summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.gpg.bc
diff options
context:
space:
mode:
authorMatthias Sohn <matthias.sohn@sap.com>2020-09-09 00:12:45 +0200
committerMatthias Sohn <matthias.sohn@sap.com>2020-09-09 00:14:08 +0200
commit8cd49885ba2fbc41b79c2b3104b4f8d2f9a39547 (patch)
tree3430f50a43c13af915ed33fa299f9d517f16f352 /org.eclipse.jgit.gpg.bc
parentaabd3d5ed1f80567a516c069483ad5a08ec03c68 (diff)
parented9992896a9e8b2903f968fbfc007d1154335d18 (diff)
downloadjgit-8cd49885ba2fbc41b79c2b3104b4f8d2f9a39547.tar.gz
jgit-8cd49885ba2fbc41b79c2b3104b4f8d2f9a39547.zip
Merge branch 'stable-5.9' into master
* stable-5.9: Prepare 5.9.1-SNAPSHOT builds JGit v5.9.0.202009080501-r [releng] Enable japicmp for the fragments added in 5.8.0 GitlinkMergeTest: fix boxing warnings Remove unused API problem filters Add missing since tag on BundleWriter#addObjectsAsIs GPG: include signer's user ID in the signature Change-Id: Iaa96f9228752540f446fc232a49f31a738fd8d30 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Diffstat (limited to 'org.eclipse.jgit.gpg.bc')
-rw-r--r--org.eclipse.jgit.gpg.bc/pom.xml4
-rw-r--r--org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java39
2 files changed, 34 insertions, 9 deletions
diff --git a/org.eclipse.jgit.gpg.bc/pom.xml b/org.eclipse.jgit.gpg.bc/pom.xml
index bb80475743..8da8d39ce6 100644
--- a/org.eclipse.jgit.gpg.bc/pom.xml
+++ b/org.eclipse.jgit.gpg.bc/pom.xml
@@ -128,7 +128,6 @@
</configuration>
</plugin>
- <!-- No previous version to compare to
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
@@ -170,13 +169,11 @@
</execution>
</executions>
</plugin>
- -->
</plugins>
</build>
<reporting>
<plugins>
- <!-- No previous version to compare to
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
@@ -217,7 +214,6 @@
<skip>false</skip>
</configuration>
</plugin>
- -->
</plugins>
</reporting>
</project>
diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java
index c6ecdbe6da..ea159c547d 100644
--- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java
+++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java
@@ -15,6 +15,7 @@ import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
+import java.util.Iterator;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
@@ -22,6 +23,7 @@ import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
@@ -38,6 +40,7 @@ import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.GpgSigner;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.transport.CredentialsProvider;
+import org.eclipse.jgit.util.StringUtils;
/**
* GPG Signer using BouncyCastle library
@@ -126,17 +129,32 @@ public class BouncyCastleGpgSigner extends GpgSigner {
privateKey = secretKey
.extractPrivateKey(decryptorBuilder.build(passphrase));
}
+ PGPPublicKey publicKey = secretKey.getPublicKey();
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(
- secretKey.getPublicKey().getAlgorithm(),
+ publicKey.getAlgorithm(),
HashAlgorithmTags.SHA256).setProvider(
BouncyCastleProvider.PROVIDER_NAME));
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
- PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator();
- subpacketGenerator.setIssuerFingerprint(false,
- secretKey.getPublicKey());
+ PGPSignatureSubpacketGenerator subpackets = new PGPSignatureSubpacketGenerator();
+ subpackets.setIssuerFingerprint(false, publicKey);
+ // Also add the signer's user ID. Note that GPG uses only the e-mail
+ // address part.
+ String userId = committer.getEmailAddress();
+ Iterator<String> userIds = publicKey.getUserIDs();
+ if (userIds.hasNext()) {
+ String keyUserId = userIds.next();
+ if (!StringUtils.isEmptyOrNull(keyUserId)
+ && (userId == null || !keyUserId.contains(userId))) {
+ // Not the committer's key?
+ userId = extractSignerId(keyUserId);
+ }
+ }
+ if (userId != null) {
+ subpackets.setSignerUserID(false, userId);
+ }
signatureGenerator
- .setHashedSubpackets(subpacketGenerator.generate());
+ .setHashedSubpackets(subpackets.generate());
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try (BCPGOutputStream out = new BCPGOutputStream(
new ArmoredOutputStream(buffer))) {
@@ -149,4 +167,15 @@ public class BouncyCastleGpgSigner extends GpgSigner {
throw new JGitInternalException(e.getMessage(), e);
}
}
+
+ private String extractSignerId(String pgpUserId) {
+ int from = pgpUserId.indexOf('<');
+ if (from >= 0) {
+ int to = pgpUserId.indexOf('>', from + 1);
+ if (to > from + 1) {
+ return pgpUserId.substring(from + 1, to);
+ }
+ }
+ return pgpUserId;
+ }
}