summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2021-02-22 09:29:12 +0100
committerThomas Wolf <thomas.wolf@paranor.ch>2021-02-22 09:43:18 +0100
commit704ccdc096e4f5cf2670c5c58eaf19fe1fdf4df3 (patch)
treea02240b4ed0bcbc1cea0f3a00a85dea7e167b269
parent81a76383a1b92db34a250c68a28d60fadfffd036 (diff)
downloadjgit-704ccdc096e4f5cf2670c5c58eaf19fe1fdf4df3.tar.gz
jgit-704ccdc096e4f5cf2670c5c58eaf19fe1fdf4df3.zip
GPG: fix reading unprotected old-format secret keys
Fix code and add a test case. The old code passed on the original input stream, which has already been consumed. Bug: 570501 Change-Id: I81f60698ce42443df57e59b1d1ab155574136fa8 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
-rw-r--r--org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.asc30
-rw-r--r--org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.keybin0 -> 978 bytes
-rw-r--r--org.eclipse.jgit.gpg.bc.test/tst/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeysTest.java26
-rw-r--r--org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java12
4 files changed, 53 insertions, 15 deletions
diff --git a/org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.asc b/org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.asc
new file mode 100644
index 0000000000..f412019906
--- /dev/null
+++ b/org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.asc
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF7EL8wBCADO46xh7nXn7vZ5ow2Zdrp7WTh9BlT2wtaHNKpnKvSoYHjJbbGz
+yF8Jf/qVPuXNbjx2df1lT7zT7x3evcjQoNy80deftCw8ApZB9RMOo3uUIqS2VpO+
+cS9rjTgBRFL6xDv3g4++CE9s+5dKE9gKkwleZ5/tVqUIoHPAIUEjpcPHngi5m2bi
+tSmQUYWLGcliR1E79sJMSzPt1neksqHFMJ1KTEJLAABZ0t3PiBzmycIQWThX3uU/
+lcgnZmmhWCJIqV0yRZqxl61ejUfq+zK0T7MzhAAugqe7D6BM1FRwZRNCHwDQXIvt
+/t3fczTe+x9oTy4qX4MfaP8lHM0223MwGR13ABEBAAG0H0EgVSBUaG9yIDxhLnUu
+dGhvckBleGFtcGxlLm9yZz6JAU4EEwEKADgWIQQILQAv4wNQfEJ6I/NEWemKCmiQ
++wUCXsQvzAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBEWemKCmiQ+xev
+CACZSWh4xjTgafwGMP9RnReOhubVmfHS+XGlidDQzJDtshDQddPZ3oQwyTe3OgkW
+ZgOrzjrHGsZp3WZmGUZejrKt2Brqp+h+VRujFVcKk4N9A52BkM6OeT9lzBabOpuA
+UaDsNMSFsMcGTTYpB16+sDcyui8LW1jGi1y+8aQa+u1lIk/vVycq8o4htn2Af8xZ
+rAT8peapsjoNjETEs8OQ0al3Q0UX9amW6Rq1zZZ0XtoXDCPTI01EfczDMN+AZoFk
+UYHwSREDFLSh+c+q1HhYp4TqP+2a5Rayna//n7zci1PmSX7zD3iWzV1jEQ3Jm8U3
+DY+P/WLezQdSJIBVCFpCualquQENBF7EL8wBCAC+ef+vNvfu1jl9BXpu6K9PG0I5
+DQfrNtcdPq90O32ipvsYvqGOJX9MHoTyxBPLew+e5UsYb3ex62JyJqdAaqSwYXEN
+MBESZx7yBqBMUvildfh8dowbJeblxCf5KsE4C9uNfg4ApWGD7PjVsUCh47V8VcfG
+ymCxxq80r+4GfFtt/HC+l9fPUnDLuXpAWEM2GPUzcauUoEXxZK6nhstYCRlKlQcK
+Tn+LtCC7SGpYlqvwWBzAnOYP9+eZfSJ897g0AiTEhK0JsBlDAb3UAWHYHkAkVa1+
+oU/UedhPC4j2Q7RzPQFMun6aGkaDrntCxvT7IFiMplPG7iy0JDd6ubrWSzivABEB
+AAGJATYEGAEKACAWIQQILQAv4wNQfEJ6I/NEWemKCmiQ+wUCXsQvzAIbDAAKCRBE
+WemKCmiQ+xoBB/9BAmlHQUmVl/bkwszAcyXkR5HsyA4htMJt+6GKlqftuhLP0SGK
+Il+7GeK6NqNdQXxXG5Wj6dn7ZqWalQRA0evEa6VLH+74zrn0llWfzTPIcP1bHW7l
+uYaOzZ1z/q4FoEGNJxp/jdToZ4970OXLzqY/G/QlMJIlXWCC0EXNYbKCEpOE9uvW
+h4kWe5xeGOmhZylYbzurTDzqEtKy+LZ9f2xNYn6ElcWtwxsxwSY7L9B3eNcCYE46
+Np6uqzPffB9s7PHW46yEL1lQs6ME+9hBGyjeVop+Wg9qkh3YCrp+KY5Vkmdndwkn
+Th4FnTpcCiS06fCVHHC5kelh+H6TgRA+XQ/V
+=WGUq
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.key b/org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.key
new file mode 100644
index 0000000000..b8765aaacb
--- /dev/null
+++ b/org.eclipse.jgit.gpg.bc.test/tst-rsrc/org/eclipse/jgit/gpg/bc/internal/keys/AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11.key
