From c7ebb2407112b8137e2cd7c108dd13957b4cff1e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 28 Sep 2011 20:44:23 -0400
Subject: [PATCH] Allow SSL renegotiation on Java 1.6.0_22 and later

---
 src/com/gitblit/FederationServlet.java |   38 +++++++++++++++++++++++++++++---------
 1 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/src/com/gitblit/FederationServlet.java b/src/com/gitblit/FederationServlet.java
index 708ca92..7dc5d6a 100644
--- a/src/com/gitblit/FederationServlet.java
+++ b/src/com/gitblit/FederationServlet.java
@@ -35,6 +35,7 @@
 import com.gitblit.models.FederationProposal;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
+import com.gitblit.utils.FederationUtils;
 import com.gitblit.utils.HttpUtils;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.utils.TimeUtils;
@@ -110,6 +111,16 @@
 	private void processRequest(javax.servlet.http.HttpServletRequest request,
 			javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException,
 			java.io.IOException {
+		FederationRequest reqType = FederationRequest.fromName(request.getParameter("req"));
+		logger.info(MessageFormat.format("Federation {0} request from {1}", reqType,
+				request.getRemoteAddr()));
+
+		if (FederationRequest.POKE.equals(reqType)) {
+			// Gitblit always responds to POKE requests to verify a connection
+			logger.info("Received federation POKE from " + request.getRemoteAddr());
+			return;
+		}
+
 		if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {
 			logger.warn(Keys.git.enableGitServlet + " must be set TRUE for federation requests.");
 			response.sendError(HttpServletResponse.SC_FORBIDDEN);
@@ -123,11 +134,6 @@
 			response.sendError(HttpServletResponse.SC_FORBIDDEN);
 			return;
 		}
-
-		String token = request.getParameter("token");
-		FederationRequest reqType = FederationRequest.fromName(request.getParameter("req"));
-		logger.info(MessageFormat.format("Federation {0} request from {1}", reqType,
-				request.getRemoteAddr()));
 
 		if (FederationRequest.PROPOSAL.equals(reqType)) {
 			// Receive a gitblit federation proposal
@@ -159,9 +165,22 @@
 				return;
 			}
 
-			String hosturl = HttpUtils.getHostURL(request);
-			String gitblitUrl = hosturl + request.getContextPath();
-			GitBlit.self().submitFederationProposal(proposal, gitblitUrl);
+			// poke the origin Gitblit instance that is proposing federation
+			boolean poked = false;
+			try {
+				poked = FederationUtils.poke(proposal.url);
+			} catch (Exception e) {
+				logger.error("Failed to poke origin", e);
+			}
+			if (!poked) {
+				logger.error(MessageFormat.format("Failed to send federation poke to {0}",
+						proposal.url));
+				response.setStatus(HttpServletResponse.SC_NOT_ACCEPTABLE);
+				return;
+			}
+
+			String url = HttpUtils.getGitblitURL(request);
+			GitBlit.self().submitFederationProposal(proposal, url);
 			logger.info(MessageFormat.format(
 					"Submitted {0} federation proposal to pull {1} repositories from {2}",
 					proposal.tokenType.name(), proposal.repositories.size(), proposal.url));
@@ -208,6 +227,7 @@
 		}
 
 		// Determine the federation tokens for this gitblit instance
+		String token = request.getParameter("token");
 		List<String> tokens = GitBlit.self().getFederationTokens();
 		if (!tokens.contains(token)) {
 			logger.warn(MessageFormat.format(
@@ -218,7 +238,7 @@
 
 		Object result = null;
 		if (FederationRequest.PULL_REPOSITORIES.equals(reqType)) {
-			String gitblitUrl = HttpUtils.getHostURL(request);
+			String gitblitUrl = HttpUtils.getGitblitURL(request);
 			result = GitBlit.self().getRepositories(gitblitUrl, token);
 		} else {
 			if (FederationRequest.PULL_SETTINGS.equals(reqType)) {

--
Gitblit v1.9.1