allow key download from signature in changeset view

This commit is contained in:
Konstantin Schaper
2020-08-06 21:57:31 +02:00
parent e5215bd97b
commit 143d4273b8
14 changed files with 244 additions and 76 deletions

View File

@@ -62,7 +62,7 @@ public class ChangesetDto extends HalRepresentation {
private List<ContributorDto> contributors;
private List<Signature> signatures;
private List<SignatureDto> signatures;
public ChangesetDto(Links links, Embedded embedded) {
super(links, embedded);

View File

@@ -0,0 +1,53 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.api.v2.resources;
import de.otto.edison.hal.HalRepresentation;
import de.otto.edison.hal.Links;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import sonia.scm.repository.Person;
import sonia.scm.repository.SignatureStatus;
import java.util.Optional;
import java.util.Set;
@Getter
@Setter
@NoArgsConstructor
public class SignatureDto extends HalRepresentation {
private String keyId;
private String type;
private SignatureStatus status;
private Optional<String> owner;
private Set<Person> contacts;
public SignatureDto(Links links) {
super(links);
}
}

View File

@@ -21,12 +21,13 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
import React, { FC } from "react";
import { useTranslation } from "react-i18next";
import { Signature } from "@scm-manager/ui-types";
import React, {FC} from "react";
import {useTranslation} from "react-i18next";
import {Signature} from "@scm-manager/ui-types";
import styled from "styled-components";
import Icon from "../../Icon";
import Tooltip from "../../Tooltip";
import {usePopover} from "../../popover";
import Popover from "../../popover/Popover";
type Props = {
signatures: Signature[];
@@ -41,17 +42,21 @@ const StyledIcon = styled(Icon)`
margin-bottom: 0.2em;
`;
const StyledDiv = styled.div`
> *:not(:last-child) {
margin-bottom: 24px;
}
`;
const SignatureIcon: FC<Props> = ({ signatures, className }) => {
const SignatureIcon: FC<Props> = ({signatures, className}) => {
const [t] = useTranslation("repos");
const {popoverProps, triggerProps} = usePopover();
const signature = signatures?.length > 0 ? signatures[0] : undefined;
if (!signature) {
if (!signatures.length) {
return null;
}
const createTooltipMessage = () => {
const createSignatureBlock = (signature: Signature) => {
let status;
if (signature.status === "VERIFIED") {
status = t("changeset.signatureVerified");
@@ -62,37 +67,50 @@ const SignatureIcon: FC<Props> = ({ signatures, className }) => {
}
if (signature.status === "NOT_FOUND") {
return `${t("changeset.signatureStatus")}: ${status}\n${t("changeset.keyId")}: ${signature.keyId}`;
return <p>
<div>{t("changeset.signatureStatus")}: {status}</div>
<div>{t("changeset.keyId")}: {signature.keyId}</div>
</p>;
}
let message = `${t("changeset.keyOwner")}: ${signature.owner ? signature.owner : t("changeset.noOwner")}\n${t("changeset.keyId")}: ${signature.keyId}\n${t(
"changeset.signatureStatus"
)}: ${status}`;
if (signature.contacts?.length > 0) {
message += `\n${t("changeset.keyContacts")}:`;
signature.contacts.forEach((contact) => {
message += `\n- ${contact.name} <${contact.mail}>`;
});
}
return message;
return <p>
<div>{t("changeset.keyOwner")}: {signature.owner || t("changeset.noOwner")}</div>
<div>{t("changeset.keyId")}: {
signature._links?.rawKey ? <a href={signature._links.rawKey.href}>{signature.keyId}</a> : signature.keyId
}</div>
<div>{t("changeset.signatureStatus")}: {status}</div>
{signature.contacts?.length > 0 && <>
<div>{t("changeset.keyContacts")}:</div>
{signature.contacts.map(contact => <div>- {contact.name}{contact.mail && ` <${contact.mail}>`}</div>)}
</>}
</p>;
};
const signatureElements = signatures.map(signature => createSignatureBlock(signature));
const getColor = () => {
if (signature.status === "VERIFIED") {
const verified = signatures.some(sig => sig.status === "VERIFIED");
if (verified) {
return "success";
}
if (signature.status === "INVALID") {
const invalid = signatures.some(sig => sig.status === "INVALID");
if (invalid) {
return "danger";
}
return undefined;
};
return (
<Tooltip location="top" message={createTooltipMessage()}>
<StyledIcon name="key" className={className} color={getColor()} />
</Tooltip>
<>
<Popover title={t("changeset.signatures")} width={500} {...popoverProps}>
<StyledDiv>
{signatureElements}
</StyledDiv>
</Popover>
<div {...triggerProps}>
<StyledIcon name="key" className={className} color={getColor()}/>
</div>
</>
);
};

