forked from hub4j/github-api
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Get commit or tag signature verified flag
This fixes hub4j#737 - A new entity GHVerification.java has been added which would be reflecting Verification flag - Updating GHCommit.java and GHTagObject.java with GHVerification - Altering few test cases AppTest.java and GHTagTest.java to verify if the Verification entity is being picked up - A separate test class SignatureVerificationTest.java with the associated wiremock test resources - Adding a new enum GHReason.java - Updating tests to check the GHReason implementation, GHReasonTest.java with the associated wiremock test resources
- Loading branch information
1 parent
db46b1c
commit b6fe00e
Showing
112 changed files
with
10,262 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package org.kohsuke.github; | ||
|
||
/** | ||
* The possible values for reason in verification object from github. | ||
* | ||
* @see <a href="https://developer.github.com/v3/repos/commits/#signature-verification-object">List of possible reason | ||
* values</a> | ||
* @author Sourabh Sarvotham Parkala | ||
*/ | ||
public enum GHReason { | ||
expired_key, | ||
not_signing_key, | ||
gpgverify_error, | ||
gpgverify_unavailable, | ||
unsigned, | ||
unknown_signature_type, | ||
no_user, | ||
unverified_email, | ||
bad_email, | ||
unknown_key, | ||
malformed_signature, | ||
invalid, | ||
valid | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package org.kohsuke.github; | ||
|
||
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; | ||
|
||
/** | ||
* The commit/tag would be signed by user. This object would hold the verification status. Whether the Commit/Tag is | ||
* signed or not. | ||
* | ||
* @author Sourabh Sarvotham Parkala | ||
*/ | ||
@SuppressFBWarnings(value = { "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", "UWF_UNWRITTEN_FIELD", "NP_UNWRITTEN_FIELD" }, | ||
justification = "JSON API") | ||
public class GHVerification { | ||
private String signature, payload; | ||
private boolean verified; | ||
private GHReason reason; | ||
|
||
/** | ||
* Indicates whether GitHub considers the signature in this commit to be verified. | ||
* | ||
* @return true if the signature is valid else returns false. | ||
*/ | ||
public boolean getVerified() { | ||
return verified; | ||
} | ||
|
||
/** | ||
* Gets reason for verification value. | ||
* | ||
* @return return reason of type {@link GHReason}, such as "valid" or "unsigned". The possible values can be found | ||
* in {@link GHReason}} | ||
*/ | ||
public GHReason getReason() { | ||
return reason; | ||
} | ||
|
||
/** | ||
* Gets signature used for the verification. | ||
* | ||
* @return null if not signed else encoded signature. | ||
*/ | ||
public String getSignature() { | ||
return signature; | ||
} | ||
|
||
/** | ||
* Gets the payload that was signed. | ||
* | ||
* @return null if not signed else encoded signature. | ||
*/ | ||
public String getPayload() { | ||
return payload; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
package org.kohsuke.github; | ||
|
||
import org.junit.Test; | ||
|
||
/** | ||
* @author Sourabh Sarvotham Parkala | ||
* @see Issue 737 | ||
*/ | ||
public class GHReasonTest extends AbstractGitHubWireMockTest { | ||
|
||
@Test | ||
public void testExpiredKeyVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.expired_key); | ||
} | ||
|
||
@Test | ||
public void testNotSigningKeyVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f02"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.not_signing_key); | ||
} | ||
|
||
@Test | ||
public void testGpgverifyErrorVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f03"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.gpgverify_error); | ||
} | ||
|
||
@Test | ||
public void testGpgverifyUnavailableVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f04"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.gpgverify_unavailable); | ||
} | ||
|
||
@Test | ||
public void testUnsignedVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f05"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unsigned); | ||
} | ||
|
||
@Test | ||
public void testUnknownSignatureTypeVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f06"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unknown_signature_type); | ||
} | ||
|
||
@Test | ||
public void testNoUserVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f07"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.no_user); | ||
} | ||
|
||
@Test | ||
public void testUnverifiedEmailVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f08"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unverified_email); | ||
} | ||
|
||
@Test | ||
public void testBadEmailVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f09"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.bad_email); | ||
} | ||
|
||
@Test | ||
public void testUnknownKeyVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f10"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.unknown_key); | ||
} | ||
|
||
@Test | ||
public void testMalformedSignatureVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f11"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.malformed_signature); | ||
} | ||
|
||
@Test | ||
public void testInvalidVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f12"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertFalse(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.invalid); | ||
} | ||
|
||
@Test | ||
public void testValidVerification() throws Exception { | ||
GHRepository r = gitHub.getRepository("github-api/github-api"); | ||
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f13"); | ||
assertEquals(commit.getCommitShortInfo().getAuthor().getName(), "Sourabh Parkala"); | ||
assertTrue(commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(commit.getCommitShortInfo().getVerification().getReason(), GHReason.valid); | ||
assertNotNull(commit.getCommitShortInfo().getVerification().getPayload()); | ||
assertNotNull(commit.getCommitShortInfo().getVerification().getSignature()); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
src/test/java/org/kohsuke/github/SignatureVerificationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package org.kohsuke.github; | ||
|
||
import com.google.common.collect.Iterables; | ||
import org.junit.Test; | ||
|
||
/** | ||
* @author Sourabh Sarvotham Parkala | ||
*/ | ||
public class SignatureVerificationTest extends AbstractGitHubWireMockTest { | ||
|
||
@Test // issue 737 | ||
public void commitSignatureVerification() throws Exception { | ||
GHRepository repo = gitHub.getRepository("stapler/stapler"); | ||
PagedIterable<GHCommit> commits = repo.queryCommits().path("pom.xml").list(); | ||
for (GHCommit commit : Iterables.limit(commits, 10)) { | ||
GHCommit expected = repo.getCommit(commit.getSHA1()); | ||
assertEquals(expected.getCommitShortInfo().getVerification().getVerified(), | ||
commit.getCommitShortInfo().getVerification().getVerified()); | ||
assertEquals(expected.getCommitShortInfo().getVerification().getReason(), | ||
commit.getCommitShortInfo().getVerification().getReason()); | ||
assertEquals(expected.getCommitShortInfo().getVerification().getSignature(), | ||
commit.getCommitShortInfo().getVerification().getSignature()); | ||
assertEquals(expected.getCommitShortInfo().getVerification().getPayload(), | ||
commit.getCommitShortInfo().getVerification().getPayload()); | ||
} | ||
} | ||
} |
Oops, something went wrong.