Add option to allow using JDK's SHA1 implementation

The change If6da9833 moved the computation of SHA1 from the JVM's
JCE to a pure Java implementation with collision detection.
The extra security for public sites comes with a cost of slower
SHA1 processing compared to the native implementation in the JDK.

When JGit is used internally and not exposed to any traffic from
external or untrusted users, the extra cost of the pure Java SHA1
implementation can be avoided, falling back to the previous
native MessageDigest implementation.

Bug: 580310
Change-Id: Ic24c0ba1cb0fb6282b8ca3025ffbffa84035565e

1 files changed, 59 insertions, 10 deletions

diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java
index ad560c2546..abc2854faf 100644
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java
@@ -14,6 +14,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeFalse;
 import static org.junit.Assume.assumeTrue;
 
 import java.io.IOException;
@@ -22,11 +23,20 @@ import java.nio.ByteBuffer;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
+import org.eclipse.jgit.junit.MockSystemReader;
 import org.eclipse.jgit.lib.Constants;
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.util.IO;
-import org.junit.Test;
-
+import org.eclipse.jgit.util.SystemReader;
+import org.eclipse.jgit.util.sha1.SHA1.Sha1Implementation;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.Theories;
+import org.junit.experimental.theories.Theory;
+import org.junit.runner.RunWith;
+
+@RunWith(Theories.class)
 public class SHA1Test {
 	private static final String TEST1 = "abc";
 
@@ -34,7 +44,32 @@ public class SHA1Test {
 	private static final String TEST2b = "jkijkljklmklmnlmnomnopnopq";
 	private static final String TEST2 = TEST2a + TEST2b;
 
-	@Test
+	@DataPoints
+	public static Sha1Implementation[] getDataPoints() {
+		return new Sha1Implementation[] { Sha1Implementation.JAVA,
+				Sha1Implementation.JDKNATIVE };
+	}
+
+	private Sha1Implementation sha1Implementation;
+
+	public SHA1Test(Sha1Implementation impl) {
+		this.sha1Implementation = impl;
+	}
+
+	@Before
+	public void setUp() throws Exception {
+		MockSystemReader mockSystemReader = new MockSystemReader();
+		SystemReader.setInstance(mockSystemReader);
+			System.setProperty("org.eclipse.jgit.util.sha1.implementation",
+					sha1Implementation.name());
+	}
+
+	@After
+	public void tearDown() {
+		SystemReader.setInstance(null);
+	}
+
+	@Theory
 	public void test0() throws NoSuchAlgorithmException {
 		ObjectId exp = ObjectId
 				.fromString("da39a3ee5e6b4b0d3255bfef95601890afd80709");
@@ -56,7 +91,7 @@ public class SHA1Test {
 		assertEquals(exp, s2);
 	}
 
-	@Test
+	@Theory
 	public void test1() throws NoSuchAlgorithmException {
 		ObjectId exp = ObjectId
 				.fromString("a9993e364706816aba3e25717850c26c9cd0d89d");
@@ -78,7 +113,7 @@ public class SHA1Test {
 		assertEquals(exp, s2);
 	}
 
-	@Test
+	@Theory
 	public void test2() throws NoSuchAlgorithmException {
 		ObjectId exp = ObjectId
 				.fromString("84983e441c3bd26ebaae4aa1f95129e5e54670f1");
@@ -100,9 +135,13 @@ public class SHA1Test {
 		assertEquals(exp, s2);
 	}
 
-	@Test
+	@Theory
 	public void shatteredCollision()
 			throws IOException, NoSuchAlgorithmException {
+		assumeFalse(
+				System.getProperty("org.eclipse.jgit.util.sha1.implementation")
+						.equalsIgnoreCase("jdkNative"));
+
 		byte[] pdf1 = read("shattered-1.pdf", 422435);
 		byte[] pdf2 = read("shattered-2.pdf", 422435);
 		MessageDigest md;
@@ -149,8 +188,12 @@ public class SHA1Test {
 		}
 	}
 
-	@Test
+	@Theory
 	public void shatteredStoredInGitBlob() throws IOException {
+		assumeFalse(
+				System.getProperty("org.eclipse.jgit.util.sha1.implementation")
+						.equalsIgnoreCase("jdkNative"));
+
 		byte[] pdf1 = read("shattered-1.pdf", 422435);
 		byte[] pdf2 = read("shattered-2.pdf", 422435);
 
@@ -158,8 +201,10 @@ public class SHA1Test {
 		// the Git blob header permutes the data enough for this specific
 		// attack example to not be detected as a collision. (A different file
 		// pair that takes the Git header into account however, would.)
-		ObjectId id1 = blob(pdf1, SHA1.newInstance().setDetectCollision(true));
-		ObjectId id2 = blob(pdf2, SHA1.newInstance().setDetectCollision(true));
+		ObjectId id1 = blob(pdf1,
+				SHA1.newInstance().setDetectCollision(true));
+		ObjectId id2 = blob(pdf2,
+				SHA1.newInstance().setDetectCollision(true));
 
 		assertEquals(
 				ObjectId.fromString("ba9aaa145ccd24ef760cf31c74d8f7ca1a2e47b0"),
@@ -169,8 +214,12 @@ public class SHA1Test {
 				id2);
 	}
 
-	@Test
+	@Theory
 	public void detectsShatteredByDefault() throws IOException {
+		assumeFalse(
+				System.getProperty("org.eclipse.jgit.util.sha1.implementation")
+						.equalsIgnoreCase("jdkNative"));
+
 		assumeTrue(System.getProperty("org.eclipse.jgit.util.sha1.detectCollision") == null);
 		assumeTrue(System.getProperty("org.eclipse.jgit.util.sha1.safeHash") == null);