Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-01-05 23:29:53 +01:00
Code Issues Packages Projects Releases Activity

resolve review findings

Browse Source
This commit is contained in:
Konstantin Schaper
2020-08-11 13:28:16 +02:00
parent 742c58a282
commit 0601770262
34 changed files with 1108 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scm-core/src/main/java/sonia/scm/repository/SignatureStatus.java
View File

@@ -24,6 +24,9 @@
package sonia.scm.repository;
/**
* @since 2.4.0
*/
public enum SignatureStatus {
VERIFIED, NOT_FOUND, INVALID;
}

4
scm-core/src/main/java/sonia/scm/repository/api/MergeCommandBuilder.java
View File

@@ -138,12 +138,12 @@ public class MergeCommandBuilder {
}
/**
* Disables adding a verifiable signature to the merge.
* Disables adding a verifiable signature to the merge commit.
* @return This builder instance.
* @since 2.4.0
*/
public MergeCommandBuilder disableSigning() {
request.setSigningDisabled(true);
request.setSign(false);
return this;
}

4
scm-core/src/main/java/sonia/scm/repository/api/ModifyCommandBuilder.java
View File

@@ -165,12 +165,12 @@ public class ModifyCommandBuilder {
}
/**
* Disables adding a verifiable signature to the modification.
* Disables adding a verifiable signature to the modification commit.
* @return This builder instance.
* @since 2.4.0
*/
public ModifyCommandBuilder disableSigning() {
request.setSigningDisabled(true);
request.setSign(false);
return this;
}

16
scm-core/src/main/java/sonia/scm/repository/spi/MergeCommandRequest.java
View File

@@ -43,7 +43,7 @@ public class MergeCommandRequest implements Validateable, Resetable, Serializabl
private Person author;
private String messageTemplate;
private MergeStrategy mergeStrategy;
private boolean signingDisabled;
private boolean sign = true;
public String getBranchToMerge() {
return branchToMerge;
@@ -85,12 +85,12 @@ public class MergeCommandRequest implements Validateable, Resetable, Serializabl
this.mergeStrategy = mergeStrategy;
}
public boolean isSigningDisabled() {
return signingDisabled;
public boolean isSign() {
return sign;
}
public void setSigningDisabled(boolean signingDisabled) {
this.signingDisabled = signingDisabled;
public void setSign(boolean sign) {
this.sign = sign;
}
public boolean isValid() {
@@ -101,7 +101,7 @@ public class MergeCommandRequest implements Validateable, Resetable, Serializabl
public void reset() {
this.setBranchToMerge(null);
this.setTargetBranch(null);
this.setSigningDisabled(false);
this.setSign(false);
}
@Override
@@ -120,7 +120,7 @@ public class MergeCommandRequest implements Validateable, Resetable, Serializabl
&& Objects.equal(targetBranch, other.targetBranch)
&& Objects.equal(author, other.author)
&& Objects.equal(mergeStrategy, other.mergeStrategy)
&& Objects.equal(signingDisabled, other.signingDisabled);
&& Objects.equal(sign, other.sign);
}
@Override
@@ -135,7 +135,7 @@ public class MergeCommandRequest implements Validateable, Resetable, Serializabl
.add("targetBranch", targetBranch)
.add("author", author)
.add("mergeStrategy", mergeStrategy)
.add("signatureDisabled", signingDisabled)
.add("signatureDisabled", sign)
.toString();
}
}

12
scm-core/src/main/java/sonia/scm/repository/spi/ModifyCommandRequest.java
View File

@@ -49,7 +49,7 @@ public class ModifyCommandRequest implements Resetable, Validateable, CommandWit
private String branch;
private String expectedRevision;
private boolean defaultPath;
private boolean signingDisabled;
private boolean sign = true;
@Override
public void reset() {
@@ -58,7 +58,7 @@ public class ModifyCommandRequest implements Resetable, Validateable, CommandWit
commitMessage = null;
branch = null;
defaultPath = false;
signingDisabled = false;
sign = false;
}
public void addRequest(PartialRequest request) {
@@ -77,8 +77,8 @@ public class ModifyCommandRequest implements Resetable, Validateable, CommandWit
this.branch = branch;
}
public void setSigningDisabled(boolean signingDisabled) {
this.signingDisabled = signingDisabled;
public void setSign(boolean sign) {
this.sign = sign;
}
public List<PartialRequest> getRequests() {
@@ -118,8 +118,8 @@ public class ModifyCommandRequest implements Resetable, Validateable, CommandWit
this.defaultPath = defaultPath;
}
public boolean isSigningDisabled() {
return signingDisabled;
public boolean isSign() {
return sign;
}
public interface PartialRequest {

11
scm-core/src/main/java/sonia/scm/security/PublicKeyCreatedEvent.java
View File

@@ -31,5 +31,14 @@ import sonia.scm.event.Event;
* @since 2.4.0
*/
@Event
public class PublicKeyCreatedEvent {
public final class PublicKeyCreatedEvent {
private final PublicKey key;
public PublicKeyCreatedEvent(PublicKey key) {
this.key = key;
}
public PublicKey getKey() {
return key;
}
}

11
scm-core/src/main/java/sonia/scm/security/PublicKeyDeletedEvent.java
View File

@@ -31,5 +31,14 @@ import sonia.scm.event.Event;
* @since 2.4.0
*/
@Event
public class PublicKeyDeletedEvent {
public final class PublicKeyDeletedEvent {
private final PublicKey key;
public PublicKeyDeletedEvent(PublicKey key) {
this.key = key;
}
public PublicKey getKey() {
return key;
}
}

6
scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/AbstractGitCommand.java
View File

@@ -219,7 +219,7 @@ class AbstractGitCommand {
}
}
Optional<RevCommit> doCommit(String message, Person author, boolean signingDisabled) {
Optional<RevCommit> doCommit(String message, Person author, boolean sign) {
Person authorToUse = determineAuthor(author);
try {
Status status = clone.status().call();
@@ -228,8 +228,8 @@ class AbstractGitCommand {
.setAuthor(authorToUse.getName(), authorToUse.getMail())
.setCommitter("SCM-Manager", "noreply@scm-manager.org")
.setMessage(message)
.setSign(!signingDisabled)
.setSigningKey(signingDisabled ? null : "SCM-MANAGER-DEFAULT-KEY")
.setSign(sign)
.setSigningKey(sign ? "SCM-MANAGER-DEFAULT-KEY" : null)
.call());
} else {
return empty();

6
scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitMergeStrategy.java
View File

