Example 1 with CheckResult
use of com.google.gerrit.gpg.CheckResult in project gerrit by GerritCodeReview.
the class PostGpgKeys method toJson.
private Map<String, GpgKeyInfo> toJson(Collection<PGPPublicKeyRing> keys, Set<Fingerprint> deleted, PublicKeyStore store, IdentifiedUser user) throws IOException {
// Unlike when storing keys, include web-of-trust checks when producing
// result JSON, so the user at least knows of any issues.
PublicKeyChecker checker = checkerFactory.create(user, store);
Map<String, GpgKeyInfo> infos = Maps.newHashMapWithExpectedSize(keys.size() + deleted.size());
for (PGPPublicKeyRing keyRing : keys) {
PGPPublicKey key = keyRing.getPublicKey();
CheckResult result = checker.check(key);
GpgKeyInfo info = GpgKeys.toJson(key, result);
infos.put(info.id, info);
info.id = null;
}
for (Fingerprint fp : deleted) {
infos.put(keyIdToString(fp.getId()), new GpgKeyInfo());
}
return infos;
}
Also used :
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
Fingerprint(com.google.gerrit.gpg.Fingerprint)
CheckResult(com.google.gerrit.gpg.CheckResult)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
GerritPublicKeyChecker(com.google.gerrit.gpg.GerritPublicKeyChecker)
PublicKeyChecker(com.google.gerrit.gpg.PublicKeyChecker)
GpgKeyInfo(com.google.gerrit.extensions.common.GpgKeyInfo)
Example 2 with CheckResult
use of com.google.gerrit.gpg.CheckResult in project gerrit by GerritCodeReview.
the class PostGpgKeys method tryStoreKeys.
private Void tryStoreKeys(AccountResource rsrc, List<PGPPublicKeyRing> keyRings, Collection<Fingerprint> toRemove) throws RestApiException, PGPException, IOException {
try (PublicKeyStore store = storeProvider.get()) {
List<String> addedKeys = new ArrayList<>();
IdentifiedUser user = rsrc.getUser();
for (PGPPublicKeyRing keyRing : keyRings) {
PGPPublicKey key = keyRing.getPublicKey();
// Don't check web of trust; admins can fill in certifications later.
CheckResult result = checkerFactory.create(user, store).disableTrust().check(key);
if (!result.isOk()) {
throw new BadRequestException(String.format("Problems with public key %s:\n%s", keyToString(key), Joiner.on('\n').join(result.getProblems())));
}
addedKeys.add(PublicKeyStore.keyToString(key));
store.add(keyRing);
}
for (Fingerprint fp : toRemove) {
store.remove(fp.get());
}
CommitBuilder cb = new CommitBuilder();
PersonIdent committer = serverIdent.get();
cb.setAuthor(user.newCommitterIdent(committer));
cb.setCommitter(committer);
RefUpdate.Result saveResult = store.save(cb);
switch(saveResult) {
case NEW:
case FAST_FORWARD:
case FORCED:
if (!addedKeys.isEmpty()) {
try {
addKeySenderFactory.create(user, addedKeys).send();
} catch (EmailException e) {
logger.atSevere().withCause(e).log("Cannot send GPG key added message to %s", rsrc.getUser().getAccount().preferredEmail());
}
}
if (!toRemove.isEmpty()) {
try {
deleteKeySenderFactory.create(user, toRemove.stream().map(Fingerprint::toString).collect(toList())).send();
} catch (EmailException e) {
logger.atSevere().withCause(e).log("Cannot send GPG key deleted message to %s", user.getAccount().preferredEmail());
}
}
break;
case NO_CHANGE:
break;
case LOCK_FAILURE:
case IO_FAILURE:
case NOT_ATTEMPTED:
case REJECTED:
case REJECTED_CURRENT_BRANCH:
case RENAMED:
case REJECTED_MISSING_OBJECT:
case REJECTED_OTHER_REASON:
default:
throw new StorageException(String.format("Failed to save public keys: %s", saveResult));
}
}
return null;
}
Also used :
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
Fingerprint(com.google.gerrit.gpg.Fingerprint)
ArrayList(java.util.ArrayList)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
CommitBuilder(org.eclipse.jgit.lib.CommitBuilder)
PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
PersonIdent(org.eclipse.jgit.lib.PersonIdent)
GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent)
CheckResult(com.google.gerrit.gpg.CheckResult)
PublicKeyStore(com.google.gerrit.gpg.PublicKeyStore)
EmailException(com.google.gerrit.exceptions.EmailException)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
StorageException(com.google.gerrit.exceptions.StorageException)
RefUpdate(org.eclipse.jgit.lib.RefUpdate)
Example 3 with CheckResult
use of com.google.gerrit.gpg.CheckResult in project gerrit by GerritCodeReview.
the class PostGpgKeys method storeKeys.
private void storeKeys(AccountResource rsrc, List<PGPPublicKeyRing> keyRings, Set<Fingerprint> toRemove) throws BadRequestException, ResourceConflictException, PGPException, IOException {
try (PublicKeyStore store = storeProvider.get()) {
List<String> addedKeys = new ArrayList<>();
for (PGPPublicKeyRing keyRing : keyRings) {
PGPPublicKey key = keyRing.getPublicKey();
// Don't check web of trust; admins can fill in certifications later.
