From ec37daeb7f593d7184d1821f06386feadc66464a Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Mon, 15 Jun 2015 10:14:59 -0400 Subject: [PATCH] Add tests for HMACSHA1NonceGenerator Correct documentation of NonceStatus.OK/SLOP to match the implemented behavior. Change-Id: Id5ec1945eab76db6d2e4b592cb25907ea3d835cd --- .../transport/HMACSHA1NonceGeneratorTest.java | 131 ++++++++++++++++++ .../transport/HMACSHA1NonceGenerator.java | 24 ++-- .../jgit/transport/PushCertificate.java | 7 +- 3 files changed, 151 insertions(+), 11 deletions(-) create mode 100644 org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java new file mode 100644 index 000000000..1e79b7a3b --- /dev/null +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2015, Google Inc. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +package org.eclipse.jgit.transport; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; + +import org.eclipse.jgit.internal.storage.dfs.DfsRepositoryDescription; +import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository; +import org.eclipse.jgit.lib.Repository; +import org.eclipse.jgit.transport.PushCertificate.NonceStatus; +import org.junit.Before; +import org.junit.Test; + +/** Test for HMAC SHA-1 certificate verifier. */ +public class HMACSHA1NonceGeneratorTest { + private static final long TS = 1433954361; + + private HMACSHA1NonceGenerator gen; + private Repository db; + + @Before + public void setUp() { + gen = new HMACSHA1NonceGenerator("sekret"); + db = new InMemoryRepository(new DfsRepositoryDescription("db")); + } + + @Test + public void missing() throws Exception { + assertEquals(NonceStatus.MISSING, gen.verify("", "1234", db, false, 0)); + } + + @Test + public void unsolicited() throws Exception { + assertEquals(NonceStatus.UNSOLICITED, gen.verify("1234", "", db, false, 0)); + } + + @Test + public void invalidFormat() throws Exception { + String sent = gen.createNonce(db, TS); + int idx = sent.indexOf('-'); + String sig = sent.substring(idx, sent.length() - idx); + assertEquals(NonceStatus.BAD, + gen.verify(Long.toString(TS), sent, db, true, 100)); + assertEquals(NonceStatus.BAD, gen.verify(sig, sent, db, true, 100)); + assertEquals(NonceStatus.BAD, gen.verify("xxx-" + sig, sent, db, true, 100)); + assertEquals(NonceStatus.BAD, gen.verify(sent, "xxx-" + sig, db, true, 100)); + } + + @Test + public void slop() throws Exception { + String sent = gen.createNonce(db, TS - 10); + String received = gen.createNonce(db, TS); + assertEquals(NonceStatus.BAD, + gen.verify(received, sent, db, false, 0)); + assertEquals(NonceStatus.BAD, + gen.verify(received, sent, db, false, 11)); + assertEquals(NonceStatus.SLOP, + gen.verify(received, sent, db, true, 0)); + assertEquals(NonceStatus.SLOP, + gen.verify(received, sent, db, true, 9)); + assertEquals(NonceStatus.OK, + gen.verify(received, sent, db, true, 10)); + assertEquals(NonceStatus.OK, + gen.verify(received, sent, db, true, 11)); + } + + @Test + public void ok() throws Exception { + String sent = gen.createNonce(db, TS); + assertEquals(NonceStatus.OK, gen.verify(sent, sent, db, false, 0)); + } + + @Test + public void signedByDifferentKey() throws Exception { + HMACSHA1NonceGenerator other = new HMACSHA1NonceGenerator("other"); + String sent = gen.createNonce(db, TS); + String received = other.createNonce(db, TS); + assertNotEquals(received, sent); + assertEquals(NonceStatus.BAD, + gen.verify(received, sent, db, false, 0)); + } + + @Test + public void signedByDifferentKeyWithSlop() throws Exception { + HMACSHA1NonceGenerator other = new HMACSHA1NonceGenerator("other"); + String sent = gen.createNonce(db, TS - 10); + String received = other.createNonce(db, TS); + assertEquals(NonceStatus.BAD, gen.verify(received, sent, db, true, 100)); + } +} diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java index 222ca55d5..7e9434a0f 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java @@ -105,36 +105,42 @@ public class HMACSHA1NonceGenerator implements NonceGenerator { @Override public NonceStatus verify(String received, String sent, Repository db, boolean allowSlop, int slop) { - if (received.isEmpty()) + if (received.isEmpty()) { return NonceStatus.MISSING; - else if (sent.isEmpty()) + } else if (sent.isEmpty()) { return NonceStatus.UNSOLICITED; - else if (received.equals(sent)) + } else if (received.equals(sent)) { return NonceStatus.OK; + } - if (!allowSlop) + if (!allowSlop) { return NonceStatus.BAD; + } /* nonce is concat(, "-", ) */ int idxSent = sent.indexOf('-'); int idxRecv = received.indexOf('-'); - if (idxSent == -1 || idxRecv == -1) + if (idxSent == -1 || idxRecv == -1) { return NonceStatus.BAD; + } + String signedStampStr = received.substring(0, idxRecv); + String advertisedStampStr = sent.substring(0, idxSent); long signedStamp; long advertisedStamp; try { - signedStamp = Long.parseLong(received.substring(0, idxRecv)); - advertisedStamp = Long.parseLong(sent.substring(0, idxSent)); - } catch (Exception e) { + signedStamp = Long.parseLong(signedStampStr); + advertisedStamp = Long.parseLong(advertisedStampStr); + } catch (IllegalArgumentException e) { return NonceStatus.BAD; } // what we would have signed earlier String expect = createNonce(db, signedStamp); - if (!expect.equals(received)) + if (!expect.equals(received)) { return NonceStatus.BAD; + } long nonceStampSlop = Math.abs(advertisedStamp - signedStamp); diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java index 2eda2b713..18a119791 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java @@ -71,9 +71,12 @@ public class PushCertificate { BAD, /** Nonce is required, but was not sent by client. */ MISSING, - /** Received nonce is valid. */ + /** + * Received nonce matches sent nonce, or is valid within the accepted slop + * window. + */ OK, - /** Received nonce is valid and within the accepted slop window. */ + /** Received nonce is valid, but outside the accepted slop window. */ SLOP }