View Javadoc
1   /*
2    * Copyright (C) 2015, Google Inc. and others
3    *
4    * This program and the accompanying materials are made available under the
5    * terms of the Eclipse Distribution License v. 1.0 which is available at
6    * https://www.eclipse.org/org/documents/edl-v10.php.
7    *
8    * SPDX-License-Identifier: BSD-3-Clause
9    */
10  
11  package org.eclipse.jgit.transport;
12  
13  import org.eclipse.jgit.lib.Config;
14  import org.eclipse.jgit.lib.Config.SectionParser;
15  
16  /**
17   * Configuration for server-side signed push verification.
18   *
19   * @since 4.1
20   */
21  public class SignedPushConfig {
22  	/** Key for {@link Config#get(SectionParser)}. */
23  	public static final SectionParser<SignedPushConfig> KEY =
24  			SignedPushConfig::new;
25  
26  	private String certNonceSeed;
27  	private int certNonceSlopLimit;
28  	private NonceGenerator nonceGenerator;
29  
30  	/**
31  	 * Create a new config with default values disabling push verification.
32  	 */
33  	public SignedPushConfig() {
34  	}
35  
36  	SignedPushConfig(Config cfg) {
37  		setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$
38  		certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$
39  	}
40  
41  	/**
42  	 * Set the seed used by the nonce verifier.
43  	 * <p>
44  	 * Setting this to a non-null value enables push certificate verification
45  	 * using the default
46  	 * {@link org.eclipse.jgit.transport.HMACSHA1NonceGenerator} implementation,
47  	 * if a different implementation was not set using
48  	 * {@link #setNonceGenerator(NonceGenerator)}.
49  	 *
50  	 * @param seed
51  	 *            new seed value.
52  	 */
53  	public void setCertNonceSeed(String seed) {
54  		certNonceSeed = seed;
55  	}
56  
57  	/**
58  	 * Get the configured seed.
59  	 *
60  	 * @return the configured seed.
61  	 */
62  	public String getCertNonceSeed() {
63  		return certNonceSeed;
64  	}
65  
66  	/**
67  	 * Set the nonce slop limit.
68  	 * <p>
69  	 * Old but valid nonces within this limit will be accepted.
70  	 *
71  	 * @param limit
72  	 *            new limit in seconds.
73  	 */
74  	public void setCertNonceSlopLimit(int limit) {
75  		certNonceSlopLimit = limit;
76  	}
77  
78  	/**
79  	 * Get the configured nonce slop limit.
80  	 *
81  	 * @return the configured nonce slop limit.
82  	 */
83  	public int getCertNonceSlopLimit() {
84  		return certNonceSlopLimit;
85  	}
86  
87  	/**
88  	 * Set the {@link org.eclipse.jgit.transport.NonceGenerator} used for signed
89  	 * pushes.
90  	 * <p>
91  	 * Setting this to a non-null value enables push certificate verification.
92  	 * If this method is called, this implementation will be used instead of the
93  	 * default {@link org.eclipse.jgit.transport.HMACSHA1NonceGenerator} even if
94  	 * {@link #setCertNonceSeed(String)} was called.
95  	 *
96  	 * @param generator
97  	 *            new nonce generator.
98  	 */
99  	public void setNonceGenerator(NonceGenerator generator) {
100 		nonceGenerator = generator;
101 	}
102 
103 	/**
104 	 * Get the {@link org.eclipse.jgit.transport.NonceGenerator} used for signed
105 	 * pushes.
106 	 * <p>
107 	 * If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null
108 	 * implementation, that will be returned. If no custom implementation was
109 	 * set but {@link #setCertNonceSeed(String)} was called, returns a
110 	 * newly-created {@link org.eclipse.jgit.transport.HMACSHA1NonceGenerator}.
111 	 *
112 	 * @return the configured nonce generator.
113 	 */
114 	public NonceGenerator getNonceGenerator() {
115 		if (nonceGenerator != null) {
116 			return nonceGenerator;
117 		} else if (certNonceSeed != null) {
118 			return new HMACSHA1NonceGenerator(certNonceSeed);
119 		}
120 		return null;
121 	}
122 }