summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.gpg.bc
Commit message (Collapse)AuthorAgeFilesLines
* Update orbit to I20210713220109Matthias Sohn2021-07-162-0/+6
| | | | | | | | | | | | | | | | | | | | | update - org.apache.commons.compress to 1.20.0.v20210713-192 - org.bouncycastle.bcpg to 1.69.0.v20210713-1924 - org.bouncycastle.bcpkix to 1.69.0.v20210713-1924 - org.bouncycastle.bcprov to 1.69.0.v20210713-1924 - add org.bouncycastle.bcutil 1.69.0.v20210713-1924 In bazel build don't expose bouncycastle to org.eclipse.jgit since it's not used there anymore since code depending on bouncycastle was moved to org.eclipse.jgit.gpg.bc. CQ: 21771 CQ: 23471 CQ: 23472 CQ: 23473 CQ: 23474 Change-Id: Id3d94c00c39bbc57e3f49a61150841249dc3985c
* Prepare 5.13.0-SNAPSHOT buildsMatthias Sohn2021-06-143-10/+10
| | | | Change-Id: Ie9cfc1eeb0eda7b2bbe744a22a7e4cfe6d59bc37
* Prepare 5.12.1-SNAPSHOT buildsMatthias Sohn2021-06-133-10/+10
| | | | Change-Id: Idf266c34aa9a04cf9c5e0e09bcb415c13d773d4c
* JGit v5.12.0.202106070339-rv5.12.0.202106070339-rMatthias Sohn2021-06-073-4/+4
| | | | | Change-Id: I0fbfea2c83f1ce83f75130cc97591547032f1104 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-06-033-4/+4
| | | | | Change-Id: Ifc72d3f3ac84b9c4055b95ec0093d877ffb09ab0 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* JGit v5.12.0.202106021050-rc1v5.12.0.202106021050-rc1Matthias Sohn2021-06-023-4/+4
| | | | | Change-Id: I622ee049f14f37504ff4a062f03d6fc25465d0ec Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-06-023-4/+4
| | | | Change-Id: I25e4efc9b40ae4e7168b37385445c73992c5beb0
* JGit v5.12.0.202106011439-rc1v5.12.0.202106011439-rc1Matthias Sohn2021-06-013-4/+4
| | | | | Change-Id: Ieac1d02879defe0f4791062448d4efc328a2f652 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-06-013-4/+4
| | | | | Change-Id: If563be77aab768ac1f31ae2211fb0892d0205a2a Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* JGit v5.12.0.202105261145-m3v5.12.0.202105261145-m3Matthias Sohn2021-05-263-4/+4
| | | | | Change-Id: I3b1af2032227900e6e0c6189f47bace1df67f0ab Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-05-063-4/+4
| | | | Change-Id: I2fc5305e7eaaa4593d418fc3b31d20e4b6e1e585
* JGit v5.12.0.202105051250-m2v5.12.0.202105051250-m2Matthias Sohn2021-05-053-4/+4
| | | | | Change-Id: Ic7d86c91ec0ff9aa0678dcb971c197e62a4ca2dc Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.12.0-SNAPSHOT buildsMatthias Sohn2021-03-103-10/+10
| | | | | Change-Id: I736de7c3deb11da75777d459f47332df0b486443 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.11.1-SNAPSHOT buildsMatthias Sohn2021-03-093-10/+10
| | | | | Change-Id: I94628ccbb5099a65aa4345cfd28a141ff5555b68 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* JGit v5.11.0.202103091610-rv5.11.0.202103091610-rMatthias Sohn2021-03-093-4/+4
| | | | | Change-Id: I8e6855eaf7228459f492036feb4e34ca085698a7 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.11.0-SNAPSHOT buildsMatthias Sohn2021-03-043-4/+4
| | | | | Change-Id: I89ed49a6acc53dd75d16f40c99e1140e0c18f646 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* JGit v5.11.0.202103031150-rc1v5.11.0.202103031150-rc1Matthias Sohn2021-03-033-4/+4
| | | | | Change-Id: I0a86fa59645888f9f36ea6938c9121e095f02fc6 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Prepare 5.11.0-SNAPSHOT buildsMatthias Sohn2021-02-243-4/+4
| | | | | Change-Id: If3dbe084ee37ae4b993d3a10ec48b14e8709ff6d Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* JGit v5.11.0.202102240950-m3v5.11.0.202102240950-m3Matthias Sohn2021-02-243-4/+4
| | | | | Change-Id: Iea6b3515fa63db497989194b6bf50fe7324086d0 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* GPG: fix reading unprotected old-format secret keysThomas Wolf2021-02-221-6/+6
| | | | | | | | Fix code and add a test case. The old code passed on the original input stream, which has already been consumed. Bug: 570501 Change-Id: I81f60698ce42443df57e59b1d1ab155574136fa8 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* GPG: handle extended private key formatThomas Wolf2021-02-1911-93/+1744
