2 files changed, 20 insertions, 11 deletions

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
index 222ca55d5c..7e9434a0f0 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
@@ -105,36 +105,42 @@ public class HMACSHA1NonceGenerator implements NonceGenerator {
 	@Override
 	public NonceStatus verify(String received, String sent,
 			Repository db, boolean allowSlop, int slop) {
-		if (received.isEmpty())
+		if (received.isEmpty()) {
 			return NonceStatus.MISSING;
-		else if (sent.isEmpty())
+		} else if (sent.isEmpty()) {
 			return NonceStatus.UNSOLICITED;
-		else if (received.equals(sent))
+		} else if (received.equals(sent)) {
 			return NonceStatus.OK;
+		}
 
-		if (!allowSlop)
+		if (!allowSlop) {
 			return NonceStatus.BAD;
+		}
 
 		/* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 		int idxSent = sent.indexOf('-');
 		int idxRecv = received.indexOf('-');
-		if (idxSent == -1 || idxRecv == -1)
+		if (idxSent == -1 || idxRecv == -1) {
 			return NonceStatus.BAD;
+		}
 
+		String signedStampStr = received.substring(0, idxRecv);
+		String advertisedStampStr = sent.substring(0, idxSent);
 		long signedStamp;
 		long advertisedStamp;
 		try {
-			signedStamp = Long.parseLong(received.substring(0, idxRecv));
-			advertisedStamp = Long.parseLong(sent.substring(0, idxSent));
-		} catch (Exception e) {
+			signedStamp = Long.parseLong(signedStampStr);
+			advertisedStamp = Long.parseLong(advertisedStampStr);
+		} catch (IllegalArgumentException e) {
 			return NonceStatus.BAD;
 		}
 
 		// what we would have signed earlier
 		String expect = createNonce(db, signedStamp);
 
-		if (!expect.equals(received))
+		if (!expect.equals(received)) {
 			return NonceStatus.BAD;
+		}
 
 		long nonceStampSlop = Math.abs(advertisedStamp - signedStamp);
 
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
index 2eda2b7138..18a1197912 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
@@ -71,9 +71,12 @@ public class PushCertificate {
 		BAD,
 		/** Nonce is required, but was not sent by client. */
 		MISSING,
-		/** Received nonce is valid. */
+		/**
+		 * Received nonce matches sent nonce, or is valid within the accepted slop
+		 * window.
+		 */
 		OK,
-		/** Received nonce is valid and within the accepted slop window. */
+		/** Received nonce is valid, but outside the accepted slop window. */
 		SLOP
 	}