View Javadoc
1   /*
2    * Copyright (C) 2015, Google Inc.
3    * and other copyright owners as documented in the project's IP log.
4    *
5    * This program and the accompanying materials are made available
6    * under the terms of the Eclipse Distribution License v1.0 which
7    * accompanies this distribution, is reproduced below, and is
8    * available at http://www.eclipse.org/org/documents/edl-v10.php
9    *
10   * All rights reserved.
11   *
12   * Redistribution and use in source and binary forms, with or
13   * without modification, are permitted provided that the following
14   * conditions are met:
15   *
16   * - Redistributions of source code must retain the above copyright
17   *   notice, this list of conditions and the following disclaimer.
18   *
19   * - Redistributions in binary form must reproduce the above
20   *   copyright notice, this list of conditions and the following
21   *   disclaimer in the documentation and/or other materials provided
22   *   with the distribution.
23   *
24   * - Neither the name of the Eclipse Foundation, Inc. nor the
25   *   names of its contributors may be used to endorse or promote
26   *   products derived from this software without specific prior
27   *   written permission.
28   *
29   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
30   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
31   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
34   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
35   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
37   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
41   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42   */
43  package org.eclipse.jgit.transport;
44  
45  import java.io.File;
46  import java.io.UnsupportedEncodingException;
47  import java.security.InvalidKeyException;
48  import java.security.NoSuchAlgorithmException;
49  
50  import javax.crypto.Mac;
51  import javax.crypto.spec.SecretKeySpec;
52  
53  import org.eclipse.jgit.internal.storage.dfs.DfsRepository;
54  import org.eclipse.jgit.lib.Repository;
55  import org.eclipse.jgit.transport.PushCertificate.NonceStatus;
56  
57  /**
58   * The nonce generator which was first introduced to git-core.
59   *
60   * @since 4.0
61   */
62  public class HMACSHA1NonceGenerator implements NonceGenerator {
63  
64  	private Mac mac;
65  
66  	/**
67  	 * @param seed
68  	 * @throws IllegalStateException
69  	 */
70  	public HMACSHA1NonceGenerator(String seed) throws IllegalStateException {
71  		try {
72  			byte[] keyBytes = seed.getBytes("ISO-8859-1"); //$NON-NLS-1$
73  			SecretKeySpec signingKey = new SecretKeySpec(keyBytes, "HmacSHA1"); //$NON-NLS-1$
74  			mac = Mac.getInstance("HmacSHA1"); //$NON-NLS-1$
75  			mac.init(signingKey);
76  		} catch (InvalidKeyException e) {
77  			throw new IllegalStateException(e);
78  		} catch (NoSuchAlgorithmException e) {
79  			throw new IllegalStateException(e);
80  		} catch (UnsupportedEncodingException e) {
81  			throw new IllegalStateException(e);
82  		}
83  	}
84  
85  	public synchronized String createNonce(Repository repo, long timestamp)
86  			throws IllegalStateException {
87  		String path;
88  		if (repo instanceof DfsRepository) {
89  			path = ((DfsRepository) repo).getDescription().getRepositoryName();
90  		} else {
91  			File directory = repo.getDirectory();
92  			if (directory != null) {
93  				path = directory.getPath();
94  			} else {
95  				throw new IllegalStateException();
96  			}
97  		}
98  
99  		String input = path + ":" + String.valueOf(timestamp); //$NON-NLS-1$
100 		byte[] rawHmac;
101 		try {
102 			rawHmac = mac.doFinal(input.getBytes("UTF-8")); //$NON-NLS-1$
103 		} catch (UnsupportedEncodingException e) {
104 			throw new IllegalStateException(e);
105 		}
106 		return Long.toString(timestamp) + "-" + toHex(rawHmac); //$NON-NLS-1$
107 	}
108 
109 	@Override
110 	public NonceStatus verify(String received, String sent,
111 			Repository db, boolean allowSlop, int slop) {
112 		if (received.isEmpty()) {
113 			return NonceStatus.MISSING;
114 		} else if (sent.isEmpty()) {
115 			return NonceStatus.UNSOLICITED;
116 		} else if (received.equals(sent)) {
117 			return NonceStatus.OK;
118 		}
119 
120 		if (!allowSlop) {
121 			return NonceStatus.BAD;
122 		}
123 
124 		/* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
125 		int idxSent = sent.indexOf('-');
126 		int idxRecv = received.indexOf('-');
127 		if (idxSent == -1 || idxRecv == -1) {
128 			return NonceStatus.BAD;
129 		}
130 
131 		String signedStampStr = received.substring(0, idxRecv);
132 		String advertisedStampStr = sent.substring(0, idxSent);
133 		long signedStamp;
134 		long advertisedStamp;
135 		try {
136 			signedStamp = Long.parseLong(signedStampStr);
137 			advertisedStamp = Long.parseLong(advertisedStampStr);
138 		} catch (IllegalArgumentException e) {
139 			return NonceStatus.BAD;
140 		}
141 
142 		// what we would have signed earlier
143 		String expect = createNonce(db, signedStamp);
144 
145 		if (!expect.equals(received)) {
146 			return NonceStatus.BAD;
147 		}
148 
149 		long nonceStampSlop = Math.abs(advertisedStamp - signedStamp);
150 
151 		if (nonceStampSlop <= slop) {
152 			return NonceStatus.OK;
153 		} else {
154 			return NonceStatus.SLOP;
155 		}
156 	}
157 
158 	private static final String HEX = "0123456789ABCDEF"; //$NON-NLS-1$
159 
160 	private static String toHex(byte[] bytes) {
161 		StringBuilder builder = new StringBuilder(2 * bytes.length);
162 		for (byte b : bytes) {
163 			builder.append(HEX.charAt((b & 0xF0) >> 4));
164 			builder.append(HEX.charAt(b & 0xF));
165 		}
166 		return builder.toString();
167 	}
168 }