| | | | | | | | | | | | | | | | | | | | | | | | | Add detection for the key-value pair format that was available in gpg-agent for some time already and that has become the default since gpg-agent 2.2.20. If a secret key in the .gnupg/private-keys-v1.d directory is found to have this format, extract the human-readable key from it, convert it to the binary serialized form and hand that to BouncyCastle. Encrypted keys in the new format may use AES/OCB. OCB is a patent- encumbered algorithm; although there is a license for open-source software, that may not be good enough and OCB may not be available in Java. It is not available in the default security provider in Java, and it is also not available in the BouncyCastle version included in Eclipse. Implement AES/OCB decryption, throwing a PGPException with a nice message if the algorithm is not available. Include a copy of the normal s-expression parser of BouncyCastle and fix it to properly handle data from such keys: such keys do not contain an internal hash since the AES/OCB cipher includes and checks a MAC already. Bug: 570501 Change-Id: Ifa6391a809a84cfc6ae7c6610af6a79204b4143b Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* [GPG] Provide a factory for the BouncyCastleGpgSignerThomas Wolf2021-02-192-1/+36
| | | | | | | Otherwise client code has no way to ever create an instance without using internal non-API. Change-Id: I6201f98d4b1704a053159967b8adacd98e368522 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* GPG: compute the keygrip to find a secret keyThomas Wolf2021-02-165-62/+399
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The gpg-agent stores secret keys in individual files in the secret key directory private-keys-v1.d. The files have the key's keygrip (in upper case) as name and extension ".key". A keygrip is a SHA1 hash over the parameters of the public key. By computing this keygrip, we can pre-compute the expected file name and then check only that one file instead of having to iterate over all keys stored in that directory. This file naming scheme is actually an implementation detail of gpg-agent. It is unlikely to change, though. The keygrip itself is computed via libgcrypt and will remain stable according to the GPG main author.[1] Add an implementation for calculating the keygrip and include tests. Do not iterate over files in BouncyCastleGpgKeyLocator but only check the single file identified by the keygrip. Ideally upstream BouncyCastle would provide such a getKeyGrip() method. But as it re-builds GPG and libgcrypt internals, it's doubtful it would be included there, and since BouncyCastle even lacks a number of curve OIDs for ed25519/curve25519 and uses the short-Weierstrass parameters instead of the more common Montgomery parameters, including it there might be quite a bit of work. [1] http://gnupg.10057.n7.nabble.com/GnuPG-2-1-x-and-2-2-x-keyring-formats-tp54146p54154.html Bug: 547536 Change-Id: I30022a0e7b33b1bf35aec1222f84591f0c30ddfd Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* GPG signature verification via BouncyCastleThomas Wolf2021-02-168-22/+502
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a GpgSignatureVerifier interface, plus a factory to create instances thereof that is provided via the ServiceLoader mechanism. Implement the new interface for BouncyCastle. A verifier maintains an internal LRU cache of previously found public keys to speed up verifying multiple objects (tag or commits). Mergetags are not handled. Provide a new VerifySignatureCommand in org.eclipse.jgit.api together with a factory method Git.verifySignature(). The command can verify signatures on tags or commits, and can be limited to accept only tags or commits. Provide a new public WrongObjectTypeException thrown when the command is limited to either tags or commits and a name resolves to some other object kind. In jgit.pgm, implement "git tag -v", "git log --show-signature", and "git show --show-signature". The output is similar to command-line gpg invoked via git, but not identical. In particular, lines are not prefixed by "gpg:" but by "bc:". Trust levels for public keys are read from the keys' trust packets, not from GPG's internal trust database. A trust packet may or may not be