mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6642 Commits
49 Branches
Tree: 137e91a465
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '137e91a465'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java

BouncyCastleGpgSigner.java 5.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. /*

  2.  * Copyright (C) 2018, Salesforce.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. package org.eclipse.jgit.lib.internal;

  44. 

  45. import java.io.ByteArrayOutputStream;

  46. import java.io.IOException;

  47. import java.net.URISyntaxException;

  48. import java.security.Security;

  49. 

  50. import org.bouncycastle.bcpg.ArmoredOutputStream;

  51. import org.bouncycastle.bcpg.BCPGOutputStream;

  52. import org.bouncycastle.bcpg.HashAlgorithmTags;

  53. import org.bouncycastle.jce.provider.BouncyCastleProvider;

  54. import org.bouncycastle.openpgp.PGPException;

  55. import org.bouncycastle.openpgp.PGPPrivateKey;

  56. import org.bouncycastle.openpgp.PGPSecretKey;

  57. import org.bouncycastle.openpgp.PGPSignature;

  58. import org.bouncycastle.openpgp.PGPSignatureGenerator;

  59. import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;

  60. import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;

  61. import org.eclipse.jgit.annotations.NonNull;

  62. import org.eclipse.jgit.api.errors.CanceledException;

  63. import org.eclipse.jgit.api.errors.JGitInternalException;

  64. import org.eclipse.jgit.internal.JGitText;

  65. import org.eclipse.jgit.lib.CommitBuilder;

  66. import org.eclipse.jgit.lib.GpgSignature;

  67. import org.eclipse.jgit.lib.GpgSigner;

  68. import org.eclipse.jgit.lib.PersonIdent;

  69. import org.eclipse.jgit.transport.CredentialsProvider;

  70. 

  71. /**

  72.  * GPG Signer using BouncyCastle library

  73.  */

  74. public class BouncyCastleGpgSigner extends GpgSigner {

  75. 

  76. 	private static void registerBouncyCastleProviderIfNecessary() {

  77. 		if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {

  78. 			Security.addProvider(new BouncyCastleProvider());

  79. 		}

  80. 	}

  81. 

  82. 	/**

  83. 	 * Create a new instance.

  84. 	 * <p>

  85. 	 * The BounceCastleProvider will be registered if necessary.

  86. 	 * </p>

  87. 	 */

  88. 	public BouncyCastleGpgSigner() {

  89. 		registerBouncyCastleProviderIfNecessary();

  90. 	}

  91. 

  92. 	@Override

  93. 	public void sign(@NonNull CommitBuilder commit, String gpgSigningKey,

  94. 			@NonNull PersonIdent committer,

  95. 			CredentialsProvider credentialsProvider) throws CanceledException {

  96. 		if (gpgSigningKey == null || gpgSigningKey.isEmpty()) {

  97. 			gpgSigningKey = committer.getEmailAddress();

  98. 		}

  99. 

  100. 		try (BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt = new BouncyCastleGpgKeyPassphrasePrompt(

  101. 				credentialsProvider)) {

  102. 			BouncyCastleGpgKeyLocator keyHelper = new BouncyCastleGpgKeyLocator(

  103. 					gpgSigningKey, passphrasePrompt);

  104. 

  105. 			BouncyCastleGpgKey gpgKey = keyHelper.findSecretKey();

  106. 			PGPSecretKey secretKey = gpgKey.getSecretKey();

  107. 			if (secretKey == null) {

  108. 				throw new JGitInternalException(

  109. 						JGitText.get().unableToSignCommitNoSecretKey);

  110. 			}

  111. 			char[] passphrase = passphrasePrompt

  112. 					.getPassphrase(secretKey.getPublicKey().getFingerprint(),

  113. 							gpgKey.getOrigin());

  114. 			PGPPrivateKey privateKey = secretKey

  115. 					.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()

  116. 							.setProvider(BouncyCastleProvider.PROVIDER_NAME)

  117. 							.build(passphrase));

  118. 			PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(

  119. 					new JcaPGPContentSignerBuilder(

  120. 							secretKey.getPublicKey().getAlgorithm(),

  121. 							HashAlgorithmTags.SHA256).setProvider(

  122. 									BouncyCastleProvider.PROVIDER_NAME));

  123. 			signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);

  124. 			ByteArrayOutputStream buffer = new ByteArrayOutputStream();

  125. 			try (BCPGOutputStream out = new BCPGOutputStream(

  126. 					new ArmoredOutputStream(buffer))) {

  127. 				signatureGenerator.update(commit.build());

  128. 				signatureGenerator.generate().encode(out);

  129. 			}

  130. 			commit.setGpgSignature(new GpgSignature(buffer.toByteArray()));

  131. 		} catch (PGPException | IOException | URISyntaxException e) {

  132. 			throw new JGitInternalException(e.getMessage(), e);

  133. 		}

  134. 	}

  135. }