SignedPushConfig: Allow setting a custom nonce generator impl

Change-Id: Ic0156a7d65d99881ef27801fcce7754594c436f0

2 files changed, 44 insertions, 8 deletions

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
index 04871c7f9a..fea8f125e1 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
@@ -117,9 +117,7 @@ public class PushCertificateParser {
 	PushCertificateParser(Repository into, SignedPushConfig cfg) {
 		if (cfg != null) {
 			nonceSlopLimit = cfg.getCertNonceSlopLimit();
-			nonceGenerator = cfg.getCertNonceSeed() != null
-					? new HMACSHA1NonceGenerator(cfg.certNonceSeed)
-					: null;
+			nonceGenerator = cfg.getNonceGenerator();
 		} else {
 			nonceSlopLimit = 0;
 			nonceGenerator = null;
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java
index d3c5a97434..942e7d7742 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java
@@ -60,22 +60,26 @@ public class SignedPushConfig {
 		}
 	};
 
-	String certNonceSeed;
-	int certNonceSlopLimit;
+	private String certNonceSeed;
+	private int certNonceSlopLimit;
+	private NonceGenerator nonceGenerator;
 
 	/** Create a new config with default values disabling push verification. */
 	public SignedPushConfig() {
 	}
 
 	SignedPushConfig(Config cfg) {
-		certNonceSeed = cfg.getString("receive", null, "certnonceseed"); //$NON-NLS-1$ //$NON-NLS-2$
+		setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$
 		certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$
 	}
 
 	/**
 	 * Set the seed used by the nonce verifier.
 	 * <p>
-	 * Setting this to a non-null value enables push certificate verification.
+	 * Setting this to a non-null value enables push certificate verification
+	 * using the default {@link HMACSHA1NonceGenerator} implementation, if a
+	 * different implementation was not set using {@link
+	 * #setNonceGenerator(NonceGenerator)}.
 	 *
 	 * @param seed
 	 *            new seed value.
@@ -84,7 +88,7 @@ public class SignedPushConfig {
 		certNonceSeed = seed;
 	}
 
-	/** @return the configured seed used by the nonce verifier. */
+	/** @return the configured seed. */
 	public String getCertNonceSeed() {
 		return certNonceSeed;
 	}
@@ -105,4 +109,38 @@ public class SignedPushConfig {
 	public int getCertNonceSlopLimit() {
 		return certNonceSlopLimit;
 	}
+
+	/**
+	 * Set the {@link NonceGenerator} used for signed pushes.
+	 * <p>
+	 * Setting this to a non-null value enables push certificate verification. If
+	 * this method is called, this implementation will be used instead of the
+	 * default {@link HMACSHA1NonceGenerator} even if {@link
+	 * #setCertNonceSeed(String)} was called.
+	 *
+	 * @param generator
+	 *            new nonce generator.
+	 */
+	public void setNonceGenerator(NonceGenerator generator) {
+		nonceGenerator = generator;
+	}
+
+	/**
+	 * Get the {@link NonceGenerator} used for signed pushes.
+	 * <p>
+	 * If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null
+	 * implementation, that will be returned. If no custom implementation was set
+	 * but {@link #setCertNonceSeed(String)} was called, returns a newly-created
+	 * {@link HMACSHA1NonceGenerator}.
+	 *
+	 * @return the configured nonce generator.
+	 */
+	public NonceGenerator getNonceGenerator() {
+		if (nonceGenerator != null) {
+			return nonceGenerator;
+		} else if (certNonceSeed != null) {
+			return new HMACSHA1NonceGenerator(certNonceSeed);
+		}
+		return null;
+	}
 }