source.dussan.org Git - jgit.git/commit

Signing: refactor interfaces

This is a big API-breaking change cleaning up the signing interfaces.

Initially, these interfaces were GPG/OpenPGP-specific. When EGit added
new signers and signature verifiers that called an external GPG
executable, they were found inadequate and were extended to be able to
pass in the GpgConfig to get access to the "gpg.program" setting.

With the introduction of X.509 S/MIME signing, it was discovered that
the interfaces were still not quite adequate, and the "Gpg" prefix on
the class names were confusing.

Since 7.0 is a major version bump, I'm taking this chance to overhaul
these interfaces from ground up.

For signing, there is a new Signer interface. With it goes a
SignerFactory SPI interface, and a final Signers class managing the
currently set signers. By default, signers for the different signature
types are created from the signer factories, which are discovered via
the ServiceLoader. External code can install its own signers, overriding
the default factories.

For signature verification, exactly the same mechanism is used.

This simplifies the setup of signers and signature verifiers, and makes
it all more regular. Signer instances just get a byte[] to sign and
don't have to worry about ObjectBuilders at all. SignatureVerifier
instances also just get the data and signature as byte[] and don't have
to worry about extracting the signature from a commit or tag, or about
what kind of signature it is.

Both Signers and SignatureVerifiers always get passed the Repository
and the GpgConfig. The repository will be needed in an implementation
for SSH signatures because gpg.ssh.* configs may need to be loaded
explicitly, and some of those values need the current workspace
location.

For signature verification, there is exactly one place in core JGit in
SignatureVerifiers that extracts signatures, determines the signature
type, and then calls the right signature verifier.

Change RevTag to recognize all signature types known in git (GPG, X509,
and SSH).

Change-Id: I26d2731e7baebb38976c87b7f328b63a239760d5
Signed-off-by: Thomas Wolf <twolf@apache.org>

author	Thomas Wolf <twolf@apache.org>
	Tue, 20 Aug 2024 20:41:45 +0000 (22:41 +0200)
committer	Thomas Wolf <twolf@apache.org>
	Sat, 24 Aug 2024 19:53:21 +0000 (21:53 +0200)
commit	a78e6eaef63754902f46dffe657a783403c44bfe
tree	d71f7748486c145a79bf666965abcbbdaac6feb4	tree \| snapshot
parent	14519091301f545a21bcd71af3f2a34d7c020b47	commit \| diff

org.eclipse.jgit.gpg.bc/META-INF/MANIFEST.MF		diff \| blob \| history
org.eclipse.jgit.gpg.bc/pom.xml		diff \| blob \| history
org.eclipse.jgit.gpg.bc/resources/META-INF/services/org.eclipse.jgit.lib.GpgSignatureVerifierFactory	[deleted file]	blob \| history
org.eclipse.jgit.gpg.bc/resources/META-INF/services/org.eclipse.jgit.lib.GpgSigner	[deleted file]	blob \| history
org.eclipse.jgit.gpg.bc/resources/META-INF/services/org.eclipse.jgit.lib.SignatureVerifierFactory	[new file with mode: 0644]	blob
org.eclipse.jgit.gpg.bc/resources/META-INF/services/org.eclipse.jgit.lib.SignerFactory	[new file with mode: 0644]	blob
org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/BouncyCastleGpgSignerFactory.java	[deleted file]	blob \| history
org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifier.java		diff \| blob \| history
org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifierFactory.java		diff \| blob \| history
org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java		diff \| blob \| history
org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignerFactory.java	[new file with mode: 0644]	blob
org.eclipse.jgit.pgm/src/org/eclipse/jgit/pgm/Log.java		diff \| blob \| history
org.eclipse.jgit.pgm/src/org/eclipse/jgit/pgm/Show.java		diff \| blob \| history
org.eclipse.jgit.pgm/src/org/eclipse/jgit/pgm/Tag.java		diff \| blob \| history
org.eclipse.jgit.pgm/src/org/eclipse/jgit/pgm/internal/VerificationUtils.java		diff \| blob \| history
org.eclipse.jgit.test/tst/org/eclipse/jgit/api/CommitCommandTest.java		diff \| blob \| history
org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/api/CommitCommand.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/api/TagCommand.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/api/VerificationResult.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/api/VerifySignatureCommand.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/AbstractGpgSignatureVerifier.java	[deleted file]	blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/Constants.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgConfig.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgObjectSigner.java	[deleted file]	blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifier.java	[deleted file]	blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifierFactory.java	[deleted file]	blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSigner.java	[deleted file]	blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/lib/SignatureVerifier.java	[new file with mode: 0644]	blob
org.eclipse.jgit/src/org/eclipse/jgit/lib/SignatureVerifierFactory.java	[new file with mode: 0644]	blob
org.eclipse.jgit/src/org/eclipse/jgit/lib/SignatureVerifiers.java	[new file with mode: 0644]	blob
org.eclipse.jgit/src/org/eclipse/jgit/lib/Signer.java	[new file with mode: 0644]	blob
org.eclipse.jgit/src/org/eclipse/jgit/lib/SignerFactory.java	[new file with mode: 0644]	blob
org.eclipse.jgit/src/org/eclipse/jgit/lib/Signers.java	[new file with mode: 0644]	blob
org.eclipse.jgit/src/org/eclipse/jgit/revwalk/RevTag.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/util/SignatureUtils.java		diff \| blob \| history