mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3870 Commits
49 Branches
Tree: 6e4e34bb9e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6e4e34bb9e'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java

PushCertificate.java 7.8KB
Raw Normal View History

Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
PushCertificate: implement hashCode/equals/toString Change-Id: Ib588a3f47492cee5e5e6274a3b088678919a0fa0
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Add/fix since tags for new API for push certificates This was missed in change I249869cadb2d55aef016371b9311b8583591b9cf Change-Id: I19c9d4c04b6aa92b9e04c192dee70775d6985b58 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Cleanup some push certificate related javadoc Change-Id: I319ee4e99462598bf6a934b1efc7939bc4b057a5
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Cleanup some push certificate related javadoc Change-Id: I319ee4e99462598bf6a934b1efc7939bc4b057a5
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Cleanup some push certificate related javadoc Change-Id: I319ee4e99462598bf6a934b1efc7939bc4b057a5
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Cleanup some push certificate related javadoc Change-Id: I319ee4e99462598bf6a934b1efc7939bc4b057a5
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Add tests for HMACSHA1NonceGenerator Correct documentation of NonceStatus.OK/SLOP to match the implemented behavior. Change-Id: Id5ec1945eab76db6d2e4b592cb25907ea3d835cd
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Add tests for HMACSHA1NonceGenerator Correct documentation of NonceStatus.OK/SLOP to match the implemented behavior. Change-Id: Id5ec1945eab76db6d2e4b592cb25907ea3d835cd
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Add a separate type for the identity in a push certificate These differ subtly from a PersonIdent, because they can contain anything that is a valid User ID passed to gpg --local-user. Upstream git push --signed will just take the configuration value from user.signingkey and pass that verbatim in both --local-user and the pusher field of the certificate. This does not necessarily contain an email address, which means the parsing implementation ends up being substantially different from RawParseUtils.parsePersonIdent. Nonetheless, we try hard to match PersonIdent behavior in questionable cases. Change-Id: I37714ce7372ccf554b24ddbff56aa61f0b19cbae
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Add a separate type for the identity in a push certificate These differ subtly from a PersonIdent, because they can contain anything that is a valid User ID passed to gpg --local-user. Upstream git push --signed will just take the configuration value from user.signingkey and pass that verbatim in both --local-user and the pusher field of the certificate. This does not necessarily contain an email address, which means the parsing implementation ends up being substantially different from RawParseUtils.parsePersonIdent. Nonetheless, we try hard to match PersonIdent behavior in questionable cases. Change-Id: I37714ce7372ccf554b24ddbff56aa61f0b19cbae
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
BaseReceivePack: Treat all LFs as optional Discussion on the git mailing list has concluded[1] that the intended behavior for all (non-sideband) portions of the receive-pack protocol is for trailing LFs in pkt-lines to be optional. Go back to using PacketLineIn#readString() everywhere. For push certificates specifically, we agreed that the payload signed by the client is always concatenated with LFs even though the client MAY omit LFs when framing the certificate for the wire. This is still reflected in the implementation of PushCertificate#toText(). [1] http://thread.gmane.org/gmane.comp.version-control.git/273175/focus=273412 Change-Id: I817231c4d4defececb8722142fea18ff42e06e44
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
BaseReceivePack: Treat all LFs as optional Discussion on the git mailing list has concluded[1] that the intended behavior for all (non-sideband) portions of the receive-pack protocol is for trailing LFs in pkt-lines to be optional. Go back to using PacketLineIn#readString() everywhere. For push certificates specifically, we agreed that the payload signed by the client is always concatenated with LFs even though the client MAY omit LFs when framing the certificate for the wire. This is still reflected in the implementation of PushCertificate#toText(). [1] http://thread.gmane.org/gmane.comp.version-control.git/273175/focus=273412 Change-Id: I817231c4d4defececb8722142fea18ff42e06e44
