mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-03-06 12:20:56 +01:00
allow key download from signature in changeset view
This commit is contained in:
Konstantin Schaper
@@ -31,13 +31,15 @@ import org.mapstruct.Mapper;
|
||||
import org.mapstruct.ObjectFactory;
|
||||
import sonia.scm.repository.Branch;
|
||||
import sonia.scm.repository.Changeset;
|
||||
import sonia.scm.repository.Contributor;
|
||||
import sonia.scm.repository.Person;
|
||||
import sonia.scm.repository.Repository;
|
||||
import sonia.scm.repository.Signature;
|
||||
import sonia.scm.repository.Tag;
|
||||
import sonia.scm.repository.Contributor;
|
||||
import sonia.scm.repository.api.Command;
|
||||
import sonia.scm.repository.api.RepositoryService;
|
||||
import sonia.scm.repository.api.RepositoryServiceFactory;
|
||||
import sonia.scm.security.gpg.PublicKeyResource;
|
||||
import sonia.scm.web.EdisonHalAppender;
|
||||
|
||||
import javax.inject.Inject;
|
||||
@@ -67,10 +69,30 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa
|
||||
@Inject
|
||||
private TagCollectionToDtoMapper tagCollectionToDtoMapper;
|
||||
|
||||
@Inject
|
||||
private ScmPathInfoStore scmPathInfoStore;
|
||||
|
||||
abstract ContributorDto map(Contributor contributor);
|
||||
|
||||
abstract SignatureDto map(Signature signature);
|
||||
|
||||
abstract PersonDto map(Person person);
|
||||
|
||||
@ObjectFactory
|
||||
SignatureDto createDto(Signature signature) {
|
||||
if (signature.getType().equals("gpg")) {
|
||||
final Links.Builder linkBuilder =
|
||||
linkingTo()
|
||||
.single(link("rawKey", new LinkBuilder(scmPathInfoStore.get(), PublicKeyResource.class)
|
||||
.method("findByIdGpg")
|
||||
.parameters(signature.getKeyId())
|
||||
.href()));
|
||||
|
||||
return new SignatureDto(linkBuilder.build());
|
||||
}
|
||||
return new SignatureDto();
|
||||
}
|
||||
|
||||
@ObjectFactory
|
||||
ChangesetDto createDto(@Context Repository repository, Changeset source) {
|
||||
String namespace = repository.getNamespace();
|
||||
|
||||
@@ -42,19 +42,18 @@ import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||
import org.bouncycastle.openpgp.PGPUtil;
|
||||
import org.bouncycastle.openpgp.jcajce.JcaPGPSecretKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.repository.Person;
|
||||
import sonia.scm.security.GPG;
|
||||
import sonia.scm.security.PrivateKey;
|
||||
import sonia.scm.security.PublicKey;
|
||||
import sonia.scm.user.User;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import java.io.ByteArrayInputStream;
|
||||
@@ -74,7 +73,6 @@ import java.util.stream.Collectors;
|
||||
public class DefaultGPG implements GPG {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(DefaultGPG.class);
|
||||
static final String PRIVATE_KEY_ID = "SCM-KEY-ID";
|
||||
|
||||
private final PublicKeyStore publicKeyStore;
|
||||
private final PrivateKeyStore privateKeyStore;
|
||||
@@ -144,14 +142,6 @@ public class DefaultGPG implements GPG {
|
||||
}
|
||||
}
|
||||
|
||||
static PGPPrivateKey importPrivateKey(String rawKey) throws IOException, PGPException {
|
||||
try (final InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(rawKey.getBytes()))) {
|
||||
JcaPGPSecretKeyRingCollection secretKeyRingCollection = new JcaPGPSecretKeyRingCollection(decoderStream);
|
||||
final PGPPrivateKey privateKey = secretKeyRingCollection.getKeyRings().next().getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(new char[]{}));
|
||||
return privateKey;
|
||||
}
|
||||
}
|
||||
|
||||
String exportKeyRing(PGPKeyRing keyRing) throws IOException {
|
||||
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
|
||||
final ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
|
||||
@@ -167,11 +157,13 @@ public class DefaultGPG implements GPG {
|
||||
KeyPair pair = keyPairGenerator.generateKeyPair();
|
||||
|
||||
PGPKeyPair keyPair = new JcaPGPKeyPair(PGPPublicKey.RSA_GENERAL, pair, new Date());
|
||||
final User user = SecurityUtils.getSubject().getPrincipals().oneByType(User.class);
|
||||
final Person person = new Person(user.getDisplayName(), user.getMail());
|
||||
|
||||
return new PGPKeyRingGenerator(
|
||||
PGPSignature.POSITIVE_CERTIFICATION,
|
||||
keyPair,
|
||||
PRIVATE_KEY_ID,
|
||||
person.toString(),
|
||||
new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1),
