GPG: check that the key found is a signing key

Throw an exception if not.

Change-Id: I60f36b271d5f44c6dc475302b169cb5b8a1e3945
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
index 9d221c92f922481adc27901128a967eb372c1780..fc2a26f0d799ff8be868e7b5feff287bd848144e 100644 (file)
--- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
+++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
@@ -330,6 +330,7 @@ gpgNoKeyring=neither pubring.kbx nor secring.gpg files found
 gpgNoKeyInLegacySecring=no matching secret key found in legacy secring.gpg for key or user id: {0}
 gpgNoPublicKeyFound=Unable to find a public-key with key or user id: {0}
 gpgNoSecretKeyForPublicKey=unable to find associated secret key for public key: {0}
+gpgNotASigningKey=Secret key ({0}) is not suitable for signing
 gpgKeyInfo=GPG Key (fingerprint {0})
 gpgSigningCancelled=Signing was cancelled
 headRequiredToStash=HEAD required to stash local changes

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
index 018b6431c1ca6eaa9d1420842f7e452f9b92775d..ca0024d1c93ff85d2475b9759d967981b7d2302d 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
@@ -391,6 +391,7 @@ public class JGitText extends TranslationBundle {
        /***/ public String gpgNoKeyInLegacySecring;
        /***/ public String gpgNoPublicKeyFound;
        /***/ public String gpgNoSecretKeyForPublicKey;
+       /***/ public String gpgNotASigningKey;
        /***/ public String gpgKeyInfo;
        /***/ public String gpgSigningCancelled;
        /***/ public String headRequiredToStash;

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java
index 47f8c85f4dc32fcd0d13923c91cd6ef35adc400a..df9615fc9de1bedc1be126a813fb0709f416668c 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java
@@ -261,6 +261,10 @@ class BouncyCastleGpgKeyLocator {
                                        USER_PGP_LEGACY_SECRING_FILE);
 
                        if (secretKey != null) {
+                               if (!secretKey.isSigningKey()) {
+                                       throw new PGPException(MessageFormat.format(
+                                                       JGitText.get().gpgNotASigningKey, signingKey));
+                               }
                                return new BouncyCastleGpgKey(secretKey, USER_PGP_LEGACY_SECRING_FILE);
                        }
 
@@ -294,6 +298,10 @@ class BouncyCastleGpgKeyLocator {
                                PGPSecretKey secretKey = attemptParseSecretKey(keyFile,
                                                calculatorProvider, passphraseProvider, publicKey);
                                if (secretKey != null) {
+                                       if (!secretKey.isSigningKey()) {
+                                               throw new PGPException(MessageFormat.format(
+                                                               JGitText.get().gpgNotASigningKey, signingKey));
+                                       }
                                        return new BouncyCastleGpgKey(secretKey, userKeyboxPath);
                                }
                        }