From 5eff1dd4c7497aab41a7db6b5ab6360233f0cd32 Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Thu, 1 Feb 2024 19:09:50 +0100 Subject: [gpg] Refactor the GpgSignatureVerifier Add a new method verify(GpgConfig, byte[], byte[]) and deprecate the existing verify(byte[], byte[]). Some implementations of the interface may need the GpgConfig. Factor out extracting the raw armored signature from commits or tags into an abstract AbstractGpgSignatureVerifier class so that different implementations don't have to re-implement that bit. Call the new verify method, passing along the GpgConfig. This makes the GPG interfaces more versatile and facilitates implementing an alternate GpgSignatureVerifier. Change-Id: I9cf093caa9fdebede801d665f2591cd9b275e1fd --- .../internal/BouncyCastleGpgSignatureVerifier.java | 64 ++++--------------- org.eclipse.jgit/.settings/.api_filters | 8 +++ .../jgit/lib/AbstractGpgSignatureVerifier.java | 71 ++++++++++++++++++++++ .../org/eclipse/jgit/lib/GpgSignatureVerifier.java | 30 ++++++++- 4 files changed, 119 insertions(+), 54 deletions(-) create mode 100644 org.eclipse.jgit/src/org/eclipse/jgit/lib/AbstractGpgSignatureVerifier.java diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifier.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifier.java index 7161895a6b..f4fed40973 100644 --- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifier.java +++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSignatureVerifier.java @@ -15,7 +15,6 @@ import java.io.InputStream; import java.security.Security; import java.text.MessageFormat; import java.time.Instant; -import java.util.Arrays; import java.util.Date; import java.util.Iterator; import java.util.Locale; @@ -33,21 +32,18 @@ import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory; import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider; import org.bouncycastle.util.encoders.Hex; import org.eclipse.jgit.annotations.NonNull; -import org.eclipse.jgit.annotations.Nullable; import org.eclipse.jgit.api.errors.JGitInternalException; +import org.eclipse.jgit.lib.AbstractGpgSignatureVerifier; import org.eclipse.jgit.lib.GpgConfig; import org.eclipse.jgit.lib.GpgSignatureVerifier; -import org.eclipse.jgit.revwalk.RevCommit; -import org.eclipse.jgit.revwalk.RevObject; -import org.eclipse.jgit.revwalk.RevTag; import org.eclipse.jgit.util.LRUMap; -import org.eclipse.jgit.util.RawParseUtils; import org.eclipse.jgit.util.StringUtils; /** * A {@link GpgSignatureVerifier} to verify GPG signatures using BouncyCastle. */ -public class BouncyCastleGpgSignatureVerifier implements GpgSignatureVerifier { +public class BouncyCastleGpgSignatureVerifier + extends AbstractGpgSignatureVerifier { private static void registerBouncyCastleProviderIfNecessary() { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { @@ -77,50 +73,6 @@ public class BouncyCastleGpgSignatureVerifier implements GpgSignatureVerifier { return "bc"; //$NON-NLS-1$ } - @Override - @Nullable - public SignatureVerification verifySignature(@NonNull RevObject object, - @NonNull GpgConfig config) throws IOException { - if (object instanceof RevCommit) { - RevCommit commit = (RevCommit) object; - byte[] signatureData = commit.getRawGpgSignature(); - if (signatureData == null) { - return null; - } - byte[] raw = commit.getRawBuffer(); - // Now remove the GPG signature - byte[] header = { 'g', 'p', 'g', 's', 'i', 'g' }; - int start = RawParseUtils.headerStart(header, raw, 0); - if (start < 0) { - return null; - } - int end = RawParseUtils.headerEnd(raw, start); - // start is at the beginning of the header's content - start -= header.length + 1; - // end is on the terminating LF; we need to skip that, too - if (end < raw.length) { - end++; - } - byte[] data = new byte[raw.length - (end - start)]; - System.arraycopy(raw, 0, data, 0, start); - System.arraycopy(raw, end, data, start, raw.length - end); - return verify(data, signatureData); - } else if (object instanceof RevTag) { - RevTag tag = (RevTag) object; - byte[] signatureData = tag.getRawGpgSignature(); - if (signatureData == null) { - return null; - } - byte[] raw = tag.getRawBuffer(); - // The signature is just tacked onto the end of the message, which - // is last in the buffer. - byte[] data = Arrays.copyOfRange(raw, 0, - raw.length - signatureData.length); - return verify(data, signatureData); - } - return null; - } - static PGPSignature parseSignature(InputStream in) throws IOException, PGPException { try (InputStream sigIn = PGPUtil.getDecoderStream(in)) { @@ -138,7 +90,8 @@ public class BouncyCastleGpgSignatureVerifier implements GpgSignatureVerifier { } @Override - public SignatureVerification verify(byte[] data, byte[] signatureData) + public SignatureVerification verify(@NonNull GpgConfig config, byte[] data, + byte[] signatureData) throws IOException { PGPSignature signature = null; String fingerprint = null; @@ -280,6 +233,13 @@ public class BouncyCastleGpgSignatureVerifier implements GpgSignatureVerifier { verified, expired, trust, null); } + @Override + public SignatureVerification verify(byte[] data, byte[] signatureData) + throws IOException { + throw new UnsupportedOperationException( + "Call verify(GpgConfig, byte[], byte[]) instead."); //$NON-NLS-1$ + } + private TrustLevel parseGpgTrustPacket(byte[] packet) { if (packet == null || packet.length < 6) { // A GPG trust packet has at least 6 bytes. diff --git a/org.eclipse.jgit/.settings/.api_filters b/org.eclipse.jgit/.settings/.api_filters index 2057347229..e15ed48e28 100644 --- a/org.eclipse.jgit/.settings/.api_filters +++ b/org.eclipse.jgit/.settings/.api_filters @@ -30,6 +30,14 @@ + + + + + + + + diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/AbstractGpgSignatureVerifier.