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
PushCertificateParser: include begin/end lines in signature The signature is intended to be passed to a verification library such as Bouncy Castle, which expects these lines to be present in order to parse the signature. Change-Id: I22097bead2746da5fc53419f79761cafd5c31c3b
9 years ago
BaseReceivePack: Treat all LFs as optional Discussion on the git mailing list has concluded[1] that the intended behavior for all (non-sideband) portions of the receive-pack protocol is for trailing LFs in pkt-lines to be optional. Go back to using PacketLineIn#readString() everywhere. For push certificates specifically, we agreed that the payload signed by the client is always concatenated with LFs even though the client MAY omit LFs when framing the certificate for the wire. This is still reflected in the implementation of PushCertificate#toText(). [1] http://thread.gmane.org/gmane.comp.version-control.git/273175/focus=273412 Change-Id: I817231c4d4defececb8722142fea18ff42e06e44
9 years ago
PushCertificateParser: include begin/end lines in signature The signature is intended to be passed to a verification library such as Bouncy Castle, which expects these lines to be present in order to parse the signature. Change-Id: I22097bead2746da5fc53419f79761cafd5c31c3b
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Add a separate type for the identity in a push certificate These differ subtly from a PersonIdent, because they can contain anything that is a valid User ID passed to gpg --local-user. Upstream git push --signed will just take the configuration value from user.signingkey and pass that verbatim in both --local-user and the pusher field of the certificate. This does not necessarily contain an email address, which means the parsing implementation ends up being substantially different from RawParseUtils.parsePersonIdent. Nonetheless, we try hard to match PersonIdent behavior in questionable cases. Change-Id: I37714ce7372ccf554b24ddbff56aa61f0b19cbae
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Add a separate type for the identity in a push certificate These differ subtly from a PersonIdent, because they can contain anything that is a valid User ID passed to gpg --local-user. Upstream git push --signed will just take the configuration value from user.signingkey and pass that verbatim in both --local-user and the pusher field of the certificate. This does not necessarily contain an email address, which means the parsing implementation ends up being substantially different from RawParseUtils.parsePersonIdent. Nonetheless, we try hard to match PersonIdent behavior in questionable cases. Change-Id: I37714ce7372ccf554b24ddbff56aa61f0b19cbae
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Add a separate type for the identity in a push certificate These differ subtly from a PersonIdent, because they can contain anything that is a valid User ID passed to gpg --local-user. Upstream git push --signed will just take the configuration value from user.signingkey and pass that verbatim in both --local-user and the pusher field of the certificate. This does not necessarily contain an email address, which means the parsing implementation ends up being substantially different from RawParseUtils.parsePersonIdent. Nonetheless, we try hard to match PersonIdent behavior in questionable cases. Change-Id: I37714ce7372ccf554b24ddbff56aa61f0b19cbae
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Silence API warnings introduced by a85e817d a85e817d is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I1d0ba9ea0a347e8ff5a0f4af169d9bb18c5838d2 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
PushCertificateParser: include begin/end lines in signature The signature is intended to be passed to a verification library such as Bouncy Castle, which expects these lines to be present in order to parse the signature. Change-Id: I22097bead2746da5fc53419f79761cafd5c31c3b
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Silence API warnings introduced by a85e817d a85e817d is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I1d0ba9ea0a347e8ff5a0f4af169d9bb18c5838d2 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