set. Command-line GPG produces more warning lines depending on the trust level, warning about keys with a trust level below "full". There are no unit tests because JGit still doesn't have any setup to do signing unit tests; this would require at least a faked .gpg directory with pre-created key rings and keys, and a way to make the BouncyCastle classes use that directory instead of the default. See bug 547538 and also bug 544847. Tested manually with a small test repository containing signed and unsigned commits and tags, with signatures made with different keys and made by command-line git using GPG 2.2.25 and by JGit using BouncyCastle 1.65. Bug: 547751 Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* GPG: support git config gpg.programThomas Wolf2021-02-071-2/+34
| | | | | | | | | | | | | | Add it to the GpgConfig. Change GpgConfig to load the values once only. Add a parameter to the GpgObjectSigner interface's operations to pass in a GpgConfig. Update CommitCommand and TagCommand to pass the value to the signer. Let the signer decide whether it can actually produce the wanted signature type (openpgp or x509). No behavior change. But this makes it possible to implement different signers that might support x509 signatures, or use gpg.program and shell out to an external GPG executable for signing. Change-Id: I427f83eb1ece81c310e1cddd85315f6f88cc99ea Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* GPG user ID matching: use case-insensitive matchingThomas Wolf2020-12-291-4/+15
| | | | | | | | | | | | | Although not mentioned in the GPG documentation at [1], GPG uses case-insensitive matching also for the '<' (exact e-mail) and '@' (partial e-mail) operators. Matching for '=' (full exact match) is case-sensitive. Compare [2]. [1] https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html [2] https://dev.gnupg.org/source/gnupg/browse/master/g10/keyring.c;22f7dddc34446a8c3e9eddf6cb281f16802351d7$890 Bug: 547789 Change-Id: I2f5ab65807d5dde3aa00ff032894701bbd8418c9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Enable GpgSigner to also sign tagsThomas Wolf2020-12-071-3/+13
| | | | | | | | | | | | | | Factor out a common ObjectBuilder as super class of CommitBuilder and TagBuilder, and make the GpgSigner work on ObjectBuilder. In order not to break API, add the new method for signing an ObjectBuilder in a new interface GpgObjectSigner. The signature for a tag is just tacked onto the end of the tag message. The message of a signed tag must end in LF. Bug: 386908 Change-Id: I5e021e3c927f4051825cd7355b129113b949455e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Prepare 5.11.0-SNAPSHOT buildsMatthias Sohn2020-12-023-13/+13
| | | | | Change-Id: I91e5532526775191fbd34f81e2ef777cba605e3b Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Merge branch 'stable-5.9' into masterMatthias Sohn2020-09-092-9/+34
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.9: Prepare 5.9.1-SNAPSHOT builds JGit v5.9.0.202009080501-r [releng] Enable japicmp for the fragments added in 5.8.0 GitlinkMergeTest: fix boxing warnings Remove unused API problem filters Add missing since tag on BundleWriter#addObjectsAsIs GPG: include signer's user ID in the signature Change-Id: Iaa96f9228752540f446fc232a49f31a738fd8d30 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * Prepare 5.9.1-SNAPSHOT buildsMatthias Sohn2020-09-083-13/+13
| | | | | | | | | | Change-Id: I9006e7961111982943ffef496d15bd525959b3e4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * JGit v5.9.0.202009080501-rv5.9.0.202009080501-rMatthias Sohn2020-09-083-4/+4
| | | | | | | | | | Change-Id: Ic98ae61b3f327ef72256fd9b2e28510e3a481de7 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * [releng] Enable japicmp for the fragments added in 5.8.0Thomas Wolf2020-09-071-4/+0
| | | | | | | | | | | | | | Uncomment the japicmp configurations in the pom.xmls of the fragments org.eclipse.jgit.gpg.bc and org.eclipse.jgit.ssh.jsch. Change-Id: I7c884be014cb48387f97a300043b04aeb712fbba Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
| * GPG: include signer's user ID in the signatureThomas Wolf2020-09-051-5/+34
