implementation and unit tests

2025-11-02 03:25:56 +01:00 · 2020-08-05 13:02:02 +02:00
parent 08a025ba81
commit 7072761ba1
18 changed files with 599 additions and 65 deletions
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/ScmGpgSigner.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/ScmGpgSigner.java
@@ -1,5 +1,4 @@
 /*
- *
 * MIT License
 *
 * Copyright (c) 2020-present Cloudogu GmbH and Contributors
@@ -46,7 +45,7 @@ public class ScmGpgSigner extends GpgSigner {
  }

  @Override
-  public void sign(CommitBuilder commitBuilder, String s, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
+  public void sign(CommitBuilder commitBuilder, String keyId, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
    try {
      final byte[] signature = this.gpg.getPrivateKey().sign(commitBuilder.build());
      commitBuilder.setGpgSignature(new GpgSignature(signature));
@@ -56,7 +55,7 @@ public class ScmGpgSigner extends GpgSigner {
  }

  @Override
-  public boolean canLocateSigningKey(String s, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
+  public boolean canLocateSigningKey(String keyId, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException {
    return true;
  }
 }
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/ScmGpgSignerInitializer.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/ScmGpgSignerInitializer.java
@@ -1,5 +1,4 @@
 /*
- *
 * MIT License
 *
 * Copyright (c) 2020-present Cloudogu GmbH and Contributors
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/AbstractGitCommand.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/AbstractGitCommand.java
@@ -63,11 +63,9 @@ import static sonia.scm.NotFoundException.notFound;
 //~--- JDK imports ------------------------------------------------------------

 /**
- *
 * @author Sebastian Sdorra
 */
-class AbstractGitCommand
-{
+class AbstractGitCommand {

  /**
   * the logger for AbstractGitCommand
@@ -77,11 +75,9 @@ class AbstractGitCommand
  /**
   * Constructs ...
   *
-   *  @param context
-   *
+   * @param context
   */
-  AbstractGitCommand(GitContext context)
-  {
+  AbstractGitCommand(GitContext context) {
    this.repository = context.getRepository();
    this.context = context;
  }
@@ -91,19 +87,16 @@ class AbstractGitCommand
  /**
   * Method description
   *
-   *
   * @return
-   *
   * @throws IOException
   */
-  Repository open() throws IOException
-  {
+  Repository open() throws IOException {
    return context.open();
  }

  ObjectId getCommitOrDefault(Repository gitRepository, String requestedCommit) throws IOException {
    ObjectId commit;
-    if ( Strings.isNullOrEmpty(requestedCommit) ) {
+    if (Strings.isNullOrEmpty(requestedCommit)) {
      commit = getDefaultBranch(gitRepository);
    } else {
      commit = gitRepository.resolve(requestedCommit);
@@ -121,7 +114,7 @@ class AbstractGitCommand
  }

  Ref getBranchOrDefault(Repository gitRepository, String requestedBranch) throws IOException {
-    if ( Strings.isNullOrEmpty(requestedBranch) ) {
+    if (Strings.isNullOrEmpty(requestedBranch)) {
      String defaultBranchName = context.getConfig().getDefaultBranch();
      if (!Strings.isNullOrEmpty(defaultBranchName)) {
        return GitUtil.getBranchId(gitRepository, defaultBranchName);
@@ -226,7 +219,7 @@ class AbstractGitCommand
      }
    }

-    Optional<RevCommit> doCommit(String message, Person author) {
+    Optional<RevCommit> doCommit(String message, Person author, boolean signingDisabled) {
      Person authorToUse = determineAuthor(author);
      try {
        Status status = clone.status().call();
@@ -235,6 +228,8 @@ class AbstractGitCommand
            .setAuthor(authorToUse.getName(), authorToUse.getMail())
            .setCommitter("SCM-Manager", "noreply@scm-manager.org")
            .setMessage(message)
+            .setSign(!signingDisabled)
+            .setSigningKey(signingDisabled ? null : "SCM-MANAGER-DEFAULT-KEY")
            .call());
        } else {
          return empty();
@@ -294,9 +289,13 @@ class AbstractGitCommand

  //~--- fields ---------------------------------------------------------------

-  /** Field description */
+  /**
+   * Field description
+   */
  protected GitContext context;

-  /** Field description */
+  /**
+   * Field description
+   */
  protected sonia.scm.repository.Repository repository;
 }
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitMergeStrategy.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitMergeStrategy.java
@@ -56,6 +56,7 @@ abstract class GitMergeStrategy extends AbstractGitCommand.GitCloneWorker<MergeC
  private final ObjectId revisionToMerge;
  private final Person author;
  private final String messageTemplate;
+  private final boolean signingDisabled;

