summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.gpg.bc.test/BUILD
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2021-01-17 16:21:28 +0100
committerMatthias Sohn <matthias.sohn@sap.com>2021-02-16 00:37:01 +0100
commit64cbea8a9794047fe576d03ab8a46e4eaf7eabee (patch)
tree4dc95a2278643c1d8faa70875043301de94ebc6a /org.eclipse.jgit.gpg.bc.test/BUILD
parent3774fcc848da7526ffa74211cbb2781df5731125 (diff)
downloadjgit-64cbea8a9794047fe576d03ab8a46e4eaf7eabee.tar.gz
jgit-64cbea8a9794047fe576d03ab8a46e4eaf7eabee.zip
GPG: compute the keygrip to find a secret key
The gpg-agent stores secret keys in individual files in the secret key directory private-keys-v1.d. The files have the key's keygrip (in upper case) as name and extension ".key". A keygrip is a SHA1 hash over the parameters of the public key. By computing this keygrip, we can pre-compute the expected file name and then check only that one file instead of having to iterate over all keys stored in that directory. This file naming scheme is actually an implementation detail of gpg-agent. It is unlikely to change, though. The keygrip itself is computed via libgcrypt and will remain stable according to the GPG main author.[1] Add an implementation for calculating the keygrip and include tests. Do not iterate over files in BouncyCastleGpgKeyLocator but only check the single file identified by the keygrip. Ideally upstream BouncyCastle would provide such a getKeyGrip() method. But as it re-builds GPG and libgcrypt internals, it's doubtful it would be included there, and since BouncyCastle even lacks a number of curve OIDs for ed25519/curve25519 and uses the short-Weierstrass parameters instead of the more common Montgomery parameters, including it there might be quite a bit of work. [1] http://gnupg.10057.n7.nabble.com/GnuPG-2-1-x-and-2-2-x-keyring-formats-tp54146p54154.html Bug: 547536 Change-Id: I30022a0e7b33b1bf35aec1222f84591f0c30ddfd Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.gpg.bc.test/BUILD')
-rw-r--r--org.eclipse.jgit.gpg.bc.test/BUILD20
1 files changed, 20 insertions, 0 deletions
diff --git a/org.eclipse.jgit.gpg.bc.test/BUILD b/org.eclipse.jgit.gpg.bc.test/BUILD
index 1e3677d929..59859b2837 100644
--- a/org.eclipse.jgit.gpg.bc.test/BUILD
+++ b/org.eclipse.jgit.gpg.bc.test/BUILD
@@ -1,4 +1,9 @@
load(
+ "@com_googlesource_gerrit_bazlets//tools:genrule2.bzl",
+ "genrule2",
+)
+load("@rules_java//java:defs.bzl", "java_import")
+load(
"@com_googlesource_gerrit_bazlets//tools:junit.bzl",
"junit_tests",
)
@@ -8,7 +13,22 @@ junit_tests(
srcs = glob(["tst/**/*.java"]),
tags = ["bc"],
deps = [
+ "//lib:bcpg",
+ "//lib:bcprov",
"//lib:junit",
"//org.eclipse.jgit.gpg.bc:gpg-bc",
+ "//org.eclipse.jgit.gpg.bc.test:tst_rsrc",
],
)
+
+java_import(
+ name = "tst_rsrc",
+ jars = [":tst_rsrc_jar"],
+)
+
+genrule2(
+ name = "tst_rsrc_jar",
+ srcs = glob(["tst-rsrc/**"]),
+ outs = ["tst_rsrc.jar"],
+ cmd = "o=$$PWD/$@ && tar cf - $(SRCS) | tar -C $$TMP --strip-components=2 -xf - && cd $$TMP && zip -qr $$o .",
+)