Search in sources :

Example 1 with GpgSignatureVerifier

use of org.eclipse.jgit.lib.GpgSignatureVerifier in project omegat by omegat-org.

the class GITExternalGpgSigner method signWithGpg.

private byte[] signWithGpg(byte[] data, String keySpec, String gpgProgram) throws IOException, CanceledException {
    // Sign an object with an external GPG executable. GPG handles
    // passphrase entry, including gpg-agent and native keychain
    // integration.
    String program = gpgProgram;
    if (StringUtils.isEmptyOrNull(program)) {
        program = FROM_PATH.getGpg();
        if (StringUtils.isEmptyOrNull(program)) {
            throw new IOException(OStrings.getString(ExternalGpgSigner_gpgNotFound));
        }
    }
    ProcessBuilder process = new ProcessBuilder();
    process.command(program, // $NON-NLS-1$
    "-bsau", keySpec, // $NON-NLS-1$
    "--batch", // $NON-NLS-1$
    "--no-tty", // $NON-NLS-1$
    "--status-fd", // $NON-NLS-1$
    "2", // $NON-NLS-1$
    "--output", // $NON-NLS-1$
    "-");
    gpgEnvironment(process);
    try (ByteArrayInputStream dataIn = new ByteArrayInputStream(data)) {
        class Holder {

            byte[] rawData;
        }
        Holder result = new Holder();
        runProcess(process, dataIn, b -> {
            // Sanity check: do we have a signature?
            GpgSignatureVerifierFactory factory = GpgSignatureVerifierFactory.getDefault();
            boolean isValid;
            if (factory == null) {
                byte[] fromGpg = b.toByteArray(SIGNATURE_START.length);
                isValid = Arrays.equals(fromGpg, SIGNATURE_START);
                if (isValid) {
                    result.rawData = b.toByteArray();
                }
            } else {
                byte[] fromGpg = b.toByteArray();
                GpgSignatureVerifier verifier = factory.getVerifier();
                try {
                    GpgSignatureVerifier.SignatureVerification verification = verifier.verify(data, fromGpg);
                    isValid = verification != null && verification.getVerified();
                    if (isValid) {
                        result.rawData = fromGpg;
                    }
                } catch (JGitInternalException e) {
                    throw new IOException(e.getLocalizedMessage(), e);
                } finally {
                    verifier.clear();
                }
            }
            if (!isValid) {
                throw new IOException(MessageFormat.format(OStrings.getString(ExternalGpgSigner_noSignature), toString(b)));
            }
        }, e -> {
            // https://github.com/gpg/gnupg/blob/master/doc/DETAILS
            try (BufferedReader r = new BufferedReader(new InputStreamReader(e.openInputStream(), StandardCharsets.UTF_8))) {
                String line;
                boolean pinentry = false;
                while ((line = r.readLine()) != null) {
                    if (!pinentry && line.startsWith("[GNUPG:] PINENTRY_LAUNCHED")) {
                        pinentry = true;
                    } else if (pinentry) {
                        if (line.startsWith("[GNUPG:] FAILURE sign")) {
                            throw new CanceledException(OStrings.getString(ExternalGpgSigner_signingCanceled));
                        }
                        if (line.startsWith("[GNUPG:]")) {
                            pinentry = false;
                        }
                    }
                }
            } catch (IOException ex) {
            // Swallow it here; runProcess will raise one anyway.
            }
        });
        return result.rawData;
    }
}
Also used : CanceledException(org.eclipse.jgit.api.errors.CanceledException) GpgSignatureVerifierFactory(org.eclipse.jgit.lib.GpgSignatureVerifierFactory) GpgSignatureVerifier(org.eclipse.jgit.lib.GpgSignatureVerifier) InputStreamReader(java.io.InputStreamReader) IOException(java.io.IOException) ByteArrayInputStream(java.io.ByteArrayInputStream) BufferedReader(java.io.BufferedReader) JGitInternalException(org.eclipse.jgit.api.errors.JGitInternalException)

Aggregations

BufferedReader (java.io.BufferedReader)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 InputStreamReader (java.io.InputStreamReader)1 CanceledException (org.eclipse.jgit.api.errors.CanceledException)1 JGitInternalException (org.eclipse.jgit.api.errors.JGitInternalException)1 GpgSignatureVerifier (org.eclipse.jgit.lib.GpgSignatureVerifier)1 GpgSignatureVerifierFactory (org.eclipse.jgit.lib.GpgSignatureVerifierFactory)1