org.eclipse.jgit.transport

Interface NonceGenerator

All Known Implementing Classes:

HMACSHA1NonceGenerator

public interface NonceGenerator

A NonceGenerator is used to create a nonce to be sent out to the pusher who will sign the nonce to prove it is not a replay attack on the push certificate.

Since:

4.0

Method Summary

Modifier and Type	Method and Description
String	createNonce(Repository db, long timestamp)
PushCertificate.NonceStatus	verify(String received, String sent, Repository db, boolean allowSlop, int slop)

Method Detail

createNonce

String createNonce(Repository db,
                   long timestamp)
            throws IllegalStateException

Parameters:

db - The repository which should be used to obtain a unique String such that the pusher cannot forge nonces by pushing to another repository at the same time as well and reusing the nonce.

timestamp - The current time in seconds.

Returns:

The nonce to be signed by the pusher

Throws:

IllegalStateException

verify

PushCertificate.NonceStatus verify(String received,
                                   String sent,
                                   Repository db,
                                   boolean allowSlop,
                                   int slop)

Parameters:

received - The nonce which was received from the server

sent - The nonce which was originally sent out to the client.

db - The repository which should be used to obtain a unique String such that the pusher cannot forge nonces by pushing to another repository at the same time as well and reusing the nonce.

allowSlop - If the receiving backend is is able to generate slop. This is the case for serving via http protocol using more than one http frontend. The client would talk to different http frontends, which may have a slight difference of time due to

slop - If `allowSlop` is true, this specifies the number of seconds which we allow as slop.

Returns:

a NonceStatus indicating the trustworthiness of the received nonce.