 	/**
594 	 * @return true if the client can delete from {@code refs/heads/}.
595 	 * @since 3.6
596 	 */
597 	public boolean isAllowBranchDeletes() {
598 		return allowBranchDeletes;
599 	}
600 
601 	/**
602 	 * @param canDelete
603 	 *            true to permit deletion of branches from the
604 	 *            {@code refs/heads/} namespace.
605 	 * @since 3.6
606 	 */
607 	public void setAllowBranchDeletes(boolean canDelete) {
608 		allowBranchDeletes = canDelete;
609 	}
610 
611 	/**
612 	 * @return true if the client can request non-fast-forward updates of a ref,
613 	 *         possibly making objects unreachable.
614 	 */
615 	public boolean isAllowNonFastForwards() {
616 		return allowNonFastForwards;
617 	}
618 
619 	/**
620 	 * @param canRewind
621 	 *            true to permit the client to ask for non-fast-forward updates
622 	 *            of an existing ref.
623 	 */
624 	public void setAllowNonFastForwards(final boolean canRewind) {
625 		allowNonFastForwards = canRewind;
626 	}
627 
628 	/**
629 	 * @return true if the client's commands should be performed as a single
630 	 *         atomic transaction.
631 	 * @since 4.4
632 	 */
633 	public boolean isAtomic() {
634 		return atomic;
635 	}
636 
637 	/**
638 	 * @param atomic
639 	 *            true to perform the client's commands as a single atomic
640 	 *            transaction.
641 	 * @since 4.4
642 	 */
643 	public void setAtomic(boolean atomic) {
644 		this.atomic = atomic;
645 	}
646 
647 	/** @return identity of the user making the changes in the reflog. */
648 	public PersonIdent getRefLogIdent() {
649 		return refLogIdent;
650 	}
651 
652 	/**
653 	 * Set the identity of the user appearing in the affected reflogs.
654 	 * <p>
655 	 * The timestamp portion of the identity is ignored. A new identity with the
656 	 * current timestamp will be created automatically when the updates occur
657 	 * and the log records are written.
658 	 *
659 	 * @param pi
660 	 *            identity of the user. If null the identity will be
661 	 *            automatically determined based on the repository
662 	 *            configuration.
663 	 */
664 	public void setRefLogIdent(final PersonIdent pi) {
665 		refLogIdent = pi;
666 	}
667 
668 	/** @return the hook used while advertising the refs to the client */
669 	public AdvertiseRefsHook getAdvertiseRefsHook() {
670 		return advertiseRefsHook;
671 	}
672 
673 	/** @return the filter used while advertising the refs to the client */
674 	public RefFilter getRefFilter() {
675 		return refFilter;
676 	}
677 
678 	/**
679 	 * Set the hook used while advertising the refs to the client.
680 	 * <p>
681 	 * If the {@link AdvertiseRefsHook} chooses to call
682 	 * {@link #setAdvertisedRefs(Map,Set)}, only refs set by this hook
683 	 * <em>and</em> selected by the {@link RefFilter} will be shown to the client.
684 	 * Clients may still attempt to create or update a reference not advertised by
685 	 * the configured {@link AdvertiseRefsHook}. These attempts should be rejected
686 	 * by a matching {@link PreReceiveHook}.
687 	 *
688 	 * @param advertiseRefsHook
689 	 *            the hook; may be null to show all refs.
690 	 */
691 	public void setAdvertiseRefsHook(final AdvertiseRefsHook advertiseRefsHook) {
692 		if (advertiseRefsHook != null)
693 			this.advertiseRefsHook = advertiseRefsHook;
694 		else
695 			this.advertiseRefsHook = AdvertiseRefsHook.DEFAULT;
696 	}
697 
698 	/**
699 	 * Set the filter used while advertising the refs to the client.
700 	 * <p>
701 	 * Only refs allowed by this filter will be shown to the client.
702 	 * The filter is run against the refs specified by the
703 	 * {@link AdvertiseRefsHook} (if applicable).
704 	 *
705 	 * @param refFilter
706 	 *            the filter; may be null to show all refs.
707 	 */
708 	public void setRefFilter(final RefFilter refFilter) {
709 		this.refFilter = refFilter != null ? refFilter : RefFilter.DEFAULT;
710 	}
711 
712 	/** @return timeout (in seconds) before aborting an IO operation. */
713 	public int getTimeout() {
714 		return timeout;
715 	}
716 
717 	/**
718 	 * Set the timeout before willing to abort an IO call.
719 	 *
720 	 * @param seconds
721 	 *            number of seconds to wait (with no data transfer occurring)
722 	 *            before aborting an IO read or write operation with the
723 	 *            connected client.
724 	 */
725 	public void setTimeout(final int seconds) {
726 		timeout = seconds;
727 	}
728 
729 	/**
730 	 * Set the maximum allowed Git object size.
731 	 * <p>
732 	 * If an object is larger than the given size the pack-parsing will throw an
733 	 * exception aborting the receive-pack operation.
734 	 *
735 	 * @param limit
736 	 *            the Git object size limit. If zero then there is not limit.
737 	 */
738 	public void setMaxObjectSizeLimit(final long limit) {
739 		maxObjectSizeLimit = limit;
740 	}
741 
742 
743 	/**
744 	 * Set the maximum allowed pack size.
745 	 * <p>
746 	 * A pack exceeding this size will be rejected.
747 	 *
748 	 * @param limit
749 	 *            the pack size limit, in bytes
750 	 *
751 	 * @since 3.3
752 	 */
753 	public void setMaxPackSizeLimit(final long limit) {
754 		if (limit < 0)
755 			throw new IllegalArgumentException(MessageFormat.format(
756 					JGitText.get().receivePackInvalidLimit, Long.valueOf(limit)));
757 		maxPackSizeLimit = limit;
758 	}
759 
760 	/**
761 	 * Check whether the client expects a side-band stream.