|
||||
null,
|
||||
null,
|
||||
@@ -182,19 +174,19 @@ public class DefaultGPG implements GPG {
|
||||
|
||||
static class DefaultPrivateKey implements PrivateKey {
|
||||
|
||||
final PGPPrivateKey privateKey;
|
||||
final Optional<PGPPrivateKey> privateKey;
|
||||
|
||||
DefaultPrivateKey(String rawPrivateKey) {
|
||||
try {
|
||||
privateKey = importPrivateKey(rawPrivateKey);
|
||||
} catch (IOException | PGPException e) {
|
||||
throw new IllegalStateException("Could not read private key", e);
|
||||
}
|
||||
privateKey = PgpPrivateKeyExtractor.getFromRawKey(rawPrivateKey);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return PRIVATE_KEY_ID;
|
||||
if (privateKey.isPresent()) {
|
||||
return Keys.createId(privateKey.get());
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -206,10 +198,14 @@ public class DefaultGPG implements GPG {
|
||||
HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME)
|
||||
);
|
||||
|
||||
try {
|
||||
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
|
||||
} catch (PGPException e) {
|
||||
throw new IllegalStateException("Could not initialize signature generator", e);
|
||||
if (privateKey.isPresent()) {
|
||||
try {
|
||||
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey.get());
|
||||
} catch (PGPException e) {
|
||||
throw new IllegalStateException("Could not initialize signature generator", e);
|
||||
}
|
||||
} else {
|
||||
throw new IllegalStateException("Missing private key");
|
||||
}
|
||||
|
||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
||||
|
||||
@@ -26,6 +26,7 @@ package sonia.scm.security.gpg;
|
||||
|
||||
import lombok.Value;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||
@@ -86,8 +87,16 @@ final class Keys {
|
||||
return new Keys(master, Collections.unmodifiableSet(subs));
|
||||
}
|
||||
|
||||
private static String createId(PGPPublicKey pgpPublicKey) {
|
||||
return "0x" + Long.toHexString(pgpPublicKey.getKeyID()).toUpperCase(Locale.ENGLISH);
|
||||
static String createId(PGPPublicKey pgpPublicKey) {
|
||||
return formatKey(pgpPublicKey.getKeyID());
|
||||
}
|
||||
|
||||
static String createId(PGPPrivateKey pgpPrivateKey) {
|
||||
return formatKey(pgpPrivateKey.getKeyID());
|
||||
}
|
||||
|
||||
static String formatKey(long keyId) {
|
||||
return "0x" + Long.toHexString(keyId).toUpperCase(Locale.ENGLISH);
|
||||
}
|
||||
|
||||
private static List<PGPPublicKey> collectKeys(String rawKey) {
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
/*
|
||||
* MIT License
|
||||
*
|
||||
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
package sonia.scm.security.gpg;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPUtil;
|
||||
import org.bouncycastle.openpgp.jcajce.JcaPGPSecretKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.InputStream;
|
||||
import java.util.Optional;
|
||||
|
||||
public class PgpPrivateKeyExtractor {
|
||||
|
||||
private PgpPrivateKeyExtractor() {}
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(PgpPrivateKeyExtractor.class);
|
||||
|
||||
static Optional<PGPPrivateKey> getFromRawKey(String rawKey) {
|
||||
try (final InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(rawKey.getBytes()))) {
|
||||
JcaPGPSecretKeyRingCollection secretKeyRingCollection = new JcaPGPSecretKeyRingCollection(decoderStream);
|
||||
final PGPPrivateKey privateKey = secretKeyRingCollection.getKeyRings().next().getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(new char[]{}));
|
||||
return Optional.of(privateKey);
|
||||
} catch (Exception e) {
|
||||
LOG.error("Invalid PGP key", e);
|
||||
return Optional.empty();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -50,7 +50,7 @@ public class PgpPublicKeyExtractor {
|
||||
return Optional.of(publicKey);
|
||||
|
||||
} catch (IOException e) {
|
||||
LOG.error("Invalid PGP key");
|
||||
LOG.error("Invalid PGP key", e);
|
||||
}
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
@@ -51,7 +51,7 @@ public abstract class PublicKeyMapper {
|
||||
}
|
||||
|
||||
@Mapping(target = "attributes", ignore = true)
|
||||
// @Mapping(target = "raw", ignore = true) // TODO: Why is there ?
|
||||
@Mapping(target = "raw", ignore = true)
|
||||
abstract RawGpgKeyDto map(RawGpgKey rawGpgKey);
|
||||
|
||||
@ObjectFactory
|
||||
|
||||
Reference in New Issue
Block a user