From d2fbbc910a8ecc6cec36354b09fc276b5a236543 Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Thu, 18 Jun 2015 13:07:37 -0400 Subject: [PATCH] SignedPushConfig: Allow setting a custom nonce generator impl Change-Id: Ic0156a7d65d99881ef27801fcce7754594c436f0 --- .../jgit/transport/PushCertificateParser.java | 4 +- .../jgit/transport/SignedPushConfig.java | 48 +++++++++++++++++-- 2 files changed, 44 insertions(+), 8 deletions(-) diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java index 04871c7f9a..fea8f125e1 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java @@ -117,9 +117,7 @@ public class PushCertificateParser { PushCertificateParser(Repository into, SignedPushConfig cfg) { if (cfg != null) { nonceSlopLimit = cfg.getCertNonceSlopLimit(); - nonceGenerator = cfg.getCertNonceSeed() != null - ? new HMACSHA1NonceGenerator(cfg.certNonceSeed) - : null; + nonceGenerator = cfg.getNonceGenerator(); } else { nonceSlopLimit = 0; nonceGenerator = null; diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java index d3c5a97434..942e7d7742 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java @@ -60,22 +60,26 @@ public class SignedPushConfig { } }; - String certNonceSeed; - int certNonceSlopLimit; + private String certNonceSeed; + private int certNonceSlopLimit; + private NonceGenerator nonceGenerator; /** Create a new config with default values disabling push verification. */ public SignedPushConfig() { } SignedPushConfig(Config cfg) { - certNonceSeed = cfg.getString("receive", null, "certnonceseed"); //$NON-NLS-1$ //$NON-NLS-2$ + setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$ certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$ } /** * Set the seed used by the nonce verifier. *

- * Setting this to a non-null value enables push certificate verification. + * Setting this to a non-null value enables push certificate verification + * using the default {@link HMACSHA1NonceGenerator} implementation, if a + * different implementation was not set using {@link + * #setNonceGenerator(NonceGenerator)}. * * @param seed * new seed value. @@ -84,7 +88,7 @@ public class SignedPushConfig { certNonceSeed = seed; } - /** @return the configured seed used by the nonce verifier. */ + /** @return the configured seed. */ public String getCertNonceSeed() { return certNonceSeed; } @@ -105,4 +109,38 @@ public class SignedPushConfig { public int getCertNonceSlopLimit() { return certNonceSlopLimit; } + + /** + * Set the {@link NonceGenerator} used for signed pushes. + *

+ * Setting this to a non-null value enables push certificate verification. If + * this method is called, this implementation will be used instead of the + * default {@link HMACSHA1NonceGenerator} even if {@link + * #setCertNonceSeed(String)} was called. + * + * @param generator + * new nonce generator. + */ + public void setNonceGenerator(NonceGenerator generator) { + nonceGenerator = generator; + } + + /** + * Get the {@link NonceGenerator} used for signed pushes. + *

+ * If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null + * implementation, that will be returned. If no custom implementation was set + * but {@link #setCertNonceSeed(String)} was called, returns a newly-created + * {@link HMACSHA1NonceGenerator}. + * + * @return the configured nonce generator. + */ + public NonceGenerator getNonceGenerator() { + if (nonceGenerator != null) { + return nonceGenerator; + } else if (certNonceSeed != null) { + return new HMACSHA1NonceGenerator(certNonceSeed); + } + return null; + } } -- 2.39.5