View File

@@ -22,7 +22,7 @@
* SOFTWARE.
*/
import { Collection, Links } from "./hal";
import {Collection, Link, Links} from "./hal";
import { Tag } from "./Tags";
import { Branch } from "./Branches";
import { Person } from "./Person";
@@ -48,6 +48,9 @@ export type Signature = {
status: "VERIFIED" | "NOT_FOUND" | "INVALID";
owner: string;
contacts: Person[];
_links?: {
rawKey?: Link;
};
}
export type Contributor = {

View File

@@ -96,6 +96,7 @@
"signatureVerified": "Verifiziert",
"signatureNotVerified": "Nicht verifiziert",
"signatureInvalid": "Ungültig",
"signatures": "Signaturen",
"shortlink": {
"title": "Changeset {{id}} aus {{namespace}}/{{name}}"
},

View File

@@ -95,6 +95,7 @@
"signatureVerified": "verified",
"signatureNotVerified": "not verified",
"signatureInvalid": "invalid",
"signatures": "Signatures",
"shortlink": {
"title": "Changeset {{id}} of {{namespace}}/{{name}}"
},

View File

@@ -27,6 +27,7 @@ import {DateFromNow, DeleteButton, DownloadButton} from "@scm-manager/ui-compone
import { PublicKey } from "./SetPublicKeys";
import { useTranslation } from "react-i18next";
import { Link } from "@scm-manager/ui-types";
import styled from "styled-components";
type Props = {
publicKey: PublicKey;
@@ -53,12 +54,12 @@ export const PublicKeyEntry: FC<Props> = ({ publicKey, onDelete }) => {
<>
<tr>
<td>{publicKey.displayName}</td>
<td>
<td className="is-hidden-mobile">
<DateFromNow date={publicKey.created} />
</td>
<td className="is-hidden-mobile">{publicKey.id}</td>
<td>{deleteButton}</td>
<td>{downloadButton}</td>
<td className="is-hidden-mobile">{downloadButton}</td>
</tr>
</>
);

View File

@@ -31,13 +31,15 @@ import org.mapstruct.Mapper;
import org.mapstruct.ObjectFactory;
import sonia.scm.repository.Branch;
import sonia.scm.repository.Changeset;
import sonia.scm.repository.Contributor;
import sonia.scm.repository.Person;
import sonia.scm.repository.Repository;
import sonia.scm.repository.Signature;
import sonia.scm.repository.Tag;
import sonia.scm.repository.Contributor;
import sonia.scm.repository.api.Command;
import sonia.scm.repository.api.RepositoryService;
import sonia.scm.repository.api.RepositoryServiceFactory;
import sonia.scm.security.gpg.PublicKeyResource;
import sonia.scm.web.EdisonHalAppender;
import javax.inject.Inject;
@@ -67,10 +69,30 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa
@Inject
private TagCollectionToDtoMapper tagCollectionToDtoMapper;
@Inject
private ScmPathInfoStore scmPathInfoStore;
abstract ContributorDto map(Contributor contributor);
abstract SignatureDto map(Signature signature);
abstract PersonDto map(Person person);
@ObjectFactory
SignatureDto createDto(Signature signature) {
if (signature.getType().equals("gpg")) {
final Links.Builder linkBuilder =
linkingTo()
.single(link("rawKey", new LinkBuilder(scmPathInfoStore.get(), PublicKeyResource.class)
.method("findByIdGpg")
.parameters(signature.getKeyId())
.href()));
return new SignatureDto(linkBuilder.build());
}
return new SignatureDto();
}
@ObjectFactory
ChangesetDto createDto(@Context Repository repository, Changeset source) {
String namespace = repository.getNamespace();

