| /* |
| * Copyright (C) 2015, Google Inc. and others |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Distribution License v. 1.0 which is available at |
| * https://www.eclipse.org/org/documents/edl-v10.php. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| package org.eclipse.jgit.transport; |
| |
| import static org.eclipse.jgit.transport.PushCertificateParser.NONCE; |
| import static org.eclipse.jgit.transport.PushCertificateParser.PUSHEE; |
| import static org.eclipse.jgit.transport.PushCertificateParser.PUSHER; |
| import static org.eclipse.jgit.transport.PushCertificateParser.VERSION; |
| |
| import java.text.MessageFormat; |
| import java.util.List; |
| import java.util.Objects; |
| |
| import org.eclipse.jgit.internal.JGitText; |
| |
| /** |
| * The required information to verify the push. |
| * <p> |
| * A valid certificate will not return null from any getter methods; callers may |
| * assume that any null value indicates a missing or invalid certificate. |
| * |
| * @since 4.0 |
| */ |
| public class PushCertificate { |
| /** Verification result of the nonce returned during push. */ |
| public enum NonceStatus { |
| /** Nonce was not expected, yet client sent one anyway. */ |
| UNSOLICITED, |
| /** Nonce is invalid and did not match server's expectations. */ |
| BAD, |
| /** Nonce is required, but was not sent by client. */ |
| MISSING, |
| /** |
| * Received nonce matches sent nonce, or is valid within the accepted slop |
| * window. |
| */ |
| OK, |
| /** Received nonce is valid, but outside the accepted slop window. */ |
| SLOP |
| } |
| |
| private final String version; |
| private final PushCertificateIdent pusher; |
| private final String pushee; |
| private final String nonce; |
| private final NonceStatus nonceStatus; |
| private final List<ReceiveCommand> commands; |
| private final String signature; |
| |
| PushCertificate(String version, PushCertificateIdent pusher, String pushee, |
| String nonce, NonceStatus nonceStatus, List<ReceiveCommand> commands, |
| String signature) { |
| if (version == null || version.isEmpty()) { |
| throw new IllegalArgumentException(MessageFormat.format( |
| JGitText.get().pushCertificateInvalidField, VERSION)); |
| } |
| if (pusher == null) { |
| throw new IllegalArgumentException(MessageFormat.format( |
| JGitText.get().pushCertificateInvalidField, PUSHER)); |
| } |
| if (nonce == null || nonce.isEmpty()) { |
| throw new IllegalArgumentException(MessageFormat.format( |
| JGitText.get().pushCertificateInvalidField, NONCE)); |
| } |
| if (nonceStatus == null) { |
| throw new IllegalArgumentException(MessageFormat.format( |
| JGitText.get().pushCertificateInvalidField, |
| "nonce status")); //$NON-NLS-1$ |
| } |
| if (commands == null || commands.isEmpty()) { |
| throw new IllegalArgumentException(MessageFormat.format( |
| JGitText.get().pushCertificateInvalidField, |
| "command")); //$NON-NLS-1$ |
| } |
| if (signature == null || signature.isEmpty()) { |
| throw new IllegalArgumentException( |
| JGitText.get().pushCertificateInvalidSignature); |
| } |
| if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE) |
| || !signature.endsWith(PushCertificateParser.END_SIGNATURE + '\n')) { |
| throw new IllegalArgumentException( |
| JGitText.get().pushCertificateInvalidSignature); |
| } |
| this.version = version; |
| this.pusher = pusher; |
| this.pushee = pushee; |
| this.nonce = nonce; |
| this.nonceStatus = nonceStatus; |
| this.commands = commands; |
| this.signature = signature; |
| } |
| |
| /** |
| * Get the certificate version string. |
| * |
| * @return the certificate version string. |
| * @since 4.1 |
| */ |
| public String getVersion() { |
| return version; |
| } |
| |
| /** |
| * Get the raw line that signed the cert, as a string. |
| * |
| * @return the raw line that signed the cert, as a string. |
| * @since 4.0 |
| */ |
| public String getPusher() { |
| return pusher.getRaw(); |
| } |
| |
| /** |
| * Get identity of the pusher who signed the cert. |
