motiejus
/
jgit
1
Fork 0
Code Releases Activity

PushCertificateParser: include begin/end lines in signature 

The signature is intended to be passed to a verification library such
as Bouncy Castle, which expects these lines to be present in order to
parse the signature.

Change-Id: I22097bead2746da5fc53419f79761cafd5c31c3b
This commit is contained in:
Dave Borowitz 2015-06-15 16:50:22 -04:00
parent 48c35edfd2
commit b822f9b51d
3 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java
View File

@ -43,8 +43,8 @@
package org.eclipse.jgit.transport;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertTrue;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
@ -119,9 +119,9 @@ public void parseCertFromPktLine() throws Exception {
assertEquals(concatPacketLines(input, 0, 6), cert.toText());
String signature = concatPacketLines(input, 7, 16);
assertFalse(signature.contains(PushCertificateParser.BEGIN_SIGNATURE));
assertFalse(signature.contains(PushCertificateParser.END_SIGNATURE));
String signature = concatPacketLines(input, 6, 17);
assertTrue(signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE));
assertTrue(signature.endsWith(PushCertificateParser.END_SIGNATURE));
assertEquals(signature, cert.getSignature());
}

7
org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
View File

@ -123,6 +123,11 @@ public enum NonceStatus {
throw new IllegalArgumentException(
JGitText.get().pushCertificateInvalidSignature);
}
if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE)
|| !signature.endsWith(PushCertificateParser.END_SIGNATURE)) {
throw new IllegalArgumentException(
JGitText.get().pushCertificateInvalidSignature);
}
this.version = version;
this.pusher = pusher;
this.pushee = pushee;
@ -193,7 +198,7 @@ public List<ReceiveCommand> getCommands() {
/**
* @return the raw signature, consisting of the lines received between the
* lines {@code "----BEGIN GPG SIGNATURE-----\n"} and
* {@code "----END GPG SIGNATURE-----\n}", exclusive
* {@code "----END GPG SIGNATURE-----\n}", inclusive.
* @since 4.0
*/
public String getSignature() {

4
org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
View File

@ -258,12 +258,12 @@ receivedNonce, sentNonce(), db, stateless, nonceSlopLimit)
*/
public void receiveSignature(PacketLineIn pckIn) throws IOException {
try {
StringBuilder sig = new StringBuilder();
StringBuilder sig = new StringBuilder(BEGIN_SIGNATURE);
String line;
while (!(line = pckIn.readStringRaw()).equals(END_SIGNATURE)) {
sig.append(line);
}
signature = sig.toString();
signature = sig.append(END_SIGNATURE).toString();
if (!pckIn.readStringRaw().equals(END_CERT)) {
throw new PackProtocolException(
JGitText.get().pushCertificateInvalidSignature);