View Javadoc
1   /*
2    * Copyright (C) 2015, Google Inc. and others
3    *
4    * This program and the accompanying materials are made available under the
5    * terms of the Eclipse Distribution License v. 1.0 which is available at
6    * https://www.eclipse.org/org/documents/edl-v10.php.
7    *
8    * SPDX-License-Identifier: BSD-3-Clause
9    */
10  package org.eclipse.jgit.transport;
11  
12  import org.eclipse.jgit.lib.Repository;
13  import org.eclipse.jgit.transport.PushCertificate.NonceStatus;
14  
15  /**
16   * A NonceGenerator is used to create a nonce to be sent out to the pusher who
17   * will sign the nonce to prove it is not a replay attack on the push
18   * certificate.
19   *
20   * @since 4.0
21   */
22  public interface NonceGenerator {
23  
24  	/**
25  	 * Create nonce to be signed by the pusher
26  	 *
27  	 * @param db
28  	 *            The repository which should be used to obtain a unique String
29  	 *            such that the pusher cannot forge nonces by pushing to another
30  	 *            repository at the same time as well and reusing the nonce.
31  	 * @param timestamp
32  	 *            The current time in seconds.
33  	 * @return The nonce to be signed by the pusher
34  	 * @throws java.lang.IllegalStateException
35  	 */
36  	String createNonce(Repository db, long timestamp)
37  			throws IllegalStateException;
38  
39  	/**
40  	 * Verify trustworthiness of the received nonce.
41  	 *
42  	 * @param received
43  	 *            The nonce which was received from the server
44  	 * @param sent
45  	 *            The nonce which was originally sent out to the client.
46  	 * @param db
47  	 *            The repository which should be used to obtain a unique String
48  	 *            such that the pusher cannot forge nonces by pushing to another
49  	 *            repository at the same time as well and reusing the nonce.
50  	 * @param allowSlop
51  	 *            If the receiving backend is able to generate slop. This is
52  	 *            the case for serving via http protocol using more than one
53  	 *            http frontend. The client would talk to different http
54  	 *            frontends, which may have a slight difference of time due to
55  	 * @param slop
56  	 *            If `allowSlop` is true, this specifies the number of seconds
57  	 *            which we allow as slop.
58  	 * @return a NonceStatus indicating the trustworthiness of the received
59  	 *         nonce.
60  	 */
61  	NonceStatus verify(String received, String sent,
62  			Repository db, boolean allowSlop, int slop);
63  }