diff options
author | Thomas Wolf <thomas.wolf@paranor.ch> | 2019-10-23 00:55:28 +0200 |
---|---|---|
committer | Thomas Wolf <thomas.wolf@paranor.ch> | 2019-10-23 11:17:24 +0200 |
commit | 6a39da37fefd036929df9e63bf42875abd028b1f (patch) | |
tree | 55a7668caefd240dfb485c99f18dd331728be1ba | |
parent | d4404fb438c4cb31725a98e876cef8e3218ebd7f (diff) | |
download | jgit-6a39da37fefd036929df9e63bf42875abd028b1f.tar.gz jgit-6a39da37fefd036929df9e63bf42875abd028b1f.zip |
GPG: implement more OpenPGP UserId matching formats
Instead of just looking for a substring match of user.signingKey
in a key's user ID implement the GPG matching formats[1] for:
'=' Full exact match
'<' Full exact match of the e-mail address
'@' Substring match within the e-mail address only
'*' General case-insensitive substring match (default)
When user.signingKey is not set, the committer's e-mail address is
used by default. In that case, use '<', i.e., require an exact match
on the OpenPGP e-mail address.
Also handle the optional "0x" prefix for (partial) key fingerprints.
[1] https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html
Bug: 550335
Change-Id: I6ce482a099ff1a0dc9de45435cd4d3ec5b504f12
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 files changed, 253 insertions, 11 deletions
diff --git a/org.eclipse.jgit.test/META-INF/MANIFEST.MF b/org.eclipse.jgit.test/META-INF/MANIFEST.MF index 8d240d34e6..8043065389 100644 --- a/org.eclipse.jgit.test/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit.test/META-INF/MANIFEST.MF @@ -49,6 +49,7 @@ Import-Package: com.googlecode.javaewah;version="[1.1.6,2.0.0)", org.eclipse.jgit.junit.time;version="[5.6.0,5.7.0)", org.eclipse.jgit.lfs;version="[5.6.0,5.7.0)", org.eclipse.jgit.lib;version="[5.6.0,5.7.0)", + org.eclipse.jgit.lib.internal;version="[5.6.0,5.7.0)", org.eclipse.jgit.merge;version="[5.6.0,5.7.0)", org.eclipse.jgit.nls;version="[5.6.0,5.7.0)", org.eclipse.jgit.notes;version="[5.6.0,5.7.0)", diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocatorTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocatorTest.java new file mode 100644 index 0000000000..220b2becba --- /dev/null +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocatorTest.java @@ -0,0 +1,167 @@ +/* + * Copyright (C) 2019, Thomas Wolf <thomas.wolf@paranor.ch> + * and other copyright owners as documented in the project's IP log. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +package org.eclipse.jgit.lib.internal; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.util.Locale; + +import org.junit.Test; + +public class BouncyCastleGpgKeyLocatorTest { + + private static final String USER_ID = "Heinrich Heine <heinrichh@uni-duesseldorf.de>"; + + private static boolean match(String userId, String pattern) { + return BouncyCastleGpgKeyLocator.containsSigningKey(userId, pattern); + } + + @Test + public void testFullMatch() throws Exception { + assertTrue(match(USER_ID, + "=Heinrich Heine <heinrichh@uni-duesseldorf.de>")); + assertFalse(match(USER_ID, "=Heinrich Heine")); + assertFalse(match(USER_ID, "= ")); + assertFalse(match(USER_ID, "=heinrichh@uni-duesseldorf.de")); + } + + @Test + public void testEmpty() throws Exception { + assertFalse(match(USER_ID, "")); + assertFalse(match(USER_ID, null)); + assertFalse(match("", "")); + assertFalse(match(null, "")); + assertFalse(match(null, null)); + assertFalse(match("", "something")); + assertFalse(match(null, "something")); + } + + @Test + public void testFullEmail() throws Exception { + assertTrue(match(USER_ID, "<heinrichh@uni-duesseldorf.de>")); + assertTrue(match(USER_ID + " ", "<heinrichh@uni-duesseldorf.de>")); + assertFalse(match(USER_ID, "<>")); + assertFalse(match(USER_ID, "<h>")); + assertFalse(match(USER_ID, "<heinrichh>")); + assertFalse(match(USER_ID, "<uni-duesseldorf>")); + assertFalse(match(USER_ID, "<h@u>")); + assertFalse(match(USER_ID, "<HeinrichH@uni-duesseldorf.de>")); + assertFalse(match(USER_ID.substring(0, USER_ID.length() - 1), + "<heinrichh@uni-duesseldorf.de>")); + assertFalse(match("", "<>")); + assertFalse(match("", "<heinrichh@uni-duesseldorf.de>")); + } + + @Test + public void testPartialEmail() throws Exception { + assertTrue(match(USER_ID, "@heinrichh@uni-duesseldorf.de")); + assertTrue(match(USER_ID, "@heinrichh")); + assertTrue(match(USER_ID, "@duesseldorf")); + assertTrue(match(USER_ID, "@uni-d")); + assertTrue(match(USER_ID, "@h")); + assertTrue(match(USER_ID, "@.")); + assertTrue(match(USER_ID, "@h@u")); + assertFalse(match(USER_ID, "@ ")); + assertFalse(match(USER_ID, "@")); + assertFalse(match(USER_ID, "@Heine")); + assertFalse(match(USER_ID, "@HeinrichH")); + assertFalse(match(USER_ID, "@Heinrich")); + assertFalse(match("", "@")); + assertFalse(match("", "@h")); + } + + private void substringTests(String prefix) throws Exception { + assertTrue(match(USER_ID, prefix + "heinrichh@uni-duesseldorf.de")); + assertTrue(match(USER_ID, prefix + "heinrich")); + assertTrue(match(USER_ID, prefix + "HEIN")); + assertTrue(match(USER_ID, prefix + "Heine <")); + assertTrue(match(USER_ID, prefix + "UNI")); + assertTrue(match(USER_ID, prefix + "uni")); + assertTrue(match(USER_ID, prefix + "rich He")); + assertTrue(match(USER_ID, prefix + "h@u")); + assertTrue(match(USER_ID, prefix + USER_ID)); + assertTrue(match(USER_ID, prefix + USER_ID.toUpperCase(Locale.ROOT))); + assertFalse(match(USER_ID, prefix + "")); + assertFalse(match(USER_ID, prefix + " ")); + assertFalse(match(USER_ID, prefix + "yy")); + assertFalse(match("", prefix + "")); + assertFalse(match("", prefix + "uni")); + } + + @Test + public void testSubstringPlain() throws Exception { + substringTests(""); + } + + @Test + public void testSubstringAsterisk() throws Exception { + substringTests("*"); + } + + @Test + public void testExplicitFingerprint() throws Exception { + assertFalse(match("John Fade <j.fade@example.com>", "0xfade")); + assertFalse(match("John Fade <0xfade@example.com>", "0xfade")); + assertFalse(match("", "0xfade")); + } + + @Test + public void testImplicitFingerprint() throws Exception { + assertTrue(match("John Fade <j.fade@example.com>", "fade")); + assertTrue(match("John Fade <0xfade@example.com>", "fade")); + assertTrue(match("John Fade <j.fade@example.com>", "FADE")); + assertTrue(match("John Fade <0xfade@example.com>", "FADE")); + } + + @Test + public void testZeroX() throws Exception { + assertTrue(match("John Fade <0xfade@example.com>", "0x")); + assertTrue(match("John Fade <0xfade@example.com>", "*0x")); + assertTrue(match("John Fade <0xfade@example.com>", "*0xfade")); + assertTrue(match("John Fade <0xfade@example.com>", "*0xFADE")); + assertTrue(match("John Fade <0xfade@example.com>", "@0xfade")); + assertFalse(match("John Fade <0xfade@example.com>", "@0xFADE")); + assertFalse(match("", "0x")); + } +} diff --git a/org.eclipse.jgit/META-INF/MANIFEST.MF b/org.eclipse.jgit/META-INF/MANIFEST.MF index 35f29aa074..ab0f1a2c09 100644 --- a/org.eclipse.jgit/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit/META-INF/MANIFEST.MF @@ -99,7 +99,7 @@ Export-Package: org.eclipse.jgit.annotations;version="5.6.0", org.eclipse.jgit.treewalk, org.eclipse.jgit.transport, org.eclipse.jgit.submodule", - org.eclipse.jgit.lib.internal;version="5.6.0";x-internal:=true, + org.eclipse.jgit.lib.internal;version="5.6.0";x-friends:="org.eclipse.jgit.test", org.eclipse.jgit.merge;version="5.6.0"; uses:="org.eclipse.jgit.lib, org.eclipse.jgit.treewalk, diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java index e3233590f6..f28334cb80 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java @@ -92,6 +92,7 @@ import org.eclipse.jgit.api.errors.CanceledException; import org.eclipse.jgit.errors.UnsupportedCredentialItem; import org.eclipse.jgit.internal.JGitText; import org.eclipse.jgit.util.FS; +import org.eclipse.jgit.util.StringUtils; import org.eclipse.jgit.util.SystemReader; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -192,14 +193,87 @@ class BouncyCastleGpgKeyLocator { } } - private boolean containsSigningKey(String userId) { - return userId.toLowerCase(Locale.ROOT) - .contains(signingKey.toLowerCase(Locale.ROOT)); + /** + * Checks whether a given OpenPGP {@code userId} matches a given + * {@code signingKeySpec}, which is supposed to have one of the formats + * defined by GPG. + * <p> + * Not all formats are supported; only formats starting with '=', '<', + * '@', and '*' are handled. Any other format results in a case-insensitive + * substring match. + * </p> + * + * @param