org.eclipse.jgit/src/org/eclipse/jgit/lib/Signer.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

/*
 * Copyright (C) 2024 Thomas Wolf <twolf@apache.org> and others
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0 which is available at
 * https://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
package org.eclipse.jgit.lib;

import java.io.IOException;
import java.io.UnsupportedEncodingException;

import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.api.errors.JGitInternalException;
import org.eclipse.jgit.api.errors.UnsupportedSigningFormatException;
import org.eclipse.jgit.transport.CredentialsProvider;

/**
 * Creates signatures for Git objects.
 *
 * @since 7.0
 */
public interface Signer {

	/**
	 * Signs the specified object.
	 *
	 * <p>
	 * Implementors should obtain the payload for signing from the specified
	 * object via {@link ObjectBuilder#build()} and create a proper
	 * {@link GpgSignature}. The generated signature is set on the specified
	 * {@code object} (see {@link ObjectBuilder#setGpgSignature(GpgSignature)}).
	 * </p>
	 * <p>
	 * Any existing signature on the object must be discarded prior obtaining
	 * the payload via {@link ObjectBuilder#build()}.
	 * </p>
	 *
	 * @param repository
	 *            {@link Repository} the object belongs to
	 * @param config
	 *            GPG settings from the git config
	 * @param object
	 *            the object to sign (must not be {@code null} and must be
	 *            complete to allow proper calculation of payload)
	 * @param committer
	 *            the signing identity (to help with key lookup in case signing
	 *            key is not specified)
	 * @param signingKey
	 *            if non-{@code null} overrides the signing key from the config
	 * @param credentialsProvider
	 *            provider to use when querying for signing key credentials (eg.
	 *            passphrase)
	 * @throws CanceledException
	 *             when signing was canceled (eg., user aborted when entering
	 *             passphrase)
	 * @throws IOException
	 *             if an I/O error occurs
	 * @throws UnsupportedSigningFormatException
	 *             if a config is given and the wanted key format is not
	 *             supported
	 */
	default void signObject(@NonNull Repository repository,
			@NonNull GpgConfig config, @NonNull ObjectBuilder object,
			@NonNull PersonIdent committer, String signingKey,
			CredentialsProvider credentialsProvider)
			throws CanceledException, IOException,
			UnsupportedSigningFormatException {
		try {
			object.setGpgSignature(sign(repository, config, object.build(),
					committer, signingKey, credentialsProvider));
		} catch (UnsupportedEncodingException e) {
			throw new JGitInternalException(e.getMessage(), e);
		}
	}

	/**
	 * Signs arbitrary data.
	 *
	 * @param repository
	 *            {@link Repository} the signature is created in
	 * @param config
	 *            GPG settings from the git config
	 * @param data
	 *            the data to sign
	 * @param committer
	 *            the signing identity (to help with key lookup in case signing
	 *            key is not specified)
	 * @param signingKey
	 *            if non-{@code null} overrides the signing key from the config
	 * @param credentialsProvider
	 *            provider to use when querying for signing key credentials (eg.
	 *            passphrase)
	 * @return the signature for {@code data}
	 * @throws CanceledException
	 *             when signing was canceled (eg., user aborted when entering
	 *             passphrase)
	 * @throws IOException
	 *             if an I/O error occurs
	 * @throws UnsupportedSigningFormatException
	 *             if a config is given and the wanted key format is not
	 *             supported
	 */
	GpgSignature sign(@NonNull Repository repository, @NonNull GpgConfig config,
			byte[] data, @NonNull PersonIdent committer, String signingKey,
			CredentialsProvider credentialsProvider) throws CanceledException,
			IOException, UnsupportedSigningFormatException;

	/**
	 * Indicates if a signing key is available for the specified committer
	 * and/or signing key.
	 *
	 * @param repository
	 *            the current {@link Repository}
	 * @param config
	 *            GPG settings from the git config
	 * @param committer
	 *            the signing identity (to help with key lookup in case signing
	 *            key is not specified)
	 * @param signingKey
	 *            if non-{@code null} overrides the signing key from the config
	 * @param credentialsProvider
	 *            provider to use when querying for signing key credentials (eg.
	 *            passphrase)
	 * @return {@code true} if a signing key is available, {@code false}
	 *         otherwise
	 * @throws CanceledException
	 *             when signing was canceled (eg., user aborted when entering
	 *             passphrase)
	 */
	boolean canLocateSigningKey(@NonNull Repository repository,
			@NonNull GpgConfig config, @NonNull PersonIdent committer,
			String signingKey, CredentialsProvider credentialsProvider)
			throws CanceledException;

}