aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2020-05-04 11:38:46 +0200
committerMatthias Sohn <matthias.sohn@sap.com>2020-05-18 23:25:58 +0200
commit4d7a16257f674b061851b5a2ee63f61b900cb6f1 (patch)
treec18c1e12ace0a16ae30f71c7ac778b2f3e707791
parentb3f08af88099cfc26446c8b2d242a351f1bf69d8 (diff)
downloadjgit-4d7a16257f674b061851b5a2ee63f61b900cb6f1.tar.gz
jgit-4d7a16257f674b061851b5a2ee63f61b900cb6f1.zip
Include full IssuerFingerprint in GPG signature
Update dependency to Bouncy Castle to 1.65. Add the IssuerFingerprint as a hashed sub-packet in the signature. If added unhashed, GPG ignores it. Bug: 553206 Change-Id: I6807e8e2385e6ec5790f388e4753a44aa9474ebb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
-rw-r--r--org.eclipse.jgit/META-INF/MANIFEST.MF22
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java6
2 files changed, 17 insertions, 11 deletions
diff --git a/org.eclipse.jgit/META-INF/MANIFEST.MF b/org.eclipse.jgit/META-INF/MANIFEST.MF
index 5fb76f503f..1cdb6417b4 100644
--- a/org.eclipse.jgit/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit/META-INF/MANIFEST.MF
@@ -162,17 +162,17 @@ Import-Package: com.googlecode.javaewah;version="[1.1.6,2.0.0)",
com.jcraft.jsch;version="[0.1.37,0.2.0)",
javax.crypto,
javax.net.ssl,
- org.bouncycastle;version="[1.61.0,2.0.0)",
- org.bouncycastle.bcpg;version="[1.61.0,2.0.0)",
- org.bouncycastle.gpg;version="[1.61.0,2.0.0)",
- org.bouncycastle.gpg.keybox;version="[1.61.0,2.0.0)",
- org.bouncycastle.gpg.keybox.jcajce;version="[1.61.0,2.0.0)",
- org.bouncycastle.jce.provider;version="[1.61.0,2.0.0)",
- org.bouncycastle.openpgp;version="[1.61.0,2.0.0)",
- org.bouncycastle.openpgp.jcajce;version="[1.61.0,2.0.0)",
- org.bouncycastle.openpgp.operator;version="[1.61.0,2.0.0)",
- org.bouncycastle.openpgp.operator.jcajce;version="[1.61.0,2.0.0)",
- org.bouncycastle.util.encoders;version="[1.61.0,2.0.0)",
+ org.bouncycastle;version="[1.65.0,2.0.0)",
+ org.bouncycastle.bcpg;version="[1.65.0,2.0.0)",
+ org.bouncycastle.gpg;version="[1.65.0,2.0.0)",
+ org.bouncycastle.gpg.keybox;version="[1.65.0,2.0.0)",
+ org.bouncycastle.gpg.keybox.jcajce;version="[1.65.0,2.0.0)",
+ org.bouncycastle.jce.provider;version="[1.65.0,2.0.0)",
+ org.bouncycastle.openpgp;version="[1.65.0,2.0.0)",
+ org.bouncycastle.openpgp.jcajce;version="[1.65.0,2.0.0)",
+ org.bouncycastle.openpgp.operator;version="[1.65.0,2.0.0)",
+ org.bouncycastle.openpgp.operator.jcajce;version="[1.65.0,2.0.0)",
+ org.bouncycastle.util.encoders;version="[1.65.0,2.0.0)",
org.slf4j;version="[1.7.0,2.0.0)",
org.xml.sax,
org.xml.sax.helpers
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
index 388169637e..dfcfdab115 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
@@ -25,6 +25,7 @@ import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
+import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.eclipse.jgit.annotations.NonNull;
@@ -117,6 +118,11 @@ public class BouncyCastleGpgSigner extends GpgSigner {
HashAlgorithmTags.SHA256).setProvider(
BouncyCastleProvider.PROVIDER_NAME));
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
+ PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator();
+ subpacketGenerator.setIssuerFingerprint(false,
+ secretKey.getPublicKey());
+ signatureGenerator
+ .setHashedSubpackets(subpacketGenerator.generate());
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try (BCPGOutputStream out = new BCPGOutputStream(
new ArmoredOutputStream(buffer))) {