resolve review findings

2026-01-28 18:29:10 +01:00 · 2020-08-11 13:28:16 +02:00
parent 742c58a282
commit 0601770262
34 changed files with 1108 additions and 248 deletions
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultGPGTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultGPGTest.java
@@ -81,7 +81,7 @@ class DefaultGPGTest {
  @InjectMocks
  private DefaultGPG gpg;

-  Subject subjectUnderTest;
+  private Subject subjectUnderTest;

  @AfterEach
  void unbindThreadContext() {
@@ -140,40 +140,11 @@ class DefaultGPGTest {
    assertThat(key.getOwner().get()).contains("trillian");
  }

-  @Test
-  void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
-    final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
-    assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
-    assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
-  }
-
-  @Test
-  void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
-    final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
-
-    final String exportedPublicKey = gpg.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
-    assertThat(exportedPublicKey).isNotBlank();
-    assertThat(exportedPublicKey).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----");
-    assertThat(exportedPublicKey).contains("-----END PGP PUBLIC KEY BLOCK-----");
-
-    final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
-    assertThat(exportedPrivateKey).isNotBlank();
-    assertThat(exportedPrivateKey).startsWith("-----BEGIN PGP PRIVATE KEY BLOCK-----");
-    assertThat(exportedPrivateKey).contains("-----END PGP PRIVATE KEY BLOCK-----");
-  }
-
-  @Test
-  void shouldImportKeyPair() throws IOException, PGPException {
-    String raw = GPGTestHelper.readResourceAsString("private-key.asc");
-    final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(raw);
-    assertThat(privateKey).isPresent();
-  }
-
  @Test
  void shouldImportExportedGeneratedPrivateKey() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
-    final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
-    final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
-    final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(exportedPrivateKey);
+    final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
+    final String exportedPrivateKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
+    final Optional<PGPPrivateKey> privateKey = KeysExtractor.extractPrivateKey(exportedPrivateKey);
    assertThat(privateKey).isPresent();
  }

@@ -184,7 +155,7 @@ class DefaultGPGTest {
    ThreadContext.bind(subjectUnderTest);

    String raw = GPGTestHelper.readResourceAsString("private-key.asc");
-    final DefaultGPG.DefaultPrivateKey privateKey = new DefaultGPG.DefaultPrivateKey(raw);
+    final DefaultPrivateKey privateKey = new DefaultPrivateKey(raw);
    final byte[] signature = privateKey.sign("This is a test commit".getBytes());
    final String signatureString = new String(signature);
    assertThat(signature).isNotEmpty();
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultPublicKeyTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultPublicKeyTest.java
@@ -31,12 +31,12 @@ import java.util.Collections;

 import static org.assertj.core.api.Assertions.assertThat;

-class GpgKeyTest {
+class DefaultPublicKeyTest {

  @Test
  void shouldVerifyPublicKey() throws IOException {
    String rawPublicKey = GPGTestHelper.readResourceAsString("subkeys.asc");
-    GpgKey publicKey = new GpgKey("1", "trillian", rawPublicKey, Collections.emptySet());
+    DefaultPublicKey publicKey = new DefaultPublicKey("1", "trillian", rawPublicKey, Collections.emptySet());