762 	 *
763 	 * @return true if the client has advertised a side-band capability, false
764 	 *     otherwise.
765 	 * @throws RequestNotYetReadException
766 	 *             if the client's request has not yet been read from the wire, so
767 	 *             we do not know if they expect side-band. Note that the client
768 	 *             may have already written the request, it just has not been
769 	 *             read.
770 	 */
771 	public boolean isSideBand() throws RequestNotYetReadException {
772 		checkRequestWasRead();
773 		return enabledCapabilities.contains(CAPABILITY_SIDE_BAND_64K);
774 	}
775 
776 	/**
777 	 * @return true if clients may request avoiding noisy progress messages.
778 	 * @since 4.0
779 	 */
780 	public boolean isAllowQuiet() {
781 		return allowQuiet;
782 	}
783 
784 	/**
785 	 * Configure if clients may request the server skip noisy messages.
786 	 *
787 	 * @param allow
788 	 *            true to allow clients to request quiet behavior; false to
789 	 *            refuse quiet behavior and send messages anyway. This may be
790 	 *            necessary if processing is slow and the client-server network
791 	 *            connection can timeout.
792 	 * @since 4.0
793 	 */
794 	public void setAllowQuiet(boolean allow) {
795 		allowQuiet = allow;
796 	}
797 
798 	/**
799 	 * @return true if the server supports receiving push options.
800 	 * @since 4.5
801 	 */
802 	public boolean isAllowPushOptions() {
803 		return allowPushOptions;
804 	}
805 
806 	/**
807 	 * Configure if the server supports receiving push options.
808 	 *
809 	 * @param allow
810 	 *            true to optionally accept option strings from the client.
811 	 * @since 4.5
812 	 */
813 	public void setAllowPushOptions(boolean allow) {
814 		allowPushOptions = allow;
815 	}
816 
817 	/**
818 	 * True if the client wants less verbose output.
819 	 *
820 	 * @return true if the client has requested the server to be less verbose.
821 	 * @throws RequestNotYetReadException
822 	 *             if the client's request has not yet been read from the wire,
823 	 *             so we do not know if they expect side-band. Note that the
824 	 *             client may have already written the request, it just has not
825 	 *             been read.
826 	 * @since 4.0
827 	 */
828 	public boolean isQuiet() throws RequestNotYetReadException {
829 		checkRequestWasRead();
830 		return quiet;
831 	}
832 
833 	/**
834 	 * Set the configuration for push certificate verification.
835 	 *
836 	 * @param cfg
837 	 *            new configuration; if this object is null or its {@link
838 	 *            SignedPushConfig#getCertNonceSeed()} is null, push certificate
839 	 *            verification will be disabled.
840 	 * @since 4.1
841 	 */
842 	public void setSignedPushConfig(SignedPushConfig cfg) {
843 		signedPushConfig = cfg;
844 	}
845 
846 	private PushCertificateParser getPushCertificateParser() {
847 		if (pushCertificateParser == null) {
848 			pushCertificateParser = new PushCertificateParser(db, signedPushConfig);
849 		}
850 		return pushCertificateParser;
851 	}
852 
853 	/**
854 	 * Get the user agent of the client.
855 	 * <p>
856 	 * If the client is new enough to use {@code agent=} capability that value
857 	 * will be returned. Older HTTP clients may also supply their version using
858 	 * the HTTP {@code User-Agent} header. The capability overrides the HTTP
859 	 * header if both are available.
860 	 * <p>
861 	 * When an HTTP request has been received this method returns the HTTP
862 	 * {@code User-Agent} header value until capabilities have been parsed.
863 	 *
864 	 * @return user agent supplied by the client. Available only if the client
865 	 *         is new enough to advertise its user agent.
866 	 * @since 4.0
867 	 */
868 	public String getPeerUserAgent() {
869 		return UserAgent.getAgent(enabledCapabilities, userAgent);
870 	}
871 
872 	/** @return all of the command received by the current request. */
873 	public List<ReceiveCommand> getAllCommands() {
874 		return Collections.unmodifiableList(commands);
875 	}
876 
877 	/**
878 	 * Send an error message to the client.
879 	 * <p>
880 	 * If any error messages are sent before the references are advertised to
881 	 * the client, the errors will be sent instead of the advertisement and the
882 	 * receive operation will be aborted. All clients should receive and display
883 	 * such early stage errors.
884 	 * <p>
885 	 * If the reference advertisements have already been sent, messages are sent
886 	 * in a side channel. If the client doesn't support receiving messages, the
887 	 * message will be discarded, with no other indication to the caller or to
888 	 * the client.
889 	 * <p>
890 	 * {@link PreReceiveHook}s should always try to use
891 	 * {@link ReceiveCommand#setResult(Result, String)} with a result status of
892 	 * {@link Result#REJECTED_OTHER_REASON} to indicate any reasons for
893 	 * rejecting an update. Messages attached to a command are much more likely
894 	 * to be returned to the client.
895 	 *
896 	 * @param what
897 	 *            string describing the problem identified by the hook. The
898 	 *            string must not end with an LF, and must not contain an LF.
899 	 */
900 	public void sendError(final String what) {
901 		if (refs == null) {
902 			if (advertiseError == null)
903 				advertiseError = new StringBuilder();
904 			advertiseError.append(what).append('\n');
905 		} else {
906 			msgOutWrapper.write(Constants.encode("error: " + what + "\n")); //$NON-NLS-1$ //$NON-NLS-2$
907 		}
908 	}
909 
910 	private void fatalError(String msg) {
911 		if (errOut != null) {
912 			try {
913 				errOut.write(Constants.encode(msg));
914 				errOut.flush();
915 			} catch (IOException e) {
916 				// Ignore write failures
917 			}
918 		} else {
919 			sendError(msg);
920 		}
921 	}
922 
923 	/**
924 	 * Send a message to the client, if it supports receiving them.
925 	 * <p>
926 	 * If the client doesn't support receiving messages, the message will be
927 	 * discarded, with no other indication to the caller or to the client.
928 	 *
929 	 * @param what
930 	 *            string describing the problem identified by the hook. The
931 	 *            string must not end with an LF, and must not contain an LF.
932 	 */
933 	public void sendMessage(final String what) {
934 		msgOutWrapper.write(Constants.encode(what + "\n")); //$NON-NLS-1$
935 	}
936 
937 	/** @return an underlying stream for sending messages to the client. */
938 	public OutputStream getMessageOutputStream() {
939 		return msgOutWrapper;
940 	}
941 
942 	/**
943 	 * Get the size of the received pack file including the index size.
944 	 *
945 	 * This can only be called if the pack is already received.
946 	 *
947 	 * @return the size of the received pack including index size
948 	 * @throws IllegalStateException
949 	 *             if called before the pack has been received
950 	 * @since 3.3
951 	 */
952 	public long getPackSize() {
953 		if (packSize != null)
954 			return packSize.longValue();
955 		throw new IllegalStateException(JGitText.get().packSizeNotSetYet);
956 	}
957 
958 	/**
959 	 * Get the commits from the client's shallow file.
960 	 *
961 	 * @return if the client is a shallow repository, the list of edge commits
962 	 *     that define the client's shallow boundary. Empty set if the client
963 	 *     is earlier than Git 1.9, or is a full clone.
964 	 * @since 3.5
965 	 */
966 	protected Set<ObjectId> getClientShallowCommits() {
967 		return clientShallowCommits;
968 	}
969 
970 	/** @return true if any commands to be executed have been read. */
971 	protected boolean hasCommands() {
972 		return !commands.isEmpty();
973 	}
974 
975 	/** @return true if an error occurred that should be advertised. */
976 	protected boolean hasError() {
977 		return advertiseError != null;
978 	}
979 
980 	/**
981 	 * Initialize the instance with the given streams.
982 	 *
983 	 * @param input
984 	 *            raw input to read client commands and pack data from. Caller
985 	 *            must ensure the input is buffered, otherwise read performance
986 	 *            may suffer.
987 	 * @param output
988 	 *            response back to the Git network client. Caller must ensure
989 	 *            the output is buffered, otherwise write performance may
990 	 *            suffer.
991 	 * @param messages
992 	 *            secondary "notice" channel to send additional messages out
993 	 *            through. When run over SSH this should be tied back to the
994 	 *            standard error channel of the command execution. For most
995 	 *            other network connections this should be null.
996 	 */
997 	protected void init(final InputStream input, final OutputStream output,
998 			final OutputStream messages) {
999 		origOut = output;
1000 		rawIn = input;
1001 		rawOut = output;
1002 		msgOut = messages;
1003 
1004 		if (timeout > 0) {
1005 			final Thread caller = Thread.currentThread();
1006 			timer = new InterruptTimer(caller.getName() + "-Timer"); //$NON-NLS-1$
1007 			timeoutIn = new TimeoutInputStream(rawIn, timer);
1008 			TimeoutOutputStream o = new TimeoutOutputStream(rawOut, timer);
1009 			timeoutIn.setTimeout(timeout * 1000);
1010 			o.setTimeout(timeout * 1000);
1011 			rawIn = timeoutIn;
1012 			rawOut = o;
1013 		}
1014 
1015 		if (maxPackSizeLimit >= 0)
1016 			rawIn = new LimitedInputStream(rawIn, maxPackSizeLimit) {
1017 				@Override
1018 				protected void limitExceeded() throws TooLargePackException {
1019 					throw new TooLargePackException(limit);
1020 				}
1021 			};
1022 
1023 		pckIn = new PacketLineIn(rawIn);
1024 		pckOut = new PacketLineOut(rawOut);
1025 		pckOut.setFlushOnEnd(false);
1026 
1027 		enabledCapabilities = new HashSet<String>();
1028 		commands = new ArrayList<ReceiveCommand>();
1029 	}
1030 
1031 	/** @return advertised refs, or the default if not explicitly advertised. */
1032 	protected Map<String, Ref> getAdvertisedOrDefaultRefs() {
1033 		if (refs == null)
1034 			setAdvertisedRefs(null, null);
1035 		return refs;
1036 	}
1037 
1038 	/**
1039 	 * Receive a pack from the stream and check connectivity if necessary.
1040 	 *
1041 	 * @throws IOException
1042 	 *             an error occurred during unpacking or connectivity checking.
1043 	 */
1044 	protected void receivePackAndCheckConnectivity() throws IOException {
1045 		receivePack();
1046 		if (needCheckConnectivity())
1047 			checkConnectivity();
1048 		parser = null;
1049 	}
1050 
1051 	/**
1052 	 * Unlock the pack written by this object.
1053 	 *
1054 	 * @throws IOException
1055 	 *             the pack could not be unlocked.
1056 	 */
1057 	protected void unlockPack() throws IOException {
1058 		if (packLock != null) {
1059 			packLock.unlock();
1060 			packLock = null;
1061 		}
1062 	}
1063 
1064 	/**
1065 	 * Generate an advertisement of available refs and capabilities.
1066 	 *
1067 	 * @param adv
1068 	 *            the advertisement formatter.