userId + * of a key + * @param signingKeySpec + * GPG key identification + * @return whether the {@code userId} matches + * @see <a href= + * "https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html">GPG + * Documentation: How to Specify a User ID</a> + */ + static boolean containsSigningKey(String userId, String signingKeySpec) { + if (StringUtils.isEmptyOrNull(userId) + || StringUtils.isEmptyOrNull(signingKeySpec)) { + return false; + } + String toMatch = signingKeySpec; + if (toMatch.startsWith("0x") && toMatch.trim().length() > 2) { //$NON-NLS-1$ + return false; // Explicit fingerprint + } + int command = toMatch.charAt(0); + switch (command) { + case '=': + case '<': + case '@': + case '*': + toMatch = toMatch.substring(1); + if (toMatch.isEmpty()) { + return false; + } + break; + default: + break; + } + switch (command) { + case '=': + return userId.equals(toMatch); + case '<': { + int begin = userId.indexOf('<'); + int end = userId.indexOf('>', begin + 1); + int stop = toMatch.indexOf('>'); + return begin >= 0 && end > begin + 1 && stop > 0 + && userId.substring(begin + 1, end) + .equals(toMatch.substring(0, stop)); + } + case '@': { + int begin = userId.indexOf('<'); + int end = userId.indexOf('>', begin + 1); + return begin >= 0 && end > begin + 1 + && userId.substring(begin + 1, end).contains(toMatch); + } + default: + if (toMatch.trim().isEmpty()) { + return false; + } + return userId.toLowerCase(Locale.ROOT) + .contains(toMatch.toLowerCase(Locale.ROOT)); + } + } + + private String toFingerprint(String keyId) { + if (keyId.startsWith("0x")) { //$NON-NLS-1$ + return keyId.substring(2); + } + return keyId; } private PGPPublicKey findPublicKeyByKeyId(KeyBlob keyBlob) throws IOException { - String keyId = signingKey.toLowerCase(Locale.ROOT); + String keyId = toFingerprint(signingKey).toLowerCase(Locale.ROOT); + if (keyId.isEmpty()) { + return null; + } for (KeyInformation keyInfo : keyBlob.getKeyInformation()) { String fingerprint = Hex.toHexString(keyInfo.getFingerprint()) .toLowerCase(Locale.ROOT); @@ -213,7 +287,7 @@ class BouncyCastleGpgKeyLocator { private PGPPublicKey findPublicKeyByUserId(KeyBlob keyBlob) throws IOException { for (UserID userID : keyBlob.getUserIds()) { - if (containsSigningKey(userID.getUserIDAsString())) { + if (containsSigningKey(userID.getUserIDAsString(), signingKey)) { return getSigningPublicKey(keyBlob); } } @@ -446,7 +520,7 @@ class BouncyCastleGpgKeyLocator { PGPUtil.getDecoderStream(new BufferedInputStream(in)), new JcaKeyFingerprintCalculator()); - String keyId = signingkey.toLowerCase(Locale.ROOT); + String keyId = toFingerprint(signingkey).toLowerCase(Locale.ROOT); Iterator<PGPSecretKeyRing> keyrings = pgpSec.getKeyRings(); while (keyrings.hasNext()) { PGPSecretKeyRing keyRing = keyrings.next(); @@ -464,7 +538,7 @@ class BouncyCastleGpgKeyLocator { Iterator<String> userIDs = key.getUserIDs(); while (userIDs.hasNext()) { String userId = userIDs.next(); - if (containsSigningKey(userId)) { + if (containsSigningKey(userId, signingKey)) { return key; } } @@ -492,7 +566,7 @@ class BouncyCastleGpgKeyLocator { new BufferedInputStream(in), new JcaKeyFingerprintCalculator()); - String keyId = signingKey.toLowerCase(Locale.ROOT); + String keyId = toFingerprint(signingKey).toLowerCase(Locale.ROOT); Iterator<PGPPublicKeyRing> keyrings = pgpPub.getKeyRings(); while (keyrings.hasNext()) { PGPPublicKeyRing keyRing = keyrings.next(); @@ -509,7 +583,7 @@ class BouncyCastleGpgKeyLocator { Iterator<String> userIDs = key.getUserIDs(); while (userIDs.hasNext()) { String userId = userIDs.next(); - if (containsSigningKey(userId)) { + if (containsSigningKey(userId, signingKey)) { return key; } } diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java index cfe0931b47..cfa67eefdc 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java @@ -115,7 +115,7 @@ public class BouncyCastleGpgSigner extends GpgSigner { NoSuchAlgorithmException, NoSuchProviderException, PGPException, URISyntaxException { if (gpgSigningKey == null || gpgSigningKey.isEmpty()) { - gpgSigningKey = committer.getEmailAddress(); + gpgSigningKey = '<' + committer.getEmailAddress() + '>'; } BouncyCastleGpgKeyLocator keyHelper = new BouncyCastleGpgKeyLocator( |