    byte[] content = GPGTestHelper.readResourceAsBytes("slarti.txt");
    byte[] signature = GPGTestHelper.readResourceAsBytes("slarti.txt.asc");
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyExporterTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyExporterTest.java
@@ -0,0 +1,83 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyRingGenerator;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sonia.scm.util.MockUtil;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class GPGKeyExporterTest {
+
+  private static void registerBouncyCastleProviderIfNecessary() {
+    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+      Security.addProvider(new BouncyCastleProvider());
+    }
+  }
+
+  @AfterEach
+  void unbindThreadContext() {
+    ThreadContext.unbindSubject();
+    ThreadContext.unbindSecurityManager();
+  }
+
+  @BeforeEach
+  void bindThreadContext() {
+    registerBouncyCastleProviderIfNecessary();
+
+    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
+    ThreadContext.bind(MockUtil.createUserSubject(SecurityUtils.getSecurityManager()));
+  }
+
+  @Test
+  void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
+    final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
+
+    final String exportedPublicKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
+    assertThat(exportedPublicKey).isNotBlank();
+    assertThat(exportedPublicKey).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----");
+    assertThat(exportedPublicKey).contains("-----END PGP PUBLIC KEY BLOCK-----");
+
+    final String exportedPrivateKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
+    assertThat(exportedPrivateKey).isNotBlank();
+    assertThat(exportedPrivateKey).startsWith("-----BEGIN PGP PRIVATE KEY BLOCK-----");
+    assertThat(exportedPrivateKey).contains("-----END PGP PRIVATE KEY BLOCK-----");
+  }
+
+}
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyPairGeneratorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyPairGeneratorTest.java
@@ -0,0 +1,73 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security.gpg;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.assertj.core.api.Assertions;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyRingGenerator;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sonia.scm.util.MockUtil;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+
+public class GPGKeyPairGeneratorTest {
+
+  private static void registerBouncyCastleProviderIfNecessary() {
+    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+      Security.addProvider(new BouncyCastleProvider());
+    }
+  }
+
+  @AfterEach
+  void unbindThreadContext() {
+    ThreadContext.unbindSubject();
+    ThreadContext.unbindSecurityManager();
+  }
+
+  @BeforeEach
+  void bindThreadContext() {
+    registerBouncyCastleProviderIfNecessary();
+
+    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
+    ThreadContext.bind(MockUtil.createUserSubject(SecurityUtils.getSecurityManager()));
+  }
+
+  @Test
+  void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
+    final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
+    Assertions.assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
+    Assertions.assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
+  }
+
+}
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/PgpPublicKeyExtractorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/PgpPublicKeyExtractorTest.java
@@ -24,6 +24,7 @@

 package sonia.scm.security.gpg;

+import org.bouncycastle.openpgp.PGPPrivateKey;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.junit.jupiter.api.Test;

@@ -32,16 +33,23 @@ import java.util.Optional;

 import static org.assertj.core.api.Assertions.assertThat;

-class PgpPublicKeyExtractorTest {
+class KeysExtractorTest {

  @Test
  void shouldExtractPublicKeyFromRawKey() throws IOException {
    String raw = GPGTestHelper.readResourceAsString("single.asc");

-    Optional<PGPPublicKey> publicKey = PgpPublicKeyExtractor.getFromRawKey(raw);
+    Optional<PGPPublicKey> publicKey = KeysExtractor.extractPublicKey(raw);

    assertThat(publicKey).isPresent();
    assertThat(Long.toHexString(publicKey.get().getKeyID())).isEqualTo("975922f193b07d6e");
  }

+  @Test
+  void shouldExtractPrivateKeyFromRawKey() throws IOException {
+    String raw = GPGTestHelper.readResourceAsString("private-key.asc");
+    final Optional<PGPPrivateKey> privateKey = KeysExtractor.extractPrivateKey(raw);
+    assertThat(privateKey).isPresent();
+  }
+
 }
--- a/scm-webapp/src/test/java/sonia/scm/security/gpg/PublicKeyStoreTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/gpg/PublicKeyStoreTest.java
@@ -27,12 +27,10 @@ package sonia.scm.security.gpg;
 import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
-import org.junit.Rule;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.junit.rules.ExpectedException;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import sonia.scm.event.ScmEventBus;
@@ -163,7 +161,7 @@ class PublicKeyStoreTest {

    assertThat(key).isPresent();

-    assertThrows(PublicKeyStore.DeletingReadonlyKeyNotAllowedException.class, () -> keyStore.delete("0x975922F193B07D6E"));
+    assertThrows(DeletingReadonlyKeyNotAllowedException.class, () -> keyStore.delete("0x975922F193B07D6E"));
    key = keyStore.findById("0x975922F193B07D6E");

    assertThat(key).isPresent();