1069 	 * @throws IOException
1070 	 *             the formatter failed to write an advertisement.
1071 	 * @throws ServiceMayNotContinueException
1072 	 *             the hook denied advertisement.
1073 	 */
1074 	public void sendAdvertisedRefs(final RefAdvertiser adv)
1075 			throws IOException, ServiceMayNotContinueException {
1076 		if (advertiseError != null) {
1077 			adv.writeOne("ERR " + advertiseError); //$NON-NLS-1$
1078 			return;
1079 		}
1080 
1081 		try {
1082 			advertiseRefsHook.advertiseRefs(this);
1083 		} catch (ServiceMayNotContinueException fail) {
1084 			if (fail.getMessage() != null) {
1085 				adv.writeOne("ERR " + fail.getMessage()); //$NON-NLS-1$
1086 				fail.setOutput();
1087 			}
1088 			throw fail;
1089 		}
1090 
1091 		adv.init(db);
1092 		adv.advertiseCapability(CAPABILITY_SIDE_BAND_64K);
1093 		adv.advertiseCapability(CAPABILITY_DELETE_REFS);
1094 		adv.advertiseCapability(CAPABILITY_REPORT_STATUS);
1095 		if (allowQuiet)
1096 			adv.advertiseCapability(CAPABILITY_QUIET);
1097 		String nonce = getPushCertificateParser().getAdvertiseNonce();
1098 		if (nonce != null) {
1099 			adv.advertiseCapability(nonce);
1100 		}
1101 		if (db.getRefDatabase().performsAtomicTransactions())
1102 			adv.advertiseCapability(CAPABILITY_ATOMIC);
1103 		if (allowOfsDelta)
1104 			adv.advertiseCapability(CAPABILITY_OFS_DELTA);
1105 		if (allowPushOptions) {
1106 			adv.advertiseCapability(CAPABILITY_PUSH_OPTIONS);
1107 		}
1108 		adv.advertiseCapability(OPTION_AGENT, UserAgent.get());
1109 		adv.send(getAdvertisedOrDefaultRefs());
1110 		for (ObjectId obj : advertisedHaves)
1111 			adv.advertiseHave(obj);
1112 		if (adv.isEmpty())
1113 			adv.advertiseId(ObjectId.zeroId(), "capabilities^{}"); //$NON-NLS-1$
1114 		adv.end();
1115 	}
1116 
1117 	/**
1118 	 * Receive a list of commands from the input.
1119 	 *
1120 	 * @throws IOException
1121 	 */
1122 	protected void recvCommands() throws IOException {
1123 		PushCertificateParser certParser = getPushCertificateParser();
1124 		boolean firstPkt = true;
1125 		try {
1126 			for (;;) {
1127 				String line;
1128 				try {
1129 					line = pckIn.readString();
1130 				} catch (EOFException eof) {
1131 					if (commands.isEmpty())
1132 						return;
1133 					throw eof;
1134 				}
1135 				if (line == PacketLineIn.END) {
1136 					break;
1137 				}
1138 
1139 				if (line.length() >= 48 && line.startsWith("shallow ")) { //$NON-NLS-1$
1140 					parseShallow(line.substring(8, 48));
1141 					continue;
1142 				}
1143 
1144 				if (firstPkt) {
1145 					firstPkt = false;
1146 					FirstLine firstLine = new FirstLine(line);
1147 					enabledCapabilities = firstLine.getCapabilities();
1148 					line = firstLine.getLine();
1149 					enableCapabilities();
1150 
1151 					if (line.equals(GitProtocolConstants.OPTION_PUSH_CERT)) {
1152 						certParser.receiveHeader(pckIn, !isBiDirectionalPipe());
1153 						continue;
1154 					}
1155 				}
1156 
1157 				if (line.equals(PushCertificateParser.BEGIN_SIGNATURE)) {
1158 					certParser.receiveSignature(pckIn);
1159 					continue;
1160 				}
1161 
1162 				ReceiveCommand cmd = parseCommand(line);
1163 				if (cmd.getRefName().equals(Constants.HEAD)) {
1164 					cmd.setResult(Result.REJECTED_CURRENT_BRANCH);
1165 				} else {
1166 					cmd.setRef(refs.get(cmd.getRefName()));
1167 				}
1168 				commands.add(cmd);
1169 				if (certParser.enabled()) {
1170 					certParser.addCommand(cmd);
1171 				}
1172 			}
1173 			pushCert = certParser.build();
1174 			if (hasCommands()) {
1175 				readPostCommands(pckIn);
1176 			}
1177 		} catch (PackProtocolException e) {
1178 			if (sideBand) {
1179 				try {
1180 					pckIn.discardUntilEnd();
1181 				} catch (IOException e2) {
1182 					// Ignore read failures attempting to discard.
1183 				}
1184 			}
1185 			fatalError(e.getMessage());
1186 			throw e;
1187 		}
1188 	}
1189 
1190 	private void parseShallow(String idStr) throws PackProtocolException {
1191 		ObjectId id;
1192 		try {
1193 			id = ObjectId.fromString(idStr);
1194 		} catch (InvalidObjectIdException e) {
1195 			throw new PackProtocolException(e.getMessage(), e);
1196 		}
1197 		clientShallowCommits.add(id);
1198 	}
1199 
1200 	static ReceiveCommand parseCommand(String line) throws PackProtocolException {
1201           if (line == null || line.length() < 83) {
1202 			throw new PackProtocolException(
1203 					JGitText.get().errorInvalidProtocolWantedOldNewRef);
1204 		}
1205 		String oldStr = line.substring(0, 40);
1206 		String newStr = line.substring(41, 81);
1207 		ObjectId oldId, newId;
1208 		try {
1209 			oldId = ObjectId.fromString(oldStr);
1210 			newId = ObjectId.fromString(newStr);
1211 		} catch (InvalidObjectIdException e) {
1212 			throw new PackProtocolException(
1213 					JGitText.get().errorInvalidProtocolWantedOldNewRef, e);
1214 		}
1215 		String name = line.substring(82);
1216 		if (!Repository.isValidRefName(name)) {
1217 			throw new PackProtocolException(
1218 					JGitText.get().errorInvalidProtocolWantedOldNewRef);
1219 		}
1220 		return new ReceiveCommand(oldId, newId, name);
1221 	}
1222 
1223 	/**
1224 	 * @param in
1225 	 *            request stream.