@@ -56,7 +56,7 @@ abstract class GitMergeStrategy extends AbstractGitCommand.GitCloneWorker<MergeC
private final ObjectId revisionToMerge;
private final Person author;
private final String messageTemplate;
private final boolean signingDisabled;
private final boolean sign;
GitMergeStrategy(Git clone, MergeCommandRequest request, GitContext context, sonia.scm.repository.Repository repository) {
super(clone, context, repository);
@@ -64,7 +64,7 @@ abstract class GitMergeStrategy extends AbstractGitCommand.GitCloneWorker<MergeC
this.branchToMerge = request.getBranchToMerge();
this.author = request.getAuthor();
this.messageTemplate = request.getMessageTemplate();
this.signingDisabled = request.isSigningDisabled();
this.sign = request.isSign();
try {
this.targetRevision = resolveRevision(request.getTargetBranch());
this.revisionToMerge = resolveRevision(request.getBranchToMerge());
@@ -90,7 +90,7 @@ abstract class GitMergeStrategy extends AbstractGitCommand.GitCloneWorker<MergeC
Optional<RevCommit> doCommit() {
logger.debug("merged branch {} into {}", branchToMerge, targetBranch);
return doCommit(MessageFormat.format(determineMessageTemplate(), branchToMerge, targetBranch), author, signingDisabled);
return doCommit(MessageFormat.format(determineMessageTemplate(), branchToMerge, targetBranch), author, sign);
}
MergeCommandResult createSuccessResult(String newRevision) {

3
scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitModifyCommand.java
View File

@@ -38,7 +38,6 @@ import sonia.scm.repository.GitRepositoryHandler;
import sonia.scm.repository.GitWorkingCopyFactory;
import sonia.scm.repository.InternalRepositoryException;
import sonia.scm.repository.Repository;
import sonia.scm.security.GPG;
import sonia.scm.web.lfs.LfsBlobStoreFactory;
import javax.inject.Inject;
@@ -94,7 +93,7 @@ public class GitModifyCommand extends AbstractGitCommand implements ModifyComman
r.execute(this);
}
failIfNotChanged(() -> new NoChangesMadeException(repository, ModifyWorker.this.request.getBranch()));
Optional<RevCommit> revCommit = doCommit(request.getCommitMessage(), request.getAuthor(), request.isSigningDisabled());
Optional<RevCommit> revCommit = doCommit(request.getCommitMessage(), request.getAuthor(), request.isSign());
push();
return revCommit.orElseThrow(() -> new NoChangesMadeException(repository, ModifyWorker.this.request.getBranch())).name();
}

26
scm-plugins/scm-git-plugin/src/test/java/sonia/scm/repository/GitTestHelper.java
View File

@@ -24,13 +24,18 @@
package sonia.scm.repository;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.GpgSigner;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.transport.CredentialsProvider;
import sonia.scm.security.GPG;
import sonia.scm.security.PrivateKey;
import sonia.scm.security.PublicKey;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
public final class GitTestHelper {
@@ -41,6 +46,25 @@ public final class GitTestHelper {
return new GitChangesetConverterFactory(new NoopGPG());
}
public static class SimpleGpgSigner extends GpgSigner {
public static byte[] getSignature() {
return "SIGNATURE".getBytes();
}
@Override
public void sign(CommitBuilder commitBuilder, String s, PersonIdent personIdent, CredentialsProvider
credentialsProvider) throws CanceledException {
commitBuilder.setGpgSignature(new GpgSignature(SimpleGpgSigner.getSignature()));
}
@Override
public boolean canLocateSigningKey(String s, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
return true;
}
}
private static class NoopGPG implements GPG {
@Override

54
scm-plugins/scm-git-plugin/src/test/java/sonia/scm/repository/spi/GitMergeCommandTest.java
View File

@@ -29,17 +29,24 @@ import com.github.sdorra.shiro.SubjectAware;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.eclipse.jgit.api.Git;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.api.errors.GitAPIException;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.GpgSigner;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.jupiter.api.Assertions;
import sonia.scm.NoChangesMadeException;
import sonia.scm.NotFoundException;
import sonia.scm.repository.Added;
import sonia.scm.repository.GitTestHelper;
import sonia.scm.repository.GitWorkingCopyFactory;
import sonia.scm.repository.Person;
import sonia.scm.repository.api.MergeCommandResult;
@@ -68,6 +75,11 @@ public class GitMergeCommandTest extends AbstractGitCommandTestBase {
@Rule
public BindTransportProtocolRule transportProtocolRule = new BindTransportProtocolRule();
@BeforeClass
public static void setSigner() {
GpgSigner.setDefault(new GitTestHelper.SimpleGpgSigner());
}
@Test
public void shouldDetectMergeableBranches() {
GitMergeCommand command = createCommand();
@@ -419,6 +431,48 @@ public class GitMergeCommandTest extends AbstractGitCommandTestBase {
command.dryRun(request);
}
@Test
public void shouldSignMergeCommit() throws IOException, GitAPIException {
GitMergeCommand command = createCommand();
MergeCommandRequest request = new MergeCommandRequest();
request.setTargetBranch("master");
request.setBranchToMerge("empty_merge");
request.setMergeStrategy(MergeStrategy.MERGE_COMMIT);
request.setAuthor(new Person("Dirk Gently", "dirk@holistic.det"));
MergeCommandResult mergeCommandResult = command.merge(request);
assertThat(mergeCommandResult.isSuccess()).isTrue();
Repository repository = createContext().open();
Iterable<RevCommit> commits = new Git(repository).log().add(repository.resolve("master")).setMaxCount(1).call();
RevCommit mergeCommit = commits.iterator().next();
assertThat(mergeCommit.getRawGpgSignature()).isNotEmpty();
assertThat(mergeCommit.getRawGpgSignature()).isEqualTo(GitTestHelper.SimpleGpgSigner.getSignature());
}
@Test
public void shouldNotSignMergeCommitIfSigningIsDisabled() throws IOException, GitAPIException {
GitMergeCommand command = createCommand();
MergeCommandRequest request = new MergeCommandRequest();
request.setTargetBranch("master");
request.setBranchToMerge("empty_merge");
request.setMergeStrategy(MergeStrategy.MERGE_COMMIT);
request.setAuthor(new Person("Dirk Gently", "dirk@holistic.det"));
request.setSign(false);
MergeCommandResult mergeCommandResult = command.merge(request);
assertThat(mergeCommandResult.isSuccess()).isTrue();
Repository repository = createContext().open();
Iterable<RevCommit> commits = new Git(repository).log().add(repository.resolve("master")).setMaxCount(1).call();
RevCommit mergeCommit = commits.iterator().next();
assertThat(mergeCommit.getRawGpgSignature()).isNullOrEmpty();
}
private GitMergeCommand createCommand() {
return createCommand(git -> {
});

57
scm-plugins/scm-git-plugin/src/test/java/sonia/scm/repository/spi/GitModifyCommandTest.java
View File

