Examples with Fingerprint com.google.gerrit.gpg.Fingerprint used on opensource projects

Search in sources :

Example 1 with Fingerprint

use of com.google.gerrit.gpg.Fingerprint in project gerrit by GerritCodeReview.

the class PostGpgKeys method toJson.

private Map<String, GpgKeyInfo> toJson(Collection<PGPPublicKeyRing> keys, Set<Fingerprint> deleted, PublicKeyStore store, IdentifiedUser user) throws IOException {
    // Unlike when storing keys, include web-of-trust checks when producing
    // result JSON, so the user at least knows of any issues.
    PublicKeyChecker checker = checkerFactory.create(user, store);
    Map<String, GpgKeyInfo> infos = Maps.newHashMapWithExpectedSize(keys.size() + deleted.size());
    for (PGPPublicKeyRing keyRing : keys) {
        PGPPublicKey key = keyRing.getPublicKey();
        CheckResult result = checker.check(key);
        GpgKeyInfo info = GpgKeys.toJson(key, result);
        infos.put(info.id, info);
        info.id = null;
    }
    for (Fingerprint fp : deleted) {
        infos.put(keyIdToString(fp.getId()), new GpgKeyInfo());
    }
    return infos;
}
Also used : PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing) Fingerprint(com.google.gerrit.gpg.Fingerprint) CheckResult(com.google.gerrit.gpg.CheckResult) PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey) PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString) PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString) GerritPublicKeyChecker(com.google.gerrit.gpg.GerritPublicKeyChecker) PublicKeyChecker(com.google.gerrit.gpg.PublicKeyChecker) GpgKeyInfo(com.google.gerrit.extensions.common.GpgKeyInfo)

Example 2 with Fingerprint

use of com.google.gerrit.gpg.Fingerprint in project gerrit by GerritCodeReview.

the class PostGpgKeys method readKeysToAdd.

private List<PGPPublicKeyRing> readKeysToAdd(Input input, Set<Fingerprint> toRemove) throws BadRequestException, IOException {
    if (input.add == null || input.add.isEmpty()) {
        return ImmutableList.of();
    }
    List<PGPPublicKeyRing> keyRings = new ArrayList<>(input.add.size());
    for (String armored : input.add) {
        try (InputStream in = new ByteArrayInputStream(armored.getBytes(UTF_8));
            ArmoredInputStream ain = new ArmoredInputStream(in)) {
            @SuppressWarnings("unchecked") List<Object> objs = Lists.newArrayList(new BcPGPObjectFactory(ain));
            if (objs.size() != 1 || !(objs.get(0) instanceof PGPPublicKeyRing)) {
                throw new BadRequestException("Expected exactly one PUBLIC KEY BLOCK");
            }
            PGPPublicKeyRing keyRing = (PGPPublicKeyRing) objs.get(0);
            if (toRemove.contains(new Fingerprint(keyRing.getPublicKey().getFingerprint()))) {
                throw new BadRequestException("Cannot both add and delete key: " + keyToString(keyRing.getPublicKey()));
            }
            keyRings.add(keyRing);
        }
    }
    return keyRings;
}
Also used : PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing) Fingerprint(com.google.gerrit.gpg.Fingerprint) ByteArrayInputStream(java.io.ByteArrayInputStream) ArmoredInputStream(org.bouncycastle.bcpg.ArmoredInputStream) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString) PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString) ByteArrayInputStream(java.io.ByteArrayInputStream) ArmoredInputStream(org.bouncycastle.bcpg.ArmoredInputStream) BcPGPObjectFactory(org.bouncycastle.openpgp.bc.BcPGPObjectFactory) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)

Example 3 with Fingerprint

use of com.google.gerrit.gpg.Fingerprint in project gerrit by GerritCodeReview.

the class PostGpgKeys method apply.

