SignedPushConfig: Allow setting a custom nonce generator impl
Change-Id: Ic0156a7d65d99881ef27801fcce7754594c436f0
This commit is contained in:
Dave Borowitz
parent
ea21f17f29
commit
d2fbbc910a
|
|
@ -117,9 +117,7 @@ public class PushCertificateParser {
|
|||
PushCertificateParser(Repository into, SignedPushConfig cfg) {
|
||||
if (cfg != null) {
|
||||
nonceSlopLimit = cfg.getCertNonceSlopLimit();
|
||||
nonceGenerator = cfg.getCertNonceSeed() != null
|
||||
? new HMACSHA1NonceGenerator(cfg.certNonceSeed)
|
||||
: null;
|
||||
nonceGenerator = cfg.getNonceGenerator();
|
||||
} else {
|
||||
nonceSlopLimit = 0;
|
||||
nonceGenerator = null;
|
||||
|
|
|
|||
|
|
@ -60,22 +60,26 @@ public SignedPushConfig parse(Config cfg) {
|
|||
}
|
||||
};
|
||||
|
||||
String certNonceSeed;
|
||||
int certNonceSlopLimit;
|
||||
private String certNonceSeed;
|
||||
private int certNonceSlopLimit;
|
||||
private NonceGenerator nonceGenerator;
|
||||
|
||||
/** Create a new config with default values disabling push verification. */
|
||||
public SignedPushConfig() {
|
||||
}
|
||||
|
||||
SignedPushConfig(Config cfg) {
|
||||
certNonceSeed = cfg.getString("receive", null, "certnonceseed"); //$NON-NLS-1$ //$NON-NLS-2$
|
||||
setCertNonceSeed(cfg.getString("receive", null, "certnonceseed")); //$NON-NLS-1$ //$NON-NLS-2$
|
||||
certNonceSlopLimit = cfg.getInt("receive", "certnonceslop", 0); //$NON-NLS-1$ //$NON-NLS-2$
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the seed used by the nonce verifier.
|
||||
* <p>
|
||||
* Setting this to a non-null value enables push certificate verification.
|
||||
* Setting this to a non-null value enables push certificate verification
|
||||
* using the default {@link HMACSHA1NonceGenerator} implementation, if a
|
||||
* different implementation was not set using {@link
|
||||
* #setNonceGenerator(NonceGenerator)}.
|
||||
*
|
||||
* @param seed
|
||||
* new seed value.
|
||||
|
|
@ -84,7 +88,7 @@ public void setCertNonceSeed(String seed) {
|
|||
certNonceSeed = seed;
|
||||
}
|
||||
|
||||
/** @return the configured seed used by the nonce verifier. */
|
||||
/** @return the configured seed. */
|
||||
public String getCertNonceSeed() {
|
||||
return certNonceSeed;
|
||||
}
|
||||
|
|
@ -105,4 +109,38 @@ public void setCertNonceSlopLimit(int limit) {
|
|||
public int getCertNonceSlopLimit() {
|
||||
return certNonceSlopLimit;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the {@link NonceGenerator} used for signed pushes.
|
||||
* <p>
|
||||
* Setting this to a non-null value enables push certificate verification. If
|
||||
* this method is called, this implementation will be used instead of the
|
||||
* default {@link HMACSHA1NonceGenerator} even if {@link
|
||||
* #setCertNonceSeed(String)} was called.
|
||||
*
|
||||
* @param generator
|
||||
* new nonce generator.
|
||||
*/
|
||||
public void setNonceGenerator(NonceGenerator generator) {
|
||||
nonceGenerator = generator;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the {@link NonceGenerator} used for signed pushes.
|
||||
* <p>
|
||||
* If {@link #setNonceGenerator(NonceGenerator)} was used to set a non-null
|
||||
* implementation, that will be returned. If no custom implementation was set
|
||||
* but {@link #setCertNonceSeed(String)} was called, returns a newly-created
|
||||
* {@link HMACSHA1NonceGenerator}.
|
||||
*
|
||||
* @return the configured nonce generator.
|
||||
*/
|
||||
public NonceGenerator getNonceGenerator() {
|
||||
if (nonceGenerator != null) {
|
||||
return nonceGenerator;
|
||||
} else if (certNonceSeed != null) {
|
||||
return new HMACSHA1NonceGenerator(certNonceSeed);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue