PushCertificateParser: include begin/end lines in signature

The signature is intended to be passed to a verification library such as Bouncy Castle, which expects these lines to be present in order to parse the signature. Change-Id: I22097bead2746da5fc53419f79761cafd5c31c3b
10 years ago · b822f9b51d
3 changed files with 12 additions and 7 deletions
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java
@ -43,8 +43,8 @@
 package org.eclipse.jgit.transport;

 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertTrue;

 import java.io.ByteArrayInputStream;
 import java.io.EOFException;
@ -119,9 +119,9 @@ public class PushCertificateParserTest {

 		assertEquals(concatPacketLines(input, 0, 6), cert.toText());

-		String signature = concatPacketLines(input, 7, 16);
-		assertFalse(signature.contains(PushCertificateParser.BEGIN_SIGNATURE));
-		assertFalse(signature.contains(PushCertificateParser.END_SIGNATURE));
+		String signature = concatPacketLines(input, 6, 17);
+		assertTrue(signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE));
+		assertTrue(signature.endsWith(PushCertificateParser.END_SIGNATURE));
 		assertEquals(signature, cert.getSignature());
 	}

--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
@ -123,6 +123,11 @@ public class PushCertificate {
 			throw new IllegalArgumentException(
 					JGitText.get().pushCertificateInvalidSignature);
 		}
+		if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE)
+				|| !signature.endsWith(PushCertificateParser.END_SIGNATURE)) {
+			throw new IllegalArgumentException(
+					JGitText.get().pushCertificateInvalidSignature);
+		}
 		this.version = version;
 		this.pusher = pusher;
 		this.pushee = pushee;
@ -193,7 +198,7 @@ public class PushCertificate {
 	/**
 	 * @return the raw signature, consisting of the lines received between the
 	 *     lines {@code "----BEGIN GPG SIGNATURE-----\n"} and
-	 *     {@code "----END GPG SIGNATURE-----\n}", exclusive
+	 *     {@code "----END GPG SIGNATURE-----\n}", inclusive.
 	 * @since 4.0
 	 */
 	public String getSignature() {
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
@ -258,12 +258,12 @@ public class PushCertificateParser {
 	 */
 	public void receiveSignature(PacketLineIn pckIn) throws IOException {
 		try {
-			StringBuilder sig = new StringBuilder();
+			StringBuilder sig = new StringBuilder(BEGIN_SIGNATURE);
 			String line;
 			while (!(line = pckIn.readStringRaw()).equals(END_SIGNATURE)) {
 				sig.append(line);
 			}
-			signature = sig.toString();
+			signature = sig.append(END_SIGNATURE).toString();
 			if (!pckIn.readStringRaw().equals(END_CERT)) {
 				throw new PackProtocolException(
 						JGitText.get().pushCertificateInvalidSignature);