Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Läubrich2021-08-29 05:41:22 +0000
committerAlexander Kurtakov2021-08-30 09:25:29 +0000
commit35a7d8f3ca85882b84fc02d233ce4720d86598fa (patch)
tree79570e378e2a7092c9beeb6c073dfab144e0e85c
parent9ae0d000ce14924920db0e1d567999e56bb646e9 (diff)
downloadrt.equinox.p2-35a7d8f3ca85882b84fc02d233ce4720d86598fa.tar.gz
rt.equinox.p2-35a7d8f3ca85882b84fc02d233ce4720d86598fa.tar.xz
rt.equinox.p2-35a7d8f3ca85882b84fc02d233ce4720d86598fa.zip
prevent exhaustive classpath scanning. Change-Id: I9e79588874addd2092ea784d13a9bce35f1cfb98 Signed-off-by: Christoph Läubrich <laeubi@laeubi-soft.de> Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/184567 Reviewed-by: Mickael Istria <mistria@redhat.com> Reviewed-by: Alexander Kurtakov <akurtako@redhat.com> Tested-by: Alexander Kurtakov <akurtako@redhat.com>
-rw-r--r--bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java16
1 files changed, 7 insertions, 9 deletions
diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java
index cc5304b1a..72340080c 100644
--- a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java
+++ b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java
@@ -14,11 +14,10 @@ import java.io.*;
import java.util.*;
import java.util.stream.Collectors;
import org.bouncycastle.bcpg.ArmoredInputStream;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.*;
-import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
-import org.bouncycastle.openpgp.jcajce.JcaPGPPublicKeyRingCollection;
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
+import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
+import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
+import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.eclipse.core.runtime.*;
import org.eclipse.equinox.internal.p2.artifact.repository.Activator;
import org.eclipse.equinox.internal.p2.core.helpers.LogHelper;
@@ -60,12 +59,12 @@ public final class PGPSignatureVerifier extends ProcessingStep {
}
List<PGPSignature> res = new ArrayList<>();
try (InputStream in = new ArmoredInputStream(new ByteArrayInputStream(signatureText.getBytes()))) {
- JcaPGPObjectFactory pgpFactory = new JcaPGPObjectFactory(in);
+ PGPObjectFactory pgpFactory = new BcPGPObjectFactory(in);
Object o = pgpFactory.nextObject();
PGPSignatureList signatureList = new PGPSignatureList(new PGPSignature[0]);
if (o instanceof PGPCompressedData) {
PGPCompressedData pgpCompressData = (PGPCompressedData) o;
- pgpFactory = new JcaPGPObjectFactory(pgpCompressData.getDataStream());
+ pgpFactory = new BcPGPObjectFactory(pgpCompressData.getDataStream());
signatureList = (PGPSignatureList) pgpFactory.nextObject();
} else if (o instanceof PGPSignatureList) {
signatureList = (PGPSignatureList) o;
@@ -108,8 +107,7 @@ public final class PGPSignatureVerifier extends ProcessingStep {
return;
}
try {
- signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(new BouncyCastleProvider()),
- publicKey);
+ signature.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
} catch (PGPException ex) {
setStatus(new Status(IStatus.ERROR, Activator.ID, ex.getMessage(), ex));
return;
@@ -145,7 +143,7 @@ public final class PGPSignatureVerifier extends ProcessingStep {
Map<Long, PGPPublicKey> res = new HashMap<>();
try (InputStream stream = PGPUtil
.getDecoderStream(new ByteArrayInputStream(unnormalizedPGPProperty(armoredPublicKeyring).getBytes()))) {
- PGPPublicKeyRingCollection pgpPub = new JcaPGPPublicKeyRingCollection(stream);
+ PGPPublicKeyRingCollection pgpPub = new BcPGPPublicKeyRingCollection(stream);
pgpPub.getKeyRings().forEachRemaining(kRing ->
kRing.getPublicKeys().forEachRemaining(key -> res.put(key.getKeyID(), key))

Back to the top