@@ -27,23 +27,33 @@ package sonia.scm.repository.spi;
import com.github.sdorra.shiro.ShiroRule;
import com.github.sdorra.shiro.SubjectAware;
import org.eclipse.jgit.api.Git;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.api.errors.GitAPIException;
import org.eclipse.jgit.errors.CorruptObjectException;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.GpgSigner;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectReader;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.treewalk.CanonicalTreeParser;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.jupiter.api.BeforeEach;
import org.junit.rules.TemporaryFolder;
import sonia.scm.AlreadyExistsException;
import sonia.scm.BadRequestException;
import sonia.scm.ConcurrentModificationException;
import sonia.scm.NotFoundException;
import sonia.scm.repository.GitTestHelper;
import sonia.scm.repository.Person;
import sonia.scm.repository.work.NoneCachingWorkingCopyPool;
import sonia.scm.repository.work.WorkdirProvider;
import sonia.scm.security.PublicKey;
import sonia.scm.web.lfs.LfsBlobStoreFactory;
import java.io.File;
@@ -65,6 +75,11 @@ public class GitModifyCommandTest extends AbstractGitCommandTestBase {
private final LfsBlobStoreFactory lfsBlobStoreFactory = mock(LfsBlobStoreFactory.class);
@BeforeClass
public static void setSigner() {
GpgSigner.setDefault(new GitTestHelper.SimpleGpgSigner());
}
@Test
public void shouldCreateCommit() throws IOException, GitAPIException {
File newFile = Files.write(temporaryFolder.newFile().toPath(), "new content".getBytes()).toFile();
@@ -306,6 +321,48 @@ public class GitModifyCommandTest extends AbstractGitCommandTestBase {
command.execute(request);
}
@Test
public void shouldSignCreatedCommit() throws IOException, GitAPIException {
File newFile = Files.write(temporaryFolder.newFile().toPath(), "new content".getBytes()).toFile();
GitModifyCommand command = createCommand();
ModifyCommandRequest request = new ModifyCommandRequest();
request.setCommitMessage("test commit");
request.addRequest(new ModifyCommandRequest.CreateFileRequest("new_file", newFile, false));
request.setAuthor(new Person("Dirk Gently", "dirk@holistic.det"));
command.execute(request);
try (Git git = new Git(createContext().open())) {
RevCommit lastCommit = getLastCommit(git);
assertThat(lastCommit.getRawGpgSignature()).isNotEmpty();
assertThat(lastCommit.getRawGpgSignature()).isEqualTo(GitTestHelper.SimpleGpgSigner.getSignature());
}
}
@Test
public void shouldNotSignCreatedCommitIfSigningDisabled() throws IOException, GitAPIException {
File newFile = Files.write(temporaryFolder.newFile().toPath(), "new content".getBytes()).toFile();
GitModifyCommand command = createCommand();
ModifyCommandRequest request = new ModifyCommandRequest();
request.setCommitMessage("test commit");
request.setSign(false);
request.addRequest(new ModifyCommandRequest.CreateFileRequest("new_file", newFile, false));
request.setAuthor(new Person("Dirk Gently", "dirk@holistic.det"));
command.execute(request);
try (Git git = new Git(createContext().open())) {
RevCommit lastCommit = getLastCommit(git);
assertThat(lastCommit.getRawGpgSignature()).isNullOrEmpty();
}
}
private void assertInTree(TreeAssertions assertions) throws IOException, GitAPIException {
try (Git git = new Git(createContext().open())) {
RevCommit lastCommit = getLastCommit(git);

