/*
* Copyright (C) 2015, Google Inc. and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.transport;
import static org.eclipse.jgit.transport.PushCertificateParser.NONCE;
import static org.eclipse.jgit.transport.PushCertificateParser.PUSHEE;
import static org.eclipse.jgit.transport.PushCertificateParser.PUSHER;
import static org.eclipse.jgit.transport.PushCertificateParser.VERSION;
import java.text.MessageFormat;
import java.util.List;
import java.util.Objects;
import org.eclipse.jgit.internal.JGitText;
/**
* The required information to verify the push.
*
* A valid certificate will not return null from any getter methods; callers may
* assume that any null value indicates a missing or invalid certificate.
*
* @since 4.0
*/
public class PushCertificate {
/** Verification result of the nonce returned during push. */
public enum NonceStatus {
/** Nonce was not expected, yet client sent one anyway. */
UNSOLICITED,
/** Nonce is invalid and did not match server's expectations. */
BAD,
/** Nonce is required, but was not sent by client. */
MISSING,
/**
* Received nonce matches sent nonce, or is valid within the accepted slop
* window.
*/
OK,
/** Received nonce is valid, but outside the accepted slop window. */
SLOP
}
private final String version;
private final PushCertificateIdent pusher;
private final String pushee;
private final String nonce;
private final NonceStatus nonceStatus;
private final List commands;
private final String signature;
PushCertificate(String version, PushCertificateIdent pusher, String pushee,
String nonce, NonceStatus nonceStatus, List commands,
String signature) {
if (version == null || version.isEmpty()) {
throw new IllegalArgumentException(MessageFormat.format(
JGitText.get().pushCertificateInvalidField, VERSION));
}
if (pusher == null) {
throw new IllegalArgumentException(MessageFormat.format(
JGitText.get().pushCertificateInvalidField, PUSHER));
}
if (nonce == null || nonce.isEmpty()) {
throw new IllegalArgumentException(MessageFormat.format(
JGitText.get().pushCertificateInvalidField, NONCE));
}
if (nonceStatus == null) {
throw new IllegalArgumentException(MessageFormat.format(
JGitText.get().pushCertificateInvalidField,
"nonce status")); //$NON-NLS-1$
}
if (commands == null || commands.isEmpty()) {
throw new IllegalArgumentException(MessageFormat.format(
JGitText.get().pushCertificateInvalidField,
"command")); //$NON-NLS-1$
}
if (signature == null || signature.isEmpty()) {
throw new IllegalArgumentException(
JGitText.get().pushCertificateInvalidSignature);
}
if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE)
|| !signature.endsWith(PushCertificateParser.END_SIGNATURE + '\n')) {
throw new IllegalArgumentException(
JGitText.get().pushCertificateInvalidSignature);
}
this.version = version;
this.pusher = pusher;
this.pushee = pushee;
this.nonce = nonce;
this.nonceStatus = nonceStatus;
this.commands = commands;
this.signature = signature;
}
/**
* Get the certificate version string.
*
* @return the certificate version string.
* @since 4.1
*/
public String getVersion() {
return version;
}
/**
* Get the raw line that signed the cert, as a string.
*
* @return the raw line that signed the cert, as a string.
* @since 4.0
*/
public String getPusher() {
return pusher.getRaw();
}
/**
* Get identity of the pusher who signed the cert.
*
* @return identity of the pusher who signed the cert.
* @since 4.1
*/
public PushCertificateIdent getPusherIdent() {
return pusher;
}
/**
* Get URL of the repository the push was originally sent to.
*
* @return URL of the repository the push was originally sent to.
* @since 4.0
*/
public String getPushee() {
return pushee;
}
/**
* Get the raw nonce value that was presented by the pusher.
*
* @return the raw nonce value that was presented by the pusher.
* @since 4.1
*/
public String getNonce() {
return nonce;
}
/**
* Get verification status of the nonce embedded in the certificate.
*
* @return verification status of the nonce embedded in the certificate.
* @since 4.0
*/
public NonceStatus getNonceStatus() {
return nonceStatus;
}
/**
* Get the list of commands as one string to be feed into the signature
* verifier.
*
* @return the list of commands as one string to be feed into the signature
* verifier.
* @since 4.1
*/
public List getCommands() {
return commands;
}
/**
* Get the raw signature
*
* @return the raw signature, consisting of the lines received between the
* lines {@code "----BEGIN GPG SIGNATURE-----\n"} and
* {@code "----END GPG SIGNATURE-----\n}", inclusive.
* @since 4.0
*/
public String getSignature() {
return signature;
}
/**
* Get text payload of the certificate for the signature verifier.
*
* @return text payload of the certificate for the signature verifier.
* @since 4.1
*/
public String toText() {
return toStringBuilder().toString();
}
/**
* Get original text payload plus signature
*
* @return original text payload plus signature; the final output will be
* valid as input to
* {@link org.eclipse.jgit.transport.PushCertificateParser#fromString(String)}.
* @since 4.1
*/
public String toTextWithSignature() {
return toStringBuilder().append(signature).toString();
}
private StringBuilder toStringBuilder() {
StringBuilder sb = new StringBuilder()
.append(VERSION).append(' ').append(version).append('\n')
.append(PUSHER).append(' ').append(getPusher())
.append('\n');
if (pushee != null) {
sb.append(PUSHEE).append(' ').append(pushee).append('\n');
}
sb.append(NONCE).append(' ').append(nonce).append('\n')
.append('\n');
for (ReceiveCommand cmd : commands) {
sb.append(cmd.getOldId().name())
.append(' ').append(cmd.getNewId().name())
.append(' ').append(cmd.getRefName()).append('\n');
}
return sb;
}
/** {@inheritDoc} */
@Override
public int hashCode() {
return signature.hashCode();
}
/** {@inheritDoc} */
@Override
public boolean equals(Object o) {
if (!(o instanceof PushCertificate)) {
return false;
}
PushCertificate p = (PushCertificate) o;
return version.equals(p.version)
&& pusher.equals(p.pusher)
&& Objects.equals(pushee, p.pushee)
&& nonceStatus == p.nonceStatus
&& signature.equals(p.signature)
&& commandsEqual(this, p);
}
private static boolean commandsEqual(PushCertificate c1, PushCertificate c2) {
if (c1.commands.size() != c2.commands.size()) {
return false;
}
for (int i = 0; i < c1.commands.size(); i++) {
ReceiveCommand cmd1 = c1.commands.get(i);
ReceiveCommand cmd2 = c2.commands.get(i);
if (!cmd1.getOldId().equals(cmd2.getOldId())
|| !cmd1.getNewId().equals(cmd2.getNewId())
|| !cmd1.getRefName().equals(cmd2.getRefName())) {
return false;
}
}
return true;
}
/** {@inheritDoc} */
@Override
public String toString() {
return getClass().getSimpleName() + '['
+ toTextWithSignature() + ']';
}
}