View File

@@ -42,19 +42,18 @@ import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.repository.Person;
import sonia.scm.security.GPG;
import sonia.scm.security.PrivateKey;
import sonia.scm.security.PublicKey;
import sonia.scm.user.User;
import javax.inject.Inject;
import java.io.ByteArrayInputStream;
@@ -74,7 +73,6 @@ import java.util.stream.Collectors;
public class DefaultGPG implements GPG {
private static final Logger LOG = LoggerFactory.getLogger(DefaultGPG.class);
static final String PRIVATE_KEY_ID = "SCM-KEY-ID";
private final PublicKeyStore publicKeyStore;
private final PrivateKeyStore privateKeyStore;
@@ -144,14 +142,6 @@ public class DefaultGPG implements GPG {
}
}
static PGPPrivateKey importPrivateKey(String rawKey) throws IOException, PGPException {
try (final InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(rawKey.getBytes()))) {
JcaPGPSecretKeyRingCollection secretKeyRingCollection = new JcaPGPSecretKeyRingCollection(decoderStream);
final PGPPrivateKey privateKey = secretKeyRingCollection.getKeyRings().next().getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(new char[]{}));
return privateKey;
}
}
String exportKeyRing(PGPKeyRing keyRing) throws IOException {
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
final ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
@@ -167,11 +157,13 @@ public class DefaultGPG implements GPG {
KeyPair pair = keyPairGenerator.generateKeyPair();
PGPKeyPair keyPair = new JcaPGPKeyPair(PGPPublicKey.RSA_GENERAL, pair, new Date());
final User user = SecurityUtils.getSubject().getPrincipals().oneByType(User.class);
final Person person = new Person(user.getDisplayName(), user.getMail());
return new PGPKeyRingGenerator(
PGPSignature.POSITIVE_CERTIFICATION,
keyPair,
PRIVATE_KEY_ID,
person.toString(),
new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1),
null,
null,
@@ -182,19 +174,19 @@ public class DefaultGPG implements GPG {
static class DefaultPrivateKey implements PrivateKey {
final PGPPrivateKey privateKey;
final Optional<PGPPrivateKey> privateKey;
DefaultPrivateKey(String rawPrivateKey) {
try {
privateKey = importPrivateKey(rawPrivateKey);
} catch (IOException | PGPException e) {
throw new IllegalStateException("Could not read private key", e);
}
privateKey = PgpPrivateKeyExtractor.getFromRawKey(rawPrivateKey);
}
@Override
public String getId() {
return PRIVATE_KEY_ID;
if (privateKey.isPresent()) {
return Keys.createId(privateKey.get());
} else {
return null;
}
}
@Override
@@ -206,10 +198,14 @@ public class DefaultGPG implements GPG {
HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME)
);
try {
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
} catch (PGPException e) {
throw new IllegalStateException("Could not initialize signature generator", e);
if (privateKey.isPresent()) {
try {
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey.get());
} catch (PGPException e) {
throw new IllegalStateException("Could not initialize signature generator", e);
}
} else {
throw new IllegalStateException("Missing private key");
}
ByteArrayOutputStream buffer = new ByteArrayOutputStream();

View File

@@ -26,6 +26,7 @@ package sonia.scm.security.gpg;
import lombok.Value;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
@@ -86,8 +87,16 @@ final class Keys {
return new Keys(master, Collections.unmodifiableSet(subs));
}
private static String createId(PGPPublicKey pgpPublicKey) {
return "0x" + Long.toHexString(pgpPublicKey.getKeyID()).toUpperCase(Locale.ENGLISH);
static String createId(PGPPublicKey pgpPublicKey) {
return formatKey(pgpPublicKey.getKeyID());
}
static String createId(PGPPrivateKey pgpPrivateKey) {
return formatKey(pgpPrivateKey.getKeyID());
}
static String formatKey(long keyId) {
return "0x" + Long.toHexString(keyId).toUpperCase(Locale.ENGLISH);
}
private static List<PGPPublicKey> collectKeys(String rawKey) {

View File

@@ -0,0 +1,54 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security.gpg;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Optional;
public class PgpPrivateKeyExtractor {
private PgpPrivateKeyExtractor() {}
private static final Logger LOG = LoggerFactory.getLogger(PgpPrivateKeyExtractor.class);
static Optional<PGPPrivateKey> getFromRawKey(String rawKey) {
try (final InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(rawKey.getBytes()))) {
JcaPGPSecretKeyRingCollection secretKeyRingCollection = new JcaPGPSecretKeyRingCollection(decoderStream);
final PGPPrivateKey privateKey = secretKeyRingCollection.getKeyRings().next().getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(new char[]{}));
return Optional.of(privateKey);
} catch (Exception e) {
LOG.error("Invalid PGP key", e);
return Optional.empty();
}
}
}