375
scm-ui/ui-components/src/__snapshots__/storyshots.test.ts.snap
View File

@@ -2939,6 +2939,381 @@ exports[`Storyshots Changesets With multiple Co-Authors 1`] = `
</div>
`;
exports[`Storyshots Changesets With multiple signatures and invalid status 1`] = `
<div
className="Changesetsstories__Wrapper-sc-122npan-0 gDnzNS box box-link-shadow"
>
<div
className="ChangesetRow__Wrapper-tkpti5-0 bRWdJS"
>
<div
className="columns is-gapless is-mobile"
>
<div
className="column is-three-fifths"
>
<div
className="columns is-gapless"
>
<div
className="column is-four-fifths"
>
<div
className="media"
>
<div
className="ChangesetRow__Metadata-tkpti5-3 dfKqLe media-right"
>
<h4
className="has-text-weight-bold is-ellipsis-overflow"
>
initialize repository
</h4>
<p
className="is-hidden-touch"
/>
<p
className="is-hidden-desktop"
/>
<div
className="ChangesetRow__FlexRow-tkpti5-7 fTLhSo"
>
<p
className="ChangesetRow__AuthorWrapper-tkpti5-4 kDAubY is-size-7 is-ellipsis-overflow"
>
changeset.contributors.authoredBy
<a
href="mailto:scm-admin@scm-manager.org"
title="changeset.contributors.mailto scm-admin@scm-manager.org"
>
SCM Administrator
</a>
</p>
<div
onMouseLeave={[Function]}
onMouseOver={[Function]}
>
<i
className="fas fa-key has-text-danger SignatureIcon__StyledIcon-sc-1mwf1m5-0 cgFYhq mx-2 pt-1"
/>
</div>
</div>
</div>
</div>
</div>
<div
className="ChangesetRow__VCenteredColumn-tkpti5-5 jtvbjX column"
/>
</div>
</div>
<div
className="ChangesetRow__VCenteredChildColumn-tkpti5-6 cciHUW column is-flex"
>
<div
className="ButtonAddons__Flex-sc-182golj-0 jSuMVB field has-addons is-marginless"
>
<p
className="control"
>
<button
className="button is-default is-reduced-mobile"
onClick={[Function]}
type="button"
>
<span
className="icon is-medium"
>
<i
className="fas fa-exchange-alt has-text-inherit"
/>
</span>
<span>
changeset.buttons.details
</span>
</button>
</p>
<p
className="control"
>
<button
className="button is-default is-reduced-mobile"
onClick={[Function]}
type="button"
>
<span
className="icon is-medium"
>
<i
className="fas fa-code has-text-inherit"
/>
</span>
<span>
changeset.buttons.sources
</span>
</button>
</p>
</div>
</div>
</div>
</div>
</div>
`;
exports[`Storyshots Changesets With multiple signatures and not found status 1`] = `
<div
className="Changesetsstories__Wrapper-sc-122npan-0 gDnzNS box box-link-shadow"
>
<div
className="ChangesetRow__Wrapper-tkpti5-0 bRWdJS"
>
<div
className="columns is-gapless is-mobile"
>
<div
className="column is-three-fifths"
>
<div
className="columns is-gapless"
>
<div
className="column is-four-fifths"
>
<div
className="media"
>
<div
className="ChangesetRow__Metadata-tkpti5-3 dfKqLe media-right"
>
<h4
className="has-text-weight-bold is-ellipsis-overflow"
>
initialize repository
</h4>
<p
className="is-hidden-touch"
/>
<p
className="is-hidden-desktop"
/>
<div
className="ChangesetRow__FlexRow-tkpti5-7 fTLhSo"
>
<p
className="ChangesetRow__AuthorWrapper-tkpti5-4 kDAubY is-size-7 is-ellipsis-overflow"
>
changeset.contributors.authoredBy
<a
href="mailto:scm-admin@scm-manager.org"
title="changeset.contributors.mailto scm-admin@scm-manager.org"
>
SCM Administrator
</a>
</p>
<div
onMouseLeave={[Function]}
onMouseOver={[Function]}
>
<i
className="fas fa-key has-text-grey-light SignatureIcon__StyledIcon-sc-1mwf1m5-0 cgFYhq mx-2 pt-1"
/>
</div>
</div>
</div>
</div>
</div>
<div
className="ChangesetRow__VCenteredColumn-tkpti5-5 jtvbjX column"
/>
</div>
</div>
<div
className="ChangesetRow__VCenteredChildColumn-tkpti5-6 cciHUW column is-flex"
>
<div
className="ButtonAddons__Flex-sc-182golj-0 jSuMVB field has-addons is-marginless"
>
<p
className="control"
>
<button
className="button is-default is-reduced-mobile"
onClick={[Function]}
type="button"
>
<span
className="icon is-medium"
>
<i
className="fas fa-exchange-alt has-text-inherit"
/>
</span>
<span>
changeset.buttons.details
</span>
</button>
</p>
<p
className="control"
>
<button
className="button is-default is-reduced-mobile"
onClick={[Function]}
type="button"
>
<span
className="icon is-medium"
>
<i
className="fas fa-code has-text-inherit"
/>
</span>
<span>
changeset.buttons.sources
</span>
</button>
</p>
</div>
</div>
</div>
</div>
</div>
`;
exports[`Storyshots Changesets With multiple signatures and valid status 1`] = `
<div
className="Changesetsstories__Wrapper-sc-122npan-0 gDnzNS box box-link-shadow"
>
<div
className="ChangesetRow__Wrapper-tkpti5-0 bRWdJS"
>
<div
className="columns is-gapless is-mobile"
>
<div
className="column is-three-fifths"
>
<div
className="columns is-gapless"
>
<div
className="column is-four-fifths"
>
<div
className="media"
>
<div
className="ChangesetRow__Metadata-tkpti5-3 dfKqLe media-right"
>
<h4
className="has-text-weight-bold is-ellipsis-overflow"
>
initialize repository
</h4>
<p
className="is-hidden-touch"
/>
<p
className="is-hidden-desktop"
/>
<div
className="ChangesetRow__FlexRow-tkpti5-7 fTLhSo"
>
<p
className="ChangesetRow__AuthorWrapper-tkpti5-4 kDAubY is-size-7 is-ellipsis-overflow"
>
changeset.contributors.authoredBy
<a
href="mailto:scm-admin@scm-manager.org"
title="changeset.contributors.mailto scm-admin@scm-manager.org"
>
SCM Administrator
</a>
</p>
<div
onMouseLeave={[Function]}
onMouseOver={[Function]}
>
<i
className="fas fa-key has-text-success SignatureIcon__StyledIcon-sc-1mwf1m5-0 cgFYhq mx-2 pt-1"
/>
</div>
</div>
</div>
</div>
</div>
<div
className="ChangesetRow__VCenteredColumn-tkpti5-5 jtvbjX column"
/>
</div>
</div>
<div
className="ChangesetRow__VCenteredChildColumn-tkpti5-6 cciHUW column is-flex"
>
<div
className="ButtonAddons__Flex-sc-182golj-0 jSuMVB field has-addons is-marginless"
>
<p
className="control"
>
<button
className="button is-default is-reduced-mobile"
onClick={[Function]}
type="button"
>
<span
className="icon is-medium"
>
<i
className="fas fa-exchange-alt has-text-inherit"
/>
</span>
<span>
changeset.buttons.details
</span>
</button>
</p>
<p
className="control"
>
<button
className="button is-default is-reduced-mobile"
onClick={[Function]}
type="button"
>
<span
className="icon is-medium"
>
<i
className="fas fa-code has-text-inherit"
/>
</span>
<span>
changeset.buttons.sources
</span>
</button>
</p>
</div>
</div>
</div>
</div>
</div>
`;
exports[`Storyshots Changesets With unknown signature 1`] = `
<div
className="Changesetsstories__Wrapper-sc-122npan-0 gDnzNS box box-link-shadow"

87
scm-ui/ui-components/src/repos/changesets/Changesets.stories.tsx
View File

@@ -134,4 +134,91 @@ storiesOf("Changesets", module)
}]
}];
return <ChangesetRow repository={repository} changeset={changeset} />;
})
.add("With multiple signatures and invalid status", () => {
const changeset = copy(three);
changeset.signatures = [{
keyId: "0x912389FJIQW8W223",
type: "gpg",
status: "INVALID",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}, {
keyId: "0x247E908C6FD35473",
type: "gpg",
status: "VERIFIED",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}, {
keyId: "0x9123891239VFIA33",
type: "gpg",
status: "NOT_FOUND",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}];
return <ChangesetRow repository={repository} changeset={changeset} />;
})
.add("With multiple signatures and valid status", () => {
const changeset = copy(three);
changeset.signatures = [{
keyId: "0x912389FJIQW8W223",
type: "gpg",
status: "NOT_FOUND",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}, {
keyId: "0x247E908C6FD35473",
type: "gpg",
status: "VERIFIED",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}, {
keyId: "0x9123891239VFIA33",
type: "gpg",
status: "NOT_FOUND",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}];
return <ChangesetRow repository={repository} changeset={changeset} />;
})
.add("With multiple signatures and not found status", () => {
const changeset = copy(three);
changeset.signatures = [{
keyId: "0x912389FJIQW8W223",
type: "gpg",
status: "NOT_FOUND",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}, {
keyId: "0x9123891239VFIA33",
type: "gpg",
status: "NOT_FOUND",
owner: "trillian",
contacts: [{
name: "Tricia Marie McMilla",
mail: "trillian@hitchhiker.com"
}]
}];
return <ChangesetRow repository={repository} changeset={changeset} />;
});

