mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8427 Commits
49 Branches
Tree: 7b60a5ddaf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7b60a5ddaf'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifier.java

GpgSignatureVerifier.java 4.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. /*

  2.  * Copyright (C) 2021, Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.lib;

  11. 

  12. import java.io.IOException;

  13. import java.util.Date;

  14. 

  15. import org.eclipse.jgit.annotations.NonNull;

  16. import org.eclipse.jgit.annotations.Nullable;

  17. import org.eclipse.jgit.api.errors.JGitInternalException;

  18. import org.eclipse.jgit.revwalk.RevObject;

  19. 

  20. /**

  21.  * A {@code GpgVerifier} can verify GPG signatures on git commits and tags.

  22.  *

  23.  * @since 5.11

  24.  */

  25. public interface GpgSignatureVerifier {

  26. 

  27. 	/**

  28. 	 * Verifies the signature on a signed commit or tag.

  29. 	 *

  30. 	 * @param object

  31. 	 *            to verify

  32. 	 * @param config

  33. 	 *            the {@link GpgConfig} to use

  34. 	 * @return a {@link SignatureVerification} describing the outcome of the

  35. 	 *         verification, or {@code null} if the object was not signed

  36. 	 * @throws IOException

  37. 	 *             if an error occurs getting a public key

  38. 	 * @throws org.eclipse.jgit.api.errors.JGitInternalException

  39. 	 *             if signature verification fails

  40. 	 */

  41. 	@Nullable

  42. 	SignatureVerification verifySignature(@NonNull RevObject object,

  43. 			@NonNull GpgConfig config) throws IOException;

  44. 

  45. 

  46. 	/**

  47. 	 * Verifies a given signature for given data.

  48. 	 *

  49. 	 * @param data

  50. 	 *            the signature is for

  51. 	 * @param signatureData

  52. 	 *            the ASCII-armored signature

  53. 	 * @return a {@link SignatureVerification} describing the outcome

  54. 	 * @throws IOException

  55. 	 *             if the signature cannot be parsed

  56. 	 * @throws JGitInternalException

  57. 	 *             if signature verification fails

  58. 	 */

  59. 	public SignatureVerification verify(byte[] data, byte[] signatureData)

  60. 			throws IOException;

  61. 

  62. 	/**

  63. 	 * Retrieves the name of this verifier. This should be a short string

  64. 	 * identifying the engine that verified the signature, like "gpg" if GPG is

  65. 	 * used, or "bc" for a BouncyCastle implementation.

  66. 	 *

  67. 	 * @return the name

  68. 	 */

  69. 	@NonNull

  70. 	String getName();

  71. 

  72. 	/**

  73. 	 * A {@link GpgSignatureVerifier} may cache public keys to speed up

  74. 	 * verifying signatures on multiple objects. This clears this cache, if any.

  75. 	 */

  76. 	void clear();

  77. 

  78. 	/**

  79. 	 * A {@code SignatureVerification} returns data about a (positively or

  80. 	 * negatively) verified signature.

  81. 	 */

  82. 	interface SignatureVerification {

  83. 

  84. 		// Data about the signature.

  85. 

  86. 		@NonNull

  87. 		Date getCreationDate();

  88. 

  89. 		// Data from the signature used to find a public key.

  90. 

  91. 		/**

  92. 		 * Obtains the signer as stored in the signature, if known.

  93. 		 *

  94. 		 * @return the signer, or {@code null} if unknown

  95. 		 */

  96. 		String getSigner();

  97. 

  98. 		/**

  99. 		 * Obtains the short or long fingerprint of the public key as stored in

  100. 		 * the signature, if known.

  101. 		 *

  102. 		 * @return the fingerprint, or {@code null} if unknown

  103. 		 */

  104. 		String getKeyFingerprint();

  105. 

  106. 		// Some information about the found public key.

  107. 

  108. 		/**

  109. 		 * Obtains the OpenPGP user ID associated with the key.

  110. 		 *

  111. 		 * @return the user id, or {@code null} if unknown

  112. 		 */

  113. 		String getKeyUser();

  114. 

  115. 		/**

  116. 		 * Tells whether the public key used for this signature verification was

  117. 		 * expired when the signature was created.

  118. 		 *

  119. 		 * @return {@code true} if the key was expired already, {@code false}

  120. 		 *         otherwise

  121. 		 */

  122. 		boolean isExpired();

  123. 

  124. 		/**

  125. 		 * Obtains the trust level of the public key used to verify the

  126. 		 * signature.

  127. 		 *

  128. 		 * @return the trust level

  129. 		 */

  130. 		@NonNull

  131. 		TrustLevel getTrustLevel();

  132. 

  133. 		// The verification result.

  134. 

  135. 		/**

  136. 		 * Tells whether the signature verification was successful.

  137. 		 *

  138. 		 * @return {@code true} if the signature was verified successfully;

  139. 		 *         {@code false} if not.

  140. 		 */

  141. 		boolean getVerified();

  142. 

  143. 		/**

  144. 		 * Obtains a human-readable message giving additional information about

  145. 		 * the outcome of the verification.

  146. 		 *

  147. 		 * @return the message, or {@code null} if none set.

  148. 		 */

  149. 		String getMessage();

  150. 	}

  151. 

  152. 	/**

  153. 	 * The owner's trust in a public key.

  154. 	 */

  155. 	enum TrustLevel {

  156. 		UNKNOWN, NEVER, MARGINAL, FULL, ULTIMATE

  157. 	}

  158. }