1226 	 * @throws IOException
1227 	 *             request line cannot be read.
1228 	 */
1229 	void readPostCommands(PacketLineIn in) throws IOException {
1230 		// Do nothing by default.
1231 	}
1232 
1233 	/** Enable capabilities based on a previously read capabilities line. */
1234 	protected void enableCapabilities() {
1235 		sideBand = isCapabilityEnabled(CAPABILITY_SIDE_BAND_64K);
1236 		quiet = allowQuiet && isCapabilityEnabled(CAPABILITY_QUIET);
1237 		if (sideBand) {
1238 			OutputStream out = rawOut;
1239 
1240 			rawOut = new SideBandOutputStream(CH_DATA, MAX_BUF, out);
1241 			msgOut = new SideBandOutputStream(CH_PROGRESS, MAX_BUF, out);
1242 			errOut = new SideBandOutputStream(CH_ERROR, MAX_BUF, out);
1243 
1244 			pckOut = new PacketLineOut(rawOut);
1245 			pckOut.setFlushOnEnd(false);
1246 		}
1247 	}
1248 
1249 	/**
1250 	 * Check if the peer requested a capability.
1251 	 *
1252 	 * @param name
1253 	 *            protocol name identifying the capability.
1254 	 * @return true if the peer requested the capability to be enabled.
1255 	 */
1256 	protected boolean isCapabilityEnabled(String name) {
1257 		return enabledCapabilities.contains(name);
1258 	}
1259 
1260 	void checkRequestWasRead() {
1261 		if (enabledCapabilities == null)
1262 			throw new RequestNotYetReadException();
1263 	}
1264 
1265 	/** @return true if a pack is expected based on the list of commands. */
1266 	protected boolean needPack() {
1267 		for (final ReceiveCommand cmd : commands) {
1268 			if (cmd.getType() != ReceiveCommand.Type.DELETE)
1269 				return true;
1270 		}
1271 		return false;
1272 	}
1273 
1274 	/**
1275 	 * Receive a pack from the input and store it in the repository.
1276 	 *
1277 	 * @throws IOException
1278 	 *             an error occurred reading or indexing the pack.
1279 	 */
1280 	private void receivePack() throws IOException {
1281 		// It might take the client a while to pack the objects it needs
1282 		// to send to us.  We should increase our timeout so we don't
1283 		// abort while the client is computing.
1284 		//
1285 		if (timeoutIn != null)
1286 			timeoutIn.setTimeout(10 * timeout * 1000);
1287 
1288 		ProgressMonitor receiving = NullProgressMonitor.INSTANCE;
1289 		ProgressMonitor resolving = NullProgressMonitor.INSTANCE;
1290 		if (sideBand && !quiet)
1291 			resolving = new SideBandProgressMonitor(msgOut);
1292 
1293 		try (ObjectInserter ins = db.newObjectInserter()) {
1294 			String lockMsg = "jgit receive-pack"; //$NON-NLS-1$
1295 			if (getRefLogIdent() != null)
1296 				lockMsg += " from " + getRefLogIdent().toExternalString(); //$NON-NLS-1$
1297 
1298 			parser = ins.newPackParser(rawIn);
1299 			parser.setAllowThin(true);
1300 			parser.setNeedNewObjectIds(checkReferencedIsReachable);
1301 			parser.setNeedBaseObjectIds(checkReferencedIsReachable);
1302 			parser.setCheckEofAfterPackFooter(!biDirectionalPipe
1303 					&& !isExpectDataAfterPackFooter());
1304 			parser.setExpectDataAfterPackFooter(isExpectDataAfterPackFooter());
1305 			parser.setObjectChecker(objectChecker);
1306 			parser.setLockMessage(lockMsg);
1307 			parser.setMaxObjectSizeLimit(maxObjectSizeLimit);
1308 			packLock = parser.parse(receiving, resolving);
1309 			packSize = Long.valueOf(parser.getPackSize());
1310 			ins.flush();
1311 		}
1312 
1313 		if (timeoutIn != null)
1314 			timeoutIn.setTimeout(timeout * 1000);
1315 	}
1316 
1317 	private boolean needCheckConnectivity() {
1318 		return isCheckReceivedObjects()
1319 				|| isCheckReferencedObjectsAreReachable()
1320 				|| !getClientShallowCommits().isEmpty();
1321 	}
1322 
1323 	private void checkConnectivity() throws IOException {
1324 		ObjectIdSubclassMap<ObjectId> baseObjects = null;
1325 		ObjectIdSubclassMap<ObjectId> providedObjects = null;
1326 		ProgressMonitor checking = NullProgressMonitor.INSTANCE;
1327 		if (sideBand && !quiet) {
1328 			SideBandProgressMonitor m = new SideBandProgressMonitor(msgOut);
1329 			m.setDelayStart(750, TimeUnit.MILLISECONDS);
1330 			checking = m;
1331 		}
1332 
1333 		if (checkReferencedIsReachable) {
1334 			baseObjects = parser.getBaseObjectIds();
1335 			providedObjects = parser.getNewObjectIds();
1336 		}
1337 		parser = null;
1338 
1339 		try (final ObjectWalk ow = new ObjectWalk(db)) {
1340 			if (baseObjects != null) {