Binary files differ
diff --git a/org.eclipse.jgit.gpg.bc.test/tst/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeysTest.java b/org.eclipse.jgit.gpg.bc.test/tst/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeysTest.java
index 4eecaf3ab5..5e5e303319 100644
--- a/org.eclipse.jgit.gpg.bc.test/tst/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeysTest.java
+++ b/org.eclipse.jgit.gpg.bc.test/tst/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeysTest.java
@@ -76,9 +76,12 @@ public class SecretKeysTest {
final boolean encrypted;
- TestData(String name, boolean encrypted) {
+ final boolean keyValue;
+
+ TestData(String name, boolean encrypted, boolean keyValue) {
this.name = name;
this.encrypted = encrypted;
+ this.keyValue = keyValue;
}
@Override
@@ -90,10 +93,11 @@ public class SecretKeysTest {
@Parameters(name = "{0}")
public static TestData[] initTestData() {
return new TestData[] {
- new TestData("2FB05DBB70FC07CB84C13431F640CA6CEA1DBF8A", false),
- new TestData("66CCECEC2AB46A9735B10FEC54EDF9FD0F77BAF9", true),
- new TestData("F727FAB884DA3BD402B6E0F5472E108D21033124", true),
- new TestData("faked", false) };
+ new TestData("AFDA8EA10E185ACF8C0D0F8885A0EF61A72ECB11", false, false),
+ new TestData("2FB05DBB70FC07CB84C13431F640CA6CEA1DBF8A", false, true),
+ new TestData("66CCECEC2AB46A9735B10FEC54EDF9FD0F77BAF9", true, true),
+ new TestData("F727FAB884DA3BD402B6E0F5472E108D21033124", true, true),
+ new TestData("faked", false, true) };
}
private static byte[] readTestKey(String filename) throws Exception {
@@ -126,9 +130,11 @@ public class SecretKeysTest {
@Test
public void testKeyRead() throws Exception {
- byte[] bytes = readTestKey(data.name + ".key");
- assertEquals('(', bytes[0]);
- assertEquals(')', bytes[bytes.length - 1]);
+ if (data.keyValue) {
+ byte[] bytes = readTestKey(data.name + ".key");
+ assertEquals('(', bytes[0]);
+ assertEquals(')', bytes[bytes.length - 1]);
+ }
try (InputStream pubIn = this.getClass()
.getResourceAsStream(data.name + ".asc")) {
if (pubIn != null) {
@@ -139,7 +145,9 @@ public class SecretKeysTest {
try (InputStream in = new BufferedInputStream(this.getClass()
.getResourceAsStream(data.name + ".key"))) {
PGPSecretKey secretKey = SecretKeys.readSecretKey(in,
- calculatorProvider, () -> "nonsense".toCharArray(),
+ calculatorProvider,
+ data.encrypted ? () -> "nonsense".toCharArray()
+ : null,
publicKey);
assertNotNull(secretKey);
} catch (PGPException e) {
diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java
index 1542b8cbcc..269a1ba0f6 100644
--- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java
+++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java
@@ -113,13 +113,13 @@ public final class SecretKeys {
try {
if (firstChar == '(') {
// Binary format.
- if (!matches(data, 4, PROTECTED_KEY)) {
- // Not encrypted binary format.
- return parser.parseSecretKey(in, null, publicKey);
+ PBEProtectionRemoverFactory decryptor = null;
+ if (matches(data, 4, PROTECTED_KEY)) {
+ // AES/CBC encrypted.
+ decryptor = new JcePBEProtectionRemoverFactory(
+ passphraseSupplier.getPassphrase(),
+ calculatorProvider);
}
- // AES/CBC encrypted.
- PBEProtectionRemoverFactory decryptor = new JcePBEProtectionRemoverFactory(
- passphraseSupplier.getPassphrase(), calculatorProvider);
try (InputStream sIn = new ByteArrayInputStream(data)) {
return parser.parseSecretKey(sIn, decryptor, publicKey);
}