@Override
public Map<String, GpgKeyInfo> apply(AccountResource rsrc, Input input) throws ResourceNotFoundException, BadRequestException, ResourceConflictException, PGPException, OrmException, IOException, ConfigInvalidException {
    GpgKeys.checkVisible(self, rsrc);
    Collection<ExternalId> existingExtIds = externalIds.byAccount(rsrc.getUser().getAccountId(), SCHEME_GPGKEY);
    try (PublicKeyStore store = storeProvider.get()) {
        Set<Fingerprint> toRemove = readKeysToRemove(input, existingExtIds);
        List<PGPPublicKeyRing> newKeys = readKeysToAdd(input, toRemove);
        List<ExternalId> newExtIds = new ArrayList<>(existingExtIds.size());
        for (PGPPublicKeyRing keyRing : newKeys) {
            PGPPublicKey key = keyRing.getPublicKey();
            ExternalId.Key extIdKey = toExtIdKey(key.getFingerprint());
            Account account = getAccountByExternalId(extIdKey);
            if (account != null) {
                if (!account.getId().equals(rsrc.getUser().getAccountId())) {
                    throw new ResourceConflictException("GPG key already associated with another account");
                }
            } else {
                newExtIds.add(ExternalId.create(extIdKey, rsrc.getUser().getAccountId()));
            }
        }
        storeKeys(rsrc, newKeys, toRemove);
        List<ExternalId.Key> extIdKeysToRemove = toRemove.stream().map(fp -> toExtIdKey(fp.get())).collect(toList());
        externalIdsUpdateFactory.create().replace(rsrc.getUser().getAccountId(), extIdKeysToRemove, newExtIds);
        accountCache.evict(rsrc.getUser().getAccountId());
        return toJson(newKeys, toRemove, store, rsrc.getUser());
    }
}
Also used : ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException) OrmException(com.google.gwtorm.server.OrmException) PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString) Inject(com.google.inject.Inject) LoggerFactory(org.slf4j.LoggerFactory) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) RestModifyView(com.google.gerrit.extensions.restapi.RestModifyView) ByteArrayInputStream(java.io.ByteArrayInputStream) GpgKeyInfo(com.google.gerrit.extensions.common.GpgKeyInfo) Map(java.util.Map) PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing) PGPException(org.bouncycastle.openpgp.PGPException) ImmutableSet(com.google.common.collect.ImmutableSet) Collection(java.util.Collection) Set(java.util.Set) RefUpdate(org.eclipse.jgit.lib.RefUpdate) PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey) SCHEME_GPGKEY(com.google.gerrit.server.account.externalids.ExternalId.SCHEME_GPGKEY) Sets(com.google.common.collect.Sets) ExternalIds(com.google.gerrit.server.account.externalids.ExternalIds) PersonIdent(org.eclipse.jgit.lib.PersonIdent) List(java.util.List) ExternalIdsUpdate(com.google.gerrit.server.account.externalids.ExternalIdsUpdate) Joiner(com.google.common.base.Joiner) Singleton(com.google.inject.Singleton) AccountCache(com.google.gerrit.server.account.AccountCache) ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException) PublicKeyStore(com.google.gerrit.gpg.PublicKeyStore) InternalAccountQuery(com.google.gerrit.server.query.account.InternalAccountQuery) GerritPublicKeyChecker(com.google.gerrit.gpg.GerritPublicKeyChecker) Fingerprint(com.google.gerrit.gpg.Fingerprint) ArrayList(java.util.ArrayList) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) Account(com.google.gerrit.reviewdb.client.Account) CommitBuilder(org.eclipse.jgit.lib.CommitBuilder) ArmoredInputStream(org.bouncycastle.bcpg.ArmoredInputStream) CheckResult(com.google.gerrit.gpg.CheckResult) Input(com.google.gerrit.gpg.server.PostGpgKeys.Input) CurrentUser(com.google.gerrit.server.CurrentUser) Logger(org.slf4j.Logger) BaseEncoding(com.google.common.io.BaseEncoding) UTF_8(java.nio.charset.StandardCharsets.UTF_8) AccountResource(com.google.gerrit.server.account.AccountResource) EmailException(com.google.gerrit.common.errors.EmailException) PublicKeyChecker(com.google.gerrit.gpg.PublicKeyChecker) IOException(java.io.IOException) Maps(com.google.common.collect.Maps) PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString) Collectors.toList(java.util.stream.Collectors.toList) Provider(com.google.inject.Provider) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) IdentifiedUser(com.google.gerrit.server.IdentifiedUser) AddKeySender(com.google.gerrit.server.mail.send.AddKeySender) ExternalId(com.google.gerrit.server.account.externalids.ExternalId) AccountState(com.google.gerrit.server.account.AccountState) BcPGPObjectFactory(org.bouncycastle.openpgp.bc.BcPGPObjectFactory) GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent) InputStream(java.io.InputStream) PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing) Account(com.google.gerrit.reviewdb.client.Account) Fingerprint(com.google.gerrit.gpg.Fingerprint) ExternalId(com.google.gerrit.server.account.externalids.ExternalId) ArrayList(java.util.ArrayList) PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) PublicKeyStore(com.google.gerrit.gpg.PublicKeyStore) PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)