View File

@@ -50,7 +50,7 @@ public class PgpPublicKeyExtractor {
return Optional.of(publicKey);
} catch (IOException e) {
LOG.error("Invalid PGP key");
LOG.error("Invalid PGP key", e);
}
return Optional.empty();
}

View File

@@ -51,7 +51,7 @@ public abstract class PublicKeyMapper {
}
@Mapping(target = "attributes", ignore = true)
// @Mapping(target = "raw", ignore = true) // TODO: Why is there ?
@Mapping(target = "raw", ignore = true)
abstract RawGpgKeyDto map(RawGpgKey rawGpgKey);
@ObjectFactory

View File

@@ -34,6 +34,8 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
@@ -79,6 +81,23 @@ class DefaultGPGTest {
@InjectMocks
private DefaultGPG gpg;
Subject subjectUnderTest;
@AfterEach
void unbindThreadContext() {
ThreadContext.unbindSubject();
ThreadContext.unbindSecurityManager();
}
@BeforeEach
void bindThreadContext() {
registerBouncyCastleProviderIfNecessary();
SecurityUtils.setSecurityManager(new DefaultSecurityManager());
subjectUnderTest = MockUtil.createUserSubject(SecurityUtils.getSecurityManager());
ThreadContext.bind(subjectUnderTest);
}
@Test
void shouldFindIdInSignature() throws IOException {
String raw = GPGTestHelper.readResourceAsString("slarti.txt.asc");
@@ -123,8 +142,6 @@ class DefaultGPGTest {
@Test
void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
registerBouncyCastleProviderIfNecessary();
final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
@@ -132,8 +149,6 @@ class DefaultGPGTest {
@Test
void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
registerBouncyCastleProviderIfNecessary();
final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
final String exportedPublicKey = gpg.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
@@ -150,27 +165,26 @@ class DefaultGPGTest {
@Test
void shouldImportKeyPair() throws IOException, PGPException {
String raw = GPGTestHelper.readResourceAsString("private-key.asc");
final PGPPrivateKey privateKey = DefaultGPG.importPrivateKey(raw);
assertThat(privateKey).isNotNull();
final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(raw);
assertThat(privateKey).isPresent();
}
@Test
void shouldImportExportedGeneratedPrivateKey() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
registerBouncyCastleProviderIfNecessary();
final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
final PGPPrivateKey privateKey = DefaultGPG.importPrivateKey(exportedPrivateKey);
assertThat(privateKey).isNotNull();
final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(exportedPrivateKey);
assertThat(privateKey).isPresent();
}
@Test
void shouldCreateSignature() throws IOException {
registerBouncyCastleProviderIfNecessary();
SecurityUtils.setSecurityManager(new DefaultSecurityManager());
Subject subjectUnderTest = MockUtil.createUserSubject(SecurityUtils.getSecurityManager());
ThreadContext.bind(subjectUnderTest);
String raw = GPGTestHelper.readResourceAsString("private-key.asc");
final DefaultGPG.DefaultPrivateKey privateKey = new DefaultGPG.DefaultPrivateKey(raw);
assertThat(privateKey.getId()).contains(DefaultGPG.PRIVATE_KEY_ID);
final byte[] signature = privateKey.sign("This is a test commit".getBytes());
final String signatureString = new String(signature);
assertThat(signature).isNotEmpty();
@@ -180,8 +194,6 @@ class DefaultGPGTest {
@Test
void shouldReturnGeneratedPrivateKeyIfNoneStored() {
registerBouncyCastleProviderIfNecessary();
SecurityUtils.setSecurityManager(new DefaultSecurityManager());
Subject subjectUnderTest = MockUtil.createUserSubject(SecurityUtils.getSecurityManager());
ThreadContext.bind(subjectUnderTest);
@@ -195,8 +207,6 @@ class DefaultGPGTest {
@Test
void shouldReturnStoredPrivateKey() throws IOException {
registerBouncyCastleProviderIfNecessary();
SecurityUtils.setSecurityManager(new DefaultSecurityManager());
Subject subjectUnderTest = MockUtil.createUserSubject(SecurityUtils.getSecurityManager());
ThreadContext.bind(subjectUnderTest);