source.dussan.org Git - jgit.git/blob

   1 /*
   2  * Copyright (C) 2024, Thomas Wolf <twolf@apache.org> and others
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Distribution License v. 1.0 which is available at
   6  * https://www.eclipse.org/org/documents/edl-v10.php.
   7  *
   8  * SPDX-License-Identifier: BSD-3-Clause
   9  */
  10 package org.eclipse.jgit.internal.signing.ssh;
  11
  12 import static org.junit.Assert.assertNotNull;
  13 import static org.junit.Assert.assertTrue;
  14
  15 import java.io.File;
  16 import java.io.IOException;
  17 import java.io.InputStream;
  18 import java.nio.charset.StandardCharsets;
  19 import java.nio.file.Files;
  20 import java.nio.file.Path;
  21 import java.nio.file.StandardCopyOption;
  22 import java.time.Instant;
  23 import java.time.ZoneOffset;
  24
  25 import org.eclipse.jgit.api.CommitCommand;
  26 import org.eclipse.jgit.api.Git;
  27 import org.eclipse.jgit.junit.RepositoryTestCase;
  28 import org.eclipse.jgit.lib.Constants;
  29 import org.eclipse.jgit.lib.PersonIdent;
  30 import org.eclipse.jgit.lib.Repository;
  31 import org.eclipse.jgit.lib.StoredConfig;
  32 import org.eclipse.jgit.revwalk.RevCommit;
  33 import org.junit.Before;
  34 import org.junit.Rule;
  35 import org.junit.rules.TemporaryFolder;
  36
  37 /**
  38  * Common setup for SSH signature tests.
  39  */
  40 public abstract class AbstractSshSignatureTest extends RepositoryTestCase {
  41
  42         @Rule
  43         public TemporaryFolder keys = new TemporaryFolder();
  44
  45         protected File certs;
  46
  47         protected Instant commitTime;
  48
  49         @Override
  50         @Before
  51         public void setUp() throws Exception {
  52                 super.setUp();
  53                 copyResource("other_key", keys.getRoot());
  54                 copyResource("other_key.pub", keys.getRoot());
  55                 copyResource("other_key-cert.pub", keys.getRoot());
  56                 copyResource("signing_key", keys.getRoot());
  57                 copyResource("signing_key.pub", keys.getRoot());
  58                 certs = keys.newFolder("certs");
  59                 copyResource("certs/expired.cert", certs);
  60                 copyResource("certs/no_principals.cert", certs);
  61                 copyResource("certs/other.cert", certs);
  62                 copyResource("certs/other-ca.cert", certs);
  63                 copyResource("certs/tester.cert", certs);
  64                 copyResource("certs/two_principals.cert", certs);
  65                 Repository repo = db;
  66                 StoredConfig config = repo.getConfig();
  67                 config.setString("gpg", null, "format", "ssh");
  68                 config.save();
  69                 // Run all tests with commit times on 2024-10-02T12:00:00Z. The test
  70                 // certificates are valid from 2024-09-01 to 2024-10-31, except the
  71                 // "expired" certificate which is valid only on 2024-09-01.
  72                 commitTime = Instant.parse("2024-10-02T12:00:00.00Z");
  73         }
  74
  75         private void copyResource(String name, File directory) throws IOException {
  76                 try (InputStream in = this.getClass().getResourceAsStream(name)) {
  77                         int i = name.lastIndexOf('/');
  78                         String fileName = i < 0 ? name : name.substring(i + 1);
  79                         Files.copy(in, directory.toPath().resolve(fileName));
  80                 }
  81         }
  82
  83         protected RevCommit createSignedCommit(String certificate,
  84                         String signingKey) throws Exception {
  85                 Repository repo = db;
  86                 Path key = keys.getRoot().toPath().resolve(signingKey);
  87                 if (certificate != null) {
  88                         Files.copy(certs.toPath().resolve(certificate),
  89                                         keys.getRoot().toPath().resolve(signingKey),
  90                                         StandardCopyOption.REPLACE_EXISTING);
  91                 }
  92                 PersonIdent commitAuthor = new PersonIdent("tester",
  93                                 "tester@example.com", commitTime, ZoneOffset.UTC);
  94                 try (Git git = Git.wrap(repo)) {
  95                         writeTrashFile("foo.txt", "foo");
  96                         git.add().addFilepattern("foo.txt").call();
  97                         CommitCommand commit = git.commit();
  98                         commit.setAuthor(commitAuthor);
  99                         commit.setCommitter(commitAuthor);
 100                         commit.setMessage("Message");
 101                         commit.setSign(Boolean.TRUE);
 102                         commit.setSigningKey(key.toAbsolutePath().toString());
 103                         return commit.call();
 104                 }
 105         }
 106
 107         protected RevCommit checkSshSignature(RevCommit c) {
 108                 byte[] sig = c.getRawGpgSignature();
 109                 assertNotNull(sig);
 110                 String signature = new String(sig, StandardCharsets.US_ASCII);
 111                 assertTrue("Not an SSH signature:\n" + signature,
 112                                 signature.startsWith(Constants.SSH_SIGNATURE_PREFIX));
 113                 return c;
 114         }
 115 }