33
scm-ui/ui-components/src/repos/changesets/SignatureIcon.tsx
View File

@@ -56,6 +56,18 @@ const SignatureIcon: FC<Props> = ({signatures, className}) => {
return null;
}
const getColor = (signatures: Signature[]) => {
const invalid = signatures.some(sig => sig.status === "INVALID");
if (invalid) {
return "danger";
}
const verified = signatures.some(sig => sig.status === "VERIFIED");
if (verified) {
return "success";
}
return undefined;
};
const createSignatureBlock = (signature: Signature) => {
let status;
if (signature.status === "VERIFIED") {
@@ -78,37 +90,26 @@ const SignatureIcon: FC<Props> = ({signatures, className}) => {
<div>{t("changeset.keyId")}: {
signature._links?.rawKey ? <a href={signature._links.rawKey.href}>{signature.keyId}</a> : signature.keyId
}</div>
<div>{t("changeset.signatureStatus")}: {status}</div>
<div>{t("changeset.signatureStatus")}: <span color={getColor([signature])}>{status}</span></div>
{signature.contacts && signature.contacts.length > 0 && <>
<div>{t("changeset.keyContacts")}:</div>
{signature.contacts && signature.contacts.map(contact => <div>- {contact.name}{contact.mail && ` <${contact.mail}>`}</div>)}
{signature.contacts && signature.contacts.map(contact =>
<div>- {contact.name}{contact.mail && ` <${contact.mail}>`}</div>)}
</>}
</p>;
};
const signatureElements = signatures.map(signature => createSignatureBlock(signature));
const getColor = () => {
const invalid = signatures.some(sig => sig.status === "INVALID");
if (invalid) {
return "danger";
}
const verified = signatures.some(sig => sig.status === "VERIFIED");
if (verified) {
return "success";
}
return undefined;
};
return (
<>
<Popover title={t("changeset.signatures")} width={500} {...popoverProps}>
<Popover title={<h1>{t("changeset.signatures")}</h1>} width={500} {...popoverProps}>
<StyledDiv>
{signatureElements}
</StyledDiv>
</Popover>
<div {...triggerProps}>
<StyledIcon name="key" className={className} color={getColor()}/>
<StyledIcon name="key" className={className} color={getColor(signatures)}/>
</div>
</>
);

9
scm-webapp/src/main/java/sonia/scm/api/v2/resources/DefaultChangesetToChangesetDtoMapper.java
View File

@@ -40,10 +40,13 @@ import sonia.scm.repository.api.Command;
import sonia.scm.repository.api.RepositoryService;
import sonia.scm.repository.api.RepositoryServiceFactory;
import sonia.scm.security.gpg.PublicKeyResource;
import sonia.scm.security.gpg.PublicKeyStore;
import sonia.scm.security.gpg.RawGpgKey;
import sonia.scm.web.EdisonHalAppender;
import javax.inject.Inject;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
@@ -72,6 +75,9 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa
@Inject
private ScmPathInfoStore scmPathInfoStore;
@Inject
private PublicKeyStore publicKeyStore;
abstract ContributorDto map(Contributor contributor);
abstract SignatureDto map(Signature signature);
@@ -80,7 +86,8 @@ public abstract class DefaultChangesetToChangesetDtoMapper extends HalAppenderMa
@ObjectFactory
SignatureDto createDto(Signature signature) {
if (signature.getType().equals("gpg")) {
final Optional<RawGpgKey> key = publicKeyStore.findById(signature.getKeyId());
if (signature.getType().equals("gpg") && key.isPresent()) {
final Links.Builder linkBuilder =
linkingTo()
.single(link("rawKey", new LinkBuilder(scmPathInfoStore.get(), PublicKeyResource.class)

112
scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultGPG.java
View File

@@ -24,48 +24,25 @@
package sonia.scm.security.gpg;
import org.apache.commons.io.IOUtils;
import org.apache.shiro.SecurityUtils;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.repository.Person;
import sonia.scm.security.GPG;
import sonia.scm.security.PrivateKey;
import sonia.scm.security.PublicKey;
import sonia.scm.user.User;
import javax.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
@@ -100,7 +77,7 @@ public class DefaultGPG implements GPG {
public Optional<PublicKey> findPublicKey(String id) {
Optional<RawGpgKey> key = publicKeyStore.findById(id);
return key.map(rawGpgKey -> new GpgKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()));
return key.map(rawGpgKey -> new DefaultPublicKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()));
}
@Override
@@ -110,7 +87,7 @@ public class DefaultGPG implements GPG {
if (!keys.isEmpty()) {
return keys
.stream()
.map(rawGpgKey -> new GpgKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()))
.map(rawGpgKey -> new DefaultPublicKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts()))
.collect(Collectors.toSet());
}
@@ -124,98 +101,21 @@ public class DefaultGPG implements GPG {
if (!privateRawKey.isPresent()) {
try {
final PGPKeyRingGenerator keyPair = generateKeyPair();
final PGPKeyRingGenerator keyPair = GPGKeyPairGenerator.generateKeyPair();
final String rawPublicKey = exportKeyRing(keyPair.generatePublicKeyRing());
final String rawPrivateKey = exportKeyRing(keyPair.generateSecretKeyRing());
final String rawPublicKey = GPGKeyExporter.exportKeyRing(keyPair.generatePublicKeyRing());
final String rawPrivateKey = GPGKeyExporter.exportKeyRing(keyPair.generateSecretKeyRing());
privateKeyStore.setForUserId(userId, rawPrivateKey);
publicKeyStore.add("Default SCM-Manager Signing Key", userId, rawPublicKey, true);
return new DefaultPrivateKey(rawPrivateKey);
} catch (PGPException | NoSuchAlgorithmException | NoSuchProviderException | IOException e) {
throw new IllegalStateException("Private key could not be generated", e);
throw new GPGException("Private key could not be generated", e);
}
} else {
return new DefaultPrivateKey(privateRawKey.get());
}
}
String exportKeyRing(PGPKeyRing keyRing) throws IOException {
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
final ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
keyRing.encode(armoredOutputStream);
armoredOutputStream.close();
return new String(byteArrayOutputStream.toByteArray());
}
PGPKeyRingGenerator generateKeyPair() throws PGPException, NoSuchProviderException, NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(2048);
KeyPair pair = keyPairGenerator.generateKeyPair();
PGPKeyPair keyPair = new JcaPGPKeyPair(PublicKeyAlgorithmTags.RSA_GENERAL, pair, new Date());
final User user = SecurityUtils.getSubject().getPrincipals().oneByType(User.class);
final Person person = new Person(user.getDisplayName(), user.getMail());
return new PGPKeyRingGenerator(
PGPSignature.POSITIVE_CERTIFICATION,
keyPair,
person.toString(),
new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1),
null,
null,
new JcaPGPContentSignerBuilder(PublicKeyAlgorithmTags.RSA_GENERAL, HashAlgorithmTags.SHA1),
new JcePBESecretKeyEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256).build(new char[]{})
);
}
static class DefaultPrivateKey implements PrivateKey {
final Optional<PGPPrivateKey> privateKey;
DefaultPrivateKey(String rawPrivateKey) {
privateKey = PgpPrivateKeyExtractor.getFromRawKey(rawPrivateKey);
}
@Override
public String getId() {
if (privateKey.isPresent()) {
return Keys.createId(privateKey.get());
} else {
return null;
}
}
@Override
public byte[] sign(InputStream stream) {
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(
PublicKeyAlgorithmTags.RSA_GENERAL,
HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME)
);
if (privateKey.isPresent()) {
try {
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey.get());
} catch (PGPException e) {
throw new IllegalStateException("Could not initialize signature generator", e);
}
} else {
throw new IllegalStateException("Missing private key");
}
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try (BCPGOutputStream out = new BCPGOutputStream(new ArmoredOutputStream(buffer))) {
signatureGenerator.update(IOUtils.toByteArray(stream));
signatureGenerator.generate().encode(out);
} catch (PGPException | IOException e) {
throw new IllegalStateException("Could not create signature", e);
}
return buffer.toByteArray();
}
}
}

