* @since 4.0
*/
public class PushCertificate {
-
- /** The tuple "name <email>" as presented in the push certificate */
+ /** The tuple "name <email>" as presented in the push certificate. */
String pusher;
- /** The remote URL the signed push goes to */
+ /** The remote URL the signed push goes to. */
String pushee;
- /** What we think about the returned signed nonce */
+ /** What we think about the returned signed nonce. */
NonceStatus nonceStatus;
- /**
- *
- *
- */
+ /** Verification result of the nonce returned during push. */
public enum NonceStatus {
- /**
- *
- */
+ /** Nonce was not expected, yet client sent one anyway. */
UNSOLICITED,
- /**
- *
- */
+ /** Nonce is invalid and did not match server's expectations. */
BAD,
- /**
- *
- */
+ /** Nonce is required, but was not sent by client. */
MISSING,
- /**
- *
- */
+ /** Received nonce is valid. */
OK,
- /**
- *
- */
+ /** Received nonce is valid and within the accepted slop window. */
SLOP
}
- /**
- *
- */
String commandList;
-
- /**
- *
- */
String signature;
/**
- *
* @return the signature, consisting of the lines received between the lines
* '----BEGIN GPG SIGNATURE-----\n' and the '----END GPG
* SIGNATURE-----\n'
}
/**
- * @return the pushedCertPusher
+ * @return the tuple "name <email>" as presented by the client in the
+ * push certificate.
*/
public String getPusher() {
return pusher;
}
- /**
- * @return the pushedCertPushee
- */
+ /** @return URL of the repository the push was originally sent to. */
public String getPushee() {
return pushee;
}
- /**
- * @return the pushCertNonceStatus
- */
+ /** @return verification status of the nonce embedded in the certificate. */
public NonceStatus getNonceStatus() {
return nonceStatus;
}
/**
* Receive a list of commands from the input encapsulated in a push
- * certificate. This method doesn't deal with the first line "push-cert \NUL
- * <capabilities>", but assumes the first line including the capabilities
- * has already been dealt with.
+ * certificate. This method doesn't parse the first line "push-cert \NUL
+ * <capabilities>", but assumes the first line including the
+ * capabilities has already been handled by the caller.
*
* @param pckIn
* where we take the push certificate header from.
* @param stateless
- * If this server is run as a stateless server, such that it
- * cannot store the sent push certificate and needs to validate
- * what the client sends back.
- *
+ * affects nonce verification. When {@code stateless = true} the
+ * {@code NonceGenerator} will allow for some time skew caused by
+ * clients disconnected and reconnecting in the stateless smart
+ * HTTP protocol.
* @throws IOException
+ * if the certificate from the client is badly malformed or the
+ * client disconnects before sending the entire certificate.
*/
public void receiveHeader(PacketLineIn pckIn, boolean stateless)
throws IOException {
projects / jgit.git / commitdiff