Example 4 with Fingerprint

use of com.google.gerrit.gpg.Fingerprint in project gerrit by GerritCodeReview.

the class PostGpgKeys method storeKeys.

private void storeKeys(AccountResource rsrc, List<PGPPublicKeyRing> keyRings, Set<Fingerprint> toRemove) throws BadRequestException, ResourceConflictException, PGPException, IOException {
    try (PublicKeyStore store = storeProvider.get()) {
        List<String> addedKeys = new ArrayList<>();
        for (PGPPublicKeyRing keyRing : keyRings) {
            PGPPublicKey key = keyRing.getPublicKey();
            // Don't check web of trust; admins can fill in certifications later.
            CheckResult result = checkerFactory.create(rsrc.getUser(), store).disableTrust().check(key);
            if (!result.isOk()) {
                throw new BadRequestException(String.format("Problems with public key %s:\n%s", keyToString(key), Joiner.on('\n').join(result.getProblems())));
            }
            addedKeys.add(PublicKeyStore.keyToString(key));
            store.add(keyRing);
        }
        for (Fingerprint fp : toRemove) {
            store.remove(fp.get());
        }
        CommitBuilder cb = new CommitBuilder();
        PersonIdent committer = serverIdent.get();
        cb.setAuthor(rsrc.getUser().newCommitterIdent(committer.getWhen(), committer.getTimeZone()));
        cb.setCommitter(committer);
        RefUpdate.Result saveResult = store.save(cb);
        switch(saveResult) {
            case NEW:
            case FAST_FORWARD:
            case FORCED:
                try {
                    addKeyFactory.create(rsrc.getUser(), addedKeys).send();
                } catch (EmailException e) {
                    log.error("Cannot send GPG key added message to " + rsrc.getUser().getAccount().getPreferredEmail(), e);
                }
                break;
            case NO_CHANGE:
                break;
            case IO_FAILURE:
            case LOCK_FAILURE:
            case NOT_ATTEMPTED:
            case REJECTED:
            case REJECTED_CURRENT_BRANCH:
            case RENAMED:
            default:
                // TODO(dborowitz): Backoff and retry on LOCK_FAILURE.
                throw new ResourceConflictException("Failed to save public keys: " + saveResult);
        }
    }
}
Also used : PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing) Fingerprint(com.google.gerrit.gpg.Fingerprint) ArrayList(java.util.ArrayList) PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey) CommitBuilder(org.eclipse.jgit.lib.CommitBuilder) PublicKeyStore.keyToString(com.google.gerrit.gpg.PublicKeyStore.keyToString) PublicKeyStore.keyIdToString(com.google.gerrit.gpg.PublicKeyStore.keyIdToString) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) PersonIdent(org.eclipse.jgit.lib.PersonIdent) GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent) CheckResult(com.google.gerrit.gpg.CheckResult) PublicKeyStore(com.google.gerrit.gpg.PublicKeyStore) EmailException(com.google.gerrit.common.errors.EmailException) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) RefUpdate(org.eclipse.jgit.lib.RefUpdate)

Aggregations

Fingerprint (com.google.gerrit.gpg.Fingerprint)4 PublicKeyStore.keyIdToString (com.google.gerrit.gpg.PublicKeyStore.keyIdToString)4 PublicKeyStore.keyToString (com.google.gerrit.gpg.PublicKeyStore.keyToString)4 PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)4 BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)3 CheckResult (com.google.gerrit.gpg.CheckResult)3 ArrayList (java.util.ArrayList)3 PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)3 EmailException (com.google.gerrit.common.errors.EmailException)2 GpgKeyInfo (com.google.gerrit.extensions.common.GpgKeyInfo)2 ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)2 GerritPublicKeyChecker (com.google.gerrit.gpg.GerritPublicKeyChecker)2 PublicKeyChecker (com.google.gerrit.gpg.PublicKeyChecker)2 PublicKeyStore (com.google.gerrit.gpg.PublicKeyStore)2 GerritPersonIdent (com.google.gerrit.server.GerritPersonIdent)2 CommitBuilder (org.eclipse.jgit.lib.CommitBuilder)2 PersonIdent (org.eclipse.jgit.lib.PersonIdent)2 RefUpdate (org.eclipse.jgit.lib.RefUpdate)2 Joiner (com.google.common.base.Joiner)1 ImmutableList (com.google.common.collect.ImmutableList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial