From 02344254ea7ddd97c21ea7b50fcb9a49932c3251 Mon Sep 17 00:00:00 2001 From: Matthias Sohn Date: Wed, 14 Jul 2021 22:30:06 +0200 Subject: Update orbit to I20210713220109 update - org.apache.commons.compress to 1.20.0.v20210713-192 - org.bouncycastle.bcpg to 1.69.0.v20210713-1924 - org.bouncycastle.bcpkix to 1.69.0.v20210713-1924 - org.bouncycastle.bcprov to 1.69.0.v20210713-1924 - add org.bouncycastle.bcutil 1.69.0.v20210713-1924 In bazel build don't expose bouncycastle to org.eclipse.jgit since it's not used there anymore since code depending on bouncycastle was moved to org.eclipse.jgit.gpg.bc. CQ: 21771 CQ: 23471 CQ: 23472 CQ: 23473 CQ: 23474 Change-Id: Id3d94c00c39bbc57e3f49a61150841249dc3985c --- org.eclipse.jgit.gpg.bc/BUILD | 1 + org.eclipse.jgit.gpg.bc/pom.xml | 5 +++++ 2 files changed, 6 insertions(+) (limited to 'org.eclipse.jgit.gpg.bc') diff --git a/org.eclipse.jgit.gpg.bc/BUILD b/org.eclipse.jgit.gpg.bc/BUILD index 4fe1e478cf..9b9ae5fef1 100644 --- a/org.eclipse.jgit.gpg.bc/BUILD +++ b/org.eclipse.jgit.gpg.bc/BUILD @@ -15,6 +15,7 @@ java_library( "//lib:bcpg", "//lib:bcpkix", "//lib:bcprov", + "//lib:bcutil", "//lib:slf4j-api", "//org.eclipse.jgit:jgit", ], diff --git a/org.eclipse.jgit.gpg.bc/pom.xml b/org.eclipse.jgit.gpg.bc/pom.xml index 129fa0c077..da64bd096e 100644 --- a/org.eclipse.jgit.gpg.bc/pom.xml +++ b/org.eclipse.jgit.gpg.bc/pom.xml @@ -49,6 +49,11 @@ bcprov-jdk15on + + org.bouncycastle + bcutil-jdk15on + + org.bouncycastle bcpkix-jdk15on -- cgit v1.2.3 From f1e67911edce630830c7941074a016d184253dab Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Mon, 26 Jul 2021 13:28:40 +0200 Subject: [gpg] Update to Bouncy Castle 1.69 Bump lower bound in MANIFEST.MF and adapt code. Change-Id: I3a3c7948e5fc29f5517fe84209fcea81834e8e5b --- org.eclipse.jgit.gpg.bc/META-INF/MANIFEST.MF | 42 +++++++++++----------- .../gpg/bc/internal/BouncyCastleGpgSigner.java | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) (limited to 'org.eclipse.jgit.gpg.bc') diff --git a/org.eclipse.jgit.gpg.bc/META-INF/MANIFEST.MF b/org.eclipse.jgit.gpg.bc/META-INF/MANIFEST.MF index 2d306aa1ea..c766fe15c0 100644 --- a/org.eclipse.jgit.gpg.bc/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit.gpg.bc/META-INF/MANIFEST.MF @@ -8,27 +8,27 @@ Bundle-Vendor: %Bundle-Vendor Bundle-Localization: plugin Bundle-Version: 5.13.0.qualifier Bundle-RequiredExecutionEnvironment: JavaSE-1.8 -Import-Package: org.bouncycastle.asn1;version="[1.65.0,2.0.0)", - org.bouncycastle.asn1.cryptlib;version="[1.65.0,2.0.0)", - org.bouncycastle.asn1.x9;version="[1.65.0,2.0.0)", - org.bouncycastle.bcpg;version="[1.65.0,2.0.0)", - org.bouncycastle.bcpg.sig;version="[1.65.0,2.0.0)", - org.bouncycastle.crypto.ec;version="[1.65.0,2.0.0)", - org.bouncycastle.gpg;version="[1.65.0,2.0.0)", - org.bouncycastle.gpg.keybox;version="[1.65.0,2.0.0)", - org.bouncycastle.gpg.keybox.jcajce;version="[1.65.0,2.0.0)", - org.bouncycastle.jcajce.interfaces;version="[1.65.0,2.0.0)", - org.bouncycastle.jcajce.util;version="[1.65.0,2.0.0)", - org.bouncycastle.jce.provider;version="[1.65.0,2.0.0)", - org.bouncycastle.math.ec;version="[1.65.0,2.0.0)", - org.bouncycastle.math.field;version="[1.65.0,2.0.0)", - org.bouncycastle.openpgp;version="[1.65.0,2.0.0)", - org.bouncycastle.openpgp.jcajce;version="[1.65.0,2.0.0)", - org.bouncycastle.openpgp.operator;version="[1.65.0,2.0.0)", - org.bouncycastle.openpgp.operator.jcajce;version="[1.65.0,2.0.0)", - org.bouncycastle.util;version="[1.65.0,2.0.0)", - org.bouncycastle.util.encoders;version="[1.65.0,2.0.0)", - org.bouncycastle.util.io;version="[1.65.0,2.0.0)", +Import-Package: org.bouncycastle.asn1;version="[1.69.0,2.0.0)", + org.bouncycastle.asn1.cryptlib;version="[1.69.0,2.0.0)", + org.bouncycastle.asn1.x9;version="[1.69.0,2.0.0)", + org.bouncycastle.bcpg;version="[1.69.0,2.0.0)", + org.bouncycastle.bcpg.sig;version="[1.69.0,2.0.0)", + org.bouncycastle.crypto.ec;version="[1.69.0,2.0.0)", + org.bouncycastle.gpg;version="[1.69.0,2.0.0)", + org.bouncycastle.gpg.keybox;version="[1.69.0,2.0.0)", + org.bouncycastle.gpg.keybox.jcajce;version="[1.69.0,2.0.0)", + org.bouncycastle.jcajce.interfaces;version="[1.69.0,2.0.0)", + org.bouncycastle.jcajce.util;version="[1.69.0,2.0.0)", + org.bouncycastle.jce.provider;version="[1.69.0,2.0.0)", + org.bouncycastle.math.ec;version="[1.69.0,2.0.0)", + org.bouncycastle.math.field;version="[1.69.0,2.0.0)", + org.bouncycastle.openpgp;version="[1.69.0,2.0.0)", + org.bouncycastle.openpgp.jcajce;version="[1.69.0,2.0.0)", + org.bouncycastle.openpgp.operator;version="[1.69.0,2.0.0)", + org.bouncycastle.openpgp.operator.jcajce;version="[1.69.0,2.0.0)", + org.bouncycastle.util;version="[1.69.0,2.0.0)", + org.bouncycastle.util.encoders;version="[1.69.0,2.0.0)", + org.bouncycastle.util.io;version="[1.69.0,2.0.0)", org.eclipse.jgit.annotations;version="[5.13.0,5.14.0)", org.eclipse.jgit.api.errors;version="[5.13.0,5.14.0)", org.slf4j;version="[1.7.0,2.0.0)" diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java index 211bd7bd20..763b7f7526 100644 --- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java +++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgSigner.java @@ -195,7 +195,7 @@ public class BouncyCastleGpgSigner extends GpgSigner } } if (userId != null) { - subpackets.setSignerUserID(false, userId); + subpackets.addSignerUserID(false, userId); } signatureGenerator .setHashedSubpackets(subpackets.generate()); -- cgit v1.2.3 From ca7a30f231201cdc5acc567f3ef08d1dd4369b44 Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Tue, 10 Aug 2021 23:26:42 +0200 Subject: [gpg] Better GPG home directory determination GPG can use customized directories instead of the standard ~/.gnupg or %APPDATA%\gnupg directories: * Environment variable GNUPGHOME can define the location. * On Windows, a registry key may define the location (but this is deprecated). * Portable installations may use a directory defined via a file "gpgconf.ctl". * GPG programs may take a --homedir command-line argument, which overrides anything. Implement handling of environment variable GNUPGHOME. The other ways of GPG to get its home directory are outside the reach of JGit. Provide a system property "jgit.gpg.home" that the user can set in such cases. Do tilde replacement for the system property and for GNUPGHOME. Note that on VMS, the default directory would be ~/gnupg (without dot). This is not accounted for, but a user on VMS could now use either the system property or GNUPGHOME to direct JGit to the right directory. Bug: 575327 Change-Id: Id5ea04a85d58dba0c0df7a705777630d36042467 Signed-off-by: Thomas Wolf --- .../eclipse/jgit/gpg/bc/internal/BCText.properties | 2 + .../org/eclipse/jgit/gpg/bc/internal/BCText.java | 2 + .../gpg/bc/internal/BouncyCastleGpgKeyLocator.java | 57 ++++++++++++++++------ 3 files changed, 46 insertions(+), 15 deletions(-) (limited to 'org.eclipse.jgit.gpg.bc') diff --git a/org.eclipse.jgit.gpg.bc/resources/org/eclipse/jgit/gpg/bc/internal/BCText.properties b/org.eclipse.jgit.gpg.bc/resources/org/eclipse/jgit/gpg/bc/internal/BCText.properties index e4b1baba1f..ab83298c15 100644 --- a/org.eclipse.jgit.gpg.bc/resources/org/eclipse/jgit/gpg/bc/internal/BCText.properties +++ b/org.eclipse.jgit.gpg.bc/resources/org/eclipse/jgit/gpg/bc/internal/BCText.properties @@ -13,6 +13,8 @@ gpgNoSuchAlgorithm=Cannot decrypt encrypted secret key: encryption algorithm {0} gpgNotASigningKey=Secret key ({0}) is not suitable for signing gpgKeyInfo=GPG Key (fingerprint {0}) gpgSigningCancelled=Signing was cancelled +logWarnGnuPGHome=Cannot access GPG home directory given by environment variable GNUPGHOME={} +logWarnGpgHomeProperty=Cannot access GPG home directory given by Java system property jgit.gpg.home={} nonSignatureError=Signature does not decode into a signature object secretKeyTooShort=Secret key file corrupt; only {0} bytes read sexprHexNotClosed=Hex number in s-expression not closed diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BCText.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BCText.java index aedf8a5be5..68ee2fd5de 100644 --- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BCText.java +++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BCText.java @@ -42,6 +42,8 @@ public final class BCText extends TranslationBundle { /***/ public String gpgNotASigningKey; /***/ public String gpgKeyInfo; /***/ public String gpgSigningCancelled; + /***/ public String logWarnGnuPGHome; + /***/ public String logWarnGpgHomeProperty; /***/ public String nonSignatureError; /***/ public String secretKeyTooShort; /***/ public String sexprHexNotClosed; diff --git a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator.java b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator.java index cf4d3d2340..8cd03bd36f 100644 --- a/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator.java +++ b/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/BouncyCastleGpgKeyLocator.java @@ -29,6 +29,8 @@ import java.security.NoSuchProviderException; import java.text.MessageFormat; import java.util.Iterator; import java.util.Locale; +import java.util.function.Consumer; +import java.util.function.Function; import org.bouncycastle.gpg.keybox.BlobType; import org.bouncycastle.gpg.keybox.KeyBlob; @@ -98,29 +100,54 @@ public class BouncyCastleGpgKeyLocator { private static Path findGpgDirectory() { SystemReader system = SystemReader.getInstance(); + Function resolveTilde = s -> { + if (s.startsWith("~/") || s.startsWith("~" + File.separatorChar)) { //$NON-NLS-1$ //$NON-NLS-2$ + return new File(FS.DETECTED.userHome(), s.substring(2)) + .getAbsoluteFile().toPath(); + } + return Paths.get(s); + }; + Path path = checkDirectory(system.getProperty("jgit.gpg.home"), //$NON-NLS-1$ + resolveTilde, + s -> log.warn(BCText.get().logWarnGpgHomeProperty, s)); + if (path != null) { + return path; + } + path = checkDirectory(system.getenv("GNUPGHOME"), resolveTilde, //$NON-NLS-1$ + s -> log.warn(BCText.get().logWarnGnuPGHome, s)); + if (path != null) { + return path; + } if (system.isWindows()) { // On Windows prefer %APPDATA%\gnupg if it exists, even if Cygwin is // used. - String appData = system.getenv("APPDATA"); //$NON-NLS-1$ - if (appData != null && !appData.isEmpty()) { - try { - Path directory = Paths.get(appData).resolve("gnupg"); //$NON-NLS-1$ - if (Files.isDirectory(directory)) { - return directory; - } - } catch (SecurityException | InvalidPathException e) { - // Ignore and return the default location below. - } + path = checkDirectory(system.getenv("APPDATA"), //$NON-NLS-1$ + s -> Paths.get(s).resolve("gnupg"), null); //$NON-NLS-1$ + if (path != null) { + return path; } } // All systems, including Cygwin and even Windows if // %APPDATA%\gnupg doesn't exist: ~/.gnupg - File home = FS.DETECTED.userHome(); - if (home == null) { - // Oops. What now? - home = new File(".").getAbsoluteFile(); //$NON-NLS-1$ + return resolveTilde.apply("~/.gnupg"); //$NON-NLS-1$ + } + + private static Path checkDirectory(String dir, + Function toPath, Consumer warn) { + if (!StringUtils.isEmptyOrNull(dir)) { + try { + Path directory = toPath.apply(dir); + if (Files.isDirectory(directory)) { + return directory; + } + } catch (SecurityException | InvalidPathException e) { + // Ignore, warn, and try other known directories + } + if (warn != null) { + warn.accept(dir); + } } - return home.toPath().resolve(".gnupg"); //$NON-NLS-1$ + return null; } /** -- cgit v1.2.3