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/AbstractGpgSignatureVerifier.java new file mode 100644 index 0000000000..06a89dc535 --- /dev/null +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/AbstractGpgSignatureVerifier.java @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2024, Thomas Wolf and others +* +* This program and the accompanying materials are made available under the +* terms of the Eclipse Distribution License v. 1.0 which is available at +* https://www.eclipse.org/org/documents/edl-v10.php. +* +* SPDX-License-Identifier: BSD-3-Clause +*/ +package org.eclipse.jgit.lib; + +import java.io.IOException; +import java.util.Arrays; + +import org.eclipse.jgit.revwalk.RevCommit; +import org.eclipse.jgit.revwalk.RevObject; +import org.eclipse.jgit.revwalk.RevTag; +import org.eclipse.jgit.util.RawParseUtils; + +/** + * Provides a base implementation of + * {@link GpgSignatureVerifier#verifySignature(RevObject, GpgConfig)}. + * + * @since 6.9 + */ +public abstract class AbstractGpgSignatureVerifier + implements GpgSignatureVerifier { + + @Override + public SignatureVerification verifySignature(RevObject object, + GpgConfig config) throws IOException { + if (object instanceof RevCommit) { + RevCommit commit = (RevCommit) object; + byte[] signatureData = commit.getRawGpgSignature(); + if (signatureData == null) { + return null; + } + byte[] raw = commit.getRawBuffer(); + // Now remove the GPG signature + byte[] header = { 'g', 'p', 'g', 's', 'i', 'g' }; + int start = RawParseUtils.headerStart(header, raw, 0); + if (start < 0) { + return null; + } + int end = RawParseUtils.nextLfSkippingSplitLines(raw, start); + // start is at the beginning of the header's content + start -= header.length + 1; + // end is on the terminating LF; we need to skip that, too + if (end < raw.length) { + end++; + } + byte[] data = new byte[raw.length - (end - start)]; + System.arraycopy(raw, 0, data, 0, start); + System.arraycopy(raw, end, data, start, raw.length - end); + return verify(config, data, signatureData); + } else if (object instanceof RevTag) { + RevTag tag = (RevTag) object; + byte[] signatureData = tag.getRawGpgSignature(); + if (signatureData == null) { + return null; + } + byte[] raw = tag.getRawBuffer(); + // The signature is just tacked onto the end of the message, which + // is last in the buffer. + byte[] data = Arrays.copyOfRange(raw, 0, + raw.length - signatureData.length); + return verify(config, data, signatureData); + } + return null; + } +} diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifier.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifier.java index a7a39c998f..91c9bab5a4 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifier.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/GpgSignatureVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2021, Thomas Wolf and others + * Copyright (C) 2021, 2024 Thomas Wolf and others * * This program and the accompanying materials are made available under the * terms of the Eclipse Distribution License v. 1.0 which is available at @@ -18,7 +18,8 @@ import org.eclipse.jgit.api.errors.JGitInternalException; import org.eclipse.jgit.revwalk.RevObject; /** - * A {@code GpgVerifier} can verify GPG signatures on git commits and tags. + * A {@code GpgSignatureVerifier} can verify GPG signatures on git commits and + * tags. * * @since 5.11 */ @@ -42,6 +43,28 @@ public interface GpgSignatureVerifier { SignatureVerification verifySignature(@NonNull RevObject object, @NonNull GpgConfig config) throws IOException; + /** + * Verifies a given signature for given data. + * + * @param config + * the {@link GpgConfig} + * @param data + * the signature is for + * @param signatureData + * the ASCII-armored signature + * @return a {@link SignatureVerification} describing the outcome + * @throws IOException + * if the signature cannot be parsed + * @throws JGitInternalException + * if signature verification fails + * @since 6.9 + */ + default SignatureVerification verify(@NonNull GpgConfig config, byte[] data, + byte[] signatureData) throws IOException { + // Default implementation for backwards compatibility; override as + // appropriate + return verify(data, signatureData); + } /** * Verifies a given signature for given data. @@ -55,7 +78,10 @@ public interface GpgSignatureVerifier { * if the signature cannot be parsed * @throws JGitInternalException * if signature verification fails + * @deprecated since 6.9, use {@link #verify(GpgConfig, byte[], byte[])} + * instead */ + @Deprecated public SignatureVerification verify(byte[] data, byte[] signatureData) throws IOException; -- cgit v1.2.3