87
scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultPrivateKey.java Normal file
View File

@@ -0,0 +1,87 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security.gpg;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import sonia.scm.security.PrivateKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Optional;
class DefaultPrivateKey implements PrivateKey {
final Optional<PGPPrivateKey> privateKey;
DefaultPrivateKey(String rawPrivateKey) {
privateKey = KeysExtractor.extractPrivateKey(rawPrivateKey);
}
@Override
public String getId() {
return privateKey.map(Keys::createId).orElse(null);
}
@Override
public byte[] sign(InputStream stream) {
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
new JcaPGPContentSignerBuilder(
PublicKeyAlgorithmTags.RSA_GENERAL,
HashAlgorithmTags.SHA1).setProvider(BouncyCastleProvider.PROVIDER_NAME)
);
if (privateKey.isPresent()) {
try {
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey.get());
} catch (PGPException e) {
throw new GPGException("Could not initialize signature generator", e);
}
} else {
throw new GPGException("Missing private key");
}
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
try (BCPGOutputStream out = new BCPGOutputStream(new ArmoredOutputStream(buffer))) {
signatureGenerator.update(IOUtils.toByteArray(stream));
signatureGenerator.generate().encode(out);
} catch (PGPException | IOException e) {
throw new GPGException("Could not create signature", e);
}
return buffer.toByteArray();
}
}

6
scm-webapp/src/main/java/sonia/scm/security/gpg/GpgKey.java → scm-webapp/src/main/java/sonia/scm/security/gpg/DefaultPublicKey.java
View File

@@ -46,16 +46,16 @@ import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.Set;
public class GpgKey implements PublicKey {
public class DefaultPublicKey implements PublicKey {
private static final Logger LOG = LoggerFactory.getLogger(GpgKey.class);
private static final Logger LOG = LoggerFactory.getLogger(DefaultPublicKey.class);
private final String id;
private final String owner;
private final String raw;
private final Set<Person> contacts;
public GpgKey(String id, String owner, String raw, Set<Person> contacts) {
public DefaultPublicKey(String id, String owner, String raw, Set<Person> contacts) {
this.id = id;
this.owner = owner;
this.raw = raw;

42
scm-webapp/src/main/java/sonia/scm/security/gpg/DeletingReadonlyKeyNotAllowedException.java Normal file
View File

@@ -0,0 +1,42 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security.gpg;
import sonia.scm.BadRequestException;
import sonia.scm.ContextEntry;
public final class DeletingReadonlyKeyNotAllowedException extends BadRequestException {
public DeletingReadonlyKeyNotAllowedException(String keyId) {
super(ContextEntry.ContextBuilder.entity(RawGpgKey.class, keyId).build(), "deleting readonly gpg keys is not allowed");
}
private static final String CODE = "3US6mweXy1";
@Override
public String getCode() {
return CODE;
}
}

36
scm-webapp/src/main/java/sonia/scm/security/gpg/PgpPublicKeyExtractor.java → scm-webapp/src/main/java/sonia/scm/security/gpg/GPGKeyExporter.java
View File

@@ -24,34 +24,20 @@
package sonia.scm.security.gpg;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPKeyRing;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Optional;
public class PgpPublicKeyExtractor {
class GPGKeyExporter {
private GPGKeyExporter() { }
private PgpPublicKeyExtractor() {}
private static final Logger LOG = LoggerFactory.getLogger(PgpPublicKeyExtractor.class);
static Optional<PGPPublicKey> getFromRawKey(String rawKey) {
try {
ArmoredInputStream armoredInputStream = new ArmoredInputStream(new ByteArrayInputStream(rawKey.getBytes()));
PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(armoredInputStream, new JcaKeyFingerprintCalculator());
PGPPublicKey publicKey = ((PGPPublicKeyRing) pgpObjectFactory.nextObject()).getPublicKey();
return Optional.of(publicKey);
} catch (IOException e) {
LOG.error("Invalid PGP key", e);
}
return Optional.empty();
static String exportKeyRing(PGPKeyRing keyRing) throws IOException {
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
final ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(byteArrayOutputStream);
keyRing.encode(armoredOutputStream);
armoredOutputStream.close();
return new String(byteArrayOutputStream.toByteArray());
}
}

70
scm-webapp/src/main/java/sonia/scm/security/gpg/GPGKeyPairGenerator.java Normal file
View File

@@ -0,0 +1,70 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security.gpg;
import org.apache.shiro.SecurityUtils;
import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
import sonia.scm.repository.Person;
import sonia.scm.user.User;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Date;
class GPGKeyPairGenerator {
static PGPKeyRingGenerator generateKeyPair() throws PGPException, NoSuchProviderException, NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(2048);
KeyPair pair = keyPairGenerator.generateKeyPair();
PGPKeyPair keyPair = new JcaPGPKeyPair(PublicKeyAlgorithmTags.RSA_GENERAL, pair, new Date());
final User user = SecurityUtils.getSubject().getPrincipals().oneByType(User.class);
final Person person = new Person(user.getDisplayName(), user.getMail());
return new PGPKeyRingGenerator(
PGPSignature.POSITIVE_CERTIFICATION,
keyPair,
person.toString(),
new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1),
null,
null,
new JcaPGPContentSignerBuilder(PublicKeyAlgorithmTags.RSA_GENERAL, HashAlgorithmTags.SHA1),
new JcePBESecretKeyEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256).build(new char[]{})
);
}
}

27
scm-webapp/src/main/java/sonia/scm/security/gpg/PgpPrivateKeyExtractor.java → scm-webapp/src/main/java/sonia/scm/security/gpg/KeysExtractor.java
View File

