Add tests for HMACSHA1NonceGenerator

Correct documentation of NonceStatus.OK/SLOP to match the implemented
behavior.

Change-Id: Id5ec1945eab76db6d2e4b592cb25907ea3d835cd

diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java
new file mode 100644 (file)
index 0000000..1e79b7a
--- /dev/null
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2015, Google Inc.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ *      copyright notice, this list of conditions and the following
+ *      disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ *      names of its contributors may be used to endorse or promote
+ *      products derived from this software without specific prior
+ *      written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package org.eclipse.jgit.transport;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+import org.eclipse.jgit.internal.storage.dfs.DfsRepositoryDescription;
+import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.transport.PushCertificate.NonceStatus;
+import org.junit.Before;
+import org.junit.Test;
+
+/** Test for HMAC SHA-1 certificate verifier. */
+public class HMACSHA1NonceGeneratorTest {
+       private static final long TS = 1433954361;
+
+       private HMACSHA1NonceGenerator gen;
+       private Repository db;
+
+       @Before
+       public void setUp() {
+               gen = new HMACSHA1NonceGenerator("sekret");
+               db = new InMemoryRepository(new DfsRepositoryDescription("db"));
+       }
+
+       @Test
+       public void missing() throws Exception {
+               assertEquals(NonceStatus.MISSING, gen.verify("", "1234", db, false, 0));
+       }
+
+       @Test
+       public void unsolicited() throws Exception {
+               assertEquals(NonceStatus.UNSOLICITED, gen.verify("1234", "", db, false, 0));
+       }
+
+       @Test
+       public void invalidFormat() throws Exception {
+               String sent = gen.createNonce(db, TS);
+               int idx = sent.indexOf('-');
+               String sig = sent.substring(idx, sent.length() - idx);
+               assertEquals(NonceStatus.BAD,
+                               gen.verify(Long.toString(TS), sent, db, true, 100));
+               assertEquals(NonceStatus.BAD, gen.verify(sig, sent, db, true, 100));
+               assertEquals(NonceStatus.BAD, gen.verify("xxx-" + sig, sent, db, true, 100));
+               assertEquals(NonceStatus.BAD, gen.verify(sent, "xxx-" + sig, db, true, 100));
+       }
+
+       @Test
+       public void slop() throws Exception {
+               String sent = gen.createNonce(db, TS - 10);
+               String received = gen.createNonce(db, TS);
+               assertEquals(NonceStatus.BAD,
+                               gen.verify(received, sent, db, false, 0));
+               assertEquals(NonceStatus.BAD,
+                               gen.verify(received, sent, db, false, 11));
+               assertEquals(NonceStatus.SLOP,
+                               gen.verify(received, sent, db, true, 0));
+               assertEquals(NonceStatus.SLOP,
+                               gen.verify(received, sent, db, true, 9));
+               assertEquals(NonceStatus.OK,
+                               gen.verify(received, sent, db, true, 10));
+               assertEquals(NonceStatus.OK,
+                               gen.verify(received, sent, db, true, 11));
+       }
+
+       @Test
+       public void ok() throws Exception {
+               String sent = gen.createNonce(db, TS);
+               assertEquals(NonceStatus.OK, gen.verify(sent, sent, db, false, 0));
+       }
+
+       @Test
+       public void signedByDifferentKey() throws Exception {
+               HMACSHA1NonceGenerator other = new HMACSHA1NonceGenerator("other");
+               String sent = gen.createNonce(db, TS);
+               String received = other.createNonce(db, TS);
+               assertNotEquals(received, sent);
+               assertEquals(NonceStatus.BAD,
+                               gen.verify(received, sent, db, false, 0));
+       }
+
+       @Test
+       public void signedByDifferentKeyWithSlop() throws Exception {
+               HMACSHA1NonceGenerator other = new HMACSHA1NonceGenerator("other");
+               String sent = gen.createNonce(db, TS - 10);
+               String received = other.createNonce(db, TS);
+               assertEquals(NonceStatus.BAD, gen.verify(received, sent, db, true, 100));
+       }
+}

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
index 222ca55d5cd2bdffc2feda44540ffdf8ec33dbc3..7e9434a0f03416b039d4f30d950e81c9cb9a4058 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
@@ -105,36 +105,42 @@ public class HMACSHA1NonceGenerator implements NonceGenerator {
        @Override
        public NonceStatus verify(String received, String sent,
                        Repository db, boolean allowSlop, int slop) {
-               if (received.isEmpty())
+               if (received.isEmpty()) {
                        return NonceStatus.MISSING;
-               else if (sent.isEmpty())
+               } else if (sent.isEmpty()) {
                        return NonceStatus.UNSOLICITED;
-               else if (received.equals(sent))
+               } else if (received.equals(sent)) {
                        return NonceStatus.OK;
+               }
 
-               if (!allowSlop)
+               if (!allowSlop) {
                        return NonceStatus.BAD;
+               }
 
                /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
                int idxSent = sent.indexOf('-');
                int idxRecv = received.indexOf('-');
-               if (idxSent == -1 || idxRecv == -1)
+               if (idxSent == -1 || idxRecv == -1) {
                        return NonceStatus.BAD;
+               }
 
+               String signedStampStr = received.substring(0, idxRecv);
+               String advertisedStampStr = sent.substring(0, idxSent);
                long signedStamp;
                long advertisedStamp;
                try {
-                       signedStamp = Long.parseLong(received.substring(0, idxRecv));
-                       advertisedStamp = Long.parseLong(sent.substring(0, idxSent));
-               } catch (Exception e) {
+                       signedStamp = Long.parseLong(signedStampStr);
+                       advertisedStamp = Long.parseLong(advertisedStampStr);
+               } catch (IllegalArgumentException e) {
                        return NonceStatus.BAD;
                }
 
                // what we would have signed earlier
                String expect = createNonce(db, signedStamp);
 
-               if (!expect.equals(received))
+               if (!expect.equals(received)) {
                        return NonceStatus.BAD;
+               }
 
                long nonceStampSlop = Math.abs(advertisedStamp - signedStamp);
 

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
index 2eda2b71381e0a43e9fb9139980dc3aff04f5285..18a1197912b4b3b41307bc2b6096076d3177020e 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
@@ -71,9 +71,12 @@ public class PushCertificate {
                BAD,
                /** Nonce is required, but was not sent by client. */
                MISSING,
-               /** Received nonce is valid. */
+               /**
+                * Received nonce matches sent nonce, or is valid within the accepted slop
+                * window.
+                */
                OK,
-               /** Received nonce is valid and within the accepted slop window. */
+               /** Received nonce is valid, but outside the accepted slop window. */
                SLOP
        }