VerifySignatureCommand.java
/*
* Copyright (C) 2021, Thomas Wolf <thomas.wolf@paranor.ch> and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.api;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.api.errors.JGitInternalException;
import org.eclipse.jgit.api.errors.ServiceUnavailableException;
import org.eclipse.jgit.api.errors.WrongObjectTypeException;
import org.eclipse.jgit.errors.MissingObjectException;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.GpgConfig;
import org.eclipse.jgit.lib.GpgSignatureVerifier;
import org.eclipse.jgit.lib.GpgSignatureVerifier.SignatureVerification;
import org.eclipse.jgit.lib.GpgSignatureVerifierFactory;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevObject;
import org.eclipse.jgit.revwalk.RevWalk;
/**
* A command to verify GPG signatures on tags or commits.
*
* @since 5.11
*/
public class VerifySignatureCommand extends GitCommand<Map<String, VerificationResult>> {
/**
* Describes what kind of objects shall be handled by a
* {@link VerifySignatureCommand}.
*/
public enum VerifyMode {
/**
* Handle any object type, ignore anything that is not a commit or tag.
*/
ANY,
/**
* Handle only commits; throw a {@link WrongObjectTypeException} for
* anything else.
*/
COMMITS,
/**
* Handle only tags; throw a {@link WrongObjectTypeException} for
* anything else.
*/
TAGS
}
private final Set<String> namesToCheck = new HashSet<>();
private VerifyMode mode = VerifyMode.ANY;
private GpgSignatureVerifier verifier;
private GpgConfig config;
private boolean ownVerifier;
/**
* Creates a new {@link VerifySignatureCommand} for the given {@link Repository}.
*
* @param repo
* to operate on
*/
public VerifySignatureCommand(Repository repo) {
super(repo);
}
/**
* Add a name of an object (SHA-1, ref name; anything that can be
* {@link Repository#resolve(String) resolved}) to the command to have its
* signature verified.
*
* @param name
* to add
* @return {@code this}
*/
public VerifySignatureCommand addName(String name) {
checkCallable();
namesToCheck.add(name);
return this;
}
/**
* Add names of objects (SHA-1, ref name; anything that can be
* {@link Repository#resolve(String) resolved}) to the command to have their
* signatures verified.
*
* @param names
* to add; duplicates will be ignored
* @return {@code this}
*/
public VerifySignatureCommand addNames(String... names) {
checkCallable();
namesToCheck.addAll(Arrays.asList(names));
return this;
}
/**
* Add names of objects (SHA-1, ref name; anything that can be
* {@link Repository#resolve(String) resolved}) to the command to have their
* signatures verified.
*
* @param names
* to add; duplicates will be ignored
* @return {@code this}
*/
public VerifySignatureCommand addNames(Collection<String> names) {
checkCallable();
namesToCheck.addAll(names);
return this;
}
/**
* Sets the mode of operation for this command.
*
* @param mode
* the {@link VerifyMode} to set
* @return {@code this}
*/
public VerifySignatureCommand setMode(@NonNull VerifyMode mode) {
checkCallable();
this.mode = mode;
return this;
}
/**
* Sets the {@link GpgSignatureVerifier} to use.
*
* @param verifier
* the {@link GpgSignatureVerifier} to use, or {@code null} to
* use the default verifier
* @return {@code this}
*/
public VerifySignatureCommand setVerifier(GpgSignatureVerifier verifier) {
checkCallable();
this.verifier = verifier;
return this;
}
/**
* Sets an external {@link GpgConfig} to use. Whether it will be used it at
* the discretion of the {@link #setVerifier(GpgSignatureVerifier)}.
*
* @param config
* to set; if {@code null}, the config will be loaded from the
* git config of the repository
* @return {@code this}
* @since 5.11
*/
public VerifySignatureCommand setGpgConfig(GpgConfig config) {
checkCallable();
this.config = config;
return this;
}
/**
* Retrieves the currently set {@link GpgSignatureVerifier}. Can be used
* after a successful {@link #call()} to get the verifier that was used.
*
* @return the {@link GpgSignatureVerifier}
*/
public GpgSignatureVerifier getVerifier() {
return verifier;
}
/**
* {@link Repository#resolve(String) Resolves} all names added to the
* command to git objects and verifies their signature. Non-existing objects
* are ignored.
* <p>
* Depending on the {@link #setMode(VerifyMode)}, only tags or commits or
* any kind of objects are allowed.
* </p>
* <p>
* Unsigned objects are silently skipped.
* </p>
*
* @return a map of the given names to the corresponding
* {@link VerificationResult}, excluding ignored or skipped objects.
* @throws ServiceUnavailableException
* if no {@link GpgSignatureVerifier} was set and no
* {@link GpgSignatureVerifierFactory} is available
* @throws WrongObjectTypeException
* if a name resolves to an object of a type not allowed by the
* {@link #setMode(VerifyMode)} mode
*/
@Override
@NonNull
public Map<String, VerificationResult> call()
throws ServiceUnavailableException, WrongObjectTypeException {
checkCallable();
setCallable(false);
Map<String, VerificationResult> result = new HashMap<>();
if (verifier == null) {
GpgSignatureVerifierFactory factory = GpgSignatureVerifierFactory
.getDefault();
if (factory == null) {
throw new ServiceUnavailableException(
JGitText.get().signatureVerificationUnavailable);
}
verifier = factory.getVerifier();
ownVerifier = true;
}
if (config == null) {
config = new GpgConfig(repo.getConfig());
}
try (RevWalk walk = new RevWalk(repo)) {
for (String toCheck : namesToCheck) {
ObjectId id = repo.resolve(toCheck);
if (id != null && !ObjectId.zeroId().equals(id)) {
RevObject object;
try {
object = walk.parseAny(id);
} catch (MissingObjectException e) {
continue;
}
VerificationResult verification = verifyOne(object);
if (verification != null) {
result.put(toCheck, verification);
}
}
}
} catch (IOException e) {
throw new JGitInternalException(
JGitText.get().signatureVerificationError, e);
} finally {
if (ownVerifier) {
verifier.clear();
}
}
return result;
}
private VerificationResult verifyOne(RevObject object)
throws WrongObjectTypeException, IOException {
int type = object.getType();
if (VerifyMode.TAGS.equals(mode) && type != Constants.OBJ_TAG) {
throw new WrongObjectTypeException(object, Constants.OBJ_TAG);
} else if (VerifyMode.COMMITS.equals(mode)
&& type != Constants.OBJ_COMMIT) {
throw new WrongObjectTypeException(object, Constants.OBJ_COMMIT);
}
if (type == Constants.OBJ_COMMIT || type == Constants.OBJ_TAG) {
try {
GpgSignatureVerifier.SignatureVerification verification = verifier
.verifySignature(object, config);
if (verification == null) {
// Not signed
return null;
}
// Create new result
return new Result(object, verification, null);
} catch (JGitInternalException e) {
return new Result(object, null, e);
}
}
return null;
}
private static class Result implements VerificationResult {
private final Throwable throwable;
private final SignatureVerification verification;
private final RevObject object;
public Result(RevObject object, SignatureVerification verification,
Throwable throwable) {
this.object = object;
this.verification = verification;
this.throwable = throwable;
}
@Override
public Throwable getException() {
return throwable;
}
@Override
public SignatureVerification getVerification() {
return verification;
}
@Override
public RevObject getObject() {
return object;
}
}
}