| /* |
| * Copyright (C) 2021, Thomas Wolf <thomas.wolf@paranor.ch> and others |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Distribution License v. 1.0 which is available at |
| * https://www.eclipse.org/org/documents/edl-v10.php. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| package org.eclipse.jgit.lib; |
| |
| import java.io.IOException; |
| import java.util.Date; |
| |
| import org.eclipse.jgit.annotations.NonNull; |
| import org.eclipse.jgit.annotations.Nullable; |
| import org.eclipse.jgit.api.errors.JGitInternalException; |
| import org.eclipse.jgit.revwalk.RevObject; |
| |
| /** |
| * A {@code GpgVerifier} can verify GPG signatures on git commits and tags. |
| * |
| * @since 5.11 |
| */ |
| public interface GpgSignatureVerifier { |
| |
| /** |
| * Verifies the signature on a signed commit or tag. |
| * |
| * @param object |
| * to verify |
| * @param config |
| * the {@link GpgConfig} to use |
| * @return a {@link SignatureVerification} describing the outcome of the |
| * verification, or {@code null} if the object was not signed |
| * @throws IOException |
| * if an error occurs getting a public key |
| * @throws org.eclipse.jgit.api.errors.JGitInternalException |
| * if signature verification fails |
| */ |
| @Nullable |
| SignatureVerification verifySignature(@NonNull RevObject object, |
| @NonNull GpgConfig config) throws IOException; |
| |
| |
| /** |
| * Verifies a given signature for given data. |
| * |
| * @param data |
| * the signature is for |
| * @param signatureData |
| * the ASCII-armored signature |
| * @return a {@link SignatureVerification} describing the outcome |
| * @throws IOException |
| * if the signature cannot be parsed |
| * @throws JGitInternalException |
| * if signature verification fails |
| */ |
| public SignatureVerification verify(byte[] data, byte[] signatureData) |
| throws IOException; |
| |
| /** |
| * Retrieves the name of this verifier. This should be a short string |
| * identifying the engine that verified the signature, like "gpg" if GPG is |
| * used, or "bc" for a BouncyCastle implementation. |
| * |
| * @return the name |
| */ |
| @NonNull |
| String getName(); |
| |
| /** |
| * A {@link GpgSignatureVerifier} may cache public keys to speed up |
| * verifying signatures on multiple objects. This clears this cache, if any. |
| */ |
| void clear(); |
| |
| /** |
| * A {@code SignatureVerification} returns data about a (positively or |
| * negatively) verified signature. |
| */ |
| interface SignatureVerification { |
| |
| // Data about the signature. |
| |
| @NonNull |
| Date getCreationDate(); |
| |
| // Data from the signature used to find a public key. |
| |
| /** |
| * Obtains the signer as stored in the signature, if known. |
| * |
| * @return the signer, or {@code null} if unknown |
| */ |
| String getSigner(); |
| |
| /** |
| * Obtains the short or long fingerprint of the public key as stored in |
| * the signature, if known. |
| * |
| * @return the fingerprint, or {@code null} if unknown |
| */ |
| String getKeyFingerprint(); |
| |
| // Some information about the found public key. |
| |
| /** |
| * Obtains the OpenPGP user ID associated with the key. |
| * |
| * @return the user id, or {@code null} if unknown |
| */ |
| String getKeyUser(); |
| |
| /** |
| * Tells whether the public key used for this signature verification was |
| * expired when the signature was created. |
| * |
| * @return {@code true} if the key was expired already, {@code false} |
| * otherwise |
| */ |
| boolean isExpired(); |
| |
| /** |
| * Obtains the trust level of the public key used to verify the |
| * signature. |
| * |
| * @return the trust level |
| */ |
| @NonNull |
| TrustLevel getTrustLevel(); |
| |
| // The verification result. |
| |
| /** |
| * Tells whether the signature verification was successful. |
| * |
| * @return {@code true} if the signature was verified successfully; |
| * {@code false} if not. |
| */ |
| boolean getVerified(); |
| |
| /** |
| * Obtains a human-readable message giving additional information about |
| * the outcome of the verification. |
| * |
| * @return the message, or {@code null} if none set. |
| */ |
| String getMessage(); |
| } |
| |
| /** |
| * The owner's trust in a public key. |
| */ |
| enum TrustLevel { |
| UNKNOWN, NEVER, MARGINAL, FULL, ULTIMATE |
| } |
| } |