xref: /JGit/org.eclipse.jgit/src/org/eclipse/jgit/transport/NonceGenerator.java (revision 5c5f7c6b146b24f2bd4afae1902df85ad6e57ea3)
1 /*
2  * Copyright (C) 2015, Google Inc. and others
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Distribution License v. 1.0 which is available at
6  * https://www.eclipse.org/org/documents/edl-v10.php.
7  *
8  * SPDX-License-Identifier: BSD-3-Clause
9  */
10 package org.eclipse.jgit.transport;
11 
12 import org.eclipse.jgit.lib.Repository;
13 import org.eclipse.jgit.transport.PushCertificate.NonceStatus;
14 
15 /**
16  * A NonceGenerator is used to create a nonce to be sent out to the pusher who
17  * will sign the nonce to prove it is not a replay attack on the push
18  * certificate.
19  *
20  * @since 4.0
21  */
22 public interface NonceGenerator {
23 
24 	/**
25 	 * Create nonce to be signed by the pusher
26 	 *
27 	 * @param db
28 	 *            The repository which should be used to obtain a unique String
29 	 *            such that the pusher cannot forge nonces by pushing to another
30 	 *            repository at the same time as well and reusing the nonce.
31 	 * @param timestamp
32 	 *            The current time in seconds.
33 	 * @return The nonce to be signed by the pusher
34 	 * @throws java.lang.IllegalStateException
35 	 */
createNonce(Repository db, long timestamp)36 	String createNonce(Repository db, long timestamp)
37 			throws IllegalStateException;
38 
39 	/**
40 	 * Verify trustworthiness of the received nonce.
41 	 *
42 	 * @param received
43 	 *            The nonce which was received from the server
44 	 * @param sent
45 	 *            The nonce which was originally sent out to the client.
46 	 * @param db
47 	 *            The repository which should be used to obtain a unique String
48 	 *            such that the pusher cannot forge nonces by pushing to another
49 	 *            repository at the same time as well and reusing the nonce.
50 	 * @param allowSlop
51 	 *            If the receiving backend is able to generate slop. This is
52 	 *            the case for serving via http protocol using more than one
53 	 *            http frontend. The client would talk to different http
54 	 *            frontends, which may have a slight difference of time due to
55 	 * @param slop
56 	 *            If `allowSlop` is true, this specifies the number of seconds
57 	 *            which we allow as slop.
58 	 * @return a NonceStatus indicating the trustworthiness of the received
59 	 *         nonce.
60 	 */
verify(String received, String sent, Repository db, boolean allowSlop, int slop)61 	NonceStatus verify(String received, String sent,
62 			Repository db, boolean allowSlop, int slop);
63 }
64