Merge pull request #1715 from AstroTlaloc/01-signed-commits-enum

Adding new enums for verification reasons using X.509 certificate sig…
hub4j · Oct 19, 2023 · 363318b · 363318b
2 parents 1cb9e66 + 8640a85
commit 363318b
Show file tree

Hide file tree

Showing 32 changed files with 2,200 additions and 16 deletions.
diff --git a/src/main/java/org/kohsuke/github/GHVerification.java b/src/main/java/org/kohsuke/github/GHVerification.java
@@ -61,48 +61,63 @@ public String getPayload() {
      * The possible values for reason in verification object from github.
      *
      * @author Sourabh Sarvotham Parkala
-     * @see <a href="https://developer.github.com/v3/repos/commits/#signature-verification-object">List of possible
-     *      reason values</a>
+     * @see <a href="https://docs.github.com/en/graphql/reference/enums#gitsignaturestate">List of possible reason
+     *      values. Note graphQL documentation has currently the most updated values.</a>
      */
     public enum Reason {
 
-        /** The expired key. */
+        /** Signing key expired. */
         EXPIRED_KEY,
 
-        /** The not signing key. */
+        /** The usage flags for the key that signed this don't allow signing. */
         NOT_SIGNING_KEY,
 
-        /** The gpgverify error. */
+        /** The GPG verification service misbehaved. */
         GPGVERIFY_ERROR,
 
-        /** The gpgverify unavailable. */
+        /** The GPG verification service is unavailable at the moment. */
         GPGVERIFY_UNAVAILABLE,
 
-        /** The unsigned. */
+        /** Unsigned. */
         UNSIGNED,
 
-        /** The unknown signature type. */
+        /** Unknown signature type. */
         UNKNOWN_SIGNATURE_TYPE,
 
-        /** The no user. */
+        /** Email used for signing not known to GitHub. */
         NO_USER,
 
-        /** The unverified email. */
+        /** Email used for signing unverified on GitHub. */
         UNVERIFIED_EMAIL,
 
-        /** The bad email. */
+        /** Invalid email used for signing. */
         BAD_EMAIL,
 
-        /** The unknown key. */
+        /** Key used for signing not known to GitHub. */
         UNKNOWN_KEY,
 
-        /** The malformed signature. */
+        /** Malformed signature. */
         MALFORMED_SIGNATURE,
 
-        /** The invalid. */
+        /** Invalid signature. */
         INVALID,
 
