mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7479 Commits
49 Branches
Tree: 6a39da37fe
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6a39da37fe'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java

BouncyCastleGpgSigner.java 6.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. /*

  2.  * Copyright (C) 2018, Salesforce.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. package org.eclipse.jgit.lib.internal;

  44. 

  45. import java.io.ByteArrayOutputStream;

  46. import java.io.IOException;

  47. import java.net.URISyntaxException;

  48. import java.security.NoSuchAlgorithmException;

  49. import java.security.NoSuchProviderException;

  50. import java.security.Security;

  51. 

  52. import org.bouncycastle.bcpg.ArmoredOutputStream;

  53. import org.bouncycastle.bcpg.BCPGOutputStream;

  54. import org.bouncycastle.bcpg.HashAlgorithmTags;

  55. import org.bouncycastle.jce.provider.BouncyCastleProvider;

  56. import org.bouncycastle.openpgp.PGPException;

  57. import org.bouncycastle.openpgp.PGPPrivateKey;

  58. import org.bouncycastle.openpgp.PGPSecretKey;

  59. import org.bouncycastle.openpgp.PGPSignature;

  60. import org.bouncycastle.openpgp.PGPSignatureGenerator;

  61. import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;

  62. import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;

  63. import org.eclipse.jgit.annotations.NonNull;

  64. import org.eclipse.jgit.annotations.Nullable;

  65. import org.eclipse.jgit.api.errors.CanceledException;

  66. import org.eclipse.jgit.api.errors.JGitInternalException;

  67. import org.eclipse.jgit.errors.UnsupportedCredentialItem;

  68. import org.eclipse.jgit.internal.JGitText;

  69. import org.eclipse.jgit.lib.CommitBuilder;

  70. import org.eclipse.jgit.lib.GpgSignature;

  71. import org.eclipse.jgit.lib.GpgSigner;

  72. import org.eclipse.jgit.lib.PersonIdent;

  73. import org.eclipse.jgit.transport.CredentialsProvider;

  74. 

  75. /**

  76.  * GPG Signer using BouncyCastle library

  77.  */

  78. public class BouncyCastleGpgSigner extends GpgSigner {

  79. 

  80. 	private static void registerBouncyCastleProviderIfNecessary() {

  81. 		if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {

  82. 			Security.addProvider(new BouncyCastleProvider());

  83. 		}

  84. 	}

  85. 

  86. 	/**

  87. 	 * Create a new instance.

  88. 	 * <p>

  89. 	 * The BounceCastleProvider will be registered if necessary.

  90. 	 * </p>

  91. 	 */

  92. 	public BouncyCastleGpgSigner() {

  93. 		registerBouncyCastleProviderIfNecessary();

  94. 	}

  95. 

  96. 	@Override

  97. 	public boolean canLocateSigningKey(@Nullable String gpgSigningKey,

  98. 			PersonIdent committer, CredentialsProvider credentialsProvider)

  99. 			throws CanceledException {

  100. 		try (BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt = new BouncyCastleGpgKeyPassphrasePrompt(

  101. 				credentialsProvider)) {

  102. 			BouncyCastleGpgKey gpgKey = locateSigningKey(gpgSigningKey,

  103. 					committer, passphrasePrompt);

  104. 			return gpgKey != null;

  105. 		} catch (PGPException | IOException | NoSuchAlgorithmException

  106. 				| NoSuchProviderException | URISyntaxException e) {

  107. 			return false;

  108. 		}

  109. 	}

  110. 

  111. 	private BouncyCastleGpgKey locateSigningKey(@Nullable String gpgSigningKey,

  112. 			PersonIdent committer,

  113. 			BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt)

  114. 			throws CanceledException, UnsupportedCredentialItem, IOException,

  115. 			NoSuchAlgorithmException, NoSuchProviderException, PGPException,

  116. 			URISyntaxException {

  117. 		if (gpgSigningKey == null || gpgSigningKey.isEmpty()) {

  118. 			gpgSigningKey = '<' + committer.getEmailAddress() + '>';

  119. 		}

  120. 

  121. 		BouncyCastleGpgKeyLocator keyHelper = new BouncyCastleGpgKeyLocator(

  122. 				gpgSigningKey, passphrasePrompt);

  123. 

  124. 		return keyHelper.findSecretKey();

  125. 	}

  126. 

  127. 	@Override

  128. 	public void sign(@NonNull CommitBuilder commit,

  129. 			@Nullable String gpgSigningKey, @NonNull PersonIdent committer,

  130. 			CredentialsProvider credentialsProvider) throws CanceledException {

  131. 		try (BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt = new BouncyCastleGpgKeyPassphrasePrompt(

  132. 				credentialsProvider)) {

  133. 			BouncyCastleGpgKey gpgKey = locateSigningKey(gpgSigningKey,

  134. 					committer, passphrasePrompt);

  135. 			PGPSecretKey secretKey = gpgKey.getSecretKey();

  136. 			if (secretKey == null) {

  137. 				throw new JGitInternalException(

  138. 						JGitText.get().unableToSignCommitNoSecretKey);

  139. 			}

  140. 			char[] passphrase = passphrasePrompt.getPassphrase(

  141. 					secretKey.getPublicKey().getFingerprint(),

  142. 					gpgKey.getOrigin());

  143. 			PGPPrivateKey privateKey = secretKey

  144. 					.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder()

  145. 							.setProvider(BouncyCastleProvider.PROVIDER_NAME)

  146. 							.build(passphrase));

  147. 			PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(

  148. 					new JcaPGPContentSignerBuilder(

  149. 							secretKey.getPublicKey().getAlgorithm(),

  150. 							HashAlgorithmTags.SHA256).setProvider(

  151. 									BouncyCastleProvider.PROVIDER_NAME));

  152. 			signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);

  153. 			ByteArrayOutputStream buffer = new ByteArrayOutputStream();

  154. 			try (BCPGOutputStream out = new BCPGOutputStream(

  155. 					new ArmoredOutputStream(buffer))) {

  156. 				signatureGenerator.update(commit.build());

  157. 				signatureGenerator.generate().encode(out);

  158. 			}

  159. 			commit.setGpgSignature(new GpgSignature(buffer.toByteArray()));

  160. 		} catch (PGPException | IOException | NoSuchAlgorithmException

  161. 				| NoSuchProviderException | URISyntaxException e) {

  162. 			throw new JGitInternalException(e.getMessage(), e);

  163. 		}

  164. 	}

  165. }