Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

org.kohsuke.github.GHVerification$Reason deserialization failure #1714

Closed
AstroTlaloc opened this issue Sep 20, 2023 · 0 comments · Fixed by #1715
Closed

org.kohsuke.github.GHVerification$Reason deserialization failure #1714

AstroTlaloc opened this issue Sep 20, 2023 · 0 comments · Fixed by #1715
Labels
enhancement good first issue

Comments

@AstroTlaloc
Copy link
Contributor

Describe the bug
Github introduced support for commit signatures using X.509 certificates and this also introduced new verification reasons specific to X.509 certificates.

Currently, the github client is failing to deserialize the following new reason values as the GHVerification$Reason enum class hasn't been updated:
BAD_CERT, MALFORMED_SIG, OCSP_ERROR, OCSP_PENDING, OCSP_REVOKED.

Note: It seems that Github has only updated the documentation for graphQL queries and the REST documentation hasn't been updated with this values. However, I have verified manually some of this values using the REST and they are indeed being returned by the API.

Documentation:
https://docs.github.com/en/graphql/reference/enums#gitsignaturestate

To Reproduce
Steps to reproduce the behavior:

  1. Generate a local CA self-signed certificate
  2. Generate a certificate for user.
  3. Sign certificate using the local CA.
  4. Sign a commit with the certificate.
  5. Push the signed commit to GIthub.com
  6. See the verification badge of the commit. It will be unverified, since Github.com only trusts certificates signed by public CA.
  7. Use github-api get the verification reason of the commit above:
    GHRepository repo = github.getRepository("AstroTlaloc/SignedCommitTestRepo");
    GHCommit commit = repo.getCommit("a2e88ca4ce3550a36c51f8482e06af6b1379c996");
  8. Fetch will fail

Caused by: com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type org.kohsuke.github.GHVerification$Reason from String "bad_cert": not one of the values accepted for Enum class: [GPGVERIFY_ERROR, BAD_EMAIL, EXPIRED_KEY, GPGVERIFY_UNAVAILABLE, NO_USER, UNKNOWN_KEY, MALFORMED_SIGNATURE, UNSIGNED, UNKNOWN_SIGNATURE_TYPE, INVALID, NOT_SIGNING_KEY, VALID, UNVERIFIED_EMAIL]
at [Source: (String)"{"sha":"a2e88ca4ce3550a36c51f8482e06af6b1379c996","node_id":"C_kwDOKVOPENoAKGEyZTg4Y2E0Y2UzNTUwYTM2YzUxZjg0ODJlMDZhZjZiMTM3OWM5OTY","commit":{"author":{"name":"Ulises","email":"[email protected]","date":"2023-09-18T23:28:50Z"},"committer":{"name":"Ulises","email":"[email protected]","date":"2023-09-18T23:28:50Z"},"message":"Testing invalid CA","tree":{"sha":"f7b5a4a9c2ce6978e5735a9a91e949b133394405","url":"https://api.github.com/repos/AstroTlaloc/SignedCommitTestRepo/git/trees/f7b5a4a9c2ce6978"[truncated 6128 chars]; line: 1, column: 711] (through reference chain: org.kohsuke.github.GHCommit["commit"]->org.kohsuke.github.GHCommit$ShortInfo["verification"]->org.kohsuke.github.GHVerification["reason"])

Expected behavior
New unverified reasons for signed commits should be parsed and deserialized correctly with one the Reason enum values instead of throwing an exception.

Desktop (please complete the following information):

  • OS: MacOS
  • Browser: Chrome

Additional context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding new enums for verification reasons using X.509 certificate sig… AstroTlaloc/github-api
2 participants
@bitwiseman @AstroTlaloc