BaseReceivePack: Treat all LFs as optional Discussion on the git mailing list has concluded[1] that the intended behavior for all (non-sideband) portions of the receive-pack protocol is for trailing LFs in pkt-lines to be optional. Go back to using PacketLineIn#readString() everywhere. For push certificates specifically, we agreed that the payload signed by the client is always concatenated with LFs even though the client MAY omit LFs when framing the certificate for the wire. This is still reflected in the implementation of PushCertificate#toText(). [1] http://thread.gmane.org/gmane.comp.version-control.git/273175/focus=273412 Change-Id: I817231c4d4defececb8722142fea18ff42e06e44
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
Add a separate type for the identity in a push certificate These differ subtly from a PersonIdent, because they can contain anything that is a valid User ID passed to gpg --local-user. Upstream git push --signed will just take the configuration value from user.signingkey and pass that verbatim in both --local-user and the pusher field of the certificate. This does not necessarily contain an email address, which means the parsing implementation ends up being substantially different from RawParseUtils.parsePersonIdent. Nonetheless, we try hard to match PersonIdent behavior in questionable cases. Change-Id: I37714ce7372ccf554b24ddbff56aa61f0b19cbae
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
BaseReceivePack: Treat all LFs as optional Discussion on the git mailing list has concluded[1] that the intended behavior for all (non-sideband) portions of the receive-pack protocol is for trailing LFs in pkt-lines to be optional. Go back to using PacketLineIn#readString() everywhere. For push certificates specifically, we agreed that the payload signed by the client is always concatenated with LFs even though the client MAY omit LFs when framing the certificate for the wire. This is still reflected in the implementation of PushCertificate#toText(). [1] http://thread.gmane.org/gmane.comp.version-control.git/273175/focus=273412 Change-Id: I817231c4d4defececb8722142fea18ff42e06e44
9 years ago
Rewrite push certificate parsing - Consistently return structured data, such as actual ReceiveCommands, which is more useful for callers that are doing things other than verifying the signature, e.g. recording the set of commands. - Store the certificate version field, as this is required to be part of the signed payload. - Add a toText() method to recreate the actual payload for signature verification. This requires keeping track of the un-chomped command strings from the original protocol stream. - Separate the parser from the certificate itself, so the actual PushCertificate object can be immutable. Make a fair attempt at deep immutability, but this is not possible with the current mutable ReceiveCommand structure. - Use more detailed error messages that don't involve NON-NLS strings. - Document null return values more thoroughly. Instead of having the undocumented behavior of throwing NPE from certain methods if they are not first guarded by enabled(), eliminate enabled() and return null from those methods. - Add tests for parsing a push cert from a section of pkt-line stream using a real live stream captured with Wireshark (which, it should be noted, uncovered several simply incorrect statements in C git's Documentation/technical/pack-protocol.txt). This is a slightly breaking API change to classes that were technically public and technically released in 4.0. However, it is highly unlikely that people were actually depending on public behavior, since there were no public methods to create PushCertificates with anything other than null field values, or a PushCertificateParser that did anything other than infinite loop or throw exceptions when reading. Change-Id: I5382193347a8eb1811032d9b32af9651871372d0
9 years ago
PushCertificate: implement hashCode/equals/toString Change-Id: Ib588a3f47492cee5e5e6274a3b088678919a0fa0
9 years ago
Port push certificates Push certificates ("git push --signed") have been part of git-core since version 2.2.0 (released Nov 26 2014). We also want to support that feature. This is not complete and is lacking the actual functionality to validate the signature for now. Change-Id: I249869cadb2d55aef016371b9311b8583591b9cf Signed-off-by: Stefan Beller <sbeller@google.com>
9 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261 
  1. /*

