Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEd Merks2022-01-11 13:39:19 +0000
committerMickael Istria2022-01-11 14:25:02 +0000
commite4c17a210631e7961d5574174128bd5dbc8ce192 (patch)
tree82dea5094b06ecac5e03364150f3f5ac364d9473
parent9ea96950f33f9e87c1c035eed375b56b44d37289 (diff)
downloadrt.equinox.p2-e4c17a210631e7961d5574174128bd5dbc8ce192.tar.gz
rt.equinox.p2-e4c17a210631e7961d5574174128bd5dbc8ce192.tar.xz
rt.equinox.p2-e4c17a210631e7961d5574174128bd5dbc8ce192.zip
Bug 578161 - The CertificateChecker uses the wrong profile
Provide support to be able to set the profile used by the CertificateChecker, much like it supports adding the artifacts descriptor to add. Use this in the CheckTrust phase so that the CertificateChecker operates on the profile being provisioned. Modify downstream uses of the CertificateChecker to set the appropriate profile for that usage context. Change-Id: Ie2da8e1b137f8540ce40f8dd737ffc938a47194d Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/189475 Tested-by: Equinox Bot <equinox-bot@eclipse.org> Tested-by: Ed Merks <ed.merks@gmail.com> Reviewed-by: Ed Merks <ed.merks@gmail.com> Reviewed-by: Mickael Istria <mistria@redhat.com>
-rw-r--r--bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java46
-rw-r--r--bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java1
-rw-r--r--bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java5
-rw-r--r--bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF2
-rw-r--r--bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml2
-rw-r--r--bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java7
6 files changed, 40 insertions, 23 deletions
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
index 09a0686ab..92aee7199 100644
--- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
+++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
@@ -29,7 +29,8 @@ import org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPSignatureVerif
import org.eclipse.equinox.internal.p2.engine.*;
import org.eclipse.equinox.p2.core.*;
import org.eclipse.equinox.p2.core.UIServices.TrustInfo;
-import org.eclipse.equinox.p2.engine.*;
+import org.eclipse.equinox.p2.engine.IProfile;
+import org.eclipse.equinox.p2.engine.ProfileScope;
import org.eclipse.equinox.p2.repository.artifact.IArtifactDescriptor;
import org.eclipse.osgi.service.security.TrustEngine;
import org.eclipse.osgi.signedcontent.*;
@@ -49,6 +50,11 @@ public class CertificateChecker {
public static final String TRUSTED_KEY_STORE_PROPERTY = "pgp.trustedPublicKeys"; //$NON-NLS-1$
+ /***
+ * Store the optional profile for PGP key handling
+ */
+ private IProfile profile;
+
/**
* Stores artifacts to check
*/
@@ -302,21 +308,21 @@ public class CertificateChecker {
}
+ public void setProfile(IProfile profile) {
+ this.profile = profile;
+ }
+
public void add(Map<IArtifactDescriptor, File> toAdd) {
artifacts.putAll(toAdd);
}
public PGPPublicKeyStore buildPGPTrustore() {
PGPPublicKeyStore trustStore = new PGPPublicKeyStore();
- // load from profile properties
- if (agent != null && agent.getService(IAgentLocation.SERVICE_NAME) != null) {
- IProfile profile = agent.getService(IProfileRegistry.class).getProfile(IProfileRegistry.SELF);
- if (profile != null) {
- trustStore.addKeys(profile.getProperty(TRUSTED_KEY_STORE_PROPERTY));
- ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class),
- profile.getProfileId());
- trustStore.addKeys(profileScope.getNode(EngineActivator.ID).get(TRUSTED_KEY_STORE_PROPERTY, null));
- }
+ if (profile != null) {
+ trustStore.addKeys(profile.getProperty(TRUSTED_KEY_STORE_PROPERTY));
+ ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class),
+ profile.getProfileId());
+ trustStore.addKeys(profileScope.getNode(EngineActivator.ID).get(TRUSTED_KEY_STORE_PROPERTY, null));
}
// load from bundles providing capability
for (IConfigurationElement extension : RegistryFactory.getRegistry()
@@ -372,16 +378,18 @@ public class CertificateChecker {
}
public IStatus persistTrustedKeys(PGPPublicKeyStore trustStore) {
- IProfile profile = agent.getService(IProfileRegistry.class).getProfile(IProfileRegistry.SELF);
- ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class), profile.getProfileId());
- IEclipsePreferences node = profileScope.getNode(EngineActivator.ID);
- try {
- node.put(TRUSTED_KEY_STORE_PROPERTY, trustStore.toArmoredString());
- node.flush();
- return Status.OK_STATUS;
- } catch (IOException | BackingStoreException ex) {
- return new Status(IStatus.ERROR, EngineActivator.ID, ex.getMessage(), ex);
+ if (profile != null) {
+ ProfileScope profileScope = new ProfileScope(agent.getService(IAgentLocation.class),
+ profile.getProfileId());
+ IEclipsePreferences node = profileScope.getNode(EngineActivator.ID);
+ try {
+ node.put(TRUSTED_KEY_STORE_PROPERTY, trustStore.toArmoredString());
+ node.flush();
+ } catch (IOException | BackingStoreException ex) {
+ return new Status(IStatus.ERROR, EngineActivator.ID, ex.getMessage(), ex);
+ }
}
+ return Status.OK_STATUS;
}
}
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java
