Get commit or tag signature verified flag

This fixes hub4j#737

- A new entity GHVerification.java has been added which would be reflecting Verification flag
- Updating GHCommit.java and GHTagObject.java with GHVerification
- Altering few test cases AppTest.java and GHTagTest.java to verify if the Verification entity is being picked up
- A separate test class SignatureVerificationTest.java with the associated wiremock test resources
- Adding a new enum GHReason.java
- Updating tests to check the GHReason implementation, GHReasonTest.java with the associated wiremock test resources

src/main/java/org/kohsuke/github/GHCommit.java

@@ -39,6 +39,8 @@ public static class ShortInfo {
 
         private int comment_count;
 
+        private GHVerification verification;
+
         static class Tree {
             String sha;
         }
@@ -100,6 +102,15 @@ public String getMessage() {
         public int getCommentCount() {
             return comment_count;
         }
+
+        /**
+         * Gets Verification Status.
+         *
+         * @return the Verification status
+         */
+        public GHVerification getVerification() {
+            return verification;
+        }
     }
 
     /**

src/main/java/org/kohsuke/github/GHReason.java

@@ -0,0 +1,24 @@
+package org.kohsuke.github;
+
+/**
+ * The possible values for reason in verification object from github.
+ * 
+ * @see <a href="https://developer.github.com/v3/repos/commits/#signature-verification-object">List of possible reason
+ *      values</a>
+ * @author Sourabh Sarvotham Parkala
+ */
+public enum GHReason {
+    expired_key,
+    not_signing_key,
+    gpgverify_error,
+    gpgverify_unavailable,
+    unsigned,
+    unknown_signature_type,
+    no_user,
+    unverified_email,
+    bad_email,
+    unknown_key,
+    malformed_signature,
+    invalid,
+    valid
+}

src/main/java/org/kohsuke/github/GHTagObject.java

@@ -19,6 +19,7 @@ public class GHTagObject {
     private String message;
     private GitUser tagger;
     private GHRef.GHObject object;
+    private GHVerification verification;
 
     GHTagObject wrap(GHRepository owner) {
         this.owner = owner;
@@ -97,4 +98,13 @@ public GitUser getTagger() {
     public GHRef.GHObject getObject() {
         return object;
     }
+
+    /**
+     * Gets Verification Status.
+     *
+     * @return the Verification status
+     */
+    public GHVerification getVerification() {
+        return verification;
+    }
 }

src/main/java/org/kohsuke/github/GHVerification.java

@@ -0,0 +1,54 @@
+package org.kohsuke.github;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
+/**
+ * The commit/tag would be signed by user. This object would hold the verification status. Whether the Commit/Tag is
+ * signed or not.
+ *
+ * @author Sourabh Sarvotham Parkala
+ */
+@SuppressFBWarnings(value = { "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", "UWF_UNWRITTEN_FIELD", "NP_UNWRITTEN_FIELD" },
+        justification = "JSON API")
+public class GHVerification {
+    private String signature, payload;
+    private boolean verified;
+    private GHReason reason;
+
+    /**
+     * Indicates whether GitHub considers the signature in this commit to be verified.
+     *
+     * @return true if the signature is valid else returns false.
+     */
+    public boolean getVerified() {
+        return verified;
+    }
+
+    /**
+     * Gets reason for verification value.
+     *
+     * @return return reason of type {@link GHReason}, such as "valid" or "unsigned". The possible values can be found
+     *         in {@link GHReason}}
+     */
+    public GHReason getReason() {
+        return reason;
+    }
+
+    /**
+     * Gets signature used for the verification.
+     *
+     * @return null if not signed else encoded signature.
+     */
+    public String getSignature() {
+        return signature;
+    }
+
+    /**
+     * Gets the payload that was signed.
+     *
+     * @return null if not signed else encoded signature.
+     */
+    public String getPayload() {
+        return payload;
+    }
+}

src/test/java/org/kohsuke/github/AppTest.java

@@ -596,6 +596,8 @@ public void testCommitShortInfo() throws Exception {
         GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f23");
         assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Kohsuke Kawaguchi");
         assertEquals(commit.getCommitShortInfo().getMessage(), "doc");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unsigned);
     }
 
