Add tests for HMACSHA1NonceGenerator

Correct documentation of NonceStatus.OK/SLOP to match the implemented behavior. Change-Id: Id5ec1945eab76db6d2e4b592cb25907ea3d835cd
2015-06-15 10:14:59 -04:00 · 2015-06-15 10:14:59 -04:00 · ec37daeb7f
parent d399a56e66
commit ec37daeb7f
3 changed files with 151 additions and 11 deletions
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/HMACSHA1NonceGeneratorTest.java
@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2015, Google Inc.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *	 notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ *	 copyright notice, this list of conditions and the following
+ *	 disclaimer in the documentation and/or other materials provided
+ *	 with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ *	 names of its contributors may be used to endorse or promote
+ *	 products derived from this software without specific prior
+ *	 written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package org.eclipse.jgit.transport;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+import org.eclipse.jgit.internal.storage.dfs.DfsRepositoryDescription;
+import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.transport.PushCertificate.NonceStatus;
+import org.junit.Before;
+import org.junit.Test;
+
+/** Test for HMAC SHA-1 certificate verifier. */
+public class HMACSHA1NonceGeneratorTest {
+	private static final long TS = 1433954361;
+
+	private HMACSHA1NonceGenerator gen;
+	private Repository db;
+
+	@Before
+	public void setUp() {
+		gen = new HMACSHA1NonceGenerator("sekret");
+		db = new InMemoryRepository(new DfsRepositoryDescription("db"));
+	}
+
+	@Test
+	public void missing() throws Exception {
+		assertEquals(NonceStatus.MISSING, gen.verify("", "1234", db, false, 0));
+	}
+
+	@Test
+	public void unsolicited() throws Exception {
+		assertEquals(NonceStatus.UNSOLICITED, gen.verify("1234", "", db, false, 0));
+	}
+
+	@Test
+	public void invalidFormat() throws Exception {
+		String sent = gen.createNonce(db, TS);
+		int idx = sent.indexOf('-');
+		String sig = sent.substring(idx, sent.length() - idx);
+		assertEquals(NonceStatus.BAD,
+				gen.verify(Long.toString(TS), sent, db, true, 100));
+		assertEquals(NonceStatus.BAD, gen.verify(sig, sent, db, true, 100));
+		assertEquals(NonceStatus.BAD, gen.verify("xxx-" + sig, sent, db, true, 100));
+		assertEquals(NonceStatus.BAD, gen.verify(sent, "xxx-" + sig, db, true, 100));
+	}
+
+	@Test
+	public void slop() throws Exception {
+		String sent = gen.createNonce(db, TS - 10);
+		String received = gen.createNonce(db, TS);
+		assertEquals(NonceStatus.BAD,
+				gen.verify(received, sent, db, false, 0));
+		assertEquals(NonceStatus.BAD,
+				gen.verify(received, sent, db, false, 11));
+		assertEquals(NonceStatus.SLOP,
+				gen.verify(received, sent, db, true, 0));
+		assertEquals(NonceStatus.SLOP,
+				gen.verify(received, sent, db, true, 9));
+		assertEquals(NonceStatus.OK,
+				gen.verify(received, sent, db, true, 10));
+		assertEquals(NonceStatus.OK,
+				gen.verify(received, sent, db, true, 11));
+	}
+
+	@Test
+	public void ok() throws Exception {
+		String sent = gen.createNonce(db, TS);
+		assertEquals(NonceStatus.OK, gen.verify(sent, sent, db, false, 0));
+	}
+
+	@Test
+	public void signedByDifferentKey() throws Exception {
+		HMACSHA1NonceGenerator other = new HMACSHA1NonceGenerator("other");
+		String sent = gen.createNonce(db, TS);
+		String received = other.createNonce(db, TS);
+		assertNotEquals(received, sent);
+		assertEquals(NonceStatus.BAD,
+				gen.verify(received, sent, db, false, 0));
+	}
+
+	@Test
+	public void signedByDifferentKeyWithSlop() throws Exception {
+		HMACSHA1NonceGenerator other = new HMACSHA1NonceGenerator("other");
+		String sent = gen.createNonce(db, TS - 10);
+		String received = other.createNonce(db, TS);
+		assertEquals(NonceStatus.BAD, gen.verify(received, sent, db, true, 100));
+	}
+}
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HMACSHA1NonceGenerator.java
@ -105,36 +105,42 @@ else if (repo.getDirectory() != null)
 	@Override
 	public NonceStatus verify(String received, String sent,
 			Repository db, boolean allowSlop, int slop) {
-		if (received.isEmpty())
+		if (received.isEmpty()) {
 			return NonceStatus.MISSING;
-		else if (sent.isEmpty())
+		} else if (sent.isEmpty()) {
 			return NonceStatus.UNSOLICITED;
-		else if (received.equals(sent))
+		} else if (received.equals(sent)) {
 			return NonceStatus.OK;
+		}

-		if (!allowSlop)
+		if (!allowSlop) {
 			return NonceStatus.BAD;
+		}

 		/* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 		int idxSent = sent.indexOf('-');
 		int idxRecv = received.indexOf('-');
-		if (idxSent == -1 || idxRecv == -1)
+		if (idxSent == -1 || idxRecv == -1) {
 			return NonceStatus.BAD;
+		}

+		String signedStampStr = received.substring(0, idxRecv);
+		String advertisedStampStr = sent.substring(0, idxSent);
 		long signedStamp;
 		long advertisedStamp;
 		try {
-			signedStamp = Long.parseLong(received.substring(0, idxRecv));
-			advertisedStamp = Long.parseLong(sent.substring(0, idxSent));
-		} catch (Exception e) {
+			signedStamp = Long.parseLong(signedStampStr);
+			advertisedStamp = Long.parseLong(advertisedStampStr);
+		} catch (IllegalArgumentException e) {
 			return NonceStatus.BAD;
 		}

 		// what we would have signed earlier
 		String expect = createNonce(db, signedStamp);

-		if (!expect.equals(received))
+		if (!expect.equals(received)) {
 			return NonceStatus.BAD;
+		}

 		long nonceStampSlop = Math.abs(advertisedStamp - signedStamp);

--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
@ -71,9 +71,12 @@ public enum NonceStatus {
 		BAD,
 		/** Nonce is required, but was not sent by client. */
 		MISSING,
-		/** Received nonce is valid. */
+		/**
+		 * Received nonce matches sent nonce, or is valid within the accepted slop
+		 * window.
+		 */
 		OK,
-		/** Received nonce is valid and within the accepted slop window. */
+		/** Received nonce is valid, but outside the accepted slop window. */
 		SLOP
 	}