Browse Source

GPG: check secring.gpg for keys if pubring.kbx is empty

If no OpenPGP key is found in pubring.kbx, try the legacy secring.gpg.
This appears to be consistent with GPG[1].

[1] https://lists.gnupg.org/pipermail/gnupg-users/2015-December/054881.html

Bug: 549439
Change-Id: I1557fd9b1f555a9b521fcd57cd3caccbdbacbeda
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
stable-5.5
Thomas Wolf 5 years ago committed by Matthias Sohn
parent
commit
db0eb9f8ae
  1. 80
      org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java

80
org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java

@ -97,6 +97,13 @@ import org.slf4j.LoggerFactory;
*/ */
class BouncyCastleGpgKeyLocator { class BouncyCastleGpgKeyLocator {
/** Thrown if a keybox file exists but doesn't contain an OpenPGP key. */
private static class NoOpenPgpKeyException extends Exception {
private static final long serialVersionUID = 1L;
}
private static final Logger log = LoggerFactory private static final Logger log = LoggerFactory
.getLogger(BouncyCastleGpgKeyLocator.class); .getLogger(BouncyCastleGpgKeyLocator.class);
@ -215,13 +222,17 @@ class BouncyCastleGpgKeyLocator {
* in case of problems reading the file * in case of problems reading the file
* @throws NoSuchAlgorithmException * @throws NoSuchAlgorithmException
* @throws NoSuchProviderException * @throws NoSuchProviderException
* @throws NoOpenPgpKeyException
* if the file does not contain any OpenPGP key
*/ */
private PGPPublicKey findPublicKeyInKeyBox(Path keyboxFile) private PGPPublicKey findPublicKeyInKeyBox(Path keyboxFile)
throws IOException, NoSuchAlgorithmException, throws IOException, NoSuchAlgorithmException,
NoSuchProviderException { NoSuchProviderException, NoOpenPgpKeyException {
KeyBox keyBox = readKeyBoxFile(keyboxFile); KeyBox keyBox = readKeyBoxFile(keyboxFile);
boolean hasOpenPgpKey = false;
for (KeyBlob keyBlob : keyBox.getKeyBlobs()) { for (KeyBlob keyBlob : keyBox.getKeyBlobs()) {
if (keyBlob.getType() == BlobType.OPEN_PGP_BLOB) { if (keyBlob.getType() == BlobType.OPEN_PGP_BLOB) {
hasOpenPgpKey = true;
PGPPublicKey key = findPublicKeyByKeyId(keyBlob); PGPPublicKey key = findPublicKeyByKeyId(keyBlob);
if (key != null) { if (key != null) {
return key; return key;
@ -232,6 +243,9 @@ class BouncyCastleGpgKeyLocator {
} }
} }
} }
if (!hasOpenPgpKey) {
throw new NoOpenPgpKeyException();
}
return null; return null;
} }
@ -253,34 +267,58 @@ class BouncyCastleGpgKeyLocator {
public BouncyCastleGpgKey findSecretKey() throws IOException, public BouncyCastleGpgKey findSecretKey() throws IOException,
NoSuchAlgorithmException, NoSuchProviderException, PGPException, NoSuchAlgorithmException, NoSuchProviderException, PGPException,
CanceledException, UnsupportedCredentialItem, URISyntaxException { CanceledException, UnsupportedCredentialItem, URISyntaxException {
BouncyCastleGpgKey key;
if (exists(USER_KEYBOX_PATH)) { if (exists(USER_KEYBOX_PATH)) {
PGPPublicKey publicKey = // try {
findPublicKeyInKeyBox(USER_KEYBOX_PATH); key = loadKeyFromKeybox(USER_KEYBOX_PATH);
if (key != null) {
return key;
}
throw new PGPException(MessageFormat.format(
JGitText.get().gpgNoPublicKeyFound, signingKey));
} catch (NoOpenPgpKeyException e) {
// Ignore and try the secring.gpg, if it exists.
if (log.isDebugEnabled()) {
log.debug("{} does not contain any OpenPGP keys", //$NON-NLS-1$
USER_KEYBOX_PATH);
}
}
}
if (exists(USER_PGP_LEGACY_SECRING_FILE)) {
key = loadKeyFromSecring(USER_PGP_LEGACY_SECRING_FILE);
if (key != null) {
return key;
}
throw new PGPException(MessageFormat.format(
JGitText.get().gpgNoKeyInLegacySecring, signingKey));
}
throw new PGPException(JGitText.get().gpgNoKeyring);
}
private BouncyCastleGpgKey loadKeyFromKeybox(Path keybox)
throws NoOpenPgpKeyException, NoSuchAlgorithmException,
NoSuchProviderException, IOException, CanceledException,
UnsupportedCredentialItem, PGPException, URISyntaxException {
PGPPublicKey publicKey = findPublicKeyInKeyBox(keybox);
if (publicKey != null) { if (publicKey != null) {
return findSecretKeyForKeyBoxPublicKey(publicKey, return findSecretKeyForKeyBoxPublicKey(publicKey, keybox);
USER_KEYBOX_PATH); }
return null;
} }
throw new PGPException(MessageFormat private BouncyCastleGpgKey loadKeyFromSecring(Path secring)
.format(JGitText.get().gpgNoPublicKeyFound, signingKey)); throws IOException, PGPException {
} else if (exists(USER_PGP_LEGACY_SECRING_FILE)) {
PGPSecretKey secretKey = findSecretKeyInLegacySecring(signingKey, PGPSecretKey secretKey = findSecretKeyInLegacySecring(signingKey,
USER_PGP_LEGACY_SECRING_FILE); secring);
if (secretKey != null) { if (secretKey != null) {
if (!secretKey.isSigningKey()) { if (!secretKey.isSigningKey()) {
throw new PGPException(MessageFormat.format( throw new PGPException(MessageFormat
JGitText.get().gpgNotASigningKey, signingKey)); .format(JGitText.get().gpgNotASigningKey, signingKey));
}
return new BouncyCastleGpgKey(secretKey, USER_PGP_LEGACY_SECRING_FILE);
} }
return new BouncyCastleGpgKey(secretKey, secring);
throw new PGPException(MessageFormat.format(
JGitText.get().gpgNoKeyInLegacySecring, signingKey));
} }
return null;
throw new PGPException(JGitText.get().gpgNoKeyring);
} }
private BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey( private BouncyCastleGpgKey findSecretKeyForKeyBoxPublicKey(
@ -385,7 +423,11 @@ class BouncyCastleGpgKeyLocator {
} }
private KeyBox readKeyBoxFile(Path keyboxFile) throws IOException, private KeyBox readKeyBoxFile(Path keyboxFile) throws IOException,
NoSuchAlgorithmException, NoSuchProviderException { NoSuchAlgorithmException, NoSuchProviderException,
NoOpenPgpKeyException {
if (keyboxFile.toFile().length() == 0) {
throw new NoOpenPgpKeyException();
}
KeyBox keyBox; KeyBox keyBox;
try (InputStream in = new BufferedInputStream( try (InputStream in = new BufferedInputStream(
newInputStream(keyboxFile))) { newInputStream(keyboxFile))) {

Loading…
Cancel
Save