]> source.dussan.org Git - jgit.git/commit
projects / jgit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a202d97) | patch
SSH signing: implement a Signer 26/1202326/3
authorThomas Wolf <twolf@apache.org>
Sat, 28 Sep 2024 13:58:20 +0000 (15:58 +0200)
committerMatthias Sohn <matthias.sohn@sap.com>
Wed, 23 Oct 2024 14:29:10 +0000 (16:29 +0200)
commitc9958e9b7a9b023acb214efcabfc89525859c588
tree74f93482152861d26c821ae05b505d9ffd5e8028tree | snapshot
parenta202d970651f5292c47e8bbf3505bea50d328081commit | diff
SSH signing: implement a Signer

Implement a Signer and its factory, and publish the factory for the
ServiceLoader. SSH signatures can be created directly if the key is
given via a file in user.signingKey and the private key can be found.
Otherwise, signing is delegated to an SSH agent, if available.

If a certificate is used as public key, the signer verifies the
certificate (correct signature, and valid at the commit time).

SSH signatures are documented at [1].

[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig

Bug: jgit-44
Change-Id: I3848ccc06ba3be5e868f879bd5705fee1b39c632
Signed-off-by: Thomas Wolf <twolf@apache.org>
32 files changed:
org.eclipse.jgit.ssh.apache.test/.classpath diff | blob | history
org.eclipse.jgit.ssh.apache.test/.gitattributes [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/BUILD diff | blob | history
org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF diff | blob | history
org.eclipse.jgit.ssh.apache.test/pom.xml diff | blob | history
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/ca_key [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/ca_key.pub [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/ca_key2 [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/ca_key2.pub [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/certs/expired.cert [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/certs/no_principals.cert [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/certs/other-ca.cert [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/certs/other.cert [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/certs/tester.cert [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/certs/two_principals.cert [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/other_key [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/other_key-cert.pub [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/other_key.pub [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/signing_key [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/signing_key-cert.pub [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst-rsrc/org/eclipse/jgit/internal/signing/ssh/signing_key.pub [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/AbstractSshSignatureTest.java [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/SshCertificateUtilsTest.java [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/SshSignerTest.java [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF diff | blob | history
org.eclipse.jgit.ssh.apache/resources/META-INF/services/org.eclipse.jgit.lib.SignerFactory [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties diff | blob | history
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/SshCertificateUtils.java [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/SshSignatureConstants.java [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/SshSigner.java [new file with mode: 0644] blob
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java diff | blob | history
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/signing/ssh/SshSignerFactory.java [new file with mode: 0644] blob
JGit, the Java implementation of git: https://github.com/eclipse-jgit/jgit