From: Thomas Wolf Date: Tue, 21 May 2019 16:09:37 +0000 (+0200) Subject: GPG: check that the key found is a signing key X-Git-Tag: v5.4.0.201905221418-m3~1^2~3 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=efe6d2bb5b71e5a8fa0b96fc73868ca717e1d4f1;p=jgit.git GPG: check that the key found is a signing key Throw an exception if not. Change-Id: I60f36b271d5f44c6dc475302b169cb5b8a1e3945 Signed-off-by: Thomas Wolf --- diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties index 9d221c92f9..fc2a26f0d7 100644 --- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties +++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties @@ -330,6 +330,7 @@ gpgNoKeyring=neither pubring.kbx nor secring.gpg files found gpgNoKeyInLegacySecring=no matching secret key found in legacy secring.gpg for key or user id: {0} gpgNoPublicKeyFound=Unable to find a public-key with key or user id: {0} gpgNoSecretKeyForPublicKey=unable to find associated secret key for public key: {0} +gpgNotASigningKey=Secret key ({0}) is not suitable for signing gpgKeyInfo=GPG Key (fingerprint {0}) gpgSigningCancelled=Signing was cancelled headRequiredToStash=HEAD required to stash local changes diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java index 018b6431c1..ca0024d1c9 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java @@ -391,6 +391,7 @@ public class JGitText extends TranslationBundle { /***/ public String gpgNoKeyInLegacySecring; /***/ public String gpgNoPublicKeyFound; /***/ public String gpgNoSecretKeyForPublicKey; + /***/ public String gpgNotASigningKey; /***/ public String gpgKeyInfo; /***/ public String gpgSigningCancelled; /***/ public String headRequiredToStash; diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java index 47f8c85f4d..df9615fc9d 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java @@ -261,6 +261,10 @@ class BouncyCastleGpgKeyLocator { USER_PGP_LEGACY_SECRING_FILE); if (secretKey != null) { + if (!secretKey.isSigningKey()) { + throw new PGPException(MessageFormat.format( + JGitText.get().gpgNotASigningKey, signingKey)); + } return new BouncyCastleGpgKey(secretKey, USER_PGP_LEGACY_SECRING_FILE); } @@ -294,6 +298,10 @@ class BouncyCastleGpgKeyLocator { PGPSecretKey secretKey = attemptParseSecretKey(keyFile, calculatorProvider, passphraseProvider, publicKey); if (secretKey != null) { + if (!secretKey.isSigningKey()) { + throw new PGPException(MessageFormat.format( + JGitText.get().gpgNotASigningKey, signingKey)); + } return new BouncyCastleGpgKey(secretKey, userKeyboxPath); } }