1341 				ow.sort(RevSort.TOPO);
1342 				if (!baseObjects.isEmpty())
1343 					ow.sort(RevSort.BOUNDARY, true);
1344 			}
1345 
1346 			for (final ReceiveCommand cmd : commands) {
1347 				if (cmd.getResult() != Result.NOT_ATTEMPTED)
1348 					continue;
1349 				if (cmd.getType() == ReceiveCommand.Type.DELETE)
1350 					continue;
1351 				ow.markStart(ow.parseAny(cmd.getNewId()));
1352 			}
1353 			for (final ObjectId have : advertisedHaves) {
1354 				RevObject o = ow.parseAny(have);
1355 				ow.markUninteresting(o);
1356 
1357 				if (baseObjects != null && !baseObjects.isEmpty()) {
1358 					o = ow.peel(o);
1359 					if (o instanceof RevCommit)
1360 						o = ((RevCommit) o).getTree();
1361 					if (o instanceof RevTree)
1362 						ow.markUninteresting(o);
1363 				}
1364 			}
1365 
1366 			checking.beginTask(JGitText.get().countingObjects,
1367 					ProgressMonitor.UNKNOWN);
1368 			RevCommit c;
1369 			while ((c = ow.next()) != null) {
1370 				checking.update(1);
1371 				if (providedObjects != null //
1372 						&& !c.has(RevFlag.UNINTERESTING) //
1373 						&& !providedObjects.contains(c))
1374 					throw new MissingObjectException(c, Constants.TYPE_COMMIT);
1375 			}
1376 
1377 			RevObject o;
1378 			while ((o = ow.nextObject()) != null) {
1379 				checking.update(1);
1380 				if (o.has(RevFlag.UNINTERESTING))
1381 					continue;
1382 
1383 				if (providedObjects != null) {
1384 					if (providedObjects.contains(o))
1385 						continue;
1386 					else
1387 						throw new MissingObjectException(o, o.getType());
1388 				}
1389 
1390 				if (o instanceof RevBlob && !db.hasObject(o))
1391 					throw new MissingObjectException(o, Constants.TYPE_BLOB);
1392 			}
1393 			checking.endTask();
1394 
1395 			if (baseObjects != null) {
1396 				for (ObjectId id : baseObjects) {
1397 					o = ow.parseAny(id);
1398 					if (!o.has(RevFlag.UNINTERESTING))
1399 						throw new MissingObjectException(o, o.getType());
1400 				}
1401 			}
1402 		}
1403 	}
1404 
1405 	/** Validate the command list. */
1406 	protected void validateCommands() {
1407 		for (final ReceiveCommand cmd : commands) {
1408 			final Ref ref = cmd.getRef();
1409 			if (cmd.getResult() != Result.NOT_ATTEMPTED)
1410 				continue;
1411 
1412 			if (cmd.getType() == ReceiveCommand.Type.DELETE) {
1413 				if (!isAllowDeletes()) {
1414 					// Deletes are not supported on this repository.
1415 					cmd.setResult(Result.REJECTED_NODELETE);
1416 					continue;
1417 				}
1418 				if (!isAllowBranchDeletes()
1419 						&& ref.getName().startsWith(Constants.R_HEADS)) {
1420 					// Branches cannot be deleted, but other refs can.
1421 					cmd.setResult(Result.REJECTED_NODELETE);
1422 					continue;
1423 				}
1424 			}
1425 
1426 			if (cmd.getType() == ReceiveCommand.Type.CREATE) {
1427 				if (!isAllowCreates()) {
1428 					cmd.setResult(Result.REJECTED_NOCREATE);
1429 					continue;
1430 				}
1431 
1432 				if (ref != null && !isAllowNonFastForwards()) {
1433 					// Creation over an existing ref is certainly not going
1434 					// to be a fast-forward update. We can reject it early.
1435 					//
1436 					cmd.setResult(Result.REJECTED_NONFASTFORWARD);
1437 					continue;
1438 				}
1439 
1440 				if (ref != null) {
1441 					// A well behaved client shouldn't have sent us a
1442 					// create command for a ref we advertised to it.
1443 					//
1444 					cmd.setResult(Result.REJECTED_OTHER_REASON,
1445 							JGitText.get().refAlreadyExists);
1446 					continue;
1447 				}
1448 			}
1449 
1450 			if (cmd.getType() == ReceiveCommand.Type.DELETE && ref != null) {
1451 				ObjectId id = ref.getObjectId();
1452 				if (id == null) {
1453 					id = ObjectId.zeroId();
1454 				}
1455 				if (!ObjectId.zeroId().equals(cmd.getOldId())
1456 						&& !id.equals(cmd.getOldId())) {
1457 					// Delete commands can be sent with the old id matching our
1458 					// advertised value, *OR* with the old id being 0{40}. Any
1459 					// other requested old id is invalid.
1460 					//
1461 					cmd.setResult(Result.REJECTED_OTHER_REASON,
1462 							JGitText.get().invalidOldIdSent);
1463 					continue;
1464 				}
1465 			}
1466 
1467 			if (cmd.getType() == ReceiveCommand.Type.UPDATE) {
1468 				if (ref == null) {
1469 					// The ref must have been advertised in order to be updated.
