Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding new enums for verification reasons using X.509 certificate sig… #1715

Merged
merged 5 commits into from
Oct 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 31 additions & 16 deletions src/main/java/org/kohsuke/github/GHVerification.java
Original file line number Diff line number Diff line change
Expand Up @@ -61,48 +61,63 @@ public String getPayload() {
* The possible values for reason in verification object from github.
*
* @author Sourabh Sarvotham Parkala
* @see <a href="https://developer.github.com/v3/repos/commits/#signature-verification-object">List of possible
* reason values</a>
* @see <a href="https://docs.github.com/en/graphql/reference/enums#gitsignaturestate">List of possible reason
* values. Note graphQL documentation has currently the most updated values.</a>
*/
public enum Reason {

/** The expired key. */
/** Signing key expired. */
EXPIRED_KEY,

/** The not signing key. */
/** The usage flags for the key that signed this don't allow signing. */
NOT_SIGNING_KEY,

/** The gpgverify error. */
/** The GPG verification service misbehaved. */
GPGVERIFY_ERROR,

/** The gpgverify unavailable. */
/** The GPG verification service is unavailable at the moment. */
GPGVERIFY_UNAVAILABLE,

/** The unsigned. */
/** Unsigned. */
UNSIGNED,

/** The unknown signature type. */
/** Unknown signature type. */
UNKNOWN_SIGNATURE_TYPE,

/** The no user. */
/** Email used for signing not known to GitHub. */
NO_USER,

/** The unverified email. */
/** Email used for signing unverified on GitHub. */
UNVERIFIED_EMAIL,

/** The bad email. */
/** Invalid email used for signing. */
BAD_EMAIL,

/** The unknown key. */
/** Key used for signing not known to GitHub. */
UNKNOWN_KEY,

/** The malformed signature. */
/** Malformed signature. */
MALFORMED_SIGNATURE,

/** The invalid. */
/** Invalid signature. */
INVALID,

/** The valid. */
VALID
/** Valid signature and verified by GitHub. */
VALID,

/** The signing certificate or its chain could not be verified. */
BAD_CERT,

/** Malformed signature. (Returned by graphQL) */
MALFORMED_SIG,

/** Valid signature, though certificate revocation check failed. */
OCSP_ERROR,

/** Valid signature, pending certificate revocation checking. */
OCSP_PENDING,

/** One or more certificates in chain has been revoked. */
OCSP_REVOKED
}
}
84 changes: 84 additions & 0 deletions src/test/java/org/kohsuke/github/GHVerificationReasonTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -217,4 +217,88 @@ public void testValid() throws Exception {
assertThat(commit.getCommitShortInfo().getVerification().getPayload(), notNullValue());
assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
}

/**
* Test bad cert.
*
* @throws Exception
* the exception
*/
@Test
public void testBadCert() throws Exception {
GHRepository r = gitHub.getRepository("hub4j/github-api");
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
assertThat(commit.getCommitShortInfo().getVerification().getReason(), equalTo(GHVerification.Reason.BAD_CERT));
}

/**
* Test malformed sig.
*
* @throws Exception
* the exception
*/
@Test
public void testMalformedSig() throws Exception {
GHRepository r = gitHub.getRepository("hub4j/github-api");
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
assertThat(commit.getCommitShortInfo().getVerification().getReason(),
equalTo(GHVerification.Reason.MALFORMED_SIG));
}

/**
* Test OSCP error.
*
* @throws Exception
* the exception
*/
@Test
public void testOcspError() throws Exception {
GHRepository r = gitHub.getRepository("hub4j/github-api");
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
assertThat(commit.getCommitShortInfo().getVerification().getReason(),
equalTo(GHVerification.Reason.OCSP_ERROR));
}

/**
* Test OSCP pending.
*
* @throws Exception
* the exception
*/
@Test
public void testOscpPending() throws Exception {
GHRepository r = gitHub.getRepository("hub4j/github-api");
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
assertThat(commit.getCommitShortInfo().getVerification().getReason(),
equalTo(GHVerification.Reason.OCSP_PENDING));
}

