diff options
Diffstat (limited to 'bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java')
-rw-r--r-- | bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java index 0f2569b87..9c8caf9f9 100644 --- a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java +++ b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/pgp/PGPSignatureVerifier.java @@ -22,6 +22,7 @@ import org.eclipse.equinox.internal.p2.artifact.repository.Activator; import org.eclipse.equinox.internal.provisional.p2.artifact.repository.processing.ProcessingStep; import org.eclipse.equinox.p2.core.IProvisioningAgent; import org.eclipse.equinox.p2.repository.artifact.*; +import org.eclipse.osgi.util.NLS; /** * This processing step verifies PGP signatures are correct (ie artifact was not @@ -125,21 +126,19 @@ public final class PGPSignatureVerifier extends ProcessingStep { IArtifactDescriptor context) { super.initialize(agent, descriptor, context); // 1. verify declared public keys have signature from a trusted key, if so, add to KeyStore -// 2. verify artifact signature matches signature of given keys, and at least 1 of this key is trusted +// 2. verify artifact signature matches signture of given keys, and at least 1 of this key is trusted String signatureText = unnormalizedPGPProperty(context.getProperty(PGP_SIGNATURES_PROPERTY_NAME)); if (signatureText == null) { setStatus(Status.OK_STATUS); return; } - - Collection<PGPSignature> signatures; try { - signatures = getSignatures(context); + signaturesToVerify = getSignatures(context); } catch (Exception ex) { setStatus(new Status(IStatus.ERROR, Activator.ID, Messages.Error_CouldNotLoadSignature, ex)); return; } - if (signatures.isEmpty()) { + if (signaturesToVerify.isEmpty()) { setStatus(Status.OK_STATUS); return; } @@ -147,21 +146,18 @@ public final class PGPSignatureVerifier extends ProcessingStep { IArtifactRepository repository = context.getRepository(); KNOWN_KEYS.addKeys(context.getProperty(PGP_SIGNER_KEYS_PROPERTY_NAME), repository != null ? repository.getProperty(PGP_SIGNER_KEYS_PROPERTY_NAME) : null); - for (PGPSignature signature : signatures) { + for (PGPSignature signature : signaturesToVerify) { PGPPublicKey publicKey = KNOWN_KEYS.getKey(signature.getKeyID()); - if (publicKey != null) { - // Signatures without known a corresponding key will be treated like unsigned - // content. - try { - if (signaturesToVerify == null) { - signaturesToVerify = new ArrayList<>(); - } - signature.init(new BcPGPContentVerifierBuilderProvider(), publicKey); - signaturesToVerify.add(signature); - } catch (PGPException ex) { - setStatus(new Status(IStatus.ERROR, Activator.ID, ex.getMessage(), ex)); - return; - } + if (publicKey == null) { + setStatus(new Status(IStatus.ERROR, Activator.ID, + NLS.bind(Messages.Error_publicKeyNotFound, Long.toHexString(signature.getKeyID())))); + return; + } + try { + signature.init(new BcPGPContentVerifierBuilderProvider(), publicKey); + } catch (PGPException ex) { + setStatus(new Status(IStatus.ERROR, Activator.ID, ex.getMessage(), ex)); + return; } } } |