From b822f9b51d9a430ce17e11daf7f4022f32b50600 Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Mon, 15 Jun 2015 16:50:22 -0400 Subject: [PATCH] PushCertificateParser: include begin/end lines in signature The signature is intended to be passed to a verification library such as Bouncy Castle, which expects these lines to be present in order to parse the signature. Change-Id: I22097bead2746da5fc53419f79761cafd5c31c3b --- .../eclipse/jgit/transport/PushCertificateParserTest.java | 8 ++++---- .../src/org/eclipse/jgit/transport/PushCertificate.java | 7 ++++++- .../org/eclipse/jgit/transport/PushCertificateParser.java | 4 ++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java index 185c97e0a..7de933396 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java @@ -43,8 +43,8 @@ package org.eclipse.jgit.transport; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertTrue; import java.io.ByteArrayInputStream; import java.io.EOFException; @@ -119,9 +119,9 @@ public class PushCertificateParserTest { assertEquals(concatPacketLines(input, 0, 6), cert.toText()); - String signature = concatPacketLines(input, 7, 16); - assertFalse(signature.contains(PushCertificateParser.BEGIN_SIGNATURE)); - assertFalse(signature.contains(PushCertificateParser.END_SIGNATURE)); + String signature = concatPacketLines(input, 6, 17); + assertTrue(signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE)); + assertTrue(signature.endsWith(PushCertificateParser.END_SIGNATURE)); assertEquals(signature, cert.getSignature()); } diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java index 48108f2d8..cf0db0e32 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java @@ -123,6 +123,11 @@ public class PushCertificate { throw new IllegalArgumentException( JGitText.get().pushCertificateInvalidSignature); } + if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE) + || !signature.endsWith(PushCertificateParser.END_SIGNATURE)) { + throw new IllegalArgumentException( + JGitText.get().pushCertificateInvalidSignature); + } this.version = version; this.pusher = pusher; this.pushee = pushee; @@ -193,7 +198,7 @@ public class PushCertificate { /** * @return the raw signature, consisting of the lines received between the * lines {@code "----BEGIN GPG SIGNATURE-----\n"} and - * {@code "----END GPG SIGNATURE-----\n}", exclusive + * {@code "----END GPG SIGNATURE-----\n}", inclusive. * @since 4.0 */ public String getSignature() { diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java index e302c0db4..1c9ce839b 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java @@ -258,12 +258,12 @@ public class PushCertificateParser { */ public void receiveSignature(PacketLineIn pckIn) throws IOException { try { - StringBuilder sig = new StringBuilder(); + StringBuilder sig = new StringBuilder(BEGIN_SIGNATURE); String line; while (!(line = pckIn.readStringRaw()).equals(END_SIGNATURE)) { sig.append(line); } - signature = sig.toString(); + signature = sig.append(END_SIGNATURE).toString(); if (!pckIn.readStringRaw().equals(END_CERT)) { throw new PackProtocolException( JGitText.get().pushCertificateInvalidSignature);