Browse Source

GPG: check that the key found is a signing key

Throw an exception if not.

Change-Id: I60f36b271d5f44c6dc475302b169cb5b8a1e3945
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
stable-5.5
Thomas Wolf 6 years ago
parent
commit
efe6d2bb5b
  1. 1
      org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
  2. 1
      org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
  3. 8
      org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java

1
org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties

@ -330,6 +330,7 @@ gpgNoKeyring=neither pubring.kbx nor secring.gpg files found
gpgNoKeyInLegacySecring=no matching secret key found in legacy secring.gpg for key or user id: {0} gpgNoKeyInLegacySecring=no matching secret key found in legacy secring.gpg for key or user id: {0}
gpgNoPublicKeyFound=Unable to find a public-key with key or user id: {0} gpgNoPublicKeyFound=Unable to find a public-key with key or user id: {0}
gpgNoSecretKeyForPublicKey=unable to find associated secret key for public key: {0} gpgNoSecretKeyForPublicKey=unable to find associated secret key for public key: {0}
gpgNotASigningKey=Secret key ({0}) is not suitable for signing
gpgKeyInfo=GPG Key (fingerprint {0}) gpgKeyInfo=GPG Key (fingerprint {0})
gpgSigningCancelled=Signing was cancelled gpgSigningCancelled=Signing was cancelled
headRequiredToStash=HEAD required to stash local changes headRequiredToStash=HEAD required to stash local changes

1
org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java

@ -391,6 +391,7 @@ public class JGitText extends TranslationBundle {
/***/ public String gpgNoKeyInLegacySecring; /***/ public String gpgNoKeyInLegacySecring;
/***/ public String gpgNoPublicKeyFound; /***/ public String gpgNoPublicKeyFound;
/***/ public String gpgNoSecretKeyForPublicKey; /***/ public String gpgNoSecretKeyForPublicKey;
/***/ public String gpgNotASigningKey;
/***/ public String gpgKeyInfo; /***/ public String gpgKeyInfo;
/***/ public String gpgSigningCancelled; /***/ public String gpgSigningCancelled;
/***/ public String headRequiredToStash; /***/ public String headRequiredToStash;

8
org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java

@ -261,6 +261,10 @@ class BouncyCastleGpgKeyLocator {
USER_PGP_LEGACY_SECRING_FILE); USER_PGP_LEGACY_SECRING_FILE);
if (secretKey != null) { if (secretKey != null) {
if (!secretKey.isSigningKey()) {
throw new PGPException(MessageFormat.format(
JGitText.get().gpgNotASigningKey, signingKey));
}
return new BouncyCastleGpgKey(secretKey, USER_PGP_LEGACY_SECRING_FILE); return new BouncyCastleGpgKey(secretKey, USER_PGP_LEGACY_SECRING_FILE);
} }
@ -294,6 +298,10 @@ class BouncyCastleGpgKeyLocator {
PGPSecretKey secretKey = attemptParseSecretKey(keyFile, PGPSecretKey secretKey = attemptParseSecretKey(keyFile,
calculatorProvider, passphraseProvider, publicKey); calculatorProvider, passphraseProvider, publicKey);
if (secretKey != null) { if (secretKey != null) {
if (!secretKey.isSigningKey()) {
throw new PGPException(MessageFormat.format(
JGitText.get().gpgNotASigningKey, signingKey));
}
return new BouncyCastleGpgKey(secretKey, userKeyboxPath); return new BouncyCastleGpgKey(secretKey, userKeyboxPath);
} }
} }

Loading…
Cancel
Save