  GitMergeStrategy(Git clone, MergeCommandRequest request, GitContext context, sonia.scm.repository.Repository repository) {
    super(clone, context, repository);
@@ -63,6 +64,7 @@ abstract class GitMergeStrategy extends AbstractGitCommand.GitCloneWorker<MergeC
    this.branchToMerge = request.getBranchToMerge();
    this.author = request.getAuthor();
    this.messageTemplate = request.getMessageTemplate();
+    this.signingDisabled = request.isSigningDisabled();
    try {
      this.targetRevision = resolveRevision(request.getTargetBranch());
      this.revisionToMerge = resolveRevision(request.getBranchToMerge());
@@ -88,7 +90,7 @@ abstract class GitMergeStrategy extends AbstractGitCommand.GitCloneWorker<MergeC

  Optional<RevCommit> doCommit() {
    logger.debug("merged branch {} into {}", branchToMerge, targetBranch);
-    return doCommit(MessageFormat.format(determineMessageTemplate(), branchToMerge, targetBranch), author);
+    return doCommit(MessageFormat.format(determineMessageTemplate(), branchToMerge, targetBranch), author, signingDisabled);
  }

  MergeCommandResult createSuccessResult(String newRevision) {
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitModifyCommand.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitModifyCommand.java
@@ -38,6 +38,7 @@ import sonia.scm.repository.GitRepositoryHandler;
 import sonia.scm.repository.GitWorkingCopyFactory;
 import sonia.scm.repository.InternalRepositoryException;
 import sonia.scm.repository.Repository;
+import sonia.scm.security.GPG;
 import sonia.scm.web.lfs.LfsBlobStoreFactory;

 import javax.inject.Inject;
@@ -93,7 +94,7 @@ public class GitModifyCommand extends AbstractGitCommand implements ModifyComman
        r.execute(this);
      }
      failIfNotChanged(() -> new NoChangesMadeException(repository, ModifyWorker.this.request.getBranch()));
-      Optional<RevCommit> revCommit = doCommit(request.getCommitMessage(), request.getAuthor());
+      Optional<RevCommit> revCommit = doCommit(request.getCommitMessage(), request.getAuthor(), request.isSigningDisabled());
      push();
      return revCommit.orElseThrow(() -> new NoChangesMadeException(repository, ModifyWorker.this.request.getBranch())).name();
    }
--- a/scm-plugins/scm-git-plugin/src/test/java/sonia/scm/repository/ScmGpgSignerTest.java
+++ b/scm-plugins/scm-git-plugin/src/test/java/sonia/scm/repository/ScmGpgSignerTest.java
@@ -0,0 +1,116 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.repository;
+
+import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.api.errors.CanceledException;
+import org.eclipse.jgit.internal.storage.dfs.DfsRepositoryDescription;
+import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository;
+import org.eclipse.jgit.lib.CommitBuilder;
+import org.eclipse.jgit.lib.GpgSigner;
+import org.eclipse.jgit.lib.PersonIdent;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.revwalk.RevCommit;
+import org.eclipse.jgit.transport.CredentialsProvider;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.io.TempDir;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.security.GPG;
+import sonia.scm.security.PrivateKey;
+
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class ScmGpgSignerTest {
+
+  @Mock
+  GPG gpg;
+
+  @Mock
+  PersonIdent personIdent;
+
+  @Mock
+  CredentialsProvider credentialsProvider;
+
+  private ScmGpgSigner signer;
+
+  private final PrivateKey privateKey = new PrivateKey() {
+    @Override
+    public String getId() {
+      return "Private Key";
+    }
+
+    @Override
+    public byte[] sign(InputStream stream) {
+      return "MY FANCY SIGNATURE".getBytes();
+    }
+  };
+
+  @BeforeEach
+  void beforeEach() {
+    signer = new ScmGpgSigner(gpg);
+  }
+
+  @Test
+  void sign(@TempDir Path workdir) throws Exception {
+
+    when(gpg.getPrivateKey()).thenReturn(privateKey);
+
+    GpgSigner.setDefault(signer);
+
+    Path repositoryPath = workdir.resolve("repository");
+    Git git = Git.init().setDirectory(repositoryPath.toFile()).call();
+
+    Files.write(repositoryPath.resolve("README.md"), "# Hello".getBytes(StandardCharsets.UTF_8));
+    git.add().addFilepattern("README.md").call();
+
+    git.commit()
+      .setAuthor("Bob The Signer", "sign@bob.de")
+      .setMessage("Signed from Bob")
+      .setSign(true)
+      .setSigningKey("Private Key")
+      .call();
+
+    RevCommit commit = git.log().setMaxCount(1).call().iterator().next();
+
+    final byte[] rawCommit = commit.getRawBuffer();
+    final String commitString = new String(rawCommit);
+    assertThat(commitString).contains("gpgsig MY FANCY SIGNATURE");
+  }
+
+  @Test
+  void canLocateSigningKey() throws CanceledException {
+    assertThat(signer.canLocateSigningKey("foo", personIdent, credentialsProvider)).isTrue();
+  }
+}