CheckResult result = checkerFactory.create(rsrc.getUser(), store).disableTrust().check(key);
if (!result.isOk()) {
throw new BadRequestException(String.format("Problems with public key %s:\n%s", keyToString(key), Joiner.on('\n').join(result.getProblems())));
}
addedKeys.add(PublicKeyStore.keyToString(key));
store.add(keyRing);
}
for (Fingerprint fp : toRemove) {
store.remove(fp.get());
}
CommitBuilder cb = new CommitBuilder();
PersonIdent committer = serverIdent.get();
cb.setAuthor(rsrc.getUser().newCommitterIdent(committer.getWhen(), committer.getTimeZone()));
cb.setCommitter(committer);
RefUpdate.Result saveResult = store.save(cb);
switch(saveResult) {
case NEW:
case FAST_FORWARD:
case FORCED:
try {
addKeyFactory.create(rsrc.getUser(), addedKeys).send();
} catch (EmailException e) {
log.error("Cannot send GPG key added message to " + rsrc.getUser().getAccount().getPreferredEmail(), e);
}
break;
case NO_CHANGE:
break;
case IO_FAILURE:
case LOCK_FAILURE:
case NOT_ATTEMPTED:
case REJECTED:
case REJECTED_CURRENT_BRANCH:
case RENAMED:
default:
// TODO(dborowitz): Backoff and retry on LOCK_FAILURE.
throw new ResourceConflictException("Failed to save public keys: " + saveResult);
}
}
}
Also used :
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
Fingerprint(com.google.gerrit.gpg.Fingerprint)
ArrayList(java.util.ArrayList)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
CommitBuilder(org.eclipse.jgit.lib.CommitBuilder)
PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
PersonIdent(org.eclipse.jgit.lib.PersonIdent)
GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent)
CheckResult(com.google.gerrit.gpg.CheckResult)
PublicKeyStore(com.google.gerrit.gpg.PublicKeyStore)
EmailException(com.google.gerrit.common.errors.EmailException)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
RefUpdate(org.eclipse.jgit.lib.RefUpdate)
Example 4 with CheckResult
use of com.google.gerrit.gpg.CheckResult in project gerrit by GerritCodeReview.
the class PostGpgKeys method toJson.
private Map<String, GpgKeyInfo> toJson(Collection<PGPPublicKeyRing> keys, Collection<Fingerprint> deleted, PublicKeyStore store, IdentifiedUser user) throws IOException {
// Unlike when storing keys, include web-of-trust checks when producing
// result JSON, so the user at least knows of any issues.
PublicKeyChecker checker = checkerFactory.create(user, store);
Map<String, GpgKeyInfo> infos = Maps.newHashMapWithExpectedSize(keys.size() + deleted.size());
for (PGPPublicKeyRing keyRing : keys) {
PGPPublicKey key = keyRing.getPublicKey();
CheckResult result = checker.check(key);
GpgKeyInfo info = GpgKeys.toJson(key, result);
infos.put(info.id, info);
info.id = null;
}
for (Fingerprint fp : deleted) {
infos.put(keyIdToString(fp.getId()), new GpgKeyInfo());
}
return infos;
}
Also used :
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
Fingerprint(com.google.gerrit.gpg.Fingerprint)
CheckResult(com.google.gerrit.gpg.CheckResult)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString)
PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString)
GerritPublicKeyChecker(com.google.gerrit.gpg.GerritPublicKeyChecker)
PublicKeyChecker(com.google.gerrit.gpg.PublicKeyChecker)
GpgKeyInfo(com.google.gerrit.extensions.common.GpgKeyInfo)
Aggregations
CheckResult (com.google.gerrit.gpg.CheckResult)4
Fingerprint (com.google.gerrit.gpg.Fingerprint)4
PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)4
PublicKeyStore.keyToString (com.google.gerrit.gpg.PublicKeyStore.keyToString)4
PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)4
PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)4
GpgKeyInfo (com.google.gerrit.extensions.common.GpgKeyInfo)2
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)2
GerritPublicKeyChecker (com.google.gerrit.gpg.GerritPublicKeyChecker)2
PublicKeyChecker (com.google.gerrit.gpg.PublicKeyChecker)2
PublicKeyStore (com.google.gerrit.gpg.PublicKeyStore)2
GerritPersonIdent (com.google.gerrit.server.GerritPersonIdent)2
ArrayList (java.util.ArrayList)2
CommitBuilder (org.eclipse.jgit.lib.CommitBuilder)2
PersonIdent (org.eclipse.jgit.lib.PersonIdent)2
RefUpdate (org.eclipse.jgit.lib.RefUpdate)2
EmailException (com.google.gerrit.common.errors.EmailException)1
EmailException (com.google.gerrit.exceptions.EmailException)1
StorageException (com.google.gerrit.exceptions.StorageException)1
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)1
