-
Notifications
You must be signed in to change notification settings - Fork 87
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WFMP-275] Add GPG checks to the channel provisioning
- Loading branch information
Showing
7 changed files
with
169 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
84 changes: 84 additions & 0 deletions
84
plugin/src/main/java/org/wildfly/plugin/provision/GpgKeyring.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
/* | ||
* Copyright The WildFly Authors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package org.wildfly.plugin.provision; | ||
|
||
import java.io.FileInputStream; | ||
import java.io.IOException; | ||
import java.math.BigInteger; | ||
import java.nio.file.Path; | ||
import java.util.HashMap; | ||
import java.util.Iterator; | ||
import java.util.List; | ||
import java.util.Locale; | ||
import java.util.Map; | ||
|
||
import org.bouncycastle.bcpg.ArmoredInputStream; | ||
import org.bouncycastle.openpgp.PGPException; | ||
import org.bouncycastle.openpgp.PGPPublicKey; | ||
import org.bouncycastle.openpgp.PGPPublicKeyRing; | ||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; | ||
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator; | ||
import org.bouncycastle.util.encoders.Hex; | ||
import org.jboss.logging.Logger; | ||
import org.wildfly.channel.gpg.GpgKeystore; | ||
|
||
/** | ||
* Read-only keystore used to read keys from a local GPG keyring file. | ||
*/ | ||
public class GpgKeyring implements GpgKeystore { | ||
|
||
private final Logger log = Logger.getLogger(GpgKeyring.class.getName()); | ||
|
||
private final PGPPublicKeyRingCollection publicKeyRingCollection; | ||
private Map<String, PGPPublicKey> keyCache = new HashMap<>(); | ||
|
||
public PGPPublicKey get(String keyID) { | ||
if (publicKeyRingCollection != null) { | ||
final Iterator<PGPPublicKeyRing> keyRings = publicKeyRingCollection.getKeyRings(); | ||
while (keyRings.hasNext()) { | ||
final PGPPublicKeyRing keyRing = keyRings.next(); | ||
final PGPPublicKey publicKey = keyRing.getPublicKey(new BigInteger(keyID, 16).longValue()); | ||
if (publicKey != null) { | ||
return publicKey; | ||
} | ||
} | ||
return null; | ||
} else { | ||
return keyCache.get(keyID); | ||
} | ||
} | ||
|
||
public GpgKeyring(Path keyringPath) { | ||
if (keyringPath != null) { | ||
try { | ||
publicKeyRingCollection = new PGPPublicKeyRingCollection( | ||
new ArmoredInputStream(new FileInputStream(keyringPath.toFile())), | ||
new JcaKeyFingerprintCalculator()); | ||
} catch (IOException | PGPException e) { | ||
throw new RuntimeException("Unable to access GPG keystore", e); | ||
} | ||
} else { | ||
publicKeyRingCollection = null; | ||
} | ||
} | ||
|
||
public boolean add(List<PGPPublicKey> publicKeys) { | ||
for (PGPPublicKey publicKey : publicKeys) { | ||
keyCache.put(Long.toHexString(publicKey.getKeyID()).toUpperCase(Locale.ROOT), publicKey); | ||
} | ||
return true; | ||
} | ||
|
||
static String describeImportedKeys(PGPPublicKey pgpPublicKey) { | ||
final StringBuilder sb = new StringBuilder(); | ||
final Iterator<String> userIDs = pgpPublicKey.getUserIDs(); | ||
while (userIDs.hasNext()) { | ||
sb.append(userIDs.next()); | ||
} | ||
sb.append(": ").append(Hex.toHexString(pgpPublicKey.getFingerprint())); | ||
return sb.toString(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters