Browse Source

SignedPushConfig: Allow setting a custom nonce generator impl

Change-Id: Ic0156a7d65d99881ef27801fcce7754594c436f0
stable-4.1
Dave Borowitz 10 years ago
parent
commit
d2fbbc910a
  1. 4
      org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
  2. 48
      org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java

4
org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java

@ -117,9 +117,7 @@ public class PushCertificateParser {
PushCertificateParser(Repository into, SignedPushConfig cfg) { PushCertificateParser(Repository into, SignedPushConfig cfg) {
if (cfg != null) { if (cfg != null) {
nonceSlopLimit = cfg.getCertNonceSlopLimit(); nonceSlopLimit = cfg.getCertNonceSlopLimit();
nonceGenerator = cfg.getCertNonceSeed() != null nonceGenerator = cfg.getNonceGenerator();
? new HMACSHA1NonceGenerator(cfg.certNonceSeed)
: null;
} else { } else {
nonceSlopLimit = 0; nonceSlopLimit = 0;
nonceGenerator = null; nonceGenerator = null;

48
org.eclipse.jgit/src/org/eclipse/jgit/transport/SignedPushConfig.java

@ -60,22 +60,26 @@ public class SignedPushConfig {
} }
}; };
String certNonceSeed; private String certNonceSeed;
int certNonceSlopLimit; private int certNonceSlopLimit;
private NonceGenerator nonceGenerator;
/** Create a new config with default values disabling push verification. */ /** Create a new config with default values disabling push verification. */
public SignedPushConfig() { public SignedPushConfig() {
} }
SignedPushConfig(Config cfg) { SignedPushConfig(Config cfg) {
certNonceSeed = cfg.getString("receive", null, "certnonceseed"); //$NON-NLS-1$ //$NON-NLS-2$ setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$
certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$ certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$
} }
/** /**
* Set the seed used by the nonce verifier. * Set the seed used by the nonce verifier.
* <p> * <p>
* Setting this to a non-null value enables push certificate verification. * Setting this to a non-null value enables push certificate verification
* using the default {@link HMACSHA1NonceGenerator} implementation, if a
* different implementation was not set using {@link
* #setNonceGenerator(NonceGenerator)}.
* *
* @param seed * @param seed
* new seed value. * new seed value.
@ -84,7 +88,7 @@ public class SignedPushConfig {
certNonceSeed = seed; certNonceSeed = seed;
} }
/** @return the configured seed used by the nonce verifier. */ /** @return the configured seed. */
public String getCertNonceSeed() { public String getCertNonceSeed() {
return certNonceSeed; return certNonceSeed;
} }
@ -105,4 +109,38 @@ public class SignedPushConfig {
public int getCertNonceSlopLimit() { public int getCertNonceSlopLimit() {
return certNonceSlopLimit; return certNonceSlopLimit;
} }
/**
* Set the {@link NonceGenerator} used for signed pushes.
* <p>
* Setting this to a non-null value enables push certificate verification. If
* this method is called, this implementation will be used instead of the
* default {@link HMACSHA1NonceGenerator} even if {@link
* #setCertNonceSeed(String)} was called.
*
* @param generator
* new nonce generator.
*/
public void setNonceGenerator(NonceGenerator generator) {
nonceGenerator = generator;
}
/**
* Get the {@link NonceGenerator} used for signed pushes.
* <p>
* If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null
* implementation, that will be returned. If no custom implementation was set
* but {@link #setCertNonceSeed(String)} was called, returns a newly-created
* {@link HMACSHA1NonceGenerator}.
*
* @return the configured nonce generator.
*/
public NonceGenerator getNonceGenerator() {
if (nonceGenerator != null) {
return nonceGenerator;
} else if (certNonceSeed != null) {
return new HMACSHA1NonceGenerator(certNonceSeed);
}
return null;
}
} }

Loading…
Cancel
Save