1 /* 2 * Copyright (C) 2015, Google Inc. and others 3 * 4 * This program and the accompanying materials are made available under the 5 * terms of the Eclipse Distribution License v. 1.0 which is available at 6 * https://www.eclipse.org/org/documents/edl-v10.php. 7 * 8 * SPDX-License-Identifier: BSD-3-Clause 9 */ 10 11 package org.eclipse.jgit.transport; 12 13 import org.eclipse.jgit.lib.Config; 14 import org.eclipse.jgit.lib.Config.SectionParser; 15 16 /** 17 * Configuration for server-side signed push verification. 18 * 19 * @since 4.1 20 */ 21 public class SignedPushConfig { 22 /** Key for {@link Config#get(SectionParser)}. */ 23 public static final SectionParser<SignedPushConfig> KEY = 24 SignedPushConfig::new; 25 26 private String certNonceSeed; 27 private int certNonceSlopLimit; 28 private NonceGenerator nonceGenerator; 29 30 /** 31 * Create a new config with default values disabling push verification. 32 */ 33 public SignedPushConfig() { 34 } 35 36 SignedPushConfig(Config cfg) { 37 setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$ 38 certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$ 39 } 40 41 /** 42 * Set the seed used by the nonce verifier. 43 * <p> 44 * Setting this to a non-null value enables push certificate verification 45 * using the default 46 * {@link org.eclipse.jgit.transport.HMACSHA1NonceGenerator} implementation, 47 * if a different implementation was not set using 48 * {@link #setNonceGenerator(NonceGenerator)}. 49 * 50 * @param seed 51 * new seed value. 52 */ 53 public void setCertNonceSeed(String seed) { 54 certNonceSeed = seed; 55 } 56 57 /** 58 * Get the configured seed. 59 * 60 * @return the configured seed. 61 */ 62 public String getCertNonceSeed() { 63 return certNonceSeed; 64 } 65 66 /** 67 * Set the nonce slop limit. 68 * <p> 69 * Old but valid nonces within this limit will be accepted. 70 * 71 * @param limit 72 * new limit in seconds. 73 */ 74 public void setCertNonceSlopLimit(int limit) { 75 certNonceSlopLimit = limit; 76 } 77 78 /** 79 * Get the configured nonce slop limit. 80 * 81 * @return the configured nonce slop limit. 82 */ 83 public int getCertNonceSlopLimit() { 84 return certNonceSlopLimit; 85 } 86 87 /** 88 * Set the {@link org.eclipse.jgit.transport.NonceGenerator} used for signed 89 * pushes. 90 * <p> 91 * Setting this to a non-null value enables push certificate verification. 92 * If this method is called, this implementation will be used instead of the 93 * default {@link org.eclipse.jgit.transport.HMACSHA1NonceGenerator} even if 94 * {@link #setCertNonceSeed(String)} was called. 95 * 96 * @param generator 97 * new nonce generator. 98 */ 99 public void setNonceGenerator(NonceGenerator generator) { 100 nonceGenerator = generator; 101 } 102 103 /** 104 * Get the {@link org.eclipse.jgit.transport.NonceGenerator} used for signed 105 * pushes. 106 * <p> 107 * If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null 108 * implementation, that will be returned. If no custom implementation was 109 * set but {@link #setCertNonceSeed(String)} was called, returns a 110 * newly-created {@link org.eclipse.jgit.transport.HMACSHA1NonceGenerator}. 111 * 112 * @return the configured nonce generator. 113 */ 114 public NonceGenerator getNonceGenerator() { 115 if (nonceGenerator != null) { 116 return nonceGenerator; 117 } else if (certNonceSeed != null) { 118 return new HMACSHA1NonceGenerator(certNonceSeed); 119 } 120 return null; 121 } 122 }