Browse Source

SignedPushConfig: Allow setting a custom nonce generator impl

Change-Id: Ic0156a7d65d99881ef27801fcce7754594c436f0
stable-4.1
Dave Borowitz 10 years ago
parent
commit
d2fbbc910a
  1. 4
      org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
  2. 48
      org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java

4
org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java

@ -117,9 +117,7 @@ public class PushCertificateParser {
PushCertificateParser(Repository into, SignedPushConfig cfg) {
if (cfg != null) {
nonceSlopLimit = cfg.getCertNonceSlopLimit();
nonceGenerator = cfg.getCertNonceSeed() != null
? new HMACSHA1NonceGenerator(cfg.certNonceSeed)
: null;
nonceGenerator = cfg.getNonceGenerator();
} else {
nonceSlopLimit = 0;
nonceGenerator = null;

48
org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java

@ -60,22 +60,26 @@ public class SignedPushConfig {
}
};
String certNonceSeed;
int certNonceSlopLimit;
private String certNonceSeed;
private int certNonceSlopLimit;
private NonceGenerator nonceGenerator;
/** Create a new config with default values disabling push verification. */
public SignedPushConfig() {
}
SignedPushConfig(Config cfg) {
certNonceSeed = cfg.getString("receive", null, "certnonceseed"); //$NON-NLS-1$ //$NON-NLS-2$
setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$
certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$
}
/**
* Set the seed used by the nonce verifier.
* <p>
* Setting this to a non-null value enables push certificate verification.
* Setting this to a non-null value enables push certificate verification
* using the default {@link HMACSHA1NonceGenerator} implementation, if a
* different implementation was not set using {@link
* #setNonceGenerator(NonceGenerator)}.
*
* @param seed
* new seed value.
@ -84,7 +88,7 @@ public class SignedPushConfig {
certNonceSeed = seed;
}
/** @return the configured seed used by the nonce verifier. */
/** @return the configured seed. */
public String getCertNonceSeed() {
return certNonceSeed;
}
@ -105,4 +109,38 @@ public class SignedPushConfig {
public int getCertNonceSlopLimit() {
return certNonceSlopLimit;
}
/**
* Set the {@link NonceGenerator} used for signed pushes.
* <p>
* Setting this to a non-null value enables push certificate verification. If
* this method is called, this implementation will be used instead of the
* default {@link HMACSHA1NonceGenerator} even if {@link
* #setCertNonceSeed(String)} was called.
*
* @param generator
* new nonce generator.
*/
public void setNonceGenerator(NonceGenerator generator) {
nonceGenerator = generator;
}
/**
* Get the {@link NonceGenerator} used for signed pushes.
* <p>
* If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null
* implementation, that will be returned. If no custom implementation was set
* but {@link #setCertNonceSeed(String)} was called, returns a newly-created
* {@link HMACSHA1NonceGenerator}.
*
* @return the configured nonce generator.
*/
public NonceGenerator getNonceGenerator() {
if (nonceGenerator != null) {
return nonceGenerator;
} else if (certNonceSeed != null) {
return new HMACSHA1NonceGenerator(certNonceSeed);
}
return null;
}
}

Loading…
Cancel
Save