@@ -24,24 +24,30 @@
package sonia.scm.security.gpg;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Optional;
public class PgpPrivateKeyExtractor {
public class KeysExtractor {
private PgpPrivateKeyExtractor() {}
private KeysExtractor() {}
private static final Logger LOG = LoggerFactory.getLogger(PgpPrivateKeyExtractor.class);
private static final Logger LOG = LoggerFactory.getLogger(KeysExtractor.class);
static Optional<PGPPrivateKey> getFromRawKey(String rawKey) {
static Optional<PGPPrivateKey> extractPrivateKey(String rawKey) {
try (final InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(rawKey.getBytes()))) {
JcaPGPSecretKeyRingCollection secretKeyRingCollection = new JcaPGPSecretKeyRingCollection(decoderStream);
final PGPPrivateKey privateKey = secretKeyRingCollection.getKeyRings().next().getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().build(new char[]{}));
@@ -51,4 +57,17 @@ public class PgpPrivateKeyExtractor {
return Optional.empty();
}
}
static Optional<PGPPublicKey> extractPublicKey(String rawKey) {
try {
ArmoredInputStream armoredInputStream = new ArmoredInputStream(new ByteArrayInputStream(rawKey.getBytes()));
PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(armoredInputStream, new JcaKeyFingerprintCalculator());
PGPPublicKey publicKey = ((PGPPublicKeyRing) pgpObjectFactory.nextObject()).getPublicKey();
return Optional.of(publicKey);
} catch (IOException e) {
LOG.error("Invalid PGP key", e);
}
return Optional.empty();
}
}

3
scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyResource.java
View File

@@ -65,8 +65,7 @@ public class PublicKeyResource {
responseCode = "200",
description = "success",
content = @Content(
mediaType = "application/pgp-keys",
schema = @Schema(implementation = RawGpgKeyDto.class)
mediaType = "application/pgp-keys"
)
)
@ApiResponse(responseCode = "401", description = "not authenticated / invalid credentials")

25
scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java
View File

@@ -25,7 +25,6 @@
package sonia.scm.security.gpg;
import org.bouncycastle.openpgp.PGPPublicKey;
import sonia.scm.BadRequestException;
import sonia.scm.ContextEntry;
import sonia.scm.event.ScmEventBus;
import sonia.scm.repository.Person;
@@ -45,7 +44,7 @@ import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import static sonia.scm.security.gpg.PgpPublicKeyExtractor.getFromRawKey;
import static sonia.scm.security.gpg.KeysExtractor.extractPublicKey;
@Singleton
public class PublicKeyStore {
@@ -85,7 +84,7 @@ public class PublicKeyStore {
RawGpgKey key = new RawGpgKey(master, displayName, username, rawKey, getContactsFromPublicKey(rawKey), Instant.now(), readonly);
store.put(master, key);
eventBus.post(new PublicKeyCreatedEvent());
eventBus.post(new PublicKeyCreatedEvent(new DefaultPublicKey(key.getId(), key.getOwner(), key.getRaw(), key.getContacts())));
return key;
@@ -93,7 +92,7 @@ public class PublicKeyStore {
private Set<Person> getContactsFromPublicKey(String rawKey) {
List<String> userIds = new ArrayList<>();
Optional<PGPPublicKey> publicKeyFromRawKey = getFromRawKey(rawKey);
Optional<PGPPublicKey> publicKeyFromRawKey = extractPublicKey(rawKey);
publicKeyFromRawKey.ifPresent(pgpPublicKey -> pgpPublicKey.getUserIDs().forEachRemaining(userIds::add));
return userIds.stream().map(Person::toPerson).collect(Collectors.toSet());
@@ -105,7 +104,7 @@ public class PublicKeyStore {
if (!rawGpgKey.isReadonly()) {
UserPermissions.changePublicKeys(rawGpgKey.getOwner()).check();
store.remove(id);
eventBus.post(new PublicKeyDeletedEvent());
eventBus.post(new PublicKeyDeletedEvent(new DefaultPublicKey(rawGpgKey.getId(), rawGpgKey.getOwner(), rawGpgKey.getRaw(), rawGpgKey.getContacts())));
} else {
throw new DeletingReadonlyKeyNotAllowedException(id);
}
@@ -129,20 +128,4 @@ public class PublicKeyStore {
.collect(Collectors.toList());
}
@SuppressWarnings("squid:MaximumInheritanceDepth")
// exceptions have a deep inheritance depth themselves; therefore we accept this here
public static class DeletingReadonlyKeyNotAllowedException extends BadRequestException {
public DeletingReadonlyKeyNotAllowedException(String keyId) {
super(ContextEntry.ContextBuilder.entity(RawGpgKey.class, keyId).build(), "deleting readonly gpg keys is not allowed");
}
private static final String CODE = "3US6mweXy1";
@Override
public String getCode() {
return CODE;
}
}
}

8
scm-webapp/src/main/resources/locales/de/plugins.json
View File

@@ -248,6 +248,14 @@
"3tS0mjSoo1": {
"displayName": "Fehler bei der Erstellung eines Arbeitsverzeichnisses",
"description": "Der Server konnte kein Arbeitsverzeichnis zur Abarbeitung der Anfrage erstellen. Bitte prüfen Sie die Server Logs für genauere Informationen."
},
"3US6mweXy1": {
"displayName": "Fehler beim Löschen eines schreibgeschützen Schlüssels",
"description": "Vom Server generierte, öffentliche Schlüssel sind schreibgeschützt und können nicht gelöscht werden."
},
"BxS5wX2v71": {
"displayName": "Inkorrekter Schlüssel",
"description": "Der bereitgestellte Schlüssel ist kein korrekt formartierter öffentlicher Schlüssel."
}
},
"namespaceStrategies": {

8
scm-webapp/src/main/resources/locales/en/plugins.json
View File

@@ -248,6 +248,14 @@
"3tS0mjSoo1": {
"displayName": "Error creating a new working directory",
"description": "The server could not create a new working directory to process the request. Please check the server log for further information."
},
"3US6mweXy1": {
"displayName": "Error deleting readonly key",
"description": "Public keys generated by the server are readonly and cannot be deleted."
},
"BxS5wX2v71": {
"displayName": "Invalid key",
"description": "The provided key is not a valid public key."
}
},
"namespaceStrategies": {

39
scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultGPGTest.java
View File

@@ -81,7 +81,7 @@ class DefaultGPGTest {
@InjectMocks
private DefaultGPG gpg;
Subject subjectUnderTest;
private Subject subjectUnderTest;
@AfterEach
void unbindThreadContext() {
@@ -140,40 +140,11 @@ class DefaultGPGTest {
assertThat(key.getOwner().get()).contains("trillian");
}
@Test
void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
}
@Test
void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
final String exportedPublicKey = gpg.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
assertThat(exportedPublicKey).isNotBlank();
assertThat(exportedPublicKey).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----");
assertThat(exportedPublicKey).contains("-----END PGP PUBLIC KEY BLOCK-----");
final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
assertThat(exportedPrivateKey).isNotBlank();
assertThat(exportedPrivateKey).startsWith("-----BEGIN PGP PRIVATE KEY BLOCK-----");
assertThat(exportedPrivateKey).contains("-----END PGP PRIVATE KEY BLOCK-----");
}
@Test
void shouldImportKeyPair() throws IOException, PGPException {
String raw = GPGTestHelper.readResourceAsString("private-key.asc");
final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(raw);
assertThat(privateKey).isPresent();
}
@Test
void shouldImportExportedGeneratedPrivateKey() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
final PGPKeyRingGenerator keyRingGenerator = gpg.generateKeyPair();
final String exportedPrivateKey = gpg.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
final Optional<PGPPrivateKey> privateKey = PgpPrivateKeyExtractor.getFromRawKey(exportedPrivateKey);
final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
final String exportedPrivateKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
final Optional<PGPPrivateKey> privateKey = KeysExtractor.extractPrivateKey(exportedPrivateKey);
assertThat(privateKey).isPresent();
}
@@ -184,7 +155,7 @@ class DefaultGPGTest {
ThreadContext.bind(subjectUnderTest);
String raw = GPGTestHelper.readResourceAsString("private-key.asc");
final DefaultGPG.DefaultPrivateKey privateKey = new DefaultGPG.DefaultPrivateKey(raw);
final DefaultPrivateKey privateKey = new DefaultPrivateKey(raw);
final byte[] signature = privateKey.sign("This is a test commit".getBytes());
final String signatureString = new String(signature);
assertThat(signature).isNotEmpty();

