Package org.eclipse.jgit.transport
Interface NonceGenerator
- All Known Implementing Classes:
HMACSHA1NonceGenerator
public interface NonceGenerator
A NonceGenerator is used to create a nonce to be sent out to the pusher who
will sign the nonce to prove it is not a replay attack on the push
certificate.
- Since:
- 4.0
-
Method Summary
Modifier and TypeMethodDescriptioncreateNonce
(Repository db, long timestamp) Create nonce to be signed by the pusherverify
(String received, String sent, Repository db, boolean allowSlop, int slop) Verify trustworthiness of the received nonce.
-
Method Details
-
createNonce
Create nonce to be signed by the pusher- Parameters:
db
- The repository which should be used to obtain a unique String such that the pusher cannot forge nonces by pushing to another repository at the same time as well and reusing the nonce.timestamp
- The current time in seconds.- Returns:
- The nonce to be signed by the pusher
- Throws:
IllegalStateException
-
verify
PushCertificate.NonceStatus verify(String received, String sent, Repository db, boolean allowSlop, int slop) Verify trustworthiness of the received nonce.- Parameters:
received
- The nonce which was received from the serversent
- The nonce which was originally sent out to the client.db
- The repository which should be used to obtain a unique String such that the pusher cannot forge nonces by pushing to another repository at the same time as well and reusing the nonce.allowSlop
- If the receiving backend is able to generate slop. This is the case for serving via http protocol using more than one http frontend. The client would talk to different http frontends, which may have a slight difference of time due toslop
- If `allowSlop` is true, this specifies the number of seconds which we allow as slop.- Returns:
- a NonceStatus indicating the trustworthiness of the received nonce.
-