  2.  * Copyright (C) 2015, Google Inc.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. 

  44. package org.eclipse.jgit.transport;

  45. 

  46. import static org.eclipse.jgit.transport.PushCertificateParser.NONCE;

  47. import static org.eclipse.jgit.transport.PushCertificateParser.PUSHEE;

  48. import static org.eclipse.jgit.transport.PushCertificateParser.PUSHER;

  49. import static org.eclipse.jgit.transport.PushCertificateParser.VERSION;

  50. 

  51. import java.text.MessageFormat;

  52. import java.util.List;

  53. import java.util.Objects;

  54. 

  55. import org.eclipse.jgit.internal.JGitText;

  56. 

  57. /**

  58.  * The required information to verify the push.

  59.  * <p>

  60.  * A valid certificate will not return null from any getter methods; callers may

  61.  * assume that any null value indicates a missing or invalid certificate.

  62.  *

  63.  * @since 4.0

  64.  */

  65. public class PushCertificate {

  66. 	/** Verification result of the nonce returned during push. */

  67. 	public enum NonceStatus {

  68. 		/** Nonce was not expected, yet client sent one anyway. */

  69. 		UNSOLICITED,

  70. 		/** Nonce is invalid and did not match server's expectations. */

  71. 		BAD,

  72. 		/** Nonce is required, but was not sent by client. */

  73. 		MISSING,

  74. 		/**

  75. 		 * Received nonce matches sent nonce, or is valid within the accepted slop

  76. 		 * window.

  77. 		 */

  78. 		OK,

  79. 		/** Received nonce is valid, but outside the accepted slop window. */

  80. 		SLOP

  81. 	}

  82. 

  83. 	private final String version;

  84. 	private final PushCertificateIdent pusher;

  85. 	private final String pushee;

  86. 	private final String nonce;

  87. 	private final NonceStatus nonceStatus;

  88. 	private final List<ReceiveCommand> commands;

  89. 	private final String signature;

  90. 

  91. 	PushCertificate(String version, PushCertificateIdent pusher, String pushee,

  92. 			String nonce, NonceStatus nonceStatus, List<ReceiveCommand> commands,

  93. 			String signature) {

  94. 		if (version == null || version.isEmpty()) {

  95. 			throw new IllegalArgumentException(MessageFormat.format(

  96. 					JGitText.get().pushCertificateInvalidField, VERSION));

  97. 		}

  98. 		if (pusher == null) {

  99. 			throw new IllegalArgumentException(MessageFormat.format(

  100. 					JGitText.get().pushCertificateInvalidField, PUSHER));

  101. 		}

  102. 		if (nonce == null || nonce.isEmpty()) {

  103. 			throw new IllegalArgumentException(MessageFormat.format(

  104. 					JGitText.get().pushCertificateInvalidField, NONCE));

  105. 		}

  106. 		if (nonceStatus == null) {

  107. 			throw new IllegalArgumentException(MessageFormat.format(

  108. 					JGitText.get().pushCertificateInvalidField,

  109. 					"nonce status")); //$NON-NLS-1$

  110. 		}

  111. 		if (commands == null || commands.isEmpty()) {

  112. 			throw new IllegalArgumentException(MessageFormat.format(

  113. 					JGitText.get().pushCertificateInvalidField,

  114. 					"command")); //$NON-NLS-1$

  115. 		}

  116. 		if (signature == null || signature.isEmpty()) {

  117. 			throw new IllegalArgumentException(

  118. 					JGitText.get().pushCertificateInvalidSignature);

  119. 		}

  120. 		if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE)

  121. 				|| !signature.endsWith(PushCertificateParser.END_SIGNATURE + '\n')) {

  122. 			throw new IllegalArgumentException(

  123. 					JGitText.get().pushCertificateInvalidSignature);

  124. 		}

  125. 		this.version = version;

  126. 		this.pusher = pusher;

  127. 		this.pushee = pushee;

  128. 		this.nonce = nonce;

  129. 		this.nonceStatus = nonceStatus;

  130. 		this.commands = commands;

  131. 		this.signature = signature;

  132. 	}

  133. 

  134. 	/**

  135. 	 * @return the certificate version string.

  136. 	 * @since 4.1

  137. 	 */

  138. 	public String getVersion() {

  139. 		return version;

  140. 	}

  141. 

  142. 	/**

  143. 	 * @return the raw line that signed the cert, as a string.

  144. 	 * @since 4.0

  145. 	 */

  146. 	public String getPusher() {

  147. 		return pusher.getRaw();

  148. 	}

  149. 

  150. 	/**

  151. 	 * @return identity of the pusher who signed the cert.

  152. 	 * @since 4.1

  153. 	 */

  154. 	public PushCertificateIdent getPusherIdent() {

  155. 		return pusher;

  156. 	}

  157. 

  158. 	/**

  159. 	 * @return URL of the repository the push was originally sent to.