1470 					//
1471 					cmd.setResult(Result.REJECTED_OTHER_REASON, JGitText.get().noSuchRef);
1472 					continue;
1473 				}
1474 				ObjectId id = ref.getObjectId();
1475 				if (id == null) {
1476 					// We cannot update unborn branch
1477 					cmd.setResult(Result.REJECTED_OTHER_REASON,
1478 							JGitText.get().cannotUpdateUnbornBranch);
1479 					continue;
1480 				}
1481 
1482 				if (!id.equals(cmd.getOldId())) {
1483 					// A properly functioning client will send the same
1484 					// object id we advertised.
1485 					//
1486 					cmd.setResult(Result.REJECTED_OTHER_REASON,
1487 							JGitText.get().invalidOldIdSent);
1488 					continue;
1489 				}
1490 
1491 				// Is this possibly a non-fast-forward style update?
1492 				//
1493 				RevObject oldObj, newObj;
1494 				try {
1495 					oldObj = walk.parseAny(cmd.getOldId());
1496 				} catch (IOException e) {
1497 					cmd.setResult(Result.REJECTED_MISSING_OBJECT, cmd
1498 							.getOldId().name());
1499 					continue;
1500 				}
1501 
1502 				try {
1503 					newObj = walk.parseAny(cmd.getNewId());
1504 				} catch (IOException e) {
1505 					cmd.setResult(Result.REJECTED_MISSING_OBJECT, cmd
1506 							.getNewId().name());
1507 					continue;
1508 				}
1509 
1510 				if (oldObj instanceof RevCommit && newObj instanceof RevCommit) {
1511 					try {
1512 						if (walk.isMergedInto((RevCommit) oldObj,
1513 								(RevCommit) newObj))
1514 							cmd.setTypeFastForwardUpdate();
1515 						else
1516 							cmd.setType(ReceiveCommand.Type.UPDATE_NONFASTFORWARD);
1517 					} catch (MissingObjectException e) {
1518 						cmd.setResult(Result.REJECTED_MISSING_OBJECT, e
1519 								.getMessage());
1520 					} catch (IOException e) {
1521 						cmd.setResult(Result.REJECTED_OTHER_REASON);
1522 					}
1523 				} else {
1524 					cmd.setType(ReceiveCommand.Type.UPDATE_NONFASTFORWARD);
1525 				}
1526 
1527 				if (cmd.getType() == ReceiveCommand.Type.UPDATE_NONFASTFORWARD
1528 						&& !isAllowNonFastForwards()) {
1529 					cmd.setResult(Result.REJECTED_NONFASTFORWARD);
1530 					continue;
1531 				}
1532 			}
1533 
1534 			if (!cmd.getRefName().startsWith(Constants.R_REFS)
1535 					|| !Repository.isValidRefName(cmd.getRefName())) {
1536 				cmd.setResult(Result.REJECTED_OTHER_REASON, JGitText.get().funnyRefname);
1537 			}
1538 		}
1539 	}
1540 
1541 	/**
1542 	 * @return if any commands have been rejected so far.
1543 	 * @since 3.6
1544 	 */
1545 	protected boolean anyRejects() {
1546 		for (ReceiveCommand cmd : commands) {
1547 			if (cmd.getResult() != Result.NOT_ATTEMPTED && cmd.getResult() != Result.OK)
1548 				return true;
1549 		}
1550 		return false;
1551 	}
1552 
1553 	/**
1554 	 * Set the result to fail for any command that was not processed yet.
1555 	 * @since 3.6
1556 	 */
1557 	protected void failPendingCommands() {
1558 		ReceiveCommand.abort(commands);
1559 	}
1560 
1561 	/**
1562 	 * Filter the list of commands according to result.
1563 	 *
1564 	 * @param want
1565 	 *            desired status to filter by.
1566 	 * @return a copy of the command list containing only those commands with the
1567 	 *         desired status.
1568 	 */
1569 	protected List<ReceiveCommand> filterCommands(final Result want) {
1570 		return ReceiveCommand.filter(commands, want);
1571 	}
1572 
1573 	/** Execute commands to update references. */
1574 	protected void executeCommands() {
1575 		List<ReceiveCommand> toApply = filterCommands(Result.NOT_ATTEMPTED);
1576 		if (toApply.isEmpty())
1577 			return;
1578 
1579 		ProgressMonitor updating = NullProgressMonitor.INSTANCE;
1580 		if (sideBand) {
1581 			SideBandProgressMonitor pm = new SideBandProgressMonitor(msgOut);
1582 			pm.setDelayStart(250, TimeUnit.MILLISECONDS);
1583 			updating = pm;
1584 		}
1585 
1586 		BatchRefUpdate batch = db.getRefDatabase().newBatchUpdate();
1587 		batch.setAllowNonFastForwards(isAllowNonFastForwards());
1588 		batch.setAtomic(isAtomic());
1589 		batch.setRefLogIdent(getRefLogIdent());
1590 		batch.setRefLogMessage("push", true); //$NON-NLS-1$
1591 		batch.addCommand(toApply);
1592 		try {
1593 			batch.setPushCertificate(getPushCertificate());
1594 			batch.execute(walk, updating);
1595 		} catch (IOException err) {
1596 			for (ReceiveCommand cmd : toApply) {
1597 				if (cmd.getResult() == Result.NOT_ATTEMPTED)
1598 					cmd.reject(err);
1599 			}
1600 		}
1601 	}
1602 
1603 	/**
1604 	 * Send a status report.
1605 	 *
1606 	 * @param forClient
1607 	 *            true if this report is for a Git client, false if it is for an
1608 	 *            end-user.
1609 	 * @param unpackError
1610 	 *            an error that occurred during unpacking, or {@code null}
1611 	 * @param out
1612 	 *            the reporter for sending the status strings.