     @Ignore("Needs mocking check")

src/test/java/org/kohsuke/github/GHReasonTest.java

@@ -0,0 +1,129 @@
+package org.kohsuke.github;
+
+import org.junit.Test;
+
+/**
+ * @author Sourabh Sarvotham Parkala
+ * @see Issue 737
+ */
+public class GHReasonTest extends AbstractGitHubWireMockTest {
+
+    @Test
+    public void testExpiredKeyVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.expired_key);
+    }
+
+    @Test
+    public void testNotSigningKeyVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f02");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.not_signing_key);
+    }
+
+    @Test
+    public void testGpgverifyErrorVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f03");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.gpgverify_error);
+    }
+
+    @Test
+    public void testGpgverifyUnavailableVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f04");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.gpgverify_unavailable);
+    }
+
+    @Test
+    public void testUnsignedVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f05");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unsigned);
+    }
+
+    @Test
+    public void testUnknownSignatureTypeVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f06");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unknown_signature_type);
+    }
+
+    @Test
+    public void testNoUserVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f07");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.no_user);
+    }
+
+    @Test
+    public void testUnverifiedEmailVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f08");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unverified_email);
+    }
+
+    @Test
+    public void testBadEmailVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f09");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.bad_email);
+    }
+
+    @Test
+    public void testUnknownKeyVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f10");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unknown_key);
+    }
+
+    @Test
+    public void testMalformedSignatureVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f11");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.malformed_signature);
+    }
+
+    @Test
+    public void testInvalidVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f12");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertFalse(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.invalid);
+    }
+
+    @Test
+    public void testValidVerification() throws Exception {
+        GHRepository r = gitHub.getRepository("github-api/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f13");
+        assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala");
+        assertTrue(commit.getCommitShortInfo().getVerification().getVerified());
+        assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.valid);
+        assertNotNull(commit.getCommitShortInfo().getVerification().getPayload());
+        assertNotNull(commit.getCommitShortInfo().getVerification().getSignature());
+    }
+}

src/test/java/org/kohsuke/github/GHTagTest.java

@@ -47,6 +47,8 @@ public void testCreateTag() throws Exception {
         assertEquals(tagName, tag.getTag());
         assertEquals(tagMessage, tag.getMessage());
         assertEquals(commitSha, tag.getObject().getSha());
+        assertFalse(tag.getVerification().getVerified());
+        assertEquals(tag.getVerification().getReason(), GHReason.unsigned);
 
         // Make a reference to the newly created tag.
         GHRef ref = repo.createRef("refs/tags/" + tagName, tag.getSha());

src/test/java/org/kohsuke/github/SignatureVerificationTest.java

@@ -0,0 +1,27 @@
+package org.kohsuke.github;
+
+import com.google.common.collect.Iterables;
+import org.junit.Test;
+
+/**
+ * @author Sourabh Sarvotham Parkala
+ */
+public class SignatureVerificationTest extends AbstractGitHubWireMockTest {
+
+    @Test // issue 737
+    public void commitSignatureVerification() throws Exception {
+        GHRepository repo = gitHub.getRepository("stapler/stapler");
+        PagedIterable<GHCommit> commits = repo.queryCommits().path("pom.xml").list();
+        for (GHCommit commit : Iterables.limit(commits, 10)) {
+            GHCommit expected = repo.getCommit(commit.getSHA1());
+            assertEquals(expected.getCommitShortInfo().getVerification().getVerified(),
+                    commit.getCommitShortInfo().getVerification().getVerified());
+            assertEquals(expected.getCommitShortInfo().getVerification().getReason(),
+                    commit.getCommitShortInfo().getVerification().getReason());
+            assertEquals(expected.getCommitShortInfo().getVerification().getSignature(),
+                    commit.getCommitShortInfo().getVerification().getSignature());
+            assertEquals(expected.getCommitShortInfo().getVerification().getPayload(),
+                    commit.getCommitShortInfo().getVerification().getPayload());
+        }
+    }
+}