  160. 	 * @since 4.0

  161. 	 */

  162. 	public String getPushee() {

  163. 		return pushee;

  164. 	}

  165. 

  166. 	/**

  167. 	 * @return the raw nonce value that was presented by the pusher.

  168. 	 * @since 4.1

  169. 	 */

  170. 	public String getNonce() {

  171. 		return nonce;

  172. 	}

  173. 

  174. 	/**

  175. 	 * @return verification status of the nonce embedded in the certificate.

  176. 	 * @since 4.0

  177. 	 */

  178. 	public NonceStatus getNonceStatus() {

  179. 		return nonceStatus;

  180. 	}

  181. 

  182. 	/**

  183. 	 * @return the list of commands as one string to be feed into the signature

  184. 	 *         verifier.

  185. 	 * @since 4.1

  186. 	 */

  187. 	public List<ReceiveCommand> getCommands() {

  188. 		return commands;

  189. 	}

  190. 

  191. 	/**

  192. 	 * @return the raw signature, consisting of the lines received between the

  193. 	 *     lines {@code "----BEGIN GPG SIGNATURE-----\n"} and

  194. 	 *     {@code "----END GPG SIGNATURE-----\n}", inclusive.

  195. 	 * @since 4.0

  196. 	 */

  197. 	public String getSignature() {

  198. 		return signature;

  199. 	}

  200. 

  201. 	/**

  202. 	 * @return text payload of the certificate for the signature verifier.

  203. 	 * @since 4.1

  204. 	 */

  205. 	public String toText() {

  206. 		StringBuilder sb = new StringBuilder()

  207. 				.append(VERSION).append(' ').append(version).append('\n')

  208. 				.append(PUSHER).append(' ').append(getPusher())

  209. 				.append('\n')

  210. 				.append(PUSHEE).append(' ').append(pushee).append('\n')

  211. 				.append(NONCE).append(' ').append(nonce).append('\n')

  212. 				.append('\n');

  213. 		for (ReceiveCommand cmd : commands) {

  214. 			sb.append(cmd.getOldId().name())

  215. 				.append(' ').append(cmd.getNewId().name())

  216. 				.append(' ').append(cmd.getRefName()).append('\n');

  217. 		}

  218. 		return sb.toString();

  219. 	}

  220. 

  221. 	@Override

  222. 	public int hashCode() {

  223. 		return signature.hashCode();

  224. 	}

  225. 

  226. 	@Override

  227. 	public boolean equals(Object o) {

  228. 		if (!(o instanceof PushCertificate)) {

  229. 			return false;

  230. 		}

  231. 		PushCertificate p = (PushCertificate) o;

  232. 		return version.equals(p.version)

  233. 				&& pusher.equals(p.pusher)

  234. 				&& Objects.equals(pushee, p.pushee)

  235. 				&& nonceStatus == p.nonceStatus

  236. 				&& signature.equals(p.signature)

  237. 				&& commandsEqual(this, p);

  238. 	}

  239. 

  240. 	private static boolean commandsEqual(PushCertificate c1, PushCertificate c2) {

  241. 		if (c1.commands.size() != c2.commands.size()) {

  242. 			return false;

  243. 		}

  244. 		for (int i = 0; i < c1.commands.size(); i++) {

  245. 			ReceiveCommand cmd1 = c1.commands.get(i);

  246. 			ReceiveCommand cmd2 = c2.commands.get(i);

  247. 			if (!cmd1.getOldId().equals(cmd2.getOldId())

  248. 					|| !cmd1.getNewId().equals(cmd2.getNewId())

  249. 					|| !cmd1.getRefName().equals(cmd2.getRefName())) {

  250. 				return false;

  251. 			}

  252. 		}

  253. 		return true;

  254. 	}

  255. 

  256. 	@Override

  257. 	public String toString() {

  258. 		return getClass().getSimpleName() + '['

  259. 				 + toText() + signature + ']';

  260. 	}

  261. }