/**
* Test OCSP revoked.
*
* @throws Exception
* the exception
*/
@Test
public void testOscpRevoked() throws Exception {
GHRepository r = gitHub.getRepository("hub4j/github-api");
GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
assertThat(commit.getCommitShortInfo().getVerification().getReason(),
equalTo(GHVerification.Reason.OCSP_REVOKED));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
{
"id": 617210,
"node_id": "MDEwOlJlcG9zaXRvcnk2MTcyMTA=",
"name": "github-api",
"full_name": "hub4j/github-api",
"private": false,
"owner": {
"login": "hub4j",
"id": 54909825,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjU0OTA5ODI1",
"avatar_url": "https://avatars3.githubusercontent.com/u/54909825?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/hub4j",
"html_url": "https://github.com/hub4j",
"followers_url": "https://api.github.com/users/hub4j/followers",
"following_url": "https://api.github.com/users/hub4j/following{/other_user}",
"gists_url": "https://api.github.com/users/hub4j/gists{/gist_id}",
"starred_url": "https://api.github.com/users/hub4j/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/hub4j/subscriptions",
"organizations_url": "https://api.github.com/users/hub4j/orgs",
"repos_url": "https://api.github.com/users/hub4j/repos",
"events_url": "https://api.github.com/users/hub4j/events{/privacy}",
"received_events_url": "https://api.github.com/users/hub4j/received_events",
"type": "Organization",
"site_admin": false
},
"html_url": "https://github.com/hub4j/github-api",
"description": "Java API for GitHub",
"fork": false,
"url": "https://api.github.com/repos/hub4j/github-api",
"forks_url": "https://api.github.com/repos/hub4j/github-api/forks",
"keys_url": "https://api.github.com/repos/hub4j/github-api/keys{/key_id}",
"collaborators_url": "https://api.github.com/repos/hub4j/github-api/collaborators{/collaborator}",
"teams_url": "https://api.github.com/repos/hub4j/github-api/teams",
"hooks_url": "https://api.github.com/repos/hub4j/github-api/hooks",
"issue_events_url": "https://api.github.com/repos/hub4j/github-api/issues/events{/number}",
"events_url": "https://api.github.com/repos/hub4j/github-api/events",
"assignees_url": "https://api.github.com/repos/hub4j/github-api/assignees{/user}",
"branches_url": "https://api.github.com/repos/hub4j/github-api/branches{/branch}",
"tags_url": "https://api.github.com/repos/hub4j/github-api/tags",
"blobs_url": "https://api.github.com/repos/hub4j/github-api/git/blobs{/sha}",
"git_tags_url": "https://api.github.com/repos/hub4j/github-api/git/tags{/sha}",
"git_refs_url": "https://api.github.com/repos/hub4j/github-api/git/refs{/sha}",
"trees_url": "https://api.github.com/repos/hub4j/github-api/git/trees{/sha}",
"statuses_url": "https://api.github.com/repos/hub4j/github-api/statuses/{sha}",
"languages_url": "https://api.github.com/repos/hub4j/github-api/languages",
"stargazers_url": "https://api.github.com/repos/hub4j/github-api/stargazers",
"contributors_url": "https://api.github.com/repos/hub4j/github-api/contributors",
"subscribers_url": "https://api.github.com/repos/hub4j/github-api/subscribers",
"subscription_url": "https://api.github.com/repos/hub4j/github-api/subscription",
"commits_url": "https://api.github.com/repos/hub4j/github-api/commits{/sha}",
"git_commits_url": "https://api.github.com/repos/hub4j/github-api/git/commits{/sha}",
"comments_url": "https://api.github.com/repos/hub4j/github-api/comments{/number}",
"issue_comment_url": "https://api.github.com/repos/hub4j/github-api/issues/comments{/number}",
"contents_url": "https://api.github.com/repos/hub4j/github-api/contents/{+path}",
"compare_url": "https://api.github.com/repos/hub4j/github-api/compare/{base}...{head}",
"merges_url": "https://api.github.com/repos/hub4j/github-api/merges",
"archive_url": "https://api.github.com/repos/hub4j/github-api/{archive_format}{/ref}",
"downloads_url": "https://api.github.com/repos/hub4j/github-api/downloads",
"issues_url": "https://api.github.com/repos/hub4j/github-api/issues{/number}",
"pulls_url": "https://api.github.com/repos/hub4j/github-api/pulls{/number}",
"milestones_url": "https://api.github.com/repos/hub4j/github-api/milestones{/number}",
"notifications_url": "https://api.github.com/repos/hub4j/github-api/notifications{?since,all,participating}",
"labels_url": "https://api.github.com/repos/hub4j/github-api/labels{/name}",
"releases_url": "https://api.github.com/repos/hub4j/github-api/releases{/id}",
"deployments_url": "https://api.github.com/repos/hub4j/github-api/deployments",
"created_at": "2010-04-19T04:13:03Z",
"updated_at": "2019-10-25T01:32:16Z",
"pushed_at": "2019-10-25T16:41:09Z",
"git_url": "git://github.com/hub4j/github-api.git",
"ssh_url": "[email protected]:hub4j/github-api.git",
"clone_url": "https://github.com/hub4j/github-api.git",
"svn_url": "https://github.com/hub4j/github-api",
"homepage": "http://github-api.kohsuke.org/",
"size": 13494,
"stargazers_count": 565,
"watchers_count": 565,
"language": "Java",
"has_issues": true,
"has_projects": true,
"has_downloads": true,
"has_wiki": true,
"has_pages": true,
"forks_count": 433,
"mirror_url": null,
"archived": false,
"disabled": false,
"open_issues_count": 64,
"license": {
"key": "mit",
"name": "MIT License",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit",
"node_id": "MDc6TGljZW5zZTEz"
},
"forks": 433,
"open_issues": 64,
"watchers": 565,
"default_branch": "main",
"permissions": {
"admin": true,
"push": true,
"pull": true
},
"allow_squash_merge": true,
"allow_merge_commit": true,
"allow_rebase_merge": true,
"organization": {
"login": "hub4j",
"id": 54909825,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjU0OTA5ODI1",
"avatar_url": "https://avatars3.githubusercontent.com/u/54909825?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/hub4j",
"html_url": "https://github.com/hub4j",
"followers_url": "https://api.github.com/users/hub4j/followers",
"following_url": "https://api.github.com/users/hub4j/following{/other_user}",
"gists_url": "https://api.github.com/users/hub4j/gists{/gist_id}",
"starred_url": "https://api.github.com/users/hub4j/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/hub4j/subscriptions",
"organizations_url": "https://api.github.com/users/hub4j/orgs",
"repos_url": "https://api.github.com/users/hub4j/repos",
"events_url": "https://api.github.com/users/hub4j/events{/privacy}",
"received_events_url": "https://api.github.com/users/hub4j/received_events",
"type": "Organization",
"site_admin": false
},
"network_count": 433,
"subscribers_count": 48
}
Loading