| | | | | | | | | | | | | | | | | | | | | | Signing a commit with command line git and gpg 2.2.20 includes the e-mail part of the key's user ID as a "Signer's User ID" subpacket on the signature. Implement this for signing via Bouncy Castle. Bug: 564386 Change-Id: I68906b895349359596cf3451d65f2840c60df856 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
| * Prepare 5.9.0-SNAPSHOT buildsMatthias Sohn2020-08-273-4/+4
| | | | | | | | | | Change-Id: Ia3e8382ec503150979d8acb6161031ccfb7fd921 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * JGit v5.9.0.202008260805-m3v5.9.0.202008260805-m3Matthias Sohn2020-08-263-4/+4
| | | | | | | | | | Change-Id: Ic4de8340f3ab038e38b239b725b8bd6d6dbee413 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | Prepare 5.10.0-SNAPSHOT buildsMatthias Sohn2020-08-273-13/+13
|/ | | | | Change-Id: I9a2b39e9e85f27179ceb3b1709d75c466089a3bc Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Merge branch 'stable-5.8'Matthias Sohn2020-06-251-2/+1
|\ | | | | | | | | | | | | | | | | * stable-5.8: Add new osgi fragments to maven-central deploy scripts Do not require org.assertj.core.annotations Change-Id: I338065e7d2bf95b59a13d09cff7aea0c7689fe42 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * Do not require org.assertj.core.annotationsSebastian Ratz2020-06-181-2/+1
| | | | | | | | | | Bug: 564410 Change-Id: I9797f1dbc9338056c4f8c43fddc4a998ca14e319 Signed-off-by: Sebastian Ratz <sebastian.ratz@sap.com>
| * Prepare 5.8.1-SNAPSHOT buildsMatthias Sohn2020-06-093-13/+13
| | | | | | | | | | Change-Id: Ic654fb45abe4e94f4eee532af0f4278d372d37f5 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * JGit v5.8.0.202006091008-rv5.8.0.202006091008-rMatthias Sohn2020-06-093-4/+4
| | | | | | | | | | Change-Id: I2020e9821c359b90b7c830031945e2fc659ea607 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | Prepare 5.9.0-SNAPSHOT buildsMatthias Sohn2020-06-093-13/+13
|/ | | | | Change-Id: Ia998e2772df1285a4c674b07201f15d53156eb78 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* GPG: don't prompt for a passphrase for unprotected keysThomas Wolf2020-06-043-23/+80
| | | | | | | | | | | | | | | | | | | | BouncyCastle supports reading GPG keys without passphrase since 1.62. Handle this in JGit, too, and don't prompt for a passphrase unless it's necessary. Make two passes over the private key files, a first pass without passphrase provider. If that succeeds it has managed to read a matching key without passphrase. Otherwise, ask the user for the passphrase and make a second pass over the key files. BouncyCastle 1.65 still has no method to get the GPG "key grip" from a given public key, so JGit still cannot determine the correct file to read up front. (The file name is the key grip as 40 hex digits, upper case, with extension ".key"). Bug: 548763 Change-Id: I448181276548c08716d913c7ba1b4bc64c62f952 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Use version range to define fragment host bundle versionMatthias Sohn2020-06-041-1/+1
| | | | Change-Id: Ie877e976b20d3448fc1f12a1c775942d626a12fc Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Decouple BouncyCastle from JGit CoreMatthias Sohn2020-06-0126-0/+2067
Motivation: BouncyCastle serves as 'default' implementation of the GPG Signer. If a client application does not use it there is no need to pull in this dependency, especially since BouncyCastle is a large library. Move the classes depending on BouncyCastle to an OSGi fragment extending the org.eclipse.jgit bundle. They are moved to a distinct internal package in order to avoid split packages. This doesn't break public API since these classes were already in an internal package before this change. Add a new feature org.eclipse.jgit.gpg.bc to enable installation. With that users can now decide if they want to install it. Attempts to sign a commit if org.eclipse.jgit.gpg.bc isn't available will result in ServiceUnavailableException being thrown. Bug: 559106 Change-Id: I42fd6c00002e17aa9a7be96ae434b538ea86ccf8 Also-by: Michael Dardis <git@md-5.net> Signed-off-by: Michael Dardis <git@md-5.net> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: David Ostrovsky <david@ostrovsky.org>