Treat external ID as invalid if the note ID doesn't match

The SHA1 of an external ID is used as note ID in the
refs/meta/external-ids branch. This ensures that external IDs are
unique. However we must treat external IDs as invalid if the SHA1 of
their key doesn't match the note ID under which they are stored.

Change-Id: I3f4b27655098fa863f38c8852cf1de090796d3a2
Signed-off-by: Edwin Kempin <ekempin@google.com>

gerrit-server/src/main/java/com/google/gerrit/server/account/externalids/ExternalId.java

@@ -225,6 +225,13 @@ public abstract class ExternalId implements Serializable {
       throw invalidConfig(noteId, String.format("Invalid external id: %s", externalIdKeyStr));
     }
 
+    if (!externalIdKey.sha1().getName().equals(noteId)) {
+      throw invalidConfig(
+          noteId,
+          String.format(
+              "SHA1 of external ID %s does not match note ID %s", externalIdKeyStr, noteId));
+    }
+
     String email = externalIdConfig.getString(EXTERNAL_ID_SECTION, externalIdKeyStr, EMAIL_KEY);
     String password =
         externalIdConfig.getString(EXTERNAL_ID_SECTION, externalIdKeyStr, PASSWORD_KEY);