Class HMACSHA1NonceGenerator

  • All Implemented Interfaces:
    NonceGenerator

    public class HMACSHA1NonceGenerator
    extends java.lang.Object
    implements NonceGenerator
    The nonce generator which was first introduced to git-core.
    Since:
    4.0
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static java.lang.String HEX  
      private javax.crypto.Mac mac  
    • Constructor Summary

      Constructors 
      Constructor Description
      HMACSHA1NonceGenerator​(java.lang.String seed)
      Constructor for HMACSHA1NonceGenerator.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String createNonce​(Repository repo, long timestamp)
      Create nonce to be signed by the pusher
      private static java.lang.String toHex​(byte[] bytes)  
      PushCertificate.NonceStatus verify​(java.lang.String received, java.lang.String sent, Repository db, boolean allowSlop, int slop)
      Verify trustworthiness of the received nonce.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • mac

        private javax.crypto.Mac mac
    • Constructor Detail

      • HMACSHA1NonceGenerator

        public HMACSHA1NonceGenerator​(java.lang.String seed)
                               throws java.lang.IllegalStateException
        Constructor for HMACSHA1NonceGenerator.
        Parameters:
        seed - seed the generator
        Throws:
        java.lang.IllegalStateException
    • Method Detail

      • createNonce

        public java.lang.String createNonce​(Repository repo,
                                            long timestamp)
                                     throws java.lang.IllegalStateException
        Create nonce to be signed by the pusher
        Specified by:
        createNonce in interface NonceGenerator
        Parameters:
        repo - The repository which should be used to obtain a unique String such that the pusher cannot forge nonces by pushing to another repository at the same time as well and reusing the nonce.
        timestamp - The current time in seconds.
        Returns:
        The nonce to be signed by the pusher
        Throws:
        java.lang.IllegalStateException
      • verify

        public PushCertificate.NonceStatus verify​(java.lang.String received,
                                                  java.lang.String sent,
                                                  Repository db,
                                                  boolean allowSlop,
                                                  int slop)
        Verify trustworthiness of the received nonce.
        Specified by:
        verify in interface NonceGenerator
        Parameters:
        received - The nonce which was received from the server
        sent - The nonce which was originally sent out to the client.
        db - The repository which should be used to obtain a unique String such that the pusher cannot forge nonces by pushing to another repository at the same time as well and reusing the nonce.
        allowSlop - If the receiving backend is able to generate slop. This is the case for serving via http protocol using more than one http frontend. The client would talk to different http frontends, which may have a slight difference of time due to
        slop - If `allowSlop` is true, this specifies the number of seconds which we allow as slop.
        Returns:
        a NonceStatus indicating the trustworthiness of the received nonce.
      • toHex

        private static java.lang.String toHex​(byte[] bytes)