4
scm-webapp/src/test/java/sonia/scm/security/gpg/GpgKeyTest.java → scm-webapp/src/test/java/sonia/scm/security/gpg/DefaultPublicKeyTest.java
View File

@@ -31,12 +31,12 @@ import java.util.Collections;
import static org.assertj.core.api.Assertions.assertThat;
class GpgKeyTest {
class DefaultPublicKeyTest {
@Test
void shouldVerifyPublicKey() throws IOException {
String rawPublicKey = GPGTestHelper.readResourceAsString("subkeys.asc");
GpgKey publicKey = new GpgKey("1", "trillian", rawPublicKey, Collections.emptySet());
DefaultPublicKey publicKey = new DefaultPublicKey("1", "trillian", rawPublicKey, Collections.emptySet());
byte[] content = GPGTestHelper.readResourceAsBytes("slarti.txt");
byte[] signature = GPGTestHelper.readResourceAsBytes("slarti.txt.asc");

83
scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyExporterTest.java Normal file
View File

@@ -0,0 +1,83 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security.gpg;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import sonia.scm.util.MockUtil;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import static org.assertj.core.api.Assertions.assertThat;
class GPGKeyExporterTest {
private static void registerBouncyCastleProviderIfNecessary() {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
}
@AfterEach
void unbindThreadContext() {
ThreadContext.unbindSubject();
ThreadContext.unbindSecurityManager();
}
@BeforeEach
void bindThreadContext() {
registerBouncyCastleProviderIfNecessary();
SecurityUtils.setSecurityManager(new DefaultSecurityManager());
ThreadContext.bind(MockUtil.createUserSubject(SecurityUtils.getSecurityManager()));
}
@Test
void shouldExportGeneratedKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException, IOException {
final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
final String exportedPublicKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generatePublicKeyRing());
assertThat(exportedPublicKey).isNotBlank();
assertThat(exportedPublicKey).startsWith("-----BEGIN PGP PUBLIC KEY BLOCK-----");
assertThat(exportedPublicKey).contains("-----END PGP PUBLIC KEY BLOCK-----");
final String exportedPrivateKey = GPGKeyExporter.exportKeyRing(keyRingGenerator.generateSecretKeyRing());
assertThat(exportedPrivateKey).isNotBlank();
assertThat(exportedPrivateKey).startsWith("-----BEGIN PGP PRIVATE KEY BLOCK-----");
assertThat(exportedPrivateKey).contains("-----END PGP PRIVATE KEY BLOCK-----");
}
}

73
scm-webapp/src/test/java/sonia/scm/security/gpg/GPGKeyPairGeneratorTest.java Normal file
View File

@@ -0,0 +1,73 @@
/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security.gpg;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.assertj.core.api.Assertions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRingGenerator;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import sonia.scm.util.MockUtil;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
public class GPGKeyPairGeneratorTest {
private static void registerBouncyCastleProviderIfNecessary() {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
}
@AfterEach
void unbindThreadContext() {
ThreadContext.unbindSubject();
ThreadContext.unbindSecurityManager();
}
@BeforeEach
void bindThreadContext() {
registerBouncyCastleProviderIfNecessary();
SecurityUtils.setSecurityManager(new DefaultSecurityManager());
ThreadContext.bind(MockUtil.createUserSubject(SecurityUtils.getSecurityManager()));
}
@Test
void shouldGenerateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, PGPException {
final PGPKeyRingGenerator keyRingGenerator = GPGKeyPairGenerator.generateKeyPair();
Assertions.assertThat(keyRingGenerator.generatePublicKeyRing().getPublicKey()).isNotNull();
Assertions.assertThat(keyRingGenerator.generateSecretKeyRing().getSecretKey()).isNotNull();
}
}

12
scm-webapp/src/test/java/sonia/scm/security/gpg/PgpPublicKeyExtractorTest.java → scm-webapp/src/test/java/sonia/scm/security/gpg/KeysExtractorTest.java
View File

@@ -24,6 +24,7 @@
package sonia.scm.security.gpg;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.junit.jupiter.api.Test;
@@ -32,16 +33,23 @@ import java.util.Optional;
import static org.assertj.core.api.Assertions.assertThat;
class PgpPublicKeyExtractorTest {
class KeysExtractorTest {
@Test
void shouldExtractPublicKeyFromRawKey() throws IOException {
String raw = GPGTestHelper.readResourceAsString("single.asc");
Optional<PGPPublicKey> publicKey = PgpPublicKeyExtractor.getFromRawKey(raw);
Optional<PGPPublicKey> publicKey = KeysExtractor.extractPublicKey(raw);
assertThat(publicKey).isPresent();
assertThat(Long.toHexString(publicKey.get().getKeyID())).isEqualTo("975922f193b07d6e");
}
@Test
void shouldExtractPrivateKeyFromRawKey() throws IOException {
String raw = GPGTestHelper.readResourceAsString("private-key.asc");
final Optional<PGPPrivateKey> privateKey = KeysExtractor.extractPrivateKey(raw);
assertThat(privateKey).isPresent();
}
}

4
scm-webapp/src/test/java/sonia/scm/security/gpg/PublicKeyStoreTest.java
View File

@@ -27,12 +27,10 @@ package sonia.scm.security.gpg;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.junit.Rule;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.rules.ExpectedException;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import sonia.scm.event.ScmEventBus;
@@ -163,7 +161,7 @@ class PublicKeyStoreTest {
assertThat(key).isPresent();
assertThrows(PublicKeyStore.DeletingReadonlyKeyNotAllowedException.class, () -> keyStore.delete("0x975922F193B07D6E"));
assertThrows(DeletingReadonlyKeyNotAllowedException.class, () -> keyStore.delete("0x975922F193B07D6E"));
key = keyStore.findById("0x975922F193B07D6E");
assertThat(key).isPresent();