| * |
| * @return identity of the pusher who signed the cert. |
| * @since 4.1 |
| */ |
| public PushCertificateIdent getPusherIdent() { |
| return pusher; |
| } |
| |
| /** |
| * Get URL of the repository the push was originally sent to. |
| * |
| * @return URL of the repository the push was originally sent to. |
| * @since 4.0 |
| */ |
| public String getPushee() { |
| return pushee; |
| } |
| |
| /** |
| * Get the raw nonce value that was presented by the pusher. |
| * |
| * @return the raw nonce value that was presented by the pusher. |
| * @since 4.1 |
| */ |
| public String getNonce() { |
| return nonce; |
| } |
| |
| /** |
| * Get verification status of the nonce embedded in the certificate. |
| * |
| * @return verification status of the nonce embedded in the certificate. |
| * @since 4.0 |
| */ |
| public NonceStatus getNonceStatus() { |
| return nonceStatus; |
| } |
| |
| /** |
| * Get the list of commands as one string to be feed into the signature |
| * verifier. |
| * |
| * @return the list of commands as one string to be feed into the signature |
| * verifier. |
| * @since 4.1 |
| */ |
| public List<ReceiveCommand> getCommands() { |
| return commands; |
| } |
| |
| /** |
| * Get the raw signature |
| * |
| * @return the raw signature, consisting of the lines received between the |
| * lines {@code "----BEGIN GPG SIGNATURE-----\n"} and |
| * {@code "----END GPG SIGNATURE-----\n}", inclusive. |
| * @since 4.0 |
| */ |
| public String getSignature() { |
| return signature; |
| } |
| |
| /** |
| * Get text payload of the certificate for the signature verifier. |
| * |
| * @return text payload of the certificate for the signature verifier. |
| * @since 4.1 |
| */ |
| public String toText() { |
| return toStringBuilder().toString(); |
| } |
| |
| /** |
| * Get original text payload plus signature |
| * |
| * @return original text payload plus signature; the final output will be |
| * valid as input to |
| * {@link org.eclipse.jgit.transport.PushCertificateParser#fromString(String)}. |
| * @since 4.1 |
| */ |
| public String toTextWithSignature() { |
| return toStringBuilder().append(signature).toString(); |
| } |
| |
| private StringBuilder toStringBuilder() { |
| StringBuilder sb = new StringBuilder() |
| .append(VERSION).append(' ').append(version).append('\n') |
| .append(PUSHER).append(' ').append(getPusher()) |
| .append('\n'); |
| if (pushee != null) { |
| sb.append(PUSHEE).append(' ').append(pushee).append('\n'); |
| } |
| sb.append(NONCE).append(' ').append(nonce).append('\n') |
| .append('\n'); |
| for (ReceiveCommand cmd : commands) { |
| sb.append(cmd.getOldId().name()) |
| .append(' ').append(cmd.getNewId().name()) |
| .append(' ').append(cmd.getRefName()).append('\n'); |
| } |
| return sb; |
| } |
| |
| /** {@inheritDoc} */ |
| @Override |
| public int hashCode() { |
| return signature.hashCode(); |
| } |
| |
| /** {@inheritDoc} */ |
| @Override |
| public boolean equals(Object o) { |
| if (!(o instanceof PushCertificate)) { |
| return false; |
| } |
| PushCertificate p = (PushCertificate) o; |
| return version.equals(p.version) |
| && pusher.equals(p.pusher) |
| && Objects.equals(pushee, p.pushee) |
| && nonceStatus == p.nonceStatus |
| && signature.equals(p.signature) |
| && commandsEqual(this, p); |
| } |
| |
| private static boolean commandsEqual(PushCertificate c1, PushCertificate c2) { |
| if (c1.commands.size() != c2.commands.size()) { |
| return false; |
| } |
| for (int i = 0; i < c1.commands.size(); i++) { |
| ReceiveCommand cmd1 = c1.commands.get(i); |
| ReceiveCommand cmd2 = c2.commands.get(i); |
| if (!cmd1.getOldId().equals(cmd2.getOldId()) |
| || !cmd1.getNewId().equals(cmd2.getNewId()) |
| || !cmd1.getRefName().equals(cmd2.getRefName())) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| /** {@inheritDoc} */ |
| @Override |
| public String toString() { |
| return getClass().getSimpleName() + '[' |
| + toTextWithSignature() + ']'; |
| } |
| } |