1613 	 * @throws IOException
1614 	 *             an error occurred writing the status report.
1615 	 */
1616 	protected void sendStatusReport(final boolean forClient,
1617 			final Throwable unpackError, final Reporter out) throws IOException {
1618 		if (unpackError != null) {
1619 			out.sendString("unpack error " + unpackError.getMessage()); //$NON-NLS-1$
1620 			if (forClient) {
1621 				for (final ReceiveCommand cmd : commands) {
1622 					out.sendString("ng " + cmd.getRefName() //$NON-NLS-1$
1623 							+ " n/a (unpacker error)"); //$NON-NLS-1$
1624 				}
1625 			}
1626 			return;
1627 		}
1628 
1629 		if (forClient)
1630 			out.sendString("unpack ok"); //$NON-NLS-1$
1631 		for (final ReceiveCommand cmd : commands) {
1632 			if (cmd.getResult() == Result.OK) {
1633 				if (forClient)
1634 					out.sendString("ok " + cmd.getRefName()); //$NON-NLS-1$
1635 				continue;
1636 			}
1637 
1638 			final StringBuilder r = new StringBuilder();
1639 			if (forClient)
1640 				r.append("ng ").append(cmd.getRefName()).append(" "); //$NON-NLS-1$ //$NON-NLS-2$
1641 			else
1642 				r.append(" ! [rejected] ").append(cmd.getRefName()).append(" ("); //$NON-NLS-1$ //$NON-NLS-2$
1643 
1644 			switch (cmd.getResult()) {
1645 			case NOT_ATTEMPTED:
1646 				r.append("server bug; ref not processed"); //$NON-NLS-1$
1647 				break;
1648 
1649 			case REJECTED_NOCREATE:
1650 				r.append("creation prohibited"); //$NON-NLS-1$
1651 				break;
1652 
1653 			case REJECTED_NODELETE:
1654 				r.append("deletion prohibited"); //$NON-NLS-1$
1655 				break;
1656 
1657 			case REJECTED_NONFASTFORWARD:
1658 				r.append("non-fast forward"); //$NON-NLS-1$
1659 				break;
1660 
1661 			case REJECTED_CURRENT_BRANCH:
1662 				r.append("branch is currently checked out"); //$NON-NLS-1$
1663 				break;
1664 
1665 			case REJECTED_MISSING_OBJECT:
1666 				if (cmd.getMessage() == null)
1667 					r.append("missing object(s)"); //$NON-NLS-1$
1668 				else if (cmd.getMessage().length() == Constants.OBJECT_ID_STRING_LENGTH) {
1669 					r.append("object "); //$NON-NLS-1$
1670 					r.append(cmd.getMessage());
1671 					r.append(" missing"); //$NON-NLS-1$
1672 				} else
1673 					r.append(cmd.getMessage());
1674 				break;
1675 
1676 			case REJECTED_OTHER_REASON:
1677 				if (cmd.getMessage() == null)
1678 					r.append("unspecified reason"); //$NON-NLS-1$
1679 				else
1680 					r.append(cmd.getMessage());
1681 				break;
1682 
1683 			case LOCK_FAILURE:
1684 				r.append("failed to lock"); //$NON-NLS-1$
1685 				break;
1686 
1687 			case OK:
1688 				// We shouldn't have reached this case (see 'ok' case above).
1689 				continue;
1690 			}
1691 			if (!forClient)
1692 				r.append(")"); //$NON-NLS-1$
1693 			out.sendString(r.toString());
1694 		}
1695 	}
1696 
1697 	/**
1698 	 * Close and flush (if necessary) the underlying streams.
1699 	 *
1700 	 * @throws IOException
1701 	 */
1702 	protected void close() throws IOException {
1703 		if (sideBand) {
1704 			// If we are using side band, we need to send a final
1705 			// flush-pkt to tell the remote peer the side band is
1706 			// complete and it should stop decoding. We need to
1707 			// use the original output stream as rawOut is now the
1708 			// side band data channel.
1709 			//
1710 			((SideBandOutputStream) msgOut).flushBuffer();
1711 			((SideBandOutputStream) rawOut).flushBuffer();
1712 
1713 			PacketLineOut plo = new PacketLineOut(origOut);
1714 			plo.setFlushOnEnd(false);
1715 			plo.end();
1716 		}
1717 
1718 		if (biDirectionalPipe) {
1719 			// If this was a native git connection, flush the pipe for
1720 			// the caller. For smart HTTP we don't do this flush and
1721 			// instead let the higher level HTTP servlet code do it.
1722 			//
1723 			if (!sideBand && msgOut != null)
1724 				msgOut.flush();
1725 			rawOut.flush();
1726 		}
1727 	}
1728 
1729 	/**
1730 	 * Release any resources used by this object.
1731 	 *
1732 	 * @throws IOException
1733 	 *             the pack could not be unlocked.
1734 	 */
1735 	protected void release() throws IOException {
1736 		walk.close();
1737 		unlockPack();
1738 		timeoutIn = null;
1739 		rawIn = null;
1740 		rawOut = null;
1741 		msgOut = null;
1742 		pckIn = null;
1743 		pckOut = null;
1744 		refs = null;
1745 		// Keep the capabilities. If responses are sent after this release
1746 		// we need to remember at least whether sideband communication has to be
1747 		// used
1748 		commands = null;
1749 		if (timer != null) {
1750 			try {
1751 				timer.terminate();
1752 			} finally {
1753 				timer = null;
1754 			}
1755 		}
1756 	}
1757 
1758 	/** Interface for reporting status messages. */
1759 	static abstract class Reporter {
1760 			abstract void sendString(String s) throws IOException;
1761 	}
1762 }