diff options
| author | Thomas Wolf <thomas.wolf@paranor.ch> | 2019-05-21 18:09:37 +0200 |
|---|---|---|
| committer | Thomas Wolf <thomas.wolf@paranor.ch> | 2019-05-21 18:13:40 +0200 |
| commit | efe6d2bb5b71e5a8fa0b96fc73868ca717e1d4f1 (patch) | |
| tree | f6bb230a8243a9bf7095ccd965e9e7beceed2381 | |
| parent | 6536b5cbca8b876e92c5943f25768ba0c450eada (diff) | |
| download | jgit-efe6d2bb5b71e5a8fa0b96fc73868ca717e1d4f1.tar.gz jgit-efe6d2bb5b71e5a8fa0b96fc73868ca717e1d4f1.zip | |
GPG: check that the key found is a signing key
Throw an exception if not.
Change-Id: I60f36b271d5f44c6dc475302b169cb5b8a1e3945
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 files changed, 10 insertions, 0 deletions
diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties index 9d221c92f9..fc2a26f0d7 100644 --- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties +++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties @@ -330,6 +330,7 @@ gpgNoKeyring=neither pubring.kbx nor secring.gpg files found gpgNoKeyInLegacySecring=no matching secret key found in legacy secring.gpg for key or user id: {0} gpgNoPublicKeyFound=Unable to find a public-key with key or user id: {0} gpgNoSecretKeyForPublicKey=unable to find associated secret key for public key: {0} +gpgNotASigningKey=Secret key ({0}) is not suitable for signing gpgKeyInfo=GPG Key (fingerprint {0}) gpgSigningCancelled=Signing was cancelled headRequiredToStash=HEAD required to stash local changes diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java index 018b6431c1..ca0024d1c9 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java @@ -391,6 +391,7 @@ public class JGitText extends TranslationBundle { /***/ public String gpgNoKeyInLegacySecring; /***/ public String gpgNoPublicKeyFound; /***/ public String gpgNoSecretKeyForPublicKey; + /***/ public String gpgNotASigningKey; /***/ public String gpgKeyInfo; /***/ public String gpgSigningCancelled; /***/ public String headRequiredToStash; diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java index 47f8c85f4d..df9615fc9d 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java @@ -261,6 +261,10 @@ class BouncyCastleGpgKeyLocator { USER_PGP_LEGACY_SECRING_FILE); if (secretKey != null) { + if (!secretKey.isSigningKey()) { + throw new PGPException(MessageFormat.format( + JGitText.get().gpgNotASigningKey, signingKey)); + } return new BouncyCastleGpgKey(secretKey, USER_PGP_LEGACY_SECRING_FILE); } @@ -294,6 +298,10 @@ class BouncyCastleGpgKeyLocator { PGPSecretKey secretKey = attemptParseSecretKey(keyFile, calculatorProvider, passphraseProvider, publicKey); if (secretKey != null) { + if (!secretKey.isSigningKey()) { + throw new PGPException(MessageFormat.format( + JGitText.get().gpgNotASigningKey, signingKey)); + } return new BouncyCastleGpgKey(secretKey, userKeyboxPath); } } |