diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java index 185c97e0a..7de933396 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java @@ -43,8 +43,8 @@ package org.eclipse.jgit.transport; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertTrue; import java.io.ByteArrayInputStream; import java.io.EOFException; @@ -119,9 +119,9 @@ public void parseCertFromPktLine() throws Exception { assertEquals(concatPacketLines(input, 0, 6), cert.toText()); - String signature = concatPacketLines(input, 7, 16); - assertFalse(signature.contains(PushCertificateParser.BEGIN_SIGNATURE)); - assertFalse(signature.contains(PushCertificateParser.END_SIGNATURE)); + String signature = concatPacketLines(input, 6, 17); + assertTrue(signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE)); + assertTrue(signature.endsWith(PushCertificateParser.END_SIGNATURE)); assertEquals(signature, cert.getSignature()); } diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java index 48108f2d8..cf0db0e32 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java @@ -123,6 +123,11 @@ public enum NonceStatus { throw new IllegalArgumentException( JGitText.get().pushCertificateInvalidSignature); } + if (!signature.startsWith(PushCertificateParser.BEGIN_SIGNATURE) + || !signature.endsWith(PushCertificateParser.END_SIGNATURE)) { + throw new IllegalArgumentException( + JGitText.get().pushCertificateInvalidSignature); + } this.version = version; this.pusher = pusher; this.pushee = pushee; @@ -193,7 +198,7 @@ public List getCommands() { /** * @return the raw signature, consisting of the lines received between the * lines {@code "----BEGIN GPG SIGNATURE-----\n"} and - * {@code "----END GPG SIGNATURE-----\n}", exclusive + * {@code "----END GPG SIGNATURE-----\n}", inclusive. * @since 4.0 */ public String getSignature() { diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java index e302c0db4..1c9ce839b 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java @@ -258,12 +258,12 @@ receivedNonce, sentNonce(), db, stateless, nonceSlopLimit) */ public void receiveSignature(PacketLineIn pckIn) throws IOException { try { - StringBuilder sig = new StringBuilder(); + StringBuilder sig = new StringBuilder(BEGIN_SIGNATURE); String line; while (!(line = pckIn.readStringRaw()).equals(END_SIGNATURE)) { sig.append(line); } - signature = sig.toString(); + signature = sig.append(END_SIGNATURE).toString(); if (!pckIn.readStringRaw().equals(END_CERT)) { throw new PackProtocolException( JGitText.get().pushCertificateInvalidSignature);