index e885ad1f6..5b81e7ba3 100644
--- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java
+++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CheckTrust.java
@@ -60,6 +60,7 @@ public class CheckTrust extends InstallableUnitPhase {
// Instantiate a check trust manager
CertificateChecker certificateChecker = new CertificateChecker(agent);
certificateChecker.add(artifactRequests);
+ certificateChecker.setProfile(profile);
return certificateChecker.start();
}
diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java
index c251e5cec..346d6eea2 100644
--- a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java
+++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java
@@ -28,6 +28,7 @@ import org.eclipse.equinox.internal.p2.metadata.ArtifactKey;
import org.eclipse.equinox.p2.core.IAgentLocation;
import org.eclipse.equinox.p2.core.ProvisionException;
import org.eclipse.equinox.p2.core.UIServices;
+import org.eclipse.equinox.p2.engine.IProfile;
import org.eclipse.equinox.p2.engine.IProfileRegistry;
import org.eclipse.equinox.p2.metadata.Version;
import org.eclipse.equinox.p2.repository.artifact.spi.ArtifactDescriptor;
@@ -276,7 +277,7 @@ public class CertificateCheckerTest extends AbstractProvisioningTest {
Files.createTempDirectory(
CertificateCheckerTest.class.getName() + "testPGPSignedArtifactTrustedKey-profile")
.toUri()));
- testAgent.getService(IProfileRegistry.class).addProfile(IProfileRegistry.SELF,
+ IProfile profile = testAgent.getService(IProfileRegistry.class).addProfile(IProfileRegistry.SELF,
Map.of(CertificateChecker.TRUSTED_KEY_STORE_PROPERTY, PGP_SIGNER1_PUBLIC_KEY));
unsigned = TestData.getFile("pgp/repoPGPOK/plugins", "blah_1.0.0.123456.jar");
ArtifactDescriptor artifactDescriptor = new ArtifactDescriptor(
@@ -284,6 +285,8 @@ public class CertificateCheckerTest extends AbstractProvisioningTest {
artifactDescriptor.addProperties(
Map.of(PGPSignatureVerifier.PGP_SIGNATURES_PROPERTY_NAME, PGP_SIGNER1_SIGNATURE));
checker.add(Map.of(artifactDescriptor, unsigned));
+ checker.setProfile(profile);
+
System.getProperties().setProperty(EngineActivator.PROP_UNSIGNED_POLICY, EngineActivator.UNSIGNED_PROMPT);
IStatus result = checker.start();
assertTrue(result.isOK());
diff --git a/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF
index 988cfdd1b..35df9354d 100644
--- a/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.equinox.p2.ui.sdk/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@ Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: %bundleName
Bundle-SymbolicName: org.eclipse.equinox.p2.ui.sdk;singleton:=true
-Bundle-Version: 1.2.3.qualifier
+Bundle-Version: 1.2.4.qualifier
Bundle-Activator: org.eclipse.equinox.internal.p2.ui.sdk.ProvSDKUIActivator
Bundle-Vendor: %providerName
Bundle-Localization: plugin
diff --git a/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml b/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml
index 32f6d437e..79dad4d2b 100644
--- a/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml
+++ b/bundles/org.eclipse.equinox.p2.ui.sdk/pom.xml
@@ -9,6 +9,6 @@
</parent>
<groupId>org.eclipse.equinox</groupId>
<artifactId>org.eclipse.equinox.p2.ui.sdk</artifactId>
- <version>1.2.3-SNAPSHOT</version>
+ <version>1.2.4-SNAPSHOT</version>
<packaging>eclipse-plugin</packaging>
</project>
diff --git a/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java b/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java
index 417ba2d68..f875fd6dc 100644
--- a/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java
+++ b/bundles/org.eclipse.equinox.p2.ui.sdk/src/org/eclipse/equinox/internal/p2/ui/sdk/TrustPreferencePage.java
@@ -20,6 +20,8 @@ import org.eclipse.core.runtime.Status;
import org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPPublicKeyStore;
import org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker;
import org.eclipse.equinox.internal.p2.ui.ProvUIActivator;
+import org.eclipse.equinox.p2.core.IProvisioningAgent;
+import org.eclipse.equinox.p2.engine.IProfileRegistry;
import org.eclipse.jface.dialogs.IDialogConstants;
import org.eclipse.jface.preference.PreferencePage;
import org.eclipse.jface.viewers.*;
@@ -81,7 +83,10 @@ public class TrustPreferencePage extends PreferencePage implements IWorkbenchPre
userColumn.getColumn().setWidth(400);
userColumn.getColumn().setText(ProvSDKMessages.TrustPreferencePage_userColumn);
viewer.getControl().setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, true));
- certificateChecker = new CertificateChecker(ProvSDKUIActivator.getDefault().getProvisioningAgent());
+ IProvisioningAgent provisioningAgent = ProvSDKUIActivator.getDefault().getProvisioningAgent();
+ certificateChecker = new CertificateChecker(provisioningAgent);
+ certificateChecker
+ .setProfile(provisioningAgent.getService(IProfileRegistry.class).getProfile(IProfileRegistry.SELF));
trustedKeys = certificateChecker.buildPGPTrustore();
viewer.setInput(trustedKeys.all());
Composite buttonComposite = createVerticalButtonBar(res);

Back to the top