-        /** The valid. */
-        VALID
+        /** Valid signature and verified by GitHub. */
+        VALID,
+
+        /** The signing certificate or its chain could not be verified. */
+        BAD_CERT,
+
+        /** Malformed signature. (Returned by graphQL) */
+        MALFORMED_SIG,
+
+        /** Valid signature, though certificate revocation check failed. */
+        OCSP_ERROR,
+
+        /** Valid signature, pending certificate revocation checking. */
+        OCSP_PENDING,
+
+        /** One or more certificates in chain has been revoked. */
+        OCSP_REVOKED
     }
 }
diff --git a/src/test/java/org/kohsuke/github/GHVerificationReasonTest.java b/src/test/java/org/kohsuke/github/GHVerificationReasonTest.java
@@ -217,4 +217,88 @@ public void testValid() throws Exception {
         assertThat(commit.getCommitShortInfo().getVerification().getPayload(), notNullValue());
         assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
     }
+
+    /**
+     * Test bad cert.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test
+    public void testBadCert() throws Exception {
+        GHRepository r = gitHub.getRepository("hub4j/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
+        assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
+        assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
+        assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
+        assertThat(commit.getCommitShortInfo().getVerification().getReason(), equalTo(GHVerification.Reason.BAD_CERT));
+    }
+
+    /**
+     * Test malformed sig.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test
+    public void testMalformedSig() throws Exception {
+        GHRepository r = gitHub.getRepository("hub4j/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
+        assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
+        assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
+        assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
+        assertThat(commit.getCommitShortInfo().getVerification().getReason(),
+                equalTo(GHVerification.Reason.MALFORMED_SIG));
+    }
+
+    /**
+     * Test OSCP error.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test
+    public void testOcspError() throws Exception {
+        GHRepository r = gitHub.getRepository("hub4j/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
+        assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
+        assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
+        assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
+        assertThat(commit.getCommitShortInfo().getVerification().getReason(),
+                equalTo(GHVerification.Reason.OCSP_ERROR));
+    }
+
+    /**
+     * Test OSCP pending.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test
+    public void testOscpPending() throws Exception {
+        GHRepository r = gitHub.getRepository("hub4j/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
+        assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
+        assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
+        assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
+        assertThat(commit.getCommitShortInfo().getVerification().getReason(),
+                equalTo(GHVerification.Reason.OCSP_PENDING));
+    }
+
+    /**
+     * Test OCSP revoked.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test
+    public void testOscpRevoked() throws Exception {
+        GHRepository r = gitHub.getRepository("hub4j/github-api");
+        GHCommit commit = r.getCommit("86a2e245aa6d71d54923655066049d9e21a15f01");
+        assertThat(commit.getCommitShortInfo().getAuthor().getName(), equalTo("Sourabh Parkala"));
+        assertThat(commit.getCommitShortInfo().getVerification().getSignature(), notNullValue());
+        assertThat(commit.getCommitShortInfo().getVerification().isVerified(), is(false));
+        assertThat(commit.getCommitShortInfo().getVerification().getReason(),
+                equalTo(GHVerification.Reason.OCSP_REVOKED));
+    }
 }
diff --git a/...ithub/GHVerificationReasonTest/wiremock/testBadCert/__files/repos_hub4j_github-api-2.json b/...ithub/GHVerificationReasonTest/wiremock/testBadCert/__files/repos_hub4j_github-api-2.json
@@ -0,0 +1,130 @@
+{
+  "id": 617210,
+  "node_id": "MDEwOlJlcG9zaXRvcnk2MTcyMTA=",
+  "name": "github-api",
+  "full_name": "hub4j/github-api",
+  "private": false,
+  "owner": {
+    "login": "hub4j",
+    "id": 54909825,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0OTA5ODI1",
+    "avatar_url": "https://avatars3.githubusercontent.com/u/54909825?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/hub4j",
+    "html_url": "https://github.com/hub4j",
+    "followers_url": "https://api.github.com/users/hub4j/followers",
+    "following_url": "https://api.github.com/users/hub4j/following{/other_user}",
+    "gists_url": "https://api.github.com/users/hub4j/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/hub4j/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/hub4j/subscriptions",
+    "organizations_url": "https://api.github.com/users/hub4j/orgs",
+    "repos_url": "https://api.github.com/users/hub4j/repos",
+    "events_url": "https://api.github.com/users/hub4j/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/hub4j/received_events",
+    "type": "Organization",
+    "site_admin": false
+  },
+  "html_url": "https://github.com/hub4j/github-api",
+  "description": "Java API for GitHub",
+  "fork": false,
+  "url": "https://api.github.com/repos/hub4j/github-api",
+  "forks_url": "https://api.github.com/repos/hub4j/github-api/forks",
+  "keys_url": "https://api.github.com/repos/hub4j/github-api/keys{/key_id}",
+  "collaborators_url": "https://api.github.com/repos/hub4j/github-api/collaborators{/collaborator}",
+  "teams_url": "https://api.github.com/repos/hub4j/github-api/teams",
+  "hooks_url": "https://api.github.com/repos/hub4j/github-api/hooks",
+  "issue_events_url": "https://api.github.com/repos/hub4j/github-api/issues/events{/number}",
+  "events_url": "https://api.github.com/repos/hub4j/github-api/events",
+  "assignees_url": "https://api.github.com/repos/hub4j/github-api/assignees{/user}",
+  "branches_url": "https://api.github.com/repos/hub4j/github-api/branches{/branch}",
+  "tags_url": "https://api.github.com/repos/hub4j/github-api/tags",
+  "blobs_url": "https://api.github.com/repos/hub4j/github-api/git/blobs{/sha}",
+  "git_tags_url": "https://api.github.com/repos/hub4j/github-api/git/tags{/sha}",
+  "git_refs_url": "https://api.github.com/repos/hub4j/github-api/git/refs{/sha}",
+  "trees_url": "https://api.github.com/repos/hub4j/github-api/git/trees{/sha}",
+  "statuses_url": "https://api.github.com/repos/hub4j/github-api/statuses/{sha}",
+  "languages_url": "https://api.github.com/repos/hub4j/github-api/languages",
+  "stargazers_url": "https://api.github.com/repos/hub4j/github-api/stargazers",
+  "contributors_url": "https://api.github.com/repos/hub4j/github-api/contributors",
+  "subscribers_url": "https://api.github.com/repos/hub4j/github-api/subscribers",
+  "subscription_url": "https://api.github.com/repos/hub4j/github-api/subscription",
+  "commits_url": "https://api.github.com/repos/hub4j/github-api/commits{/sha}",
+  "git_commits_url": "https://api.github.com/repos/hub4j/github-api/git/commits{/sha}",
+  "comments_url": "https://api.github.com/repos/hub4j/github-api/comments{/number}",
+  "issue_comment_url": "https://api.github.com/repos/hub4j/github-api/issues/comments{/number}",
+  "contents_url": "https://api.github.com/repos/hub4j/github-api/contents/{+path}",
+  "compare_url": "https://api.github.com/repos/hub4j/github-api/compare/{base}...{head}",
+  "merges_url": "https://api.github.com/repos/hub4j/github-api/merges",
+  "archive_url": "https://api.github.com/repos/hub4j/github-api/{archive_format}{/ref}",
+  "downloads_url": "https://api.github.com/repos/hub4j/github-api/downloads",
+  "issues_url": "https://api.github.com/repos/hub4j/github-api/issues{/number}",
+  "pulls_url": "https://api.github.com/repos/hub4j/github-api/pulls{/number}",
+  "milestones_url": "https://api.github.com/repos/hub4j/github-api/milestones{/number}",
+  "notifications_url": "https://api.github.com/repos/hub4j/github-api/notifications{?since,all,participating}",
+  "labels_url": "https://api.github.com/repos/hub4j/github-api/labels{/name}",
+  "releases_url": "https://api.github.com/repos/hub4j/github-api/releases{/id}",
+  "deployments_url": "https://api.github.com/repos/hub4j/github-api/deployments",
+  "created_at": "2010-04-19T04:13:03Z",
+  "updated_at": "2019-10-25T01:32:16Z",
+  "pushed_at": "2019-10-25T16:41:09Z",
+  "git_url": "git://github.com/hub4j/github-api.git",
+  "ssh_url": "[email protected]:hub4j/github-api.git",
+  "clone_url": "https://github.com/hub4j/github-api.git",
+  "svn_url": "https://github.com/hub4j/github-api",
+  "homepage": "http://github-api.kohsuke.org/",
+  "size": 13494,
+  "stargazers_count": 565,
+  "watchers_count": 565,
+  "language": "Java",
+  "has_issues": true,
+  "has_projects": true,
+  "has_downloads": true,
+  "has_wiki": true,
+  "has_pages": true,
+  "forks_count": 433,
+  "mirror_url": null,
+  "archived": false,
+  "disabled": false,
+  "open_issues_count": 64,
+  "license": {
+    "key": "mit",
+    "name": "MIT License",
+    "spdx_id": "MIT",
+    "url": "https://api.github.com/licenses/mit",
+    "node_id": "MDc6TGljZW5zZTEz"
+  },
+  "forks": 433,
+  "open_issues": 64,
+  "watchers": 565,
+  "default_branch": "main",
+  "permissions": {
+    "admin": true,
+    "push": true,
+    "pull": true
+  },
+  "allow_squash_merge": true,
+  "allow_merge_commit": true,
+  "allow_rebase_merge": true,
+  "organization": {
+    "login": "hub4j",
+    "id": 54909825,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0OTA5ODI1",
+    "avatar_url": "https://avatars3.githubusercontent.com/u/54909825?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/hub4j",
+    "html_url": "https://github.com/hub4j",
+    "followers_url": "https://api.github.com/users/hub4j/followers",
+    "following_url": "https://api.github.com/users/hub4j/following{/other_user}",
+    "gists_url": "https://api.github.com/users/hub4j/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/hub4j/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/hub4j/subscriptions",
+    "organizations_url": "https://api.github.com/users/hub4j/orgs",
+    "repos_url": "https://api.github.com/users/hub4j/repos",
+    "events_url": "https://api.github.com/users/hub4j/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/hub4j/received_events",
+    "type": "Organization",
+    "site_admin": false
+  },
+  "network_count": 433,
+  "subscribers_count": 48
+}