diff options
author | Ed Merks | 2022-01-11 13:39:19 +0000 |
---|---|---|
committer | Mickael Istria | 2022-01-11 14:25:02 +0000 |
commit | e4c17a210631e7961d5574174128bd5dbc8ce192 (patch) | |
tree | 82dea5094b06ecac5e03364150f3f5ac364d9473 | |
parent | 9ea96950f33f9e87c1c035eed375b56b44d37289 (diff) | |
download | rt.equinox.p2-e4c17a210631e7961d5574174128bd5dbc8ce192.tar.gz rt.equinox.p2-e4c17a210631e7961d5574174128bd5dbc8ce192.tar.xz rt.equinox.p2-e4c17a210631e7961d5574174128bd5dbc8ce192.zip |
Bug 578161 - The CertificateChecker uses the wrong profile
Provide support to be able to set the profile used by the
CertificateChecker, much like it supports adding the artifacts
descriptor to add.
Use this in the CheckTrust phase so that the CertificateChecker operates
on the profile being provisioned.
Modify downstream uses of the CertificateChecker to set the appropriate
profile for that usage context.
Change-Id: Ie2da8e1b137f8540ce40f8dd737ffc938a47194d
Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/189475
Tested-by: Equinox Bot <equinox-bot@eclipse.org>
Tested-by: Ed Merks <ed.merks@gmail.com>
Reviewed-by: Ed Merks <ed.merks@gmail.com>
Reviewed-by: Mickael Istria <mistria@redhat.com>
6 files changed, 40 insertions, 23 deletions
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java index 09a0686ab..92aee7199 100644 --- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java +++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java @@ -29,7 +29,8 @@ import org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPSignatureVerif import org.eclipse.equinox.internal.p2.engine.*; import org.eclipse.equinox.p2.core.*; import org.eclipse.equinox.p2.core.UIServices.TrustInfo; -import org.eclipse.equinox.p2.engine.*; +import org.eclipse.equinox.p2.engine.IProfile; +import org.eclipse.equinox.p2.engine.ProfileScope; import org.eclipse.equinox.p2.repository.artifact.IArtifactDescriptor; import org.eclipse.osgi.service.security.TrustEngine; import org.eclipse.osgi.signedcontent.*; @@ -49,6 +50,11 @@ public class CertificateChecker { public static final String TRUSTED_KEY_STORE_PROPERTY = "pgp.trustedPublicKeys"; //$NON-NLS-1$ + /*** + * Store the optional profile for PGP key handling + */ + private IProfile profile; + /** * Stores artifacts to check */ @@ -302,21 +308,21 @@ public class CertificateChecker { } + public void setProfile(IProfile profile) { + this.profile = profile; + } + public void add(Map<IArtifactDescriptor, File> toAdd) { artifacts.putAll(toAdd); } public PGPPublicKeyStore buildPGPTrustore() { PGPPublicKeyStore trustStore = new PGPPublicKeyStore(); - // load from profile properties - if (agent != null && agent.getService(IAgentLocation.SERVICE_NAME) != null) { - IProfile profile = agent.getService(IProfileRegistry.class).getProfile(IProfileRegistry.SELF); - if (profile != null) { - trustStore.addKeys(profile.getProperty(TRUSTED_KEY_STORE_PROPERTY)); - ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class), - profile.getProfileId()); - trustStore.addKeys(profileScope.getNode(EngineActivator.ID).get(TRUSTED_KEY_STORE_PROPERTY, null)); - } + if (profile != null) { + trustStore.addKeys(profile.getProperty(TRUSTED_KEY_STORE_PROPERTY)); + ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class), + profile.getProfileId()); + trustStore.addKeys(profileScope.getNode(EngineActivator.ID).get(TRUSTED_KEY_STORE_PROPERTY, null)); } // load from bundles providing capability for (IConfigurationElement extension : RegistryFactory.getRegistry() @@ -372,16 +378,18 @@ public class CertificateChecker { } public IStatus persistTrustedKeys(PGPPublicKeyStore trustStore) { - IProfile profile = agent.getService(IProfileRegistry.class).getProfile(IProfileRegistry.SELF); - ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class), profile.getProfileId()); - IEclipsePreferences node = profileScope.getNode(EngineActivator.ID); - try { - node.put(TRUSTED_KEY_STORE_PROPERTY, trustStore.toArmoredString()); - node.flush(); - return Status.OK_STATUS; - } catch (IOException | BackingStoreException ex) { - return new Status(IStatus.ERROR, EngineActivator.ID, ex.getMessage(), ex); + if (profile != null) { + ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class), + profile.getProfileId()); + IEclipsePreferences node = profileScope.getNode(EngineActivator.ID); + try { + node.put(TRUSTED_KEY_STORE_PROPERTY, trustStore.toArmoredString()); + node.flush(); + } catch (IOException | BackingStoreException ex) { + return new Status(IStatus.ERROR, EngineActivator.ID, ex.getMessage(), ex); + } } + return Status.OK_STATUS; } } diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java index e885ad1f6..5b81e7ba3 100644 --- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java +++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java @@ -60,6 +60,7 @@ public class CheckTrust extends InstallableUnitPhase { // Instantiate a check trust manager CertificateChecker certificateChecker = new CertificateChecker(agent); certificateChecker.add(artifactRequests); + certificateChecker.setProfile(profile); return certificateChecker.start(); } diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java index c251e5cec..346d6eea2 100644 --- a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java +++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java @@ -28,6 +28,7 @@ import org.eclipse.equinox.internal.p2.metadata.ArtifactKey; import org.eclipse.equinox.p2.core.IAgentLocation; import org.eclipse.equinox.p2.core.ProvisionException; import org.eclipse.equinox.p2.core.UIServices; +import org.eclipse.equinox.p2.engine.IProfile; import org.eclipse.equinox.p2.engine.IProfileRegistry; import org.eclipse.equinox.p2.metadata.Version; import org.eclipse.equinox.p2.repository.artifact.spi.ArtifactDescriptor; @@ -276,7 +277,7 @@ public class CertificateCheckerTest extends AbstractProvisioningTest { Files.createTempDirectory( CertificateCheckerTest.class.getName() + "testPGPSignedArtifactTrustedKey-profile") .toUri())); - testAgent.getService(IProfileRegistry.class).addProfile(IProfileRegistry.SELF, + IProfile profile = testAgent.getService(IProfileRegistry.class).addProfile(IProfileRegistry.SELF, Map.of(CertificateChecker.TRUSTED_KEY_STORE_PROPERTY, PGP_SIGNER1_PUBLIC_KEY)); unsigned = TestData.getFile("pgp/repoPGPOK/plugins", "blah_1.0.0.123456.jar"); ArtifactDescriptor artifactDescriptor = new ArtifactDescriptor( @@ -284,6 +285,8 @@ public class CertificateCheckerTest extends AbstractProvisioningTest { artifactDescriptor.addProperties( Map.of(PGPSignatureVerifier.PGP_SIGNATURES_PROPERTY_NAME, PGP_SIGNER1_SIGNATURE)); checker.add(Map.of(artifactDescriptor, unsigned)); + checker.setProfile(profile); + System.getProperties().setProperty(EngineActivator.PROP_UNSIGNED_POLICY, EngineActivator.UNSIGNED_PROMPT); IStatus result = checker.start(); assertTrue(result.isOK()); diff --git a/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF index 988cfdd1b..35df9354d 100644 --- a/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF +++ b/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: %bundleName Bundle-SymbolicName: org.eclipse.equinox.p2.ui.sdk;singleton:=true -Bundle-Version: 1.2.3.qualifier +Bundle-Version: 1.2.4.qualifier Bundle-Activator: org.eclipse.equinox.internal.p2.ui.sdk.ProvSDKUIActivator Bundle-Vendor: %providerName Bundle-Localization: plugin diff --git a/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml b/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml index 32f6d437e..79dad4d2b 100644 --- a/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml +++ b/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml @@ -9,6 +9,6 @@ </parent> <groupId>org.eclipse.equinox</groupId> <artifactId>org.eclipse.equinox.p2.ui.sdk</artifactId> - <version>1.2.3-SNAPSHOT</version> + <version>1.2.4-SNAPSHOT</version> <packaging>eclipse-plugin</packaging> </project> diff --git a/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java b/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java index 417ba2d68..f875fd6dc 100644 --- a/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java +++ b/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java @@ -20,6 +20,8 @@ import org.eclipse.core.runtime.Status; import org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPPublicKeyStore; import org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker; import org.eclipse.equinox.internal.p2.ui.ProvUIActivator; +import org.eclipse.equinox.p2.core.IProvisioningAgent; +import org.eclipse.equinox.p2.engine.IProfileRegistry; import org.eclipse.jface.dialogs.IDialogConstants; import org.eclipse.jface.preference.PreferencePage; import org.eclipse.jface.viewers.*; @@ -81,7 +83,10 @@ public class TrustPreferencePage extends PreferencePage implements IWorkbenchPre userColumn.getColumn().setWidth(400); userColumn.getColumn().setText(ProvSDKMessages.TrustPreferencePage_userColumn); viewer.getControl().setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, true)); - certificateChecker = new CertificateChecker(ProvSDKUIActivator.getDefault().getProvisioningAgent()); + IProvisioningAgent provisioningAgent = ProvSDKUIActivator.getDefault().getProvisioningAgent(); + certificateChecker = new CertificateChecker(provisioningAgent); + certificateChecker + .setProfile(provisioningAgent.getService(IProfileRegistry.class).getProfile(IProfileRegistry.SELF)); trustedKeys = certificateChecker.buildPGPTrustore(); viewer.setInput(trustedKeys.all()); Composite buttonComposite = createVerticalButtonBar(res); |