diff options
author | Matthias Sohn <matthias.sohn@sap.com> | 2020-09-09 00:12:45 +0200 |
---|---|---|
committer | Matthias Sohn <matthias.sohn@sap.com> | 2020-09-09 00:14:08 +0200 |
commit | 8cd49885ba2fbc41b79c2b3104b4f8d2f9a39547 (patch) | |
tree | 3430f50a43c13af915ed33fa299f9d517f16f352 /org.eclipse.jgit.gpg.bc | |
parent | aabd3d5ed1f80567a516c069483ad5a08ec03c68 (diff) | |
parent | ed9992896a9e8b2903f968fbfc007d1154335d18 (diff) | |
download | jgit-8cd49885ba2fbc41b79c2b3104b4f8d2f9a39547.tar.gz jgit-8cd49885ba2fbc41b79c2b3104b4f8d2f9a39547.zip |
Merge branch 'stable-5.9' into master
* stable-5.9:
Prepare 5.9.1-SNAPSHOT builds
JGit v5.9.0.202009080501-r
[releng] Enable japicmp for the fragments added in 5.8.0
GitlinkMergeTest: fix boxing warnings
Remove unused API problem filters
Add missing since tag on BundleWriter#addObjectsAsIs
GPG: include signer's user ID in the signature
Change-Id: Iaa96f9228752540f446fc232a49f31a738fd8d30
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Diffstat (limited to 'org.eclipse.jgit.gpg.bc')
-rw-r--r-- | org.eclipse.jgit.gpg.bc/pom.xml | 4 | ||||
-rw-r--r-- | org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java | 39 |
2 files changed, 34 insertions, 9 deletions
diff --git a/org.eclipse.jgit.gpg.bc/pom.xml b/org.eclipse.jgit.gpg.bc/pom.xml index bb80475743..8da8d39ce6 100644 --- a/org.eclipse.jgit.gpg.bc/pom.xml +++ b/org.eclipse.jgit.gpg.bc/pom.xml @@ -128,7 +128,6 @@ </configuration> </plugin> - <!-- No previous version to compare to <plugin> <groupId>com.github.siom79.japicmp</groupId> <artifactId>japicmp-maven-plugin</artifactId> @@ -170,13 +169,11 @@ </execution> </executions> </plugin> - --> </plugins> </build> <reporting> <plugins> - <!-- No previous version to compare to <plugin> <groupId>com.github.siom79.japicmp</groupId> <artifactId>japicmp-maven-plugin</artifactId> @@ -217,7 +214,6 @@ <skip>false</skip> </configuration> </plugin> - --> </plugins> </reporting> </project> diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java index c6ecdbe6da..ea159c547d 100644 --- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java +++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java @@ -15,6 +15,7 @@ import java.net.URISyntaxException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Security; +import java.util.Iterator; import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.bcpg.BCPGOutputStream; @@ -22,6 +23,7 @@ import org.bouncycastle.bcpg.HashAlgorithmTags; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPrivateKey; +import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureGenerator; @@ -38,6 +40,7 @@ import org.eclipse.jgit.lib.GpgSignature; import org.eclipse.jgit.lib.GpgSigner; import org.eclipse.jgit.lib.PersonIdent; import org.eclipse.jgit.transport.CredentialsProvider; +import org.eclipse.jgit.util.StringUtils; /** * GPG Signer using BouncyCastle library @@ -126,17 +129,32 @@ public class BouncyCastleGpgSigner extends GpgSigner { privateKey = secretKey .extractPrivateKey(decryptorBuilder.build(passphrase)); } + PGPPublicKey publicKey = secretKey.getPublicKey(); PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( new JcaPGPContentSignerBuilder( - secretKey.getPublicKey().getAlgorithm(), + publicKey.getAlgorithm(), HashAlgorithmTags.SHA256).setProvider( BouncyCastleProvider.PROVIDER_NAME)); signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey); - PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator(); - subpacketGenerator.setIssuerFingerprint(false, - secretKey.getPublicKey()); + PGPSignatureSubpacketGenerator subpackets = new PGPSignatureSubpacketGenerator(); + subpackets.setIssuerFingerprint(false, publicKey); + // Also add the signer's user ID. Note that GPG uses only the e-mail + // address part. + String userId = committer.getEmailAddress(); + Iterator<String> userIds = publicKey.getUserIDs(); + if (userIds.hasNext()) { + String keyUserId = userIds.next(); + if (!StringUtils.isEmptyOrNull(keyUserId) + && (userId == null || !keyUserId.contains(userId))) { + // Not the committer's key? + userId = extractSignerId(keyUserId); + } + } + if (userId != null) { + subpackets.setSignerUserID(false, userId); + } signatureGenerator - .setHashedSubpackets(subpacketGenerator.generate()); + .setHashedSubpackets(subpackets.generate()); ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try (BCPGOutputStream out = new BCPGOutputStream( new ArmoredOutputStream(buffer))) { @@ -149,4 +167,15 @@ public class BouncyCastleGpgSigner extends GpgSigner { throw new JGitInternalException(e.getMessage(), e); } } + + private String extractSignerId(String pgpUserId) { + int from = pgpUserId.indexOf('<'); + if (from >= 0) { + int to = pgpUserId.indexOf('>', from + 1); + if (to > from + 1) { + return pgpUserId.